This privacy policy informs you about the type, scope and purpose of the processing of personal data — both when visiting this website and within our security service operations. Controller within the meaning of GDPR is:
Sekuris Dienstleistungen GmbH & Co. KG
Lindigstraße 12, 63801 Kleinostheim, Germany
Email: office@sekuris.de
Phone: +49 6027 121-9097
1. General data processing
We process personal data only insofar as necessary to provide this website, its functions and content, or where you have consented (Art. 6 (1)(a) GDPR). Processing for legitimate interests (Art. 6 (1)(f) GDPR) takes place only after balancing of interests — for example for bot protection, server logs and serving the website.
1a. Data processing in business operations
Beyond the website we process personal data for our security service operations:
- Employee data (name, address, date of birth, marital status, occupation, banking and payroll data, §34a certification, emergency contacts)
- Application and internship data(applications, qualifications, where required health data for licensable duties)
- Customer and contract data (address, contract and identification data, contact persons, invoicing data)
- Data of customer representatives, supplier contacts, brokers and agents
- Video surveillance exclusively at client premises, for evidence preservation in cases of vandalism, burglary or fraud — based on specific contractual instruction and after on-site signage per Art. 13 GDPR
Legal bases are Art. 6 (1)(b) GDPR (contract performance), Art. 6 (1)(c) GDPR (legal obligations — e.g. German guarding regulation, social security law, tax and commercial law) and Art. 6 (1)(f) GDPR (legitimate interests, e.g. video surveillance). For applicants § 26 BDSG applies.
1b. Recipients of the data
Transmission to third parties only takes place where necessary for contract performance, legally required or covered by legitimate interests:
- Public authorities (social insurance, tax authorities, health insurance funds, professional association) for legal obligations
- Internal departments (HR, accounting, deployment planning, IT) on the basis of role-based access
- External processors per Art. 28 GDPR (IT and hosting providers, software vendors, tax advisors) — only with data processing agreement
- Banks for payroll and invoice settlement
- Authorities and law enforcement on legitimate information requests or evidence preservation
2. Cookies and similar technologies
We use cookies and similar technologies only insofar as strictly necessary (e.g. to store your cookie selection, login sessions in the admin area or spam protection of forms) or where you have consented in advance (TTDSG § 25 (1)).
You can withdraw your consent at any time — either via the cookie banner on next visit or directly here:
3. Third-party services
This website uses the following services. “Necessary” services run without consent; all others are loaded only after you have consented to the corresponding category in the cookie banner.
| Service | Vendor | Category | Legal basis | Retention |
|---|---|---|---|---|
| Consent-Speicher Speichert die Cookie-Einstellungen, damit der Banner nicht bei jedem Seitenaufruf erneut erscheint. | Sekuris (eigene Infrastruktur) | Necessary | TTDSG §25 Abs. 2 Nr. 2 (unbedingt erforderlich) | 12 Monate |
| Admin-Session Verifiziert eingeloggte Admin-Nutzer:innen für den Bereich /admin. | Sekuris (Auth.js v5, eigener Server) | Necessary | Art. 6 Abs. 1 lit. f DSGVO; TTDSG §25 Abs. 2 Nr. 2 | 30 Tage oder bis Logout |
| hCaptcha Schutz der Kontakt-, Bewerbungs-, Newsletter- und Admin-Login-Formulare gegen Bot-Spam und automatisierte Brute-Force-Angriffe. Wird ausschließlich beim Öffnen eines Formulars geladen. | Intuition Machines, Inc. (IMI), USA Third country: USA — Standardvertragsklauseln + EU-US Data Privacy Framework | Necessary | Art. 6 Abs. 1 lit. f DSGVO + TTDSG §25 Abs. 2 Nr. 2 (unbedingt erforderlich für Form-Funktion) | Dauer der Form-Sitzung; hCaptcha-Logs <30 Tage |
| Plausible Analytics Cookieless-Reichweitenmessung — anonymisierte Statistik über Seitenaufrufe ohne Profilbildung. | Plausible Insights OÜ, Estland (EU) | Statistics | Art. 6 Abs. 1 lit. a DSGVO + TTDSG §25 Abs. 1 (Einwilligung) | Aggregiert; Roh-Daten <24h |
| Google Maps (Embed) Anzeige interaktiver Standortkarten auf den Stadt-Seiten und der Kontakt-Seite. | Google Ireland Ltd., Irland (Konzernmutter Google LLC, USA) Third country: USA — Standardvertragsklauseln + EU-US Data Privacy Framework | External media | Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) | Wird durch Google bestimmt — siehe Google-Datenschutzerklärung |
| Brevo (E-Mail-Versand) Verarbeitung von Kontakt-, Bewerbungs- und Newsletter-Formularen; Versand transaktionaler E-Mails. | Sendinblue SAS / Brevo, Frankreich (EU) | Necessary | Art. 6 Abs. 1 lit. b DSGVO (Vertragsanbahnung) und lit. a (Newsletter, separate Einwilligung) | Bis zum Widerruf bzw. Ende des Bewerbungsverfahrens + 6 Monate |
4. Contact, application and newsletter forms
When you fill out a form on this website, the data entered is transmitted to our processor Brevo (Sendinblue SAS, France) to handle your request. Application attachments (CV, cover letter, qualifications) are additionally sent via transactional email to our HR department.
Legal basis is Art. 6 (1)(b) GDPR (pre-contractual measures) and — for newsletters — Art. 6 (1)(a) GDPR (consent).
We store your data for as long as necessary to handle your request; for applications, six months after the procedure ends, after which data is deleted — unless you have agreed to longer storage.
5. Server logs
When you access this website, technical data is stored in server log files (IP address, date, requested URL, user-agent). Processing is based on legitimate interests (Art. 6 (1)(f) GDPR) for operational stability and attack defence. Logs are deleted after a maximum of 30 days.
5a. Hosting
This website is hosted on the cloud infrastructure of Platform.sh SAS, 22 rue Gérard, 75013 Paris, France. Server location is within the EU (DE/FR). A data processing agreement under Art. 28 GDPR is in place. On page access, technical connection data (see §5) is processed by Platform.sh exclusively for the purpose of provisioning, securing and stabilising the website (Art. 6 (1)(f) GDPR).
6. Your rights
You have the following rights:
- Access to data stored about you (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of granted consent with effect for the future (Art. 7 (3) GDPR)
Please send requests to office@sekuris.de. We respond within one month.
7. Right to complain
You have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The competent authority is the one at our company seat (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA).
8. Third-country transfer
hCaptcha (bot protection) and Google Maps (only with consent) transfer data to servers in the USA. Basis are EU Standard Contractual Clauses and the EU-US Data Privacy Framework. Full equivalence of US data protection with EU level cannot be guaranteed under current jurisprudence.
9. Update
Status of this privacy policy: 2026-05-03. We reserve the right to update it for legal changes or new processing activities. The current version is always available at /en/privacy.