Data protection policy

1. A summary of data protection

General information

The following information provides a simple summary of what we do with your personal data when you visit our website. Personal data are all data that can be used to personally identify you. You will find detailed information on the subject of data protection and privacy in our Data Protection Policy attached below.

Data collection on this website

Who is responsible for data collection on this website?

Data is processed on this website by the website operator. You can find their contact details in the section of this policy titled “Information on the controller.”

How do we capture your data?

Your data are collected when you share them with us. This can happen, e.g., when you enter data in a contact form. Other data are recorded by our IT systems automatically and on the basis of your consent when you visit the website. This primarily includes technical data (e.g., internet browsers, operating system, and time of page retrieval). These data are collected automatically as soon as you visit the website.

What do we use your data for?

Part of the data is collected to ensure the flawless representation of the website. Other data can be used to analyze your user behavior.

What rights do you have in regards to your data?

You have the right to receive information about the origin, recipient, and purpose of your saved personal data free of charge at any time. You also have a right to request correction or erasure of this data. If you have given consent for data processing, you can revoke this consent at any time in the future. You also have the right to request the restriction of processing of your personal data under certain circumstances. You are also entitled to a right to appeal to the competent supervisory authority. You can contact us at any time in this regard and if you have other questions on the topic of data protection.

Analytical tools and third-party tools

When you visit this website, your surfing behavior may be evaluated statistically. This is primarily done with so-called analytical programs. You can find detailed information on these analytical programs in this Data Protection Policy.

 

2. General information and mandatory disclosures

Data protection

The operators of these pages take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection regulations and this Data Protection Policy. If you use this website, various types of personal data are collected. Personal data are data that can be used to personally identify you. This Data Protection Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to remind you that the transmission of data over the internet (e.g., communication by email) is not secure due to possible security gaps. Absolute protection of data against access by third parties is not possible.

Information on the controller

The controller for data processing on this website is: Giebeler GmbH Dietzhölzstrasse 21-24 35713 Eschenburg Phone: +49 2774706-0 Email: info@giebeler.eu The controller is the natural person or legal entity who decides, alone or with others, on the purpose and means of processing personal data (e.g., names, email addresses, or similar).

Storage period

Unless a more specific storage period has been specified in this Data Protection Policy, we will retain your personal data until the purpose of data processing no longer applies. If you assert a legitimate request for erasure or revoke consent for data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be erased after these reasons cease to apply.

General information on the legal basis of the data processing on this website

If you gave consent to the data processing, we will process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special data categories in accordance with Art. 9 (1) GDPR are processed. In the event of explicit consent to transmit personal data to third countries, the data are also processed on the basis of Art. 49 (1) (a) GDPR. If you have given consent to the placement of cookies or to access information in your end device (e.g., device fingerprinting), the data are also processed on the basis of Section 25 para. 1 of the German Telecommunications-Telemedia Data Protection Act [Telekommunikation-Telemedien-Datenschutzgesetz – TTDSG]. The consent can be revoked at any time. If your data are required for the execution of the contract or to implement pre-contractual measures, we will process your data on the basis of Art. 6 (1) (b) GDPR. We will also process your data, if these data are required for the fulfillment of a legal obligation, on the basis of Art. 6 (1) (c) GDPR. The data can also be processed on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. In the following paragraphs of this Data Protection Policy, you will be informed about the legal basis relevant to each individual case.

Data protection officer

We have appointed a data protection officer for our company. Henning Welz gds Gesellschaft für Datenschutz Mittelhessen mbH Auf der Appeling 8 35043 Marburg-Cappel Phone: +49 642180413-10 Email: datenschutz@gdsm.de

Information about data transmission to the USA or other third countries

In part, we use tools provided by companies based in the U.S. or other third countries not secure in terms of data protection legislation. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that a comparable level of data protection as in the EU cannot be guaranteed in these countries. For example, U.S. companies are obligated to hand over personal data to security agencies without you as the data subject being able to take action in court against this. Therefore, it cannot be ruled out that U.S. authorities (e.g., intelligence services) will process and evaluate your data on U.S. servers for surveillance purposes and store these data over the long term. We have no influence on these processing activities.

Revocation of your data processing consent

Many data processing operations are possible only with your explicit consent. You can revoke granted consent at any time. The legality of data processing up to the date of revocation remains unaffected by the revocation.

Revocation right against data collection in special cases and against direct advertising (Art. 21 GDPR)

IF DATA ARE PROCESSED ON THE BASIS OF ART. 6 (1) (E) or (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR ANY REASON ARISING FROM YOUR SPECIAL SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU WILL FIND THE LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS DATA PROTECTION POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PROVE OVERRIDING REASONS WORTHY OF PROTECTION IN THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS INTENDED FOR THE ASSERTION, EXERCISING, OR DEFENSE OF LEGAL CLAIMS (OBJECTION IN ACCORDANCE WITH ART. 21 (1) GDPR). IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA RELATED TO YOU FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME; THIS ALSO APPLIES TO PROFILING, IF IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION IN ACCORDANCE WITH ART. 21 (2) GDPR).

Right to complain to the competent supervisory authority.

If the provisions of the GDPR are breached, the data subject is entitled to a right to appeal to a supervisory authority, especially in the member state of their customary residence, their place of employment, or the location of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or to execute a contract handed over to you or a third party in a common, machine-readable format. If you demand direct transmission of data to another controller, this is handled to the extent it is technically feasible.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and there is a lock symbol in your browser line. If SSL or TLS encryption is enabled, the data that you transmit to us cannot be read by third parties.

Information, erasure, and correction

The valid statutory provisions give you the right, at any time, to receive free information about your stored personal data, their origin, and the recipient and purpose of data processing and, as necessary, a right to correction or erasure of these data. You can contact us at any time in this regard and if you have other questions on the topic of personal data.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time in this regard. There is a right to the restriction of processing in the following cases:

• If you dispute the accuracy of your personal data stored with us, we usually need time to review this. For the period of the check, you have the right to request the restriction of processing of your personal data.
• If the processing of your personal data happened/is happening illegally, you can request the restriction of data processing instead of erasure.
• If we no longer need your personal data, but you need the data to exercise, defend or assert legal rights, you have the right to request the restriction of processing of your personal data instead of erasure.
• If you have filed an objection under Art. 21 (1) GDPR, a balance must be found between your interests and ours. As long as it is not clarified whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data may—apart from being stored—only be processed with your consent or for the assertion, exercising, or defense of legal rights or for the protection of the rights of another natural person or legal entity or for reasons of an important public interest of the European Union or a Member State.

Objection to advertising emails

The use of contact data published in the mandatory legal notice for the sending of advertising and information material not explicitly requested is hereby objected to. The operators of the website explicitly reserve the right to take legal action in the event that unrequested advertising information is sent, e.g., in the form of spam emails.

 

3. Data collection on this website

Cookies

Our website uses so-called “cookies.” Cookies are small text files and do not do damage to your end device. They are stored either temporarily for the length of a visit (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically erased after the end of your visit. Permanent cookies remain stored on your end device until you erase them yourself or your web browser erases them automatically. In part, cookies from third companies may be stored on your end device if you visit our website (third-party cookies). They let us or you use certain services of the third company (e.g., cookies for processing payment services). Cookies have various functions. Numerous cookies are technically necessary since certain website features would not work without them (e.g., shopping basket feature or display of videos). Other cookies are intended to evaluate user conduct or display advertisements. Cookies necessary for electronic communication operations or for providing certain features you would like (e.g., for the shopping basket feature) or for optimizing the website (e.g., cookies to measure the web audience), i.e., required cookies, are stored on the basis of Art. 6 (1) (f) GDPR if no other legal basis is given. The website operator has a legitimate interest in the storing of required cookies for the technically flawless and optimized provision of their services. If consent was requested for the storage of cookies and comparable recognition technologies, the processing was handled solely on the basis of this consent (Art. 6 (1) (a) GDPR and Sec. 25 para. 1 TTDSG); consent can be revoked at any time. You can set your browser so that you are informed about the placement of cookies and only allow cookies in an individual case, only allow cookies for certain cases, or generally exclude them or enable the automatic erasure of cookies when you close the browser. If cookies are disabled, the features of this website may be limited. If cookies are used by third-party companies or for analytical purposes, we will inform you about this separately in accordance with this Data Protection Policy and may ask for your consent.

Consent for Borlabs Cookie

Our website uses the consent technology of the Borlabs Cookie to obtain your consent for the storage of specific cookies in your browser or to use specific technologies and to document this in conformity with data protection. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs). If you visit our website, a Borlabs Cookie will be stored in your browser to store the consents you have given or the revocation of these consents. These data are not shared with the provider of the Borlabs Cookie. The data recorded are stored until you ask us to erase them or until you delete the Borlabs Cookie or the purpose of data storage ceases to apply. Mandatory statutory retention periods remain unaffected. You will find details on the data processing of the Borlabs Cookie at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/. The use of the Borlabs Cookie consent technology is necessary to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR. 6 (1) (c) GDPR.

 

Change cookie settings

 

Server log files

The provider of the website collects and automatically stores information in so-called server log files that your browser automatically transmits to us. These are:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of server request
• IP address

These data are not combined with other data sources. These data are collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically flawless representation and optimization of their website—the server log files must be recorded for that purpose.

Contact form

If you send us requests by contact form, your information in the request form, including the contact details indicated there, is stored by us for the purpose of processing the request and in the event of future requests. We do not share these data without your consent. These data are processed on the basis of Art. 6 (1) (b) GDPR if your request is connected with the execution of a contract or is required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests submitted to us (Art. 6 (1) (f) GDPR) or on the basis of your consent (Art. 6 (1) (a) GDPR) if this was requested; consent can be revoked at any time. The data you enter in the contact form will remain with us until you ask us to erase it, revoke your consent to the storage, or the purpose for data storage ceases to apply (e.g., after complete processing of your request). Mandatory statutory provisions—especially retention periods—remain unaffected.

Requests by email, phone, or fax

If you contact us by email, phone, or fax, your request, along with all provided personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not share these data without your consent. These data are processed on the basis of Art. 6 (1) (b) GDPR if your request is connected with the execution of a contract or is required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests submitted to us (Art. 6 (1) (f) GDPR) or on the basis of your consent (Art. 6 (1) (a) GDPR) if this was requested; consent can be revoked at any time. The data you send to us in the contact form will remain with us until you ask us to erase it, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after complete processing of your request). Mandatory statutory provisions—especially statutory retention periods—remain unaffected.

Registration on this website

You can register at this website to use its additional features. We only use such data entered for the purpose of enabling the respective offer or service for which you have registered. The mandatory information requested for registration must be provided in full. Otherwise, we will reject registration. We use the email address provided during registration to inform you by email about important changes, for example, in the scope of the service or in the event of technically necessary changes. The data entered for registration is processed for the purpose of implementing the user relationship established in the registration and possibly to initiate other contracts (Art. 6 (1) (b) GDPR). The data recorded in the registration are saved by us as long as you are registered on this website and will then be erased. Statutory retention periods remain unaffected.

 

4. Social media

Facebook

Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to statements made by Facebook, the data recorded are transferred to the U.S. and other third countries. You will find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE. If the social media element is enabled, a direct connection between your end device and the Facebook server will be established. Facebook receives information that you have visited this website with your IP address. If you click the Facebook “like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. Facebook can assign this website visit to your user account. We would like to point out that we as the provider of this website do not receive any information about the content of the transmitted data or their use by Facebook. You will find more information in Facebook’s Privacy Policy at: https://de-de.facebook.com/privacy/explanation. If consent was obtained, the aforesaid service is used on the basis of Art. 6 (1) (a) GDPR and Section 25 TTDSG. The consent can be revoked at any time. If no consent was obtained, the service is used on the basis of our legitimate interest in achieving the greatest possible visibility in social media. If personal data is collected on our website by using the tool described here and shared with Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited solely to the collecting of data and their transmission to Facebook. The processing is done by Facebook after the data is shared and is not part of the joint responsibility. The obligations for which we are jointly responsible were documented in an agreement on joint processing. You will find the text of this agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for issuing the data protection information for the use of the Facebook tool and for the secure implementation of the tool on our website in compliance with data protection legislation. Facebook is responsible for the data security of Facebook products. You can assert the rights of data subjects (e.g., right to request information) in regards to data processed by Facebook directly against Facebook. If you assert the rights of data subjects against us, we are obligated to forward them to Facebook. The data transmission to the U.S. is based on the standard contractual clauses of the EU Commission. You will find the details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Each time a page of this website containing LinkedIn elements is retrieved, a connection is established to the servers of LinkedIn. LinkedIn will be informed that you have visited this website with your IP address. When you click on the LinkedIn “Recommend” button and are logged into your account at LinkedIn, LinkedIn can assign your website visit to you and your user account. We would like to point out that we as provider of this website do not receive any information about the content of the transmitted data or their use by LinkedIn. If consent was obtained, the aforesaid service is used on the basis of Art. 6 (1) (a) GDPR and Section 25 TTDSG. The consent can be revoked at any time. If no consent was obtained, the service is used on the basis of our legitimate interest in achieving the greatest possible visibility in social media. The data transmission to the U.S. is based on the standard contractual clauses of the EU Commission. You will find the details here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de You will find more information in LinkedIn’s Privacy Policy at: https://www.linkedin.com/legal/privacy-policy.

 

5. Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool for integrating tracking or statistics tools and other technologies into our website. Google Tag Manager does not generate a user profile on its own, does not store any cookies, and does not undertake any independent analyses. It is solely intended for the management and playout of the tools integrated through it. Google Tag Manager, however, records your IP address, which can also be transferred to the parent company of Google in the United States.

Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If consent was requested, the processing is solely handled on the basis of Art. 6 (1) (a) GDPR and Sec. 25 (1) TTDSG when consent includes the storage of cookies or access to information in the end device of the user (e.g., device fingerprinting) within the meaning of the Telecommunications-Telemedia Data Protection Act [TTDSG]. The consent can be revoked at any time.

Google Analytics

This website uses the features of the web analytical service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of the website visitors. The website operator receives various forms of use data such as page views, length of stay, operating systems used, and place of the user. These data are collected in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse and scrolling movements and clicks, among other actions. Google Analytics also uses various modeling methods to supplement the recorded datasets and deploys machine learning technologies for data analysis.

Google Analytics uses technologies that allow the recognition of the user for the purposes of analyzing user behavior (e.g., cookies or device fingerprinting). The information recorded by Google on the use of this website is usually transferred to a Google server in the U.S. and stored there.

This service is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 para. 1 TTDSG. The consent can be revoked at any time.

The data transmission to the U.S. is based on the standard contractual clauses of the EU Commission. You will find the details here: https://privacy.google.com/businesses/controllerterms/mccs/.  

Browser plugin

You can prevent the collection and processing of your data by Google if you download and install the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.  

You will find more information on the handling of user data at Google Analytics in Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.  

Google signals

We use Google signals. If you visit our website, Google Analytics will collect your location, search history, and YouTube history, as well as demographic data (visitor data), among other things. These data can be used for personalized advertising with the help of Google signals. If you have a Google account, Google signal’s visitor data is linked to your Google account and used for personalized advertising messages. These data are also used to compile anonymized statistics on our users’ behavior.

Contract data processing

We have concluded a contract data processing agreement with Google and have implemented the strict requirements of the German data protection authorities for the use of Google Analytics.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads lets us display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Targeted advertisements can be displayed on the basis of the user data available at Google (e.g., location data and interests), which is referred to as target group targeting. As the website operator, we can evaluate these data quantitatively by analyzing, for example, what search terms led to the display of our advertisements and how many advertisements led to clicks. This service is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 para. 1 TTDSG. The consent can be revoked at any time. The data transmission to the U.S. is based on the standard contractual clauses of the EU Commission. You will find the details here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

 

6. Plugins and tools

Vimeo without tracking (Do Not Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. If you visit one of our pages with Vimeo videos, a connection will be established to Vimeo servers. The Vimeo server is informed which of our pages you have visited. Furthermore, Vimeo receives your IP address. We have set Vimeo so that it does not actively track your user activities and does not place any cookies. Vimeo is used in the interest of an attractive presentation of our services online. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If consent was requested, the processing is solely handled on the basis of Art. If consent was requested, the processing is solely handled on the basis of 6 (1) (a) GDPR; consent is revocable at any time. The data transmission to the U.S. is based on the standard contractual clauses of the EU Commission and is based on “legitimate business interests” according to statements by Vimeo. You will find the details here: https://vimeo.com/privacy. You will find more information on the handling of user data in Vimeo’s Privacy Policy at: https://vimeo.com/privacy.

Google Maps

The website uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website does not have any influence on this data transmission. If Google Maps is enabled, Google can use Google Web Fonts for the purpose of a uniform presentation of fonts. When Google Maps is called up, your browser loads the necessary web fonts in its browser cache to display the texts and fonts correctly. Google Maps is used in the interests of an attractive presentation of our services online and to make it easier to find the places referred to on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. 6 (1) (f) GDPR. If consent was requested, the processing is solely handled on the basis of Art. 6 (1) (a) GDPR and Sec. 25 (1) TTDSG when consent includes the storage of cookies or access to information in the end device of the user (e.g., device fingerprinting) within the meaning of the Telecommunications-Telemedia Data Protection Act [TTDSG]. The consent can be revoked at any time. The data transmission to the U.S. is based on the standard contractual clauses of the EU Commission. You will find the details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. You will find more information on the handling of user data in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

iThemes Security

We have integrated iThemes Security into this website. The provider is iThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (hereinafter “iThemes Security”). iThemes Security is intended to protect our website against undesired access or malicious cyberattacks. To this end, iThemes Security records your IP address, time and place of login attempts, and log data (e.g., the browser used), among other data. iThemes Security is installed locally on our servers. iThemes Security is used on the basis of Art. 6 (1) (f) GDPR. 6 (1) (f) GDPR. The website operator has a legitimate interest in the most effective protection possible of its website against cyberattacks. If consent was requested, the processing is solely handled on the basis of Art. 6 (1) (a) GDPR and Sec. 25 (1) TTDSG when consent includes the storage of cookies or access to information in the end device of the user (e.g., device fingerprinting) within the meaning of the Telecommunications-Telemedia Data Protection Act [TTDSG]. The consent can be revoked at any time.

ManageWP

We administer this website by using the tool ManageWP. The provider is GoDaddy.com WP Europe, Trg republike 5, 11000 Belgrade, Serbia (hereinafter ManageWP). With ManageWP, we can monitor the security and performance of our website and carry out automatic backups, among other things. As a result, ManageWP has access to all content on our website, including our databases. ManageWP is hosted on the provider’s servers. ManageWP is used on the basis of Art. 6 (1) (f) GDPR. 6 (1) (f) GDPR. The website operator has a legitimate interest in the most effective and secure operation possible of its website(s). If consent was requested, the processing is solely handled on the basis of Art. 6 (1) (a) GDPR and Sec. 25 (1) TTDSG when consent includes the storage of cookies or access to information in the end device of the user (e.g., device fingerprinting) within the meaning of the Telecommunications-Telemedia Data Protection Act [TTDSG]. The consent can be revoked at any time.

Contract data processing

We have an agreement on contract data processing with the aforesaid provider. This is an agreement required under data protection legislation to ensure that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

7. Company’s own services

Handling applicant data

We offer you the opportunity to apply for a job with us (e.g., by email, by mail, or by online application form). In the following, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data are in conformity with applicable data protection law and all other statutory provisions, and that your data will be handled strictly confidentially.

Scope and purpose of data collection

If you send us an application, we will process your personal data associated with it (e.g., contact and communication data, application documents, notes taken during the job interviews, etc.) insofar as this is required to decide on the establishment of an employment relationship. The legal basis for this under German law is Section 26 BDSG [German Federal Data Protection Act – Bundesdatenschutzgesetz], Art. 6 (1) (b) GDPR (general initiation of a contract) and—if you have given consent—Art. 6 (1) (a) GDPR. The consent can be revoked at any time. Your personal data are shared solely within our company with persons who are involved in the processing of your application. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) (b) GDPR for the purpose of establishing the employment relationship.

Retention period for data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Then the data are erased and the physical application materials are destroyed. The retention is intended in particular for purposes of proof in the event of a legal dispute. If it is evident that the data will be required after the end of the 6-month period (e.g., on account of a threatened or pending legal dispute), they will only be erased when the purpose for prolonged retention ceases to apply. A longer retention period may also occur if you have given consent (Art. 6 (1) (a) GDPR) or if the statutory storage obligations are opposed to erasure.