General Privacy Statement Website
Information on the EU General Data Protection Regulation (GDPR)
Data protection information in accordance with the EU General Data Protection Regulation – as of June 2018
The protection of your personal data is something that we take very seriously. Your privacy is an important concern to us.
The following provisions serve to provide you with information about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR), especially taking into account the information obligations under Articles 12 to 14 of the GDPR. They also serve to clarify existing data protection rights under the GDPR in accordance with Articles 15 to 22 and Article 34 GDPR.
Information about the responsible body
The body responsible for processing your personal data is provativ GmbH.
For contact details, please refer to the imprint below
We process your personal data in accordance with the respectively applicable statutory data protection requirements for the purposes listed below for each group of data subjects:
- Privacy Statement for Applicants
- Privacy Statement for Employees
- Privacy Statement for Other Data Subjects
- Privacy Statement for Website Users
Use of service providers
Individual processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data about these service providers solely on the basis of a processing contract. If the seat of a service provider is located outside the European Union or the European Economic Area, then a third country transfer takes place. Data protection agreements that comply with the legal requirements are agreed by contract with these service providers in order to establish an adequate level of data protection and corresponding guarantees are also agreed.
Information about your rights
You have the right,
- to ask us for confirmation that your personal data is being processed by us; if this is the case, then you have a right to information about these personal data and to the information listed in Article 15 GDPR.
- to demand to receive the data concerning you in the restrictions of Article 20 GDPR in a commonly used, electronic, machine-readable data format. This also includes the transfer of the data (as far as this is possible) to another person directly specified by you.
- to ask us to correct your data if they are incorrect, inaccurate and/or incomplete. Correction also includes the completion by means of declarations or notifications.
- to demand from us that personal data relating to you be deleted immediately, provided that one of the reasons detailed in Article 17 GDPR applies. Unfortunately, we are not allowed to delete data that is subject to a legal storage period. If you do not wish us to contact you by newsletter or by any other means, we will store your contact details concerning this matter on a blocked list.
- to revoke any consent given by you with effect for future processing, without incurring any disadvantages.
- to require us to restrict the processing if one of the conditions listed in Article 18 GDPR is met.
- for reasons arising from your particular situation, to object to the processing of your personal data at any time. We will then no longer process your personal data, unless we can prove compelling reasons worthy of protection that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims (Article 21 GDPR).
- to complain without prejudice to any other administrative or judicial remedy and if you believe that the processing of personal data concerning you is in breach of the GDPR
- to our data protection officer: datensch[email protected] or by post (see address in the imprint)
- to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of alleged infringement.
Deletion of your data
Unless otherwise stipulated in the more detailed privacy policies, we will delete your personal data if the contractual relationship with you has been terminated, you have exercised your right to cancellation, all mutual claims have been fulfilled and there are no other statutory retention requirements or legal justification for their storage.
For the purposes of this general information, these terms are defined as follows:
- Personal data: Any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are contact data, communication data, billing data.
- Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
- Employees: Employees, including temporary workers in relation to the hirer, those employed as part of their vocational training, participants in measures intended to allow people to participate in the world of work, as well as evaluations regarding occupational aptitude and capacity for work (people undergoing rehabilitation) employees working in recognised workshops for disabled people, volunteers performing a service under the Youth Voluntary Service Act or the Federal Voluntary Service Act, persons who, because of their economic independence, are to be considered as employee-like persons; they include people working from home and their peers, civil servants, judges of the federal government, soldiers and civil servants, as well as applicants for employment and persons whose employment relationship has ended.
- Third party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.
Privacy statement for website users
Scope of application
This privacy statement applies to all pages of our online network that link to this statement.
The general details can be found on our main page relating to our privacy statement.
The purpose of the data collection
The purpose of collecting the data is to optimise the website, analyse errors, to tailor the website to your individual needs, to offer to make contact with you as well as, if need be, to sell goods and services.
General information on data processing
In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data take place regularly, only after the user's consent has been obtained. An exception applies to cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal bases of the processing of your data:
- Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
- When processing the personal data required to fulfil a contract of which the data subject is a party, Article 6 (1) b GDPR serves as legal basis. This also applies to processing operations which are required to take steps prior to entering into a contract.
- Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1) c GDPR serves as the legal basis.
- In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1) d GDPR serves as the legal basis.
- If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the interest of the former, then Article 6 (1) f GDPR serves as the legal basis for the processing.
In particular, legitimate interests may be:
- answering inquiries;
- the carrying out of direct marketing measures;
- the provision of services and/or information intended for you;
- the processing and transfer of personal data for internal or administrative purposes;
- the operation and administration of our website;
- the technical support of the users;
- the prevention and detection of fraud and crime;
- protecting against payment defaults when soliciting credit reports in the case of requests for deliveries and services; and or
- ensuring network and data security, to the extent that such interests are consistent with applicable law and the rights and freedoms of the user;
- Website optimisation service providers, online marketing service providers and tools, ICT service providers, software and hardware maintenance companies, in part described in more detail below
- Social networks and communities as described below
- Internal recipients in line with the "need to know" principle
Usage data/server log files
Each time our websites are accessed, our systems automatically collect data and information from the computer system of the calling computer. The following types of data are collected here: browser type, version used, the user's operating system, Internet service provider, user's IP address, date and time of access, web pages from which the user's system has come to our website or to which the user goes to from our website.
With the above-mentioned legitimate interests, the legal basis for the temporary storage of data and log files is Article 6 (1) f GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. In order to do this, your IP address must be stored for the duration of the session.
Storage in log files is done to ensure website functionality. In addition, the data is used to optimise the website and to ensure the security of our IT systems. Any evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in the processing of data also lies in these purposes. The data will be deleted as soon as their collection is no longer required to achieve the purpose for which they were collected. In the case of collecting the data for the provision of our website, this is the case when the respective session is over. Furthermore, we also reserve the right to check the files if, on the basis of concrete evidence, a legitimate suspicion of unlawful use or a specific attack on the web pages exists. In this case, our legitimate interest is the processing of the data for the purpose of investigating and prosecuting such attacks and illegal uses.
Legal basis for data processing by means of cookies
The legal basis for the processing of your personal data using technically necessary session cookies is Article 6 (1) f GDPR. The legal basis for the processing of your personal data using cookies for the purposes of analyses upon submission of the user's consent for this is Article 6 (1) f GDPR.
General statements about web beacons/tracking pixels
Web beacons are often-transparent graphic images that are the size of a pixel. They are used by affiliates, in particular for the purpose of tracking a user through the various web pages for profile formation for use with advertising that has been tailored to the user (targeting). A pixel embedded in the web page is loaded by the partner's server when the webpage is accessed. The partner thus receives your IP address, as well as details about your browser and its version, browser plug-ins (browser fingerprint) used, your operating system as well as your network operator.
Some of our web pages use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called “cookies”, which are text files stored on your computer and which enable the website to analyse how users use the site. The information generated by the cookie about your use of the website is, as a rule, transmitted to and stored by Google on servers in the United States. In the event of that the IP anonymization on this website is activated, however, Google will truncate your IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and truncated there. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator. Google will not associate your IP address transmitted within the framework of Google Analytics from your browser with any other data held by Google The legal basis for processing the user's personal data is Article 6 (1) f GDPR. We use Google Analytics to analyse and regularly improve the use of our website. With the statistics we gather, we can improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for cross-device analysis of visitor traffic conducted through a user ID. You can disable the cross-device analysis of your usage under "My Data" and "Personal Information" in your customer account. You can prevent the storage of cookies by selecting the appropriate settings of your browser software; however, we wish to point out that if you do this, you may not be able to use all the features of this website to the fullest extent possible. Furthermore, you can prevent Google from collecting and using any data relating to your use of the website (incl. your IP address) by downloading and installing the browser plug-in available under the following link https://tools.google.com/dlpage/gaoptout?hl=en-GB. This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in a truncated form to prevent them from being directly linked to a particular individual. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately. For the exceptional cases in which personal data is transferred to the US, Google complies with the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions:
http://www.google.com/analytics/terms/de.html, overview of data protection:
http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Privacy Statement:
Use of the remarketing or "similar target groups" function by Google Inc.
On some of our web pages, we use the remarketing or "similar audiences" function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This feature serves to analyse visitor behaviour and visitor interests.
Alternatively, you may opt out of third-party cookies by visiting the Network Advertising Initiative deactivation page at https://www.networkadvertising.org/choices/ and carrying out the opt-out information given there.
Use of Google Adwords conversion tracking
On some of our web pages, we use the online marketing programme “Google AdWords” and, within this framework, conversion tracking (evaluation of customer interaction). Google conversion tracking is a service operated by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an advert placed by Google, a cookie is placed on your computer to enable conversion tracking. These cookies have limited validity, do not contain any personal data and so cannot be used for personal identification. When you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you clicked on the advert and were forwarded to this page. Every Google AdWords customer receives a separate cookie. It is, therefore, not possible to track cookies relating to the websites of AdWords customers. The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, we do not receive any information which could be used to personally identify users. Processing is carried out on the basis of Article 6 (1) f GDPR due to our justified interest in targeted advertising and the analysis of the effectiveness and efficiency of this advertising.
You have the right, at any time, for reasons that arise from your particular circumstances, to object to the processing of your personal data which takes place on the basis of Article 6(1) e or f GDPR.
You can prevent the storage of cookies by selecting the appropriate technical settings of your browser software.
We wish to point out, however, that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You will then not be included in the conversion tracking statistics. You can also deactivate personalised advertising in Google’s advertising settings. You can find instructions on how to do that at https://support.google.com/ads/answer/2662922?hl=de
https://www.networkadvertising.org/choices/ and following the opt-out instructions. More information as well as Google’s privacy statement is available at:
Google Tag Manager
On some of our web pages, we use Google Tag Manager. This service allows website tags to be managed by a single interface. Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. Google Tool Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags insofar as they are implemented with the Google Tag Manager. All other statements apply as with Google Analytics.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the extent and further use of the data collected by the use of this tool by Google and, therefore, inform you to the best of our knowledge: by including DoubleClick on your website, Google is informed that you have accessed the corresponding part of our website or clicked on an ad of ours. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find and store your IP address.
There are different ways to prevent tracking of online activities:
a) by setting your browser software accordingly, in particular, suppressing third-party cookies to prevent you from receiving third-party ads;
b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain „www.googleadservices.com“, https://www.google.de/settings/ads; this setting is cleared when you delete your cookies;
c) by disabling the interest-based ads of the providers that are part of the "About Ads" self-regulatory campaign via the link http://www.aboutads.info/choices, this setting will be cleared when you delete your cookies;
d) by the permanent deactivation in your browsers (Firefox, Internet Explorer or Google Chrome) under the link http://www.google.com/settings/ads/plugin. We wish to point out that, in this case, you may not be able to use all the features of this offer to their fullest extent.
The legal basis for the processing of your data is Article 6 (1) a GDPR. Our legitimate interest lies in the needs-based operation of our website and its contents.
You can find more information on DoubleClick by Google here https://www.google.de/doubleclick and here http://support.google.com/adsense/answer/2839090, and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google complies with the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
HotJarSome of our web pages use the Hotjar's web analytics service of HotJar Ltd, Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe Tel. +1 (855) 464-6788 [email protected]. HotJar visually represents the clicks, taps and scrolling behaviour on the observed web pages in so-called heatmaps. Anonymous conclusions can be drawn from this data regarding the user's scrolling and clicking behaviour in order to improve website usability. In addition to data on visitor behaviour, a browser fingerprint is created, which represents pseudonymised data. According to HotJar, personal data are automatically hidden. A "Do Not Track" setting in the browser can prevent the data from being collected. You may object to any data processing by HotJar under https://www.hotjar.com/opt-out The HotJar's privacy statement can be found here: http://www.hotjar.com/privacy
Our website uses the counting pixel technology of wiredminds GmbH (www.wiredminds.de) to analyse visitor behaviour. If need be, data used to create pseudonymised user profiles are collected, processed and stored. Wherever possible and useful, these usage profiles are completely anonymised. Cookies may be used in order to do so. Cookies are small text files that are stored in the visitor's Internet browser and serve to recognise the Internet browser. The data collected, which may also contain personal data, are transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information that is left by visits to the websites to create anonymised user profiles. The data obtained will not be used to personally identify the visitor to this website and will not be merged with personal data of the bearer of the pseudonym without the express permission of the data subject. Insofar as IP addresses are recorded, their immediate anonymization takes place by deleting the last number block. WIDERSPRUCHSLINK (OPT-OUT)
Contents of external providers
Some of our web pages include content from third parties, such as videos from YouTube, maps from Google Maps, images, texts and multi-media files, RSS feeds or other services from other websites. This always requires the transmission of your IP address to the providers of this content. We cannot provide any information about the use of your data with these providers and have no influence on their further processing, especially not about whether the data are used for further purposes, such as profiling. Please refer to the respective privacy statement of the respective third party providers.
You can, among other things, prevent further tracking carried out by the tracking pixels of these providers by changing your browser settings so that they do not accept third-party cookies.
Contact form and e-mail contact
Our website has a contact form, which can be used for contacting us via the Internet. When a user makes use of this option, the data entered in the input form will be transmitted to us and saved. These data are the following: name, address, e-mail address, telephone number, etc. At the time the message is sent, the following data are also stored: the IP address, date and time. In order to process the data, your consent is obtained during the submission process and we refer you to this privacy statement.
Alternatively, you can contact us via the e-mail address provided.. In this case, the user's personal data transmitted by e-mail will be stored. In this context, the data is not disclosed to third parties. The data are exclusively used for conducting the conversation.
The legal basis of the processing is:
- For the processing of the data after the user has signed up to receive the newsletter, if consent has been given by the user, Article 6 (1) a GDPR.
- For the processing of the data that have been transmitted in the course of the sending an e-mail, Article 6 (1) f GDPR with the above-mentioned legitimate interest.
- If the contact via e-mail is aimed at concluding a contract, then the additional legal basis for the processing is Article 6 (1) b GDPR.
The data are deleted as soon as their collection is no longer required to achieve the purpose for which they were collected. With regard to the personal data obtained via the input screen or the contact form and those that were sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the relevant facts have been ultimately clarified. The additional personal data collected during the sending process will be deleted, at the latest after the statutory retention period has expired.
At all times, the user has the possibility to revoke his consent to the processing of his personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
Our website gives you the chance to subscribe to a free newsletter with promotional content. Our newsletters contain information about the services we offer, our promotions, events, competitions, job offers and articles. Not part of our newsletters, however, is news with no promotional information that is sent out as part of our contractual or other business relationship. This includes, for example, the dispatch of service e-mails with technical instructions and queries regarding orders, events, and notifications of prize draws or similar messages. The data from the input screen are transmitted to us when you subscribe to the newsletter. In addition, the IP address of the calling computer and the time of the call are collected. In order to process the data, your consent is obtained during the registration process and reference is made to this privacy statement. When you purchase goods on our website via our online shop and deposit your e-mail address, we reserve the right to send you a newsletter via direct mail for our own similar goods. With regard to the processing of data for the sending of newsletters, the data is not disclosed to third parties. The data are exclusively used for sending the newsletter. The legal basis for the processing of the data after the user has subscribed to the newsletter is, given the user's prior consent, Article 6 (1) a GDPR and for the dispatch of the newsletter as a result of the sale of goods in accordance with Section 7 III UWG (Act Against Unfair Competition) or Article 6 (1) f (dispatch on the basis of our legitimate business interests). The collection of the user's e-mail address serves to dispatch the newsletter. The collection of other personal data in the context of the subscription process serves to prevent misuse of the services or the e-mail address used. Subscription to the newsletter may be terminated at any time by the user concerned. Each newsletter contains a link for this purpose. This also acts as a revocation of consent for the newsletter sent.
Any statistical evaluation of the reading behaviour takes place only to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. This is a feature that we only use to validate user activity and optimise accordingly. For this purpose, the newsletter contains a so-called "web-beacon", a pixel-sized file, which is retrieved from our server when the newsletter is opened. This web beacon is not personalised, which means that no personal information is collected.
Data collection during registration and registered use
Some of our websites require or allow you to register. The data collected in the process are used for the purposes of the use of the respective websites and services, unless otherwise specified and explicitly consented to during registration. The data collected come from the input screen during the registration process. All further data that you may deposit at a later date in order to complete your profile is optional and voluntary. After you have registered, we may inform you of any relevant circumstances that are connected to our offer to which you have registered via the stored e-mail address.
Data in user-generated content
Insofar as you write comments or contributions or upload files to our servers or publish images or use other services, your IP addresses and – if you are logged in – your user data are stored for our security. Due to the multitude of illegal content posted on the Internet every day, we reserve the right to use this information for our defence in legal disputes or for the purposes of prosecution, i.e. to also transfer such data to defendants, law enforcement agencies and courts.
Transmitting data via the Internet
Transmitting data via the Internet is basically subject to certain risks. Special encryption of the data is not undertaken; in particular, messages from the contact form of our website and messages that form part of the service chat are transmitted in an unencrypted form.
Please keep this in mind when transferring data. Insofar as you wish to communicate with us via encrypted e-mail, you can do so via SMIME encryption. Please let us know for your wish for encryption, as we regularly send data in unencrypted form, due to the currently low market penetration of e-mail encryption processes.
If you communicate personal data to us, they will only be passed on to third parties if this is necessary for processing the contractual relationship or if some other legal ground legitimises this transfer.
However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data.
The data subject's personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. European or national legislators of EU regulations, laws or other regulations to which the controller is subject may have provided for an extension of this period. The blocking or deletion of the data shall take place even if a storage period prescribed by the standards mentioned expires, unless there is a need to continue to store the data for the conclusion or performance of a contract.
Information about data processing for employees
We would hereby like to inform our employees about the way we handle their personal data within the employment relationship.
The purpose of data collection
During your period of employment with us, your personal data will be processed mainly for the purpose of carrying out and/or terminating the contract, as well as for the purposes of the company's profile.
Types of data processed by us
As part of the employer-employee relationship, we process the followingpersonal data:
- applicant data; name, date of birth, curriculum vitae, nationality/work permit, etc. for the selection and recruitment process, entry and exit management;
- private contact details; address, telephone number, email;
- professional contact details; e.g. telephone numbers, e-mail, place of work, job title, possibly a photo;
- identification/payment data; identity card data or work permit to identify and establish the legitimacy of the employment, place of birth, marital status, tax identification number, health insurance membership, income tax bracket, tax exempt amounts, church denomination for payment of church tax, account number, any seizure of wages (for the purpose of payroll accounting to fulfil social security, tax and other legal obligations);
- health data, e.g. within the context of payroll accounting, for settlement with health insurance funds or professional associations or within the scope of legal obligations as the employer, e.g. the company integration management or the fulfilment of duties with regard to the protection of the severely disabled or in the context of the company's self-regulation such as the occupational safety or occupational medical examinations;
- time recording and access data, holiday periods, working time accounts, shift schedules, closing times or access protocols, etc.;
- personal screening data (e.g. police certificate of good conduct, background check):
- data on suitability and on the performance/behavioural check; information on training and education , data for the purpose of measuring the achievement of goals, e.g. for variable remuneration, data on infringements of road traffic regulations ("parking fines");
- other data relating to HR management: data in the context of occupational health and occupational health management, health and safety measures, any degree of severe disability, possession of a driving licence, any garnishments of salary;
We will send your personal data to the following recipients in order, for example, to comply with legal obligations or obligations arising from the employment relationship:
- bank service providers, if need be, service providers for the calculation of pension provisions
- service providers for the settlement of wages (tax consultants), auditors, service companies for ICT, companies for software and hardware maintenance
- health, social and accident insurance carriers and other insurance companies
- authorities such as financial authorities, social security funds, employment agencies, if need be, authorities dealing with safety, health, road traffic and associated fines and other authorities
- company medical service
- companies related under company law (group companies) as joint controllers: the essential contents of the regulation of the tasks with regard to the rights of data subjects can be requested at the given contact address; according to Article 26 (3) GDPR the data subject may exercise his or her rights under this Regulation in respect of and against all the companies (controllers) involved.
- business partners and customers (official contact details), temping agencies
- website users when portrayed or named on the corporate website
When processing your personal data, we naturally comply with applicable law. Processing is, therefore, only carried out on a legal basis. The following legal bases are particularly relevant with regard to the employment relationship:
If we process your data within the scope of our legitimate interest, this will lie, for example, in:
- the carrying out of electronic access controls,
- the optimisation of HR planning
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defence of legal claims, including data for the documentation of flows of benefits,
- the avoidance of injury and/or liability of the company by taking appropriate measures,
- the profile of the company.
You have the right to object to the processing of personal data in the context of a legitimate interest, for reasons that arise from your particular situation. We will then no longer process your data unless we can prove compelling legitimate reasons on our part that outweigh your rights and freedoms or that serve the processing of the assertion, exercise or defence of legal claims.
We do not use the personal data you provide to make automated decisions about you.
We may, however, use your data as selection criteria for selecting suitable candidates for project assignments
Data collected by third parties
Using the ELStAM procedure, we collect payroll data that the tax authorities provide us with for the purposes of correct accounting.
This applies in particular to the payroll data below.
Duration of storage
After the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods. As a rule, these periods are 6 or 10 years. For various categories of data, however, such as occupational pensions, the retention period could be 30 years or longer.
Privacy Statement for Applicants
When you apply for a job or for freelance work in our company, we process and store your personal data.
We take your privacy very seriously and would like to inform you about how your application data is handled.
The purpose of data collectiong
Before joining our company or during the application process, we process your personal data solely for the purpose of establishing a contractual relationship to the extent required.
The types of data we process
The following types of personal data are regularly processed:
- applicant data; name, date of birth, curriculum vitae, nationality/work permit, knowledge, skills, history of work experience for the selection and recruitment process, entry and exit management
- private contact details; address, telephone number, e-mail (for the purpose of establishing contact),
- (optional) data as part of the staff screening process (e.g. police certificate of good conduct, background check) – depending on the client or site/location of employment;
- possibly data that are subject to professional secrecy; e.g. data on suitability as regards health and any restrictions
- other data relating to HR administration: severe disability (if relevant), possession of a driving licence
Wedo not require any information from you that cannot be used under the General Equal Treatment Act (race, ethnic origin, pregnancy, physical or mental illness, trade union membership, religion or belief, disability, sexual identity or sex life).
We ask that you do not transmit such data to us. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights, or other intellectual property rights, press rights or the general rights of third parties).
Legal bases of the processing
- for the establishment, implementation and termination of a contractual relationship pursuant to Article 6 (1) b GDPR; also for consultancy and freelancer contracts;
- to fulfil a legal obligation under Article 6 (1) c GDPR;
- in the case of processing, to protect a legitimate interest in accordance with Article 6 (1) f GDPR;
as well as on the basis of consent that you have given by voluntarily providing data that are not absolutely necessary for the purpose (e.g. hobbies in your curriculum vitae)
(however, such information is, in principle, not required to conclude a contract or continue an existing contract) according to Art 6 (1) a GDPR,
likewise on the basis of consent also for the mediation of consultancy and freelancer contracts,
whereby this information can be decisive for the conclusion of a consultancy or freelancer contract;
Our legitimate interests lie, for example, in the following:
- optimising the application processes,
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- asserting, exercising or defending legal claims,
- avoiding damage and/or liability of the company by taking appropriate measures.
- mediating a consultancy or a freelancer contract
We do not use the personal data you provide to make automated decisions about you.
However, we may use your data as selection criteria to select suitable candidates for project assignments.
Categories of recipients
- Internal recipients according to the "need to know" principle
Companies related under company law (group companies) as joint controllers:
the essential contents of the regulation of the tasks with regard to the rights of data subjects can be requested from the given contact address
according to Article 26 (3) GDPR, however, the data subject may exercise his or her rights under this Regulation in respect of and against all the companies involved.
- Client companies that are planning to be hired as consultants/freelancers
After the purpose in question has been achieved, your data will be deleted. However, data will be kept for as long as is necessary to defend legal claims. The storage period for unsuccessful applications is usually 6 months. If your profile was transmitted to us by a personnel service provider and commission claims of this service provider exist, the storage period may last until they have been satisfied or for the duration of the limitation period. If your profile is saved on the basis of consent given for the mediation of a consultancy or freelancer contract, then the data will be deleted after consent has been revoked. Insofar as accounting-relevant processing has been carried out, e.g. the reimbursement of travel expenses, the data required for this purpose will be deleted in compliance with statutory retention periods, as a rule 6 or 10 years. If the application was successful and we conclude a contract with you or add you into our pool of freelancers, we will store your data at least for the duration of the contract or the membership of the freelancer pool.
Privacy statement for other data subjects
Information on data processing
As a customer and as a prospective customer or other data subject, we process your personal data primarily for the purpose of establishing and fulfilling a contractual relationship concluded with you or on the basis of a legitimate interest. Your data will be collected, stored and, if need be, passed on by us to the extent required to provide the contractually agreed service or information, and to carry out direct marketing activities or other activities of our business. Failure to provide the data may result in the contract being unable to be concluded. Moreover, we process your data only if you have consented to the processing or given some other legal permission.
Purposes of the data processing
We process your personal data to achieve the following purposes in connection with the contractual relationship:
- contract processing (including shipping)
- advertising to existing customers, use as a selection criterion for direct marketing so we can offer you customised service
- retailer support
- a credit check
- the management of our supplier relationships
- customer service
- quality management
- the improvement and development of intelligent and innovative services
- customer analysis with regard to the market and opinion polls
- the handling of our logistics/materials management
Furthermore, we process your data only with your express consent.
Types of data that we process
The following personal data are processed:
- contact details; name, address, phone number
- identification/payment data; account number, VAT ID no.
- order data: quantity, turnover, intervals
- geodata: addresses, delivery terms
These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. We check them regularly. The service providers will not pass on these data to third parties, but delete them after the contract has been fulfilled and the legal storage periods have expired, insofar as you have not consented to any longer storage periods. If we are under any legal obligation to do so, we will share your information with the competent authority on request.
This could include, for example:
- bank or payment service
- logistics companies
- companies in the trades sector
The legal bases for the processing of your data are in particular:
- Article 6 (1) a on the basis of your consent, whereby no contract is required for the conclusion of a contract or the continuation of an existing contract,
- Article 6 (1) b for the establishment, carrying out and termination of a contractual relationship,
- Article 6 (1) c for compliance with a legal obligation,
- Article 6 (1) f to safeguard a legitimate interest
- the exercising our business interests, including direct marketing campaigns and credit checks,
- the enhancement of efficiency and effectiveness potentials, also in cooperation with partners and, possibly, affiliated companies,
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- asserting, exercising or defending legal claims,
- the avoidance of damage and/or the liability of the company by taking appropriate measures
In the event of a customer analysis, the processing of your data will either be done in an anonymous or – if anonymous processing for factual reasons is not possible or not useful – in a pseudonymised form.
Some of the afore-mentioned processes or services are performed by carefully selected and contracted service providers. We transmit or receive personal information about these service providers solely on the basis of a processing agreement. If the seat of a service provider is outside the European Union, or the European Economic Area, a third country transmission will take place. Data protection agreements that comply with the legal requirements are contractually agreed with these service providers in order to establish an adequate level of data protection and corresponding guarantees are agreed.
Data collected by third parties
If applicable, we may be provided with data by third parties, e.g. in the context of recommendations. In such a case, it is usually a matter of contact information associated with data relating to specific product or service needs.
Duration of storage
After the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods.