Privacy Policy
At ESET Deutschland GmbH we place especially high significance on the protection of your personal data. Detailed information on how we process your personal data can be found below. Hereby we also want to adhere to the principles of transparency stated in the EU General Data Protection Regulation (EU-GDPR) and the German Federal Data Protection Act as amended (BDSG n.F.).
General information
(Note: The contents of this policy apply to all genders equally. For the sake of readability, at times, only the male form will be used. In accordance with the principles of nondiscrimination, these terms refer to all genders equally.
1. Responsibility
The person responsible within the meaning of the DSGVO is: ESET Deutschland GmbH Spitzweidenweg 32 Phone: +49 (0) 3641 3114 100 07743 Jena E-mail: info@eset.de Deutschland – Germany
2. Data protection officer
For questions, suggestions or comments regarding the safety of your personal data, please contact our data protection officer: ESET Deutschland GmbH Data protection officer Spitzweidenweg 32 Phone: +49 (0) 3641 3114 100 07743 Jena E-mail: datenschutz@eset.de Deutschland – Germany
3. Data protection supervisory authority
If you believe that the processing of your personal data by ESET Deutschland GmbH violates data protection law, you have the right to complain to a data protection supervisory authority. In accordance with Art. 55 GDPR, the supervisory authority responsible is the Thuringian State Commissioner for the Protection of Data and Freedom of Information, Postfach 90 04 55 99107 Erfurt E-mail: poststelle@datenschutz.thueringen.de Deutschland – Germany
4. Data subjects' rights
In the following we inform you about your rights according to the GDPR. To exercise your rights, please contact datenschutz@eset.de. For the sake of identification, please provide us with the following information: Full name, e-mail address and – if applicable – your license key or customer number and affiliation. Please do not provide us with additional information (e.g. date of birth). In case you send us a copy of your ID, please blacken out all data apart from your full name and – for home users: address. We inform you that we will process your personal data for identification purposes and to be able to deal with your inquiry according to Art. 6 Para. 1 letter c) GDPR.
- Right to information, Art. 15 GDPR As data subject, you may request information at any time and free of charge about your data held by ESET Deutschland GmbH.
- Withdrawal of consent, Art. 7 Para. 3 GDPR – Processing on basis of consent If the processing of your data takes place on basis of your consent, you have the right to withdraw your consent at any time. This also applies to consent given before application of the GDPR (i.e. before May 25th, 2018). The withdrawal of consent has only future effects and does not affect the lawfulness of the processing of data before the withdrawal.
- Right to object, Art. 21 GDPR – Processing on legitimate grounds If the processing of your personal data takes place on basis of legitimate interests of ESET Deutschland GmbH according to Art. 6 Para. 1 letter f), you may object at any time to the interests named by us and the processing of your personal data. Your objection will only have future effects and does not affect the lawfulness of the processing of data before the objection. If we process your personal data for direct marketing purposes, you do not need to give reasons for your objection (Art. 21 Para. 2 GDPR). This includes profiling related to such direct marketing purposes. In all other cases we ask you to shortly explain why there is no legitimate interest of ESET Deutschland GmbH to process your personal data, Art. 21, Para. 1 GDPR. Please note that we may still be entitled to process your personal data after your have withdrawn your consent on a different legal basis – e.g. to fulfill a contract.
- Right of rectification, Art. 16 GDPR If the personal information we hold about you is incorrect or incomplete, you have the right to request that we correct it.
- Right to deletion, Art. 17 GDPR and right to limit processing, Art. 18 GDPR As data subject you have the right to deletion/right to limit the processing of your personal data according to Art. 17 and 18 GDPR. If we process your personal data with your consent, you withdraw your consent and there is no other legal basis for the processing – e.g. a contract – we immediately delete your personal data. Your personal data will also be deleted if it is no longer needed for the given purposes. If we only use your personal data for purposes of direct marketing and if you have withdrawn your consent to that or objected to the legitimate interests of ESET Deutschland GmbH, we limit the processing of your personal data in such a way that we – to avoid unwanted communication – add your data to our internal blacklist. Apart from that, your personal data will be deleted. Please note that we will nevertheless store your data for the duration of legally prescribed retention periods as given by the legal or supervisory authorities. Retention periods can be based on the German Commercial Code (HGB), the German tax code (AO) or the German prevention of money laundering act (GwG) and usually amount to 6 to 10 years. Additionally, we may store your data for the duration of statutes of limitation (i.e. 3 years, or, in special cases, up to 30 years) if this is necessary for the assertion, exertion or defense of legal claims. After that, the data concerned will by deleted routinely.
- Right to data transferability, Art. 20 GDPR As data subject you have the right to receive from us your personal data as processed by ESET Deutschland GmbH as xls-file.
5. Use of your personal data
In the following, we list the personal data ESET Deutschland GmbH processes and to which purpose. We process the following personal data: Last name First name Email address License key Affiliation (if applicable) Payment data (if applicable) Please refer to the data processing purposes given in section 2 of this privacy policy for additional information on the processing of particular items of your personal data. Of course we only process your personal data in accordance with the provisions of both GDPR and BDSG n.F., i.e. only on a legal basis: Your personal data will only be processed to fulfill contractual obligations, Art. 6 Para. 1 letter b) 1. var. GDPR. This especially applies to: Acquisition of a (test) license Activation of a license Transfer of license data Reminder about license expiration (Technical) support enquiries Notifications in the context of promotional contests Marketing purposes (organisations: in the context of providing materials such as whitepapers or webinars) Apart from that, we process your data on your request and and to take measures prior to entering into a contract, Art. 6 Para. 1 letter b) 2. var. GDPR. This especially includes: Specific enquiries regarding our products, requests for proposal We further process your data to protect our legitimate interests according to Art. 6 Para. 1 letter f): to add your data to our internal blacklist to avoid unwanted communication to enforce legal claims, including debt collection and defense in legal disputes to use in appeals on points of law to maintain IT security to compile statistics to improve our products and services. In individual cases, we create customer profiles using license and usage data from our website; these profiles, however, are immediately de-identified and not used to analyse or predict aspects of your personal preferences. We process your data on basis of your consent according to Art. 6 Para. 1 letter a) GDPR for the following purposes in particular: to send newsletters on a regular basis, providing you with information on products, services and special offers of ESET Deutschland GmbH (partner) to provide you with special notifications and offers by ESET Deutschland GmbH and authorised partners to personalise your usage of our website as well as providing you with personalised offers, including profiling for analytical purposes to optimise our portfolio for you market research and customer surveys Please refer to the data processing purposes given in section 2 of this privacy policy for additional information on the processing of particular items of your personal data. If we are legally obligated to, we process your data according to Art. 6 Para 1 letter c) GDPR, e.g. to meet retention requirements as given by German commercial or tax laws.
6. Transfer of personal data
to third parties On principle, we do not pass on your personal data to third parties without your explicit consent. Exceptions might be the following categories of recipients. Nevertheless, precondition for these exceptions is that the transfer of data needs to stand on a legal basis as given in Art. 6 Para. 1 GDPR; i.e. if the transfer of data is necessary to fulfill a contract or if there are legal obligations or legitimate interests. Transfer to ESET spol s r.o. Your personal data is processed by ESET spol s r.o. This is based on Art. 6 Para. 1 f) GDPR – legitimate interest. ESET spol s r.o. produces and holds licenses for ESET security products and solutions. Transfer to authorised ESET partners We, ESET Deutschland GmbH, distribute our software using a so-called vertical sales model, i.e., apart from our online store, we do not sell our software directly to you but with the help of authorised ESET partners. If you want to buy a solution that is not available in our online store or only available in a different size, we hand over your data to an authorised partner for further services. Legal basis is Art. 6 Para. 1 b) GDPR – data processing prior to entering a contract. Transfer to external processors For some tasks, we require help from external partners, e.g. to organise events and webinars or to establish and maintain contacts. In these cases, we hand over your personal data to partners providing us with their services. These partners only process personal data on behalf of ESET Deutschland GmbH and following directives given by ESET Deutschland GmbH. Transfer to other third parties In accordance with legal obligations it might be necessary to hand over your data to the authorities or the police. Legal basis for this is Art. 6 Para. 1 c) GDPR.
7. Data processing in third countries
On principle, personal data you have made available for ESET Deutschland GmbH will be processed in a member state of the European Union – e.g. Slovakia, Ireland or Germany. As we make use of certain external services – e.g. to organise webinars with the help of the service provider LogMeIn Inc. – we cannot rule out the possibility that your personal data be transferred to third countries. In these cases, however, we do of course make sure that a comparable level of data security is applied. For some countries outside the EU, e.g. Canada and Switzerland, the European Commission has ascertained a comparable level of data security. Thus there is no need for additional permissions or agreements to transfer data to these countries. If the data transfer regards a country where there is no adequacy decision by the European Commission, we refer to the standard contractual clauses. More information on the adequacy decisions by the European Commission can be found at ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de and more information on the EU standard contractual clauses at eur-lex.europa.eu/legal-content/DE/ALL/.
8. Data security
Our website and servers are protected by technical and organisational means against accidental loss, destruction or damage, access, modification or propagation by unauthorised parties of your personal data. We only transfer personal data in encrypted form. On our website, for example, you can see that data is transmitted in encrypted form if there is a HTTPS (Hypertext Transfer Protocol Secure) in the URL bar. However, we want to inform you about the fact that there always remains the possibility of security flaws when transferring data online (e.g. by communcation via email). We thus cannot guarantee that your data is safe from unauthorised access at any time.
9. Changes On occasion
it becomes necessary to adjust the contents of this privacy policy. We thus reserve our right to change this privacy policy at any time. The altered version of this privacy policy will also be made available here. You should thus refer to our privacy policy again with your next visit. Specific purposes of processing
10. Visiting our website
You can visit our website without providing any personal information. Each time a website is accessed, the web server merely automatically records a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the volume of data transferred and the requesting provider (access data) and documents the access. This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offer. According to Art. 6 Para. 1 letter f) GDPR this serves to protect our legitimate interests in a correct presentation of our offer, which outweigh other interests. All access data will be deleted no later than seven days after you have left our site.
11. Cookies and tracking
In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. Cookies are small text files that are transferred to your device (PC, tablet, smartphone) by a web browser or similar software. These are stored locally on this device and retained for later usage. In the agreement banner on our website you can click on "ACCEPT AND CLOSE" or "I AGREE" in the "Cookie management" section and thereby agree to the usage of cookies according to Art. 6 Para. 1 a) GDPR. This agreement may be cancelled at any time via your browser settings by rejecting/deactivating the use of cookies, deleting cookies that have already been set or by disabling the used web trackers. Use of cookies On our website, cookies are used: to enable and ensure necessary technical functions. This is based on Art. 6 Para. 1 a) GDPR, to improve the user experience on our website according to your needs. This is based on your consent as defined by Art. 6 Para. 1 a) GDPR, to analyse visits to our website for marketing and optimisation purposes in pseudonymised form (web tracking), provided your consent as defined by Art. 6 Para. 1 a) GDPR and to be able to accept your deactivation of cookies for certain web trackers ("opt out" cookies) or your withdrawal of consent. This is based on Art. 6 Para. 1 f) GDPR. Given certain conditions, cookies might also be set by third parties to enable specific third party functions and mechanisms. Storage duration/Withdrawal of consent/Cookie settings Some of the cookies we use are deleted after the browser session has ended, i.e. after you have closed your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can configure your browser in such a way that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, where you also find out how to change your cookie settings. Please refer to the following links: Internet Explorer™: windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies Safari™: support.apple.com/de-de/guide/safari/sfri11471/mac Chrome™: support.google.com/chrome/bin/answer.py Firefox™ support.mozilla.org/de/kb/cookies-erlauben-und-ablehnenOpera™: help.opera.com/Windows/10.20/de/cookies.html If you did or do not change the settings, functional cookies will remain on your device until you close your browser, other cookies might remain on your device for a longer period of time. If cookies are not accepted, the functionality of our website may be restricted. Web tracking Google Analytics Google Analytics Given your consent which can be withdrawn at any time, for our website, we make use of Google Analytics, a web analytics service provided by our service provider Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, in accordance with Art. 6 Para. 1 a) GDPR. Google Analytics uses cookies that are stored on your computer and which enables analyses of your use of our website. The usage data generated by these cookies is usually transmitted to Google servers situated in the USA and stored there. However, we have activated IP anonymisation for our website and thus make sure that, in member states of the EU and member states of the Agreement on the European Economic Area, your IP address will first be shortened and thus anonymised. Only in exceptional cases your full IP address will be transmitted to a Google server in the USA and shortened there. For additional information on how Google uses Google Analytics please refer to policies.google.com/technologies/partner-sites und support.google.com/analytics/answer/3379636. Google uses the data collected to analyse your stay on our website, create reports about your activities on our website and to provide us with additional services surrounding internet and website usage. You can prevent the transmission of usage data created by the cookie (including your shortened IP address) as well as the processing of this data by Google by downloading and installing this browser plugin: ttp://tools.google.com/dlpage/gaoptout?hl=de.
12. Social Media
We use Social Media platforms to inform you, our customers, partners and interested parties about our products, services, events and IT security in general and for communication purposes. When using Social Media platforms and networks one is to adhere to their data processing rules and policies. Data of users of these platforms we process when these users communicate with us via these platforms or networks – e.g. by posting on our social media website or by sending us a message. This is based on Art. 6 Para. 1 letter a) GDPR.
13. Links to external websites etc.
Our website might contain links to external websites or embedded websites. We are not responsible for the contents of websites of other organisations or their processes of collecting personal data. If you visit external websites you will be asked to read the privacy policy and other relevant policies created by the website owner.
14. ESET online store
Ordering of software and support requests To process your order or support request we collect personal data, some of which are mandatory. Fields requiring mandatory information are marked as such. This data is necessary for the performance of the contract or to process your request as otherwise we will not be able to complete your order or answer your question. This is based on Art. 6 Para. 1 b) GDPR. Which data is collected can be seen from the particular input forms. This personal data will be stored according to legal obligations for 6 years after the contract has been fulfilled or the order completed according to § 257 Para. 4 HGB, Art. 6 Para. 1 c) GDPR (business letters) or for 10 years following § 147 Para. 3 AO, Art. 6 Para. 1 c) GDPR (invoices). Payment Depending on your choice of the payment service provider during your ordering process, we pass on your payment data needed for the transaction to the authorized banking institution and, if needed, to our service payment provider/the service provider of your choice. This is based on Art. 6 Para. 1 letters b) and f) GDPR. In part, the payment service providers collect this data themselves if you register with them. In these cases, the privacy policy of the payment service provider applies. In case of using PayPal Express, based on your consent we process your personal data (title, last name, first name, email address, address) given to us by PayPal, PayPal S.àr.I, et Cie, S.C.A, 22-24 Boulevard Royal, L.2449 Luxembourg, Luxembourg. After the webinar has ended, we retain data relevant for the payment process and related documents (e.g. correspondence or, if applicable, invoices) according to legal obligations for 6 years (business letters according to § 257 Para. 4 HGB, Art. 6 Para. 1 c) GDPR) or 10 years (invoices according to § 147 Para. 3 AO, Art. 6 Para. 1 c) GDPR), respectively. Debt collection In cases of unpaid and undisputed debt claims, we may pass on your data to a lawyer or collection service provider 4 weeks after receipt of the first of at least two written reminders informing you about us handing over your data to this lawyer or collection service provider. These will then collect these claims, if necessary in their own names. This is based on Art. 6 Para. 1 f) GDPR, § 31 BDSG. When passing on data, our overriding interest lies in the assertion of legal claims.
15. Support requests regarding our products and services
We are glad to help you with questions regarding our products and services. To this end, we ask you to fill in mandatory fields in our contact form. These fields are marked as such and are necessary to process your request and therefore for the performance of a contract. This is based on Art. 6 Para 1 b) GDPR. For technical requests, there might also be the need for remote support by one of our employees. For this, based on your explicit consent we usually use TeamViewer (TeamViewer Germany GmbH, Jahnstraße 30, 73037 Göppingen, Germany).
16. Webinars
We offer webinars you can participate in. If you register for a webinar, we process your personal data to enable you to participate in accordance with Art. 6 Para. 1 b) GDPR. After the webinar has ended, we retain data relevant for the payment process and related documents (e.g. correspondence or, if applicable, invoices) according to legal obligations for 6 years (business letters according to § 257 Para. 4 HGB, Art. 6 Para. 1 c) GDPR) or 10 years (invoices according to § 147 Para. 3 AO, Art. 6 Para. 1 c) GDPR), respectively. For webinars, we use the services of our service provider located in the USA, LogMeIn Inc., 333 Summer Street, Boston, Massachusetts 02210. Further details on how LogMeIn processes your personal data can be found at https://www.logmeininc.com/de/trust/privacy.
17. (Digital) events
To participate in a (digital) event we offer, we ask you to register for it. We will use data you will have to provide us with to address you personally and to provide you with contents suitable for your company size and industry sector. This is based on Art. 6 Para. 1 b) GDPR. For your registration, we will use double opt-in to make sure that no confirmation emails are sent to addresses of people who have not requested them. In accordance with the requirements of the supervisory authorities, we record and store your IP address for documentation purposes. This is based on Art. 7 Para. 1, Art. 6 Para 1 c) GDPR. We might pass on your personal data to service providers supporting us in the organisation and realisation of the event and serving as contracted data processor according to Art. 7 Para. 1, Art. 6 Para. 1 c) GDPR. After the event has ended, we might contact you via email to ask you about your opinion on the event and if we may present you with further information on our products and services. This is based on § 7 Para. 2 No. 3 UWG, Art. 6 Para. 1 f) GDPR. You can object to us using your data for advertising purposes by messaging the contact given above or by clicking on the respective link in the email. After your deregistration (withdrawal of consent or objection to usage of your data according to § 7 Para. 3 UWG) we delete your email address if you have not agreed to other forms of usage of your data and if we are not legally obliged to retain your data. We will of course no longer contact you for marketing purposes.
18. Promotional contests
On our website or during events (e.g. trade shows), we offer promotional contests you may take part in free of charge. To participate in these contests, you will need to register with your full name, email address and country (so-called "registration data"). We process this registration data for the duration of the contest to carry out the contest (incl. winning notification) according to Art. 6 Para. 1 letter b) GDPR. In case you win, the winning notification will ask you for your postal address. Here, your personal data will be processed to send you your prize. Any additional processing of the data you provided us with in the context of the contest will only be performed with your explicit consent according to Art. 6 Para. 1 letter a) GDPR. You can withdraw your consent at any time and without giving reasons. We will not pass on your registration data to third parties without your explicit consent. Your personal data will only be passed on within the framework of commissioned data processing according to Art. 28 GDPR to our service provider Riddle Technologies AG (Saarbrücken, Germany) as we use their tool "Riddle" to determine the winner(s). To determine the winner(s), we use the services of Riddle Technologies AG (Saarbrücken, Germany).
19. Communication with us
You may of course contact us if you have questions or comments regarding our products, services, events or this privacy policy. We process your data to answer your questions in accordance with Art. 6 Para. 1 b) GDPR. Mandatory fields like address and telecommunication data need to be filled in as we use them to process and answer your request. Additional voluntary fields facilitate the processing of your request. In general, we retain the data from your request for one year in case there are any additional questions. Business and commercial letters will be kept for 6 years according to § 257 Parea. 4 HGB, Art. 6 Para. 1 c) GDPR.
20. Marketing purposes
We process data from orders and other data collected outside the internet to the extent permitted by applicable law for self-advertising purposes and for internal customer analyses to provide you with helpful information and in accordance with Art. 6 Para. 1 f) GDPR. Our analyses use pseudonymised data only. The data we collect for advertising purposes will only be retained as long as the advertising purpose persists or until you withdraw your consent or object to the processing of your data for advertising purposes. If we change the purposes of processing your data, we will of course inform you in advance by updating this privacy policy. Email advertising and newsletters Customers If you have explicitly agreed to receiving information regarding our products and services or events or if you have ordered a product in our online store, we regularly provide you with information via email. This is based on § 7 Para. 2 No. 3 UWG, Art. 6 Para. 1 a) GDPR. Data you were asked to provide when giving your consent will be used to address you personally and to be able to provide you with information relevant for you as a customer or as a company according to your industrial sector or company size. To obtain your consent, we use so-called double opt-in to make sure that no emails are sent to addresses of people who have not requested them. In accordance with the requirements of the supervisory authorities, we record and store your IP address for documentation purposes. This is based on Art. 7 Para. 1, Art. 6 Para 1 c) GDPR. You may withdraw your consent or object to the usage of your data for marketing purposes at any time by messaging the contact given above or by clicking on the respective link in the newsletter. After your deregistration (withdrawal of consent or objection to usage of your data according to § 7 Para. 3 UWG) we are legally obliged by the German data protection supervision authorities to add the necessary data (name, address, email address) to our internal black list and retain permanently (only for this purpose) to compare it to future marketing data. This is based on Art. 17 Para. 3 b), Art 6 Para. 1 c), f) GDPR. With this, we are able to adhere to your objection/your withdrawal of consent to the usage of your data for marketing purposes. After your withdrawal of consent or objection to the usage of your data for marketing purposes we are legally obliged by German data protection supervision authorities to add the necessary data (name, address, email address) to our internal black list and retain permanently (only for this purpose) to compare it to future marketing data (Art. 21 Para. 3, Art. 17 Para. 3 b), Art 6 Para. 1 c), f) GDPR). With this, we are able to adhere to your objection/your withdrawal of consent to the usage of your data for marketing purposes. Partner If you have registered as a partner, within the framework of our business relation and according to § 7 Para. 3 UWG, Art. 6 Para. 1 B9 GDPR we also keep you informed using several email newsletters (e.g. partner newsletter, technical newsletter, consumer newsletter, MSP newsletter) about our products and services according to the preferences you specified. Data you were asked to provide will be processed to send you the newsletter of your choice and to address you personally. To receive particular newsletters you will have to register first. Phone Within the framework of an existing business relation with our partners and otherwise based on your explicit consent which can be withdrawn at any time according to Art. 6 Para. 1 a) GDPR and/or based on our legitimate interest according to § 7 Para. 2 No. 2 UWG, Art. 6 Para. 1 f) GDPR to provide you with information on our products, services and events, we inform you via phone. In some cases, we obtain your telephone contact data – to the extent permitted by law – from list brokers. Your consent can be withdrawn at any time. For your withdrawal, please use the contact information provided above. Data you were asked to provide when giving your consent will be used to contact you and to address you personally. If you provide your consent online, your IP address will be recorded and stored for documentation purposes. This is based on Art. 7 Para. 1, Art. 6 Para. 1 c) GDPR. Satisfaction surveys To enhance our products and services, we occasionally conduct customer satisfaction surveys. On basis of your previous and explicit consent according to Art. 6 Para. 1 a) GDPR, we ask you if you see potential for improvement in our products/services. Your answers will be recorded in anonymised form only. You may withdraw your consent at any time. For this, please use the contact information given above or the deregistration option within the survey. After you have withdrawn your consent, we are legally obliged by German data protection supervision authorities to add the necessary data (name, address, email address) to our internal black list and retain permanently (only for this purpose) compare it to future marketing data (Art. 21 Para. 3, Art. 17 Para. 3 b), Art 6 Para. 1 c), f) GDPR). With this, we are able to adhere to your objection/your withdrawal of consent to the usage of your data for marketing purposes.
21. ESET partner portal
To take part in our partner program, among other things, we ask our partners (IT security retailer) to provide us with contact persons. This is needed to maintain our business relation and is based on Art. 6 Para. 1 b) GDPR. Adhering to legal obligations, this personal data will be stored for 6 years after the contract has been fulfilled or the order completed (§ 257 Para. 4 HGB, Art. 6 Para. 1 c) GDPR) or for 10 years (§ 147 Para. 3 AO, Art. 6 Para. 1 c) GDPR), respectively.
22. ESET security products and services
For us, data security is a matter of course – also within our products. Detailed information on how your personal data is processed when you use ESET security products and services can be found at help.eset.com/eula/.
23. Recruiting management
Within the framework of our global recruiting and human resources management, we, ESET Germany GmbH, process your personal data together with ESET spol. s r.o., Einsteinova 24, 85101 Bratislava, Slovakia to fill local vacancies. By sending us your job application you give your consent according to Art. 6 Para. 1 letter a) GDPR to us jointly processing your application documents for ESET Germany GmbH. Your application will of course be kept confidential and not passed on to third parties. You may withdraw your application at any time. We will only process the personal data you provided us with in, for example, your CV or other documents for the purpose of the application process. Your application documents will be passed on to employees taking part in the selection process. All employees are obligated to adhere to data protection regulations. If your application was successful, we may use the data you gave us for the duration of the employment relationship. If your application was not successful, we will – provided your explicit consent – retain your personal data und documents for 2 years in our applicant database. You may withdraw your consent at any time with effect for the future. If you do not provide your consent, we will delete your personal data and documents after 6 months. If you have applied for several positions, the data will be deleted 6 months after the last application process has been completed. 24. Video surveillance Our premises in Jena are protected by video surveillance monitoring entrances and security-related areas. The processing of personal data in this case is based on our legitimate interests according to Art. 6 Para. 1 letter f) GDPR. The measure is meant only to protect people, locations, assets and equipment ESET Deutschland GmbH owns or possesses, its employees, customers or partners. As data subject you have the right according to Art. 21 GDPR to object to our legitimate interests as well as to the processing of your personal data. We ask you to give reasons for your objection. The data will be recorded automatically in a ring store and overwritten cyclically. The video data will be passed on internally to senior management, data security officers as well as to the departments IT and Operations. In case of alarm, external recipient and commissioned data processor is the assigned security firm. In case we reasonably suspect a criminal act, we may pass on the video files to law enforcement agencies, criminal and civil courts.