Privacy Policy

Privacy Policy of Hofmann Maschinen- und Anlagenbau GmbH

 

1. Information on the EU General Data Protection Regulation

Data Protection Information according to EU General Data Protection Regulation - as of June 2024

ger. Datenschutz-Grundverordnung DSGVO; engl. General Data Protection Regulation GDPR; frz. Règlement général sur la protection des données RGPD

1.1 General information

We take the protection of your personal data very seriously. Your privacy is important to us.
The following provisions serve to inform you about the processing of personal data in accordance with the requirements of the Basic Data Protection Regulation (DSGVO).
In particular, taking into account the information obligations under Art. 12 to 14 DSGVO, as well as clarifying the rights of data subjects existing under the DSGVO pursuant to Art. 15 to 22 and Art. 34 DSGVO.

1.2 Information on the responsible authority

Responsible for the processing of your personal data is the
Hofmann Maschinen- und Anlagenbau GmbH
Altrheinstrasse 11, 67550 Worms, GERMANY

Phone: +49 6242 904-0
fax: +49 6242 904-286
E-mail: infocheck-if-spam@hofmannmaschinen.com

In the following we would like to inform you about the different data processing methods:

  • Customers and other concerned parties
  • Website visitors
  • Applicants
  • Employees
  • Persons affected by video surveillance
  • Social media offerings

1.3 Use of service providers

Some of the aforementioned processes or services are performed by carefully selected and contracted service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, a third country transfer will take place. With these service providers, data protection agreements are contractually agreed upon in accordance with the legal requirements in order to establish an appropriate level of data protection and corresponding guarantees are agreed upon.

1.4 References to your rights

You have the right,

  • to request confirmation from us as to whether we are processing personal data concerning you;
    If this is the case, you have a right to information about this personal data and to the information specified in Art. 15 DSGVO.
  • to request the disclosure of the data concerning you in accordance with the restrictions of Art. 20 DSGVO in a common electronic, machine-readable data format. This also includes the surrender (as far as possible) to another person directly appointed by you.
  • to require us to correct your data if it is incorrect, inaccurate and/or incomplete. Correction also includes the completion by declarations or communication.
  • to require us to delete any personal data concerning you immediately,
    if one of the reasons listed in Art. 17 DSGVO applies in detail.
    Unfortunately, we are not allowed to delete data that is subject to a statutory retention period.
    If you no longer wish us to contact you by newsletter or other means, we will store your contact details on a blacklist.
  • to revoke any consent given by you with effect for the future, without this resulting in any disadvantages for you.
  • to require us to restrict processing if one of the conditions listed in Art. 18 DSGVO is met.
  • to object to the processing of your personal data at any time for reasons arising from your particular situation.
    We will then no longer process the personal data unless we can prove compelling reasons worthy of protection which outweigh your interests, rights and freedoms,
    or the processing serves the assertion, exercise or defence of legal claims (Art. 21 DSGVO).
  • without prejudice to any other administrative or judicial remedy and if you are of the opinion that the processing of your personal data violates the DSGVO, to complain to
    • our data protection officer: datenschutz-hofmanncheck-if-spam@daschug.de or by post (see imprint)
    • to a supervisory authority in the Member State where they are staying, working or suspected of having committed an infringement.

If you have any questions or comments about data protection (e.g. how to access and update your personal data), please contact us under the keyword "Data Protection" at the following e-mail address datenschutz-hofmanncheck-if-spam@daschug.de or by post (see above).

1.5 Deletion of your data

Unless otherwise regulated in the more detailed data protection declarations, we will delete your personal data once the contractual relationship with you has ended, you have exercised your right to deletion, all mutual claims have been met and there are no other legal storage obligations or legal justifications for storage.

 

2. Customers and other affected parties

2.1 Information on data processing

As a customer and as an interested party or other affected party, we process your personal data primarily for the purpose of establishing and fulfilling a contractual relationship concluded with you or on the basis of a justified interest. Your data will be collected, stored and if necessary passed on by us, as far as it is necessary to obtain the contractually agreed service, to provide information, to carry out direct marketing activities or other activities of our business. Failure to do so may result in the contract not being concluded. In addition, we will only process your data if you have consented to the processing or any other legal permission exists.

2.2 Purposes of data processing
We process your personal data to achieve the following purposes in connection with the contractual relationship:

  • Contract processing (including shipping)
  • the acquisition of existing customers, use as a selection criterion for direct marketing in order to be able to offer you a service tailored to your needs
  • dealer support
  • the credit assessment
  • the management of our supplier relationships
  • customer service
  • quality management
  • the improvement and development of intelligent and innovative services
  • customer analysis for the market and opinion research
  • the handling of our logistics/our materials management

In addition, we process your data only with your express consent.

2.3 Types of data processed by us
The following personal data will be processed:

  • private contact data; name, address, telephone number
  • Identification/payment data; account number, VAT ID No.
  • Order data: Quantity, turnover, intervals
  • Geodata: Addresses, delivery conditions

2.4 Categories of recipients
To some extent, we use external service providers based in the European Economic Area to process your data. These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. They are checked by us on a regular basis. The service providers will not pass this data on to third parties, but will delete it after fulfilment of the contract and conclusion of statutory storage periods, unless you have consented to further storage. If we are subject to a legal obligation to do so, we will disclose your data to the competent authority on request.
These are e.g:

  • Bank, payment service provider
  • logistics enterprises
  • craft businesses
  • etc.

2.5 Legal basis of the processing
Legal bases for the processing of their data are in particular:

  1. Art. 6 Para. 1 lit. a) on the basis of your consent, whereby in principle no contract conclusion or continuation of an existing contract is required,
  2. Art. 6 para. 1 lit. b) for the establishment, performance and termination of a contractual relationship,
  3. Art. 6 para. 1 lit. c) to fulfil a legal obligation,
  4. Art. 6 para. 1 lit. f) for the protection of a legitimate interest

Our legitimate interests lie in achieving the above-mentioned purposes and beyond, e.g. in

  • the safeguarding of our business interests, including direct marketing and credit checks,
  • the raising of efficiency and effectiveness potentials, also in cooperation with partners and possibly associated companies,
  • Ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
  • the assertion, exercise or defence of legal claims,
  • the prevention of injury and/or liability of the company through appropriate measures

2.6 Customer analysis
In the case of a customer analysis, your data will be processed either anonymously or, if anonymous processing is not possible for factual reasons or does not make sense, in pseudonymised form.
Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data of these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, the data will be transferred to a third country. With these service providers, data protection agreements in accordance with the statutory requirements for the establishment of an appropriate level of data protection are contractually stipulated and corresponding guarantees are agreed.

2.7 Data collected from third parties
Data from third parties may be made available to us, e.g. in the context of recommendations. In this case it is usually: contact data in connection with data on concrete product or service needs.

2.8 Storage period
After the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods.

 

3. Website visitors

3.1 Scope

This privacy statement applies to all pages of our online network that link to this statement.
The general information can be found on our main data protection page.

3.2 Purpose of data collection

The purpose of data collection is to optimise the website, to analyse errors, to tailor it to your needs, to contact you and, if necessary, to sell goods and services.

3.3 General information on data processing

We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.
Legal basis for the processing of your data:

  • Insofar as we obtain the consent of the person concerned for the processing of personal data, Art. 6 para. 1 lit. a of the EU Basic Data Protection Regulation (DSGVO) serves as the legal basis.
  • Art. 6 para. 1 lit. b) DSGVO serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
  • If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit.c DSGVO serves as the legal basis.
  • In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
  • If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

Legitimate interests can be in particular:

  • the answering of inquiries;
  • the implementation of direct marketing measures;
  • the provision of services and/or information intended for you;
  • the processing and transfer of personal data for internal or administrative purposes;
  • the operation and management of our website;
  • the technical support of users;
  • the prevention and detection of fraud and crime;
  • the protection against payment defaults when obtaining creditworthiness information for inquiries regarding deliveries and services; and/or
  • the guarantee of network and data security, insofar as these interests are in accordance with the applicable law and with the rights and freedom of the user;

Categories of recipients

  • Service providers for the optimization of websites, online marketing service providers and tools, service providers for information and communication technology, companies for software and device maintenance, some of which are described in more detail below.
  • Social networks and communities are described in more detail as follows
  • internal recipients according to the "need to know" principle

3.4 Usage data/server log files

Each time you visit our website, our systems automatically record data and information from the computer system of the calling computer.

The following types of data are collected: Browser type, version used, user's operating system, Internet service provider, user's IP address, date and time of access, websites from which the user's system accessed our website or which the user accessed from our website.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO with the aforementioned legitimate interests.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing also lies in these purposes. The data are deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. We also reserve the right to check the files if there is a justified suspicion of illegal use or a concrete attack on the pages on the basis of concrete indications. In this case our legitimate interest is the processing for the purpose of clarification and criminal prosecution of such attacks and unlawful uses.

3.5 Use of cookies

We use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies: Language settings, items in a shopping cart, log-in information, etc....

We also use cookies on some of our websites, which enable us to analyse the surfing behaviour of our users. In this way, entered search terms, frequency of page views, use of website functions, etc. are transmitted. The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data are not stored together with other personal data of the user.

Legal basis for data processing using cookies: The legal basis for processing personal data using cookies is Art. 6 Para. 1 lit. f DSGVO or, if the user has given his/her consent, Art. 6 Para. 1 lit. a DSGVO.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change. We need cookies for the provision of shopping cart, adoption of language settings, memorization of search terms, etc.. The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. Our legitimate interest in data processing also lies in these purposes. When calling up our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, a reference is also made to this data protection declaration. Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent. You can manage cookies from some US companies via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/ .

3.6 General Statements on WebBeacons / Tracking Pixels

WebBeacons are invisible graphics with the size of a pixel. These are used by partner companies, in particular for the purpose of tracking a user via various web pages to create a profile for use in tailored to the user.
These are used by partner companies, in particular for the purpose of tracking a user via various web pages to create a profile for use in targeting advertising tailored to the user. A pixel integrated into the web page is loaded from the partner's server when the web page is called. This provides the partner with your IP address, information about your browser and its version as well as browser plug-ins used (browser fingerprint), your operating system and your network operator.

Matomo

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. If individual pages of our website are called up, the following data is stored: Two bytes of the IP address of the calling system of the user, called website, the website from which the user reached the called website (referrer), the sub-pages called from the called website, duration of stay on the website, frequency of the call of the website. The software runs exclusively on the servers of our website. A storage of the personal data of the users only takes place there. The data will not be passed on to third parties. The legal basis for the processing of the users' personal data is Art. 6 para.1 lit. f) DSGVO. The legitimate interests here lie in the optimisation and needs-based design of our web offer. The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. By anonymizing the IP address, the interest of the users in their protection of personal data is sufficiently taken into account. The data is deleted as soon as it is no longer required for our recording purposes.  In our case this is after 14 months.

3.7 Contents of external providers

On our website we use active JavaScript content and fonts, which can also come from external providers such as Google. By calling up our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plug-in 'NoScript' or by deactivating JavaScript in your browser. However, this can lead to functional limitations.

Some of our websites include third-party content within their offerings, such as videos from YouTube, maps from Google Maps, images, text and multi-media files, RSS feeds or other services from other websites. This always requires your IP address to be transmitted to the providers of this content. We cannot make any statement about the use of your data by these providers and have no influence on further processing. In particular, we cannot say whether the data will be used for other purposes, such as profile building. Please refer to the corresponding data protection notices of the respective third party providers.

Among other things, you can protect yourself against further persecution by tracking pixels of these providers by deactivating the acceptance of third party cookies in your browser settings.

3.8 Google Maps

On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. Personal data is transmitted to Google (IP address, time of the request, content of the request, amount of data transmitted, website from which the request comes, language and version of the browser, information on the operating system). This is done regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact Google to exercise this right. The legal basis for the data processing is Art. 6 para. 1 lit. a) DSGVO.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy . For the exceptional cases in which personal data is transferred to the USA, standard contractual clauses apply.

By using the service, so-called web fonts, in this case Google Fonts, are downloaded from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Fonts is used here to enable the uniform display of fonts in Google Maps. When you call up the Google Maps map, your browser loads the required web fonts into your browser cache in order to display the texts and fonts correctly. Through this reloading, your IP address is transmitted to Google's servers.
The legal basis for the use of Google Fonts by Google Maps is your consent in accordance with Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time via our cookie settings at the bottom of each page of our website. However, we would like to point out that if you withdraw your consent, texts or Google Maps may no longer be displayed correctly.
Standard contractual clauses and the Trans-Atlantic Data Privacy Framework apply to the transfer of your personal data to the USA. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy

3.9 MyFonts Counter

The design of our website uses fonts from MyFonts Inc. 600 Unicorn Park Drive, Woburn, MA 01801, USA. If you have permitted JavaScript access and your browser does not have a JavaScript blocker, it is possible that technical data (in particular your IP address, technical data of your browser and data for calling up the fonts used) may be transmitted to the servers of MyFonts Inc. According to MyFonts Inc., this data contains only technically necessary information and does not allow any conclusions to be drawn about your person. However, the number of website visits is statistically recorded by MyFonts and transmitted to Myfonts. MyFonts Inc. is solely responsible for the transmission and evaluation of this data in accordance with data protection law; in particular, we do not receive any statistical evaluation from MyFonts for our own use. If you do not agree with the collection of data, we recommend that you install a JavaScript blocker (e.g. NoScript). However, technical problems with the use of this site cannot be excluded.
You can find their data protection regulations under the following link: https://www.myfonts.com/info/legal/ . If you wish to exercise your data protection rights in connection with MyFonts, the most effective way to do so is to contact MyFonts Inc. directly. We will be happy to assist you.

3.10 Google Fonts

This website uses so-called web fonts provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

We have integrated Google Fonts locally on our web server. In this respect, there is no connection to Google servers and therefore no transmission of your IP address.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy .

3.11 YouTube nocookies

Some of our web pages include YouTube videos that are stored on https://www.youtube.com and can be played directly from our website.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, personal data (browser type, browser version, IP address, operating system) is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

The legal basis for the display of YouTube videos is your consent in accordance with Art. 6 para. 1 lit. a) DSGVO.

Further information on the purpose and scope of data processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy . For the exceptional cases in which personal data is transferred to the USA, standard contractual clauses apply.

3.12 Contact form and e-mail contact

A contact form is available on our website, which can be used for electronic contact. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are: Name, address, email address, telephone number, etc. The following data will also be stored at the time the message is sent: The IP address, date and time. Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

Alternatively, it is possible to contact us via the e-mail address provided. In this case the personal data of the user transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.

The legal basis for the processing is:

  • The processing of data by the user after registration for the newsletter is subject to the consent of the user Art.6 Abs.1 lit. a DSGVO.
  • For the processing of data transmitted in the course of sending an e-mail, Art.6 para.1 lit.f DSGVO with the aforementioned legitimate interests.
  • If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art.6 para.1 lit.b DSGVO.

The processing of personal data from the input mask serves us solely to process the establishment of contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data are deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

3.13 Data collection during registration and registered use

Some of our websites require or offer registration. The data collected is used for the purposes of the use of our website.
The data collected will be used for the purpose of using the respective websites and services, unless otherwise described and explicitly consented to at the time of registration. The data collected is derived from the input mask within the scope of registration. All other data that you may store at a later date to complete your profile is optional and voluntary. After registration, we may inform you about relevant circumstances related to our offer to which you have registered by means of the deposited e-mail address.

3.14 Data transfer

If you provide us with personal data, it will only be passed on to third parties if this is necessary to process the contractual relationship or if another legal reason legitimises this passing on. However, we provide certain services with the cooperation of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.

3.15 Storage periods

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

 

4. Applicants

When you apply for a job in our company, we process and store your personal data. We take your privacy very seriously and would therefore like to inform you here about the handling of your applicant data.

4.1 Purpose of data collection

Before entering our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the extent required.

4.2 Types of data processed by us

The following types of personal data are regularly processed:

  • Applicant data; name, date of birth, curriculum vitae, nationality/work permit, etc. for selection and recruitment procedures, entry and exit management,
  • private contact data; address, telephone number, email (for contact purposes),
  • Data for personnel screening (e.g. police clearance certificate, reliability check (ZUP));
  • If applicable, data subject to professional secrecy; e.g. data on medical aptitude and any restrictions.
  • other data in personnel management: severe disability (if relevant), driving licence holder

We do not require any information from you that is not usable under the General Equal Treatment Act (AGG) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sex life).

We request that you do not provide such information to us. The same applies to content that is suitable for violating the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, press law or general rights of third parties).

4.3 Legal basis of the processing

  • the establishment, performance and termination of a contractual relationship pursuant to Art. 6 para. 1 lit.b)
  • to fulfil a legal obligation pursuant to Art. 6 para. 1 lit.c),
  • in the case of processing to safeguard a legitimate interest pursuant to Art. 6 para. 1 lit. f).
  • and on the basis of your consent by voluntarily surrendering data that is not absolutely necessary for the purpose (e.g. hobbies in your curriculum vitae).
    (however, such a contract is in principle not necessary for the conclusion of a contract or the continuation of an existing contract) pursuant to Art. 6 para. 1 lit a),

4.3.1 Our legitimate interests are, for example, in:

  • the optimization of application processes,
  • Ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
  • the assertion, exercise or defence of legal claims,
  • the prevention of injury and/or liability of the company through appropriate measures.

4.4 Categories of beneficiaries

  • Internal receivers according to the "need to know" principle
  • Companies affiliated under company law (group companies) as joint responsible parties:
    the essential contents of the regulation of the tasks with regard to the rights of data subjects can be inquired at the contact address provided,
    Pursuant to Art. 26 para. 3 DSGVO, these rights may, however, be claimed by affected parties from all companies involved.

4.5 Deletion periods

Your data will be deleted after the respective purpose has been achieved. However, data will be stored for as long as is necessary to defend legal claims. The storage period is usually 6 months. If your profile has been sent to us by a personnel service provider and there are commission claims from this service provider, the storage period can be up to their fulfillment or limitation. If processing relevant for accounting purposes has been carried out, such as the reimbursement of travel expenses, the necessary data will be deleted in compliance with the statutory retention periods, usually 6 or 10 years. If the application was successful and we conclude a contract with you, we will transfer the data collected during the application process to our personnel file.

 

5. Employees

5.1 Types of data processed by us
The following personal data will be processed:

  • Applicant data; name, date of birth, curriculum vitae, nationality/work permit, etc. for selection and recruitment procedures, entry and exit management;
  • private contact data; address, telephone number, email;
  • Official contact data; e.g. telephone numbers, e-mail, place of work, job title, photo if applicable;
  • Identification/payment data; identity card data or work permit for identification and determination of the legitimacy of the employment, place of birth, marital status, tax identification number, health insurance membership, income tax class, allowances, denominational affiliation for church tax, account number, any wage garnishments (for the purpose of payroll accounting and fulfilment of social security, tax law and other legal obligations);
  • Health data, e.g. as part of payroll accounting, for accounting with health insurance funds or employers' liability insurance associations or as part of legal obligations as an employer, such as company integration management or the fulfilment of duties in the protection of severely disabled persons or as part of company self-regulation, such as occupational health and safety or company medical examinations;
  • Time recording and access data, holiday times, working time accounts, shift schedules, closing times or access protocols, etc..;
  • Data within the scope of personnel screening (e.g. police clearance certificate, reliability check (ZUP));
  • Data on suitability and performance/behaviour control; training and further training information, data for the purpose of measuring target achievement, e.g. for variable remuneration components, data on infringements of road traffic regulations ("nodules");
  • other data in human resources management: data on occupational health and safety, occupational health and safety, any degree of serious disability, driving licence holders, any attachments of salary;

5.2 Categories of recipients

  • Bank service provider, if applicable service provider for calculating pension provisions
  • Service providers for the settlement of wages and salaries (tax consultants), auditors, service providers for information and communication technology, software and equipment maintenance companies
  • Health, social and accident insurance carriers and other insurance undertakings
  • Authorities such as tax authorities, social security funds, employment agencies, if necessary safety, health, road traffic or related fine offices and other authorities
  • Company medical service
  • Companies affiliated under company law (group companies) as joint responsible parties: the essential contents of the regulation of the tasks with regard to the rights of data subjects can be inquired at the contact address provided, but according to Art. 26 para. 3 DSGVO these rights can be claimed by data subjects from all companies involved.
  • Business partners and customers (official contact details), temporary employment agencies

5.3 Legal basis for processing
Legal bases for the processing of your personal data are in particular:

  1. Art. 6 Para. 1 lit. a) on the basis of your consent, whereby in principle no agreement is required for the conclusion of a contract or the continuation of an existing contract,
  2. Art. 6 Para. 1 lit.b) on the establishment, performance and termination of a contractual relationship,
  3. Art. 6 Para. 1 lit c) to fulfil a legal obligation,
  4. Art. 6 Para. 1 lit. f) for the protection of a legitimate interest

Our legitimate interests are, for example, in

  • the implementation of electronic access controls,
  • the optimization of personnel planning,
  • Ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
  • the assertion, exercise or defence of legal claims, including data for the documentation of service flows
  • the prevention of injury and/or liability of the company through appropriate measures.

We do not use the personal data you provide to make automated decisions about you.

5.4 Data collected from third parties
Using the ELSTAM procedure, we collect data on payroll accounting, which the tax authorities make available to us for correct accounting.
This applies in particular to the payroll accounting data listed below.

5.5 Storage period
Once the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods, generally 6 or 10 years, for various data categories such as occupational pension provision 30 years and longer.

 

6. Persons affected by video surveillance

Information on data collection
We use a video surveillance system on our company premises to monitor publicly accessible areas, in particular in outdoor areas as well as ..... (e.g., warehouse, shop, etc.).
We process your personal data within the scope of video surveillance primarily in the exercise of our legitimate interests.

Legal basis of video surveillance
Legal basis for the processing of your personal data in the context of video surveillance are in particular:,

  1. Art. 6 para. 1 lit a) on the basis of your consent,
  2. Art. 6 para. 1 lit f) to safeguard a legitimate interest

Our legitimate interests are, for example, in

  • the establishment of security and order on the company premises (vandalism prevention, house rules)
  • the assertion, exercise or defence of legal claims
  • the prevention of injury and/or liability of the company through appropriate measures (protection of property)
  • ensuring compliance with security regulations, obligations, standard or contractual obligations

6.1 Purposes of data collection
The purpose of video surveillance is usually to safeguard one of the above-mentioned legitimate interests.

6.2 Duration of storage
The video data is saved for the duration of 8 days. The data will then be deleted automatically.

6.3 Types of data processed by us
Visual data

6.4 Categories of recipients

  • Transmission to security service providers
  • Transmission to legal advisers for the preparation of legal measures
  • Transmission to law enforcement authorities

 

7. Social media offerings

7.1 Privacy Policy for XING

We operate one or more company websites on the professional social media network XING, in particular for self-presentation, but also for recruiting.

We would like to point out that the privacy policy of XING SE, Dammtorstraße 30, DE-20354 Hamburg, Germany, Tel.: +49 40 419 131-0, Fax: +49 40 419 131-11, E-Mail: infocheck-if-spam@xing.com, (hereinafter: XING) is applicable on our XING company website.
Further information on the processing of personal data by XING can be found here: https://privacy.xing.com/de/datenschutzerklaerung

We process your data only if you contact our personnel department via the XING platform or apply for an advertised position via XING. In this case, XING collects your data and makes it available to us. Under certain circumstances, your data may also be stored and further processed by us. The processing of your personal data in the case of an application is governed by our Applicant Privacy Policy.

 

7.2 Privacy policy for LinkedIn

Please note that the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland Privacy Policy ("LinkedIn") is applicable on our LinkedIn Company page.
More information about LinkedIn's processing of personal data can be found at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

We only process your data if you contact our personnel department via the LinkedIn platform or apply for a job advertised via LinkedIn. In this case, LinkedIn will collect your data and make it available to us.
Under certain circumstances, your data may also be stored and further processed by us. The processing of your personal data in the case of an application is based on our applicant data protection declaration.

 

7.3 Privacy policy for YouTube

We operate one or more company websites on the social media network YouTube of Google Inc. especially for self-promotion but also for recruiting.
According to the ruling of the European Court of Justice (EuGH) of 5 June 2018, case no. C-210/16, the operator of social media sites is at least jointly responsible for the data processing, at least in the case of Facebook adaptations, within the meaning of Art. 26 DSGVO.
We assume an analogous applicability of this decision to other social networks, including YouTube. So far we are not aware that YouTube offers an agreement that meets the requirements of Art. 26.
We would like to point out that you use the YouTube channel offered here and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, licensing, disliking, commenting).
We only process your data when you contact us via the YouTube platform. In this case YouTube collects your data and makes it available to us.
Under certain circumstances, we may also store and further process your data. The processing of your personal data is then governed by one of our other data protection declarations, depending on the group of affected persons to which you belong.
Furthermore, we may collect data from visitors to our company site, provided that the advertisement as a visitor can be defined as processing. However, we do not store these data on our own systems, nor do we systematically process them by occasionally taking note of them.
The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you according to Art. 6 para. 1 lit. b) DSGVO (e.g. in case of questions about products or services)
or on the basis of our justified interest in communication with users and our external presentation for the purpose of advertising in accordance with Art. 6 Para. 1 lit. f) DSGVO.
If you have given your consent to the provider of the social network for the aforementioned data processing with effect for us, the legal basis is Art. 6 para. 1 lit. a) DSGVO.
For these processing steps, our information regarding the responsible body, the data protection officer and the declaration of your rights as a data subject applies.
We would like to point out that for any further processing on our YouTube channel the data protection declaration of Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 or alternatively Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is applicable.
We have no lasting knowledge of and no influence on the nature and extent of the data processed by Google, the way in which this data is processed and used or the disclosure of this data to third parties. We also have no effective means of control in this respect.
Further information on the processing of personal data by YouTube can be found here:
- Terms of use: www.google.com/analytics/terms/de.html
- Privacy policy: www.google.de/intl/de/policies/privacy.
In cases where personal data is transferred to the USA, standard contractual clauses apply.

 

7.4 Privacy policy for Facebook fanpage

We operate one or more company websites ("fan pages") on the professional social media network Facebook, in particular for self-portrayal, for branding, but also for the purpose of customer communication and recruiting.

According to the judgment of the European Court of Justice (ECJ) of June 5th, 2018, Az. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 DSGVO. Although Facebook offers such a declaration at https://www.facebook.com/legal/terms/page_controller_addendum we do not know whether it now meets the requirements of the DSGVO (General Data Protection Regulation).

We only process your data - apart from the additional procedures below - if you contact us via the platform. In this case, Facebook collects your data and makes it available to us. Under certain circumstances, storage and further processing by us may also take place. The processing of your personal data in the event of an inquiry or application is based on our other relevant data protection declarations.

The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you pursuant to Art. 6 (1) b) DSGVO or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) f) DSGVO.

If you have given your consent to the social network provider for the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a) DSGVO.

Furthermore, we may collect data from visitors to our company site, provided that the display as a visitor can be defined as processing. However, we do not store this data - subject to further procedures listed below - on our own systems, nor are they systematically processed beyond occasional notice.

For these processing steps, our information regarding the responsible body, the data protection officer and the declaration of your rights as the data subject apply.

We would like to point out that for any further processing on our fan pages, the data protection declaration of Meta Platforms, Inc. (1601 Willow Road Menlo Park, CA 94025 United States) or Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is applicable.

The data transfer to third countries is based on the use of standard contractual clauses according to the European Commission: https://de-de.facebook.com/help/566994660333381 . Further, detailed information on data processing by Facebook and the corresponding objection options can be found at https://www.facebook.com/about/privacy/ and at https://www.facebook.com/legal/terms/dataprocessing . Facebook is the provider of this service and is the only one authorized to provide complete information on data processing on Facebook.

We would like to point out that the assertion of data subject rights and requests for information are best addressed to Facebook. Only Facebook has access to your data and can take immediate action to delete or restrict the data, etc., or to provide information. Of course, we will support you in asserting your rights if necessary.

You can find options for opting out at: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com .

Additional information Facebook Insight

We use the "Facebook Insight" analysis function on our fan pages. The function serves the purpose of advertising and market research in order to provide you with more relevant content and to develop new functions that are of interest to you.

Facebook uses cookies for this purpose, which enable an analysis of your visits to the Fanpages. The information generated by the cookies about your use of the fan pages is usually transmitted to Facebook servers in the USA and stored there. When transferring data to third countries, Facebook relies on standard contractual clauses from the European Commission and thus undertakes to comply with European data protection rules: https://de-de.facebook.com/help/566994660333381 .

The processing is based on Art. 6 (1) f) DSGVO from the legitimate interest in targeted advertising and targeted design of the fan pages. If you have given consent to the social network provider for the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a) DSGVO.

For more information on terms of use and data protection, please visit https://www.facebook.com/about/privacy/ . Detailed information on the respective processing and the options to object can be found at https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com/ .

 

7.5 Privacy policy for Instagram Channel

We maintain one or more presences on the social network Instagram in order to communicate with the users registered there and to provide information about our company, products and services.

According to the judgment of the European Court of Justice (ECJ) of June 5th, 2018, Ref. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 DSGVO.

So far, we are not aware that Instagram offers an agreement that meets the requirements of Art. 26.

We process your data that you send us via these networks in order to communicate with you and to answer your messages there.

Under certain circumstances, storage and further processing by us may also take place. The processing of your personal data in the case of an application is based on our applicant data protection declaration.

Furthermore, we may collect data from visitors to our company website if the display as a visitor can be defined as processing. However, we do not store this data on our own systems, nor is it systematically processed further through occasional acknowledgment.

For these processing steps, our information regarding the responsible body, the data protection officer and the declaration of your rights as the data subject apply.

The legal basis for the processing of personal data is our legitimate interest in communicating with users and our public image for the purpose of advertising in accordance with Article 6 (1) f) DSGVO.

If you have given the social network provider your consent to the data processing described above with effect for us, the legal basis is Art. 6 (1) a) DSGVO.

For any further processing, we would like to point out that the data protection declaration of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA applies to our company website.

You can find more information about the purpose and scope of the data collection and the further processing and use of the data by Instagram as well as your rights in this regard and setting options for protecting your privacy in Instagram's data protection declaration: http://instagram.com/about/legal/privacy/ or https://help.instagram.com/155833707900388/ .

Additional information about Instagram Insights

We use the “Instagram Insights” analysis function from Meta Platforms Inc. (1601 Willow Road Menlo Park, CA 94025 United States; “Facebook”) on our Instagram page. The function serves the purpose of advertising and market research in order to provide you with more relevant content and to develop new functions that are of interest to you. Facebook uses cookies that enable an analysis of your visits to the fan page. The information generated by the cookies about your use of the fan page is usually transmitted to Facebook servers in the USA and stored there. With regard to data transmission to third countries, Facebook relies on the use of standard contractual clauses according to the European Commission and thus undertakes to comply with European data protection rules: https://de-de.facebook.com/help/566994660333381 . The processing takes place on the basis of Article 6 (1) a) DSGVO. We use Instagram Insights to design targeted advertising and the targeted design of the fan page.

Further, detailed information on data processing by Facebook and the corresponding objection options can be found at https://www.Facebook.com/about/privacy/  Facebook is the provider of this service and is the only one authorized to provide complete information on data processing on Instagram.

We would like to point out that the assertion of data subject rights and requests for information are best addressed to Meta Platforms Inc. ("Facebook"). Only Facebook has access to your data and can take immediate action to delete or restrict the data, etc., or to provide information. Of course, we will support you in asserting your rights if necessary.

 

7.6 Privacy policy for StepStone

We operate one or more company websites on the professional social media network StepStone, in particular for self-portrayal, but also for recruiting.

According to the judgment of the European Court of Justice (ECJ) of June 5th, 2018, Az. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 DSGVO.

We suspect an analogous applicability of this decision to other social networks, including StepStone. So far, we are not aware that StepStone offers an agreement that meets the requirements of Art. 26.

We only process your data if you contact our human resources department via the StepStone platform or apply for an advertised position via StepStone. In this case, StepStone collects your data and makes it available to us.

Under certain circumstances, storage and further processing by us may also take place. The processing of your personal data in the case of an application is based on our applicant data protection declaration.

The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you pursuant to Art. 6 (1) b DSGVO or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) f DSGVO.

If you have given consent to the provider of the social network to the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a DSGVO.

In this case, storage and further processing by us may also take place. The processing of your personal data in the event of an application is governed by our Applicant Privacy Policy.

Furthermore, we may collect data of visitors to our company website, provided that the advertisement as a visitor can be defined as processing. However, we do not store this data on our own systems, nor are they systematically processed beyond occasional awareness.

For these processing steps, our information regarding the responsible body, the data protection officer and the declaration of your rights as a data subject apply.

We would like to point out that for any processing going beyond this on our StepStone company website, the data protection declaration of StepStone Deutschland GmbH, Völklinger Straße 1, DE-40291 Düsseldorf, Germany, Phone +49 211-93493-0, Fax: +49 211-93493-5900, E-Mail: info@stepstone.de, (hereinafter: StepStone) is applicable. Further information on the processing of personal data by StepStone can be found here: https://www.stepstone.de/Ueber-StepStone/rechtliche-hinweise/datenschutzerklaerung/ .