The use of the services offered by Voya GmbH may involve the processing of personal data. In order for this processing to be traceable for you, we would like to give you an overview with the following information.In order to ensure fair processing, we would also like to inform you about your rights under the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Responsible for the data processing is Voya GmbH, Großer Burstah 46-48, 20457 Hamburg (referred to below as “we” or “us”).
1. General Information
If you have any questions or suggestions about this information or would like to contact us about the assertion of your rights, please submit your request to
Großer Burstah 46-48, 20457 Hamburg
Tel. 040 / 2286837 – 30
1.2. General Data Processing Information
The use of services offered by Voya GmbH may result in the processing of personal data. The data protection term “personal data” refers to all information that relates to a specific or identifiable person. The IP address can also be a personal date. An IP address is assigned to any device connected to the Internet by the Internet provider so that it can send and receive data. When you our services, we collect information that you and your employer provide. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us.
When you receive a registration email from us, your company has provided us with instructions to register you into our platform for the purpose of management of business travel in accordance with the company designation you have been assigned to. For any information on the processing of your personal data by Voya GmbH if applicable, please contact your company to fulfil such requests in compliance with its information duties established in current data protection regulations.
We collect and process data for:
– facilitating chat and attachments like boarding passes
– finding and booking travel options, including booking confirmations & calendar invites
– updating traveler profiles including passport information
– managing travel policies
– travel itineraries
– travel expenses dashboard
– processing credit cards
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal permission. When using our services, we only process personal data with your consent (Article 6 (1) of a (1) GDPR), to fulfil a contract of which you are a party, or at your request for pre-contractual measures (Article 6 (1) (1) (b) GDPR), to fulfil a legal obligation (Article 6 (1) (c) GDPR) or if processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and fundamental freedoms requiring the protection of personal data predominate (Article 6 (1) S Book. f.) GDPR).
As a registered user on behalf of your company, your data may be used by Voya Tech to send promotional information about our products and services to your employer or company you are collaborating with. You may object to receiving newsletters or commercial notices about Voya GmbH’s products and services through your Voya account.
1.4. Duration of the Retention
Unless otherwise apparent from the following notices, we will only retain the data as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations.
1.5. Technical Service Providers
Unless otherwise stated in the following instructions, the data is processed on the servers of technical service providers commissioned by us for this purpose. These service providers process the data only according to express instructions and are contractually obliged to guarantee sufficient technical and organizational measures for data protection.
1.6. Data Transfer to the US
Visiting our website may involve the transfer of certain personal data to the United States. For data transfer to the US as a third country, a country where the GDPR is not applicable law, the European Commission has decided, in accordance with Article 45 GDPR, that with regard to companies certified under the EU-US Privacy Shield, an appropriate data protection level is provided. Transmission to the United States is then made in a permissible manner.
2. Processing server log files
When using our website in purely informative terms, general information is first stored automatically (i.e. not via registration), which your browser transmits to our server. These include by default: Browser type version, operating system used, viewed page, previously visited page (referrer URL), IP address, date and time of server request, and HTTP status code.
The processing is carried out in order to safeguard our legitimate interests and is based on the legal basis of Article 6 (1) letter f) GDPR. This processing is for the technical management and security of the website. The stored data will be deleted after fourteen unless there is a legitimate suspicion of unlawful use on the basis of concrete evidence and further examination and processing of the information is necessary for this reason. We are unable to identify you as a person of concern based on the information stored. Article 15 to 22 GDPR therefore does not apply under Article 11 (2) of the GDPR, unless you provide additional information to enable it to be identified in the exercise of its rights set out in these articles.
3. Contact Options and Inquiries
3.1. Contact form
Our website contains a contact form through which you can send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address line of the browser). All data fields marked as mandatory fields are required to deal with your concern. Failure to provide it means that we will not be able to address your request. Further data is provided voluntarily. Alternatively, you can send us a message via the contact email. We process the data for the purpose of answering your request. If your request is directed at the conclusion or execution of a contract with us, Article 6 (1) letter (b) GDPR becomes the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting requesting persons. The legal basis for data processing is then Article 6 (1) letter f) GDPR.
3.2. Sign up for a live Webinar
Our website contains a contact form through which you can register for our live webinar. The transfer of your data is encrypted (recognizable by the “https” in the address line of the browser). All data fields marked as mandatory fields are required to register for the webinar. Failure to provide it means that we will not be able to process your application. Further data is provided voluntarily. Alternatively, you can send us a message via the contact email. We process the data for the purpose of registering.
The data provided is processed for the purpose of providing services. The processing is based on the legal basis of Article 6 (1) letter b) GDPR.
4. Registration and Login
In order to provide our customers with certain functions of the website, a login via the website is required. The data provided is processed for the purpose of providing services. The processing is based on Article 6 (1) letter b) GDPR.
You have the opportunity of applying for jobs via our website. For this purpose, we collect personal data from you, including in particular your name, CV, application letter and other content provided by you.
Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your online application will only be processed and noted by the relevant contacts. All employees entrusted with data processing are obliged to maintain the confidentiality of your data.
If we are unable to offer you employment, we will retain the data you provide until after the application process has been completed for the purpose of answering questions related to your application and rejection. This does not apply if there are legal provisions in the right preventing deletion, as further storage is necessary for the purpose of the presentation of evidence or if You have expressly agreed to a longer storage. The legal basis for the data collection is Section 26 (1) of the German Federal Data Protection Act (BDSG) , we would like to point out that this consent is freely revocable at all times in accordance with Article 7 (3) of the GDPR. Such a revocation does not affect the legality of the processing, which took place until the revocation on the basis of the consent.
6.1. General Information
When you visit our Facebook page, through which we present our company or individual products or services from our offer, certain information about You is processed. Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, “Facebook”) is solely responsible for this processing of personal data. For more information about Facebook’s processing of personal data, please visit https://www.facebook.com/privacy/explanation.
Facebook offers the possibility to object to certain data processing systems; Information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
With regard to such data processing, for which we take on the function of the person responsible, you can contact us under the contact details stated above.
6.2. Processing page insights
Facebook provides us with statistics and insights for our Facebook page in an anonymised form, giving us insights into the types of actions people take on our site (so-called “page insights”). These page insights are created based on specific information about people who have visited our site. This processing of personal data is carried out by Facebook and us as jointly responsible. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site on the basis of these findings. The legal basis for this processing is Article 6 (1) letter f) GDPR. Under no circumstances will we assign the information received through the page insights about the reference to “Like” information for our page to a specific Facebook profile.
We have reached an agreement with Facebook on processing as jointly responsible, which sets out the distribution of data protection obligations between us and Facebook. Details of the processing of personal data for the creation of page insights and the agreement concluded between us and Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.
6.3. Processing data you share with us
We also process information that you provide to us through our Facebook page. Such information may be the Facebook name, contact details or a message to us or a comment on our site. These processing is carried out by us as the person responsible and serves to deal with your request. The legal basis is Article 6 (1) letter b) GDPR.
If you provide us with the information due to participation in a sweepstakes, we will process it to conduct the sweepstakes and, if necessary, to send you a prize. After that, the data will be deleted again. The legal basis for processing is Article 6 (1) letter b) GDPR. We process personal data that we receive in surveys in order to determine the satisfaction of our customers with our offer. This processing serves our legitimate interest in continuously improving our offer and is based on the legal basis of Article 6 (1). f) GDPR.
We used so-called “session cookies,” which are deleted when the browser session is terminated. Other cookies (“Persistent Cookies”) are automatically deleted after a specified duration, which may differ depending on the cookie.
8. Consent Management
We only use and process certain cookies for analysis, performance and marketing purposes if your consent is given. In order to give you the opportunity to declare your consent when you visit our website and to prove the consent later, we use a technical solution. In order to be able to provide proof of the consent form, we store the IP address used and a digital time stamp (timestamp).
This processing serves our legitimate interest in giving you a technical solution to explain your consent and to document this. It is based on the legal basis of Article 6 (1), letter f) GDPR.
9. Analysis of our Website
HubSpot Inc. is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active).
9.2. Google Analytics
We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is being shortened by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser will not be merged with other Google data. Information about the cookies used by Google can be found at https://policies.google.com/technologies/types?hl=de.
You can prevent Google Analytics from storing cookies by adjusting your browser software accordingly. You can also prevent the acquisition information generated by the cookie by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website via a mobile device, you can disable Google Analytics by clicking on it.The legal basis for the data processing in connection with the service Google Analytics and the processing serve the legitimate interest of the analysis of the user behavior on our website and the therefore possible customization.
When using Google Analytics, we cannot rule out the transfer of the processed data to US-based Google LLC. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)by us. Google LLC. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield
We use Jetpack, a tool for statistical analysis of visitor access, operated by Automattic Inc. (132 Hawthorne Street San Francisco, CA 94107, USA, “Automattic”), using the tracking technology of Quantcast Inc. (201 3rd St, Floor 2, San Francisco, CA 94103-3153, United States). WordPress.com-Stats uses so-called “cookies ,” text files that are stored on your computer and which allow you to analyze the use of the website. The information generated by the cookie about your use of this website is stored on a server in the USA. The IP address is anonymized immediately after processing and before storing it.
The legal basis for the data processing in connection with the service Jetpack is Article 6 (1) letter f) GDPR and the processing serve the legitimate interest of the analysis of our website and the possible design of the needs.
You can prevent the installation of cookies by adjusting your browser software accordingly. You can object to the collection and use of the data by Quantcast with effect for the future by placing a so-called opt-out cookie at the address http://www.quantcast.com/opt-out by selecting “Opt Out.” If you delete all cookies on your computer, you must reset the opt-out cookie.
Automattic is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
10. Built-in services and content of third parties
We use services and content provided on our website by third-party providers (collectively referred to below as “Content”). For such integration, processing your IP address is technically necessary so that the content can be sent to your browser. Your IP address will therefore be transmitted to the relevant third-party providers.
These data processing is carried out in order to safeguard our legitimate interests in the optimization and economic operation of our website and are based on the legal basis of Article 6 (1) f) GDPR.
You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Such an extension, for example, is the Matrix-based Firewall uMatrix for the Firefox and Google-Chrome browsers. Please note that this may result in functional limitations on the website.
We have included in our website content of the following services provided by third-party providers:
„Google Web Fonts “of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) for displaying fonts.
When using Google services, we cannot rule out the transfer of the processed data to US-based Google LLC. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
11. Processing when exercising your rights in accordance with Article 15 to 22 GDPR
If you exercise your rights in accordance with Articles 12 to 22 GDPR, we will process the personal data transmitted for the purpose of implementing these rights by us and in order to be able to provide proof of this.
We will process the data stored for the purpose of providing information and its preparation only for this purpose and for the purposes of data protection control and, moreover, will restrict the processing in accordance with Article 18 of the GDPR.
These processing are based on the legal basis of Article 6 (1) letter c) GDPR in accordance with Articles 15 to 22 GDPR and § 34 (2) BDSG.
12. Your Rights
As the person concerned, you have the right to assert your rights against us. In particular, you have the following rights:
In accordance with Article 15 of the GDPR and § 34 of the German Civil Code, you have the right to request information as to whether and, if necessary, to what extent we process personal data about you or not.
You have the right to require us to correct your data in accordance with Article 16 of the GDPR.
You have the right to require us to delete your personal data in accordance with Article 17 GDPR and § 35 BDSG.
You have the right to have the processing of your personal data restricted in accordance with Article 18 of the GDPR.
You have the right, in accordance with Article 20 GDPR, to obtain the personal data that you have provided to us in a structured, common and machine-readable format, and to transmit that data to another person responsible.
If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Article 7 (3) of the GDPR. Such a revocation does not affect the legality of the processing, which took place until the revocation on the basis of the consent.
If you believe that processing the personal data concerning you violates the provisions of the GDPR, you have the right to complain to a supervisory authority in accordance with Article 77 of the GDPR.
If you make this request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org
13. Right to object
You have the right, in accordance with Article 21 (1) of the GDPR, against processing which is based on the legal basis of Article 6 (1). (e) or f) GDPR for reasons arising from your particular situation. If we process personal data about you for the purpose of direct advertising, you may object to this processing in accordance with Article 21 (2) and (3) of the GDPR.
If you would like to exercise this right, please contact us at our email: email@example.com
14. Data Protection Supervisor
You can contact our data protection officer under the following contact details: firstname.lastname@example.org
15. How to contact the appropriate authority
Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact:
DER HAMBURGISCHE BEAUFTRAGTE FÜR DATENSCHUTZ UND INFORMATIONSFREIHEIT
Ludwig-Erhard-Str 22, 7. OG
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
Status: May 27 2020