Data Privacy Statement
1) Data privacy: Overview
The following information gives you a simple overview of what happens to your personal data when you visit this website. Personal data includes all data with which you can be personally identified. Please see the Data Privacy Statement we have provided below this overview for more detailed information on data privacy.
Data collection on this website
Who is responsible for collecting data on this website?
The data on this website is processed by the website operator. Please see “Information on the controller” in this Data Privacy Statement for contact details for the website operator.
How do we collect your data?
For one thing, your data is collected when you communicate it to us. This can be data you enter in a contact form, for example.
Our IT systems collect other data when you visit the website, either automatically or after you have given your consent. This is primarily technical data (e.g. web browser, operating system or the time you accessed the page). This data is collected automatically as soon as you access the website.
What do we use your data for?
Some of the data is collected to guarantee that the website is provided without any errors. Other data may be used to analyse your user behaviour.
What are your rights with regard to your data?
You have the right at any time to receive information free of charge as regards the origin, recipient and purpose of the personal data concerning you which has been stored. You also have a right to require the rectification or erasure of this data. If you have granted your consent to data being processed, you can withdraw this consent at any time to take effect from that time onwards. Under certain circumstances, you also have the right to require that the processing of your personal data be restricted. Furthermore, you have the right to lodge a complaint with the supervisory authority responsible.
Please feel free to contact us at any time with regard to this and other questions about the topic of data privacy.
Analysis tools and tools from third-party providers
When you visit this website, your surfing behaviour can be analysed statistically. This is primarily done using what are known as data analysis programs.
You can find more detailed information on these data analysis programs in the Data Privacy Statement below.
We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter referred to as “Hetzner”).
Our use of Hetzner is based on Art. 6(1) f) GDPR. We have a legitimate interest in the presentation of our website being as reliable as possible. If respective consent was requested, the data is exclusively processed on the basis of Art. 6(1) a) GDPR and section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act) to the extent that the consent includes the storing of cookies or the access to information on the user’s end device (e.g. device fingerprinting) in terms of the TTDSG. The consent can be withdrawn at any time.
3) General and mandatory information
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with both the statutory data privacy provisions and this Data Privacy Statement.
When you use this website, various personal data is collected. Personal data includes data with which you can be personally identified. This Data Privacy Statement clarifies what data we collect and what we use it for. It also clarifies how that happens and for what purpose.
We wish to point out that the data transmission on the internet (in email communication, for example) may have security gaps. It is not possible to protect the data fully from third-party access.
Information on the controller
With regard to the processing of data on this website, the controller is:
Tel.: +49 821 60099-0
The controller is the natural or legal person that decides on the purposes and means of processing personal data (e.g. name, email addresses and so on), and does so alone or together with others.
If this Data Privacy Statement does not mention a more specific storage period, your personal data remains with us until the purpose of the data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent to your data being processed, your data will be erased as long as we have no other grounds for storing your personal data that are admissible by law (e.g. retention periods relating to fiscal or commercial law); in the latter case, the erasure will occur after these grounds have ceased to exist.
General information on the legal basis for the processing of data on this website
Provided that you have consented to your personal data being processed, we process it based on Art. 6(1) a) GDPR, or Art. 9(2) a) GDPR if special data categories are processed according to Art. 9(1) GDPR. If you have granted your express consent to personal data being transmitted to third countries, the data is also processed based on Art. 49(1) a) GDPR. If you have consented to the storage of cookies or the access to information on your end device (e.g. via device fingerprinting), the data is additionally processed based on section 25(1) TTDSG. The consent can be withdrawn at any time. If your data is required for the performance of a contract or to take steps prior to entering into a contract, we process your data based on Art. 6(1) b) GDPR. Furthermore, if your data is necessary for compliance with a legal obligation, we process it based on Art. 6(1) c) GDPR. The data can also be processed based on our legitimate interest according to Art. 6(1) f) GDPR. Information on the legal basis which is relevant in each specific case is provided in the following sections of this Data Privacy Statement.
Data protection officer
We have appointed a data protection officer for our company.
SECUWING GmbH & Co. KG / Datenschutz Agentur
Tel.: +49 821 90786450
Information on the disclosure of data to the USA and other third countries
Some of the tools we use are from companies domiciled in the USA or other third countries which are not secure with regard to data privacy laws. If these tools are active, your personal data can be transmitted to these third countries and processed there. Please be advised that a level of data privacy equivalent to that in the EU cannot be guaranteed in these countries. US companies, for instance, are obligated to surrender personal data to security agencies without you, as a data subject, being able to take legal action against this. Therefore, it is not out of the question that US authorities (e.g. intelligence services) may process, analyse and permanently store data of yours on US servers for the purposes of surveillance. We have no influence over these processing activities.
Withdrawal of your consent to the processing of data
Many data processing procedures are only possible with your express consent. You can withdraw consent that you have already granted and do so at any time. The lawful nature of the processing of the data which occurred before the consent was withdrawn remains unaffected by the withdrawal.
Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)
IF THE DATA IS PROCESSED BASED ON ART. 6(1) E) OR F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THOSE PROVISIONS. PLEASE SEE THIS DATA PRIVACY STATEMENT FOR THE RESPECTIVE LEGAL BASIS ON WHICH DATA IS PROCESSED IN EACH CASE. IF YOU LODGE AN OBJECTION, WE WILL NOT PROCESS YOUR PERSONAL DATA FURTHER UNLESS WE CAN ESTABLISH URGENT REASONS FOR THE PROCESSING WHICH ARE WORTHY OF PROTECTION AND WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND LIBERTIES, AND UNLESS THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21(1) GDPR).
WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21(2) GDPR).
Right to lodge a complaint with the supervisory authority responsible
In the case of infringements of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State where they habitually reside or work or where the alleged infringement occurred. The right to lodge a complaint applies regardless of any other legal remedies under administrative law or of judicial legal remedies.
Right to data portability
You have the right to receive data which we process by automated means based on your consent or in the performance of a contract in a structured, commonly used and machine-readable format or to have such data delivered to a third party in such format. If you request the direct transmission of the data to another controller, this will only take place to the extent that it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security purposes and to safeguard the transmission of confidential contents, such as orders or requests which you send to us as the operators of the website. You can recognise an encrypted connection by the address bar of the browser changing from “http://” to “https://” and by the lock symbol in the bar.
When SSL or TLS encryption is activated, the data you send to us cannot be read by third parties as well.
Information, erasure and rectification
In the context of the applicable statutory provisions, you have the right at any time to receive information free of charge with regard to the personal data that is stored concerning your person, its origin and recipients and the purpose of the processing of the data and, where applicable, a right to the rectification or erasure of this data. Please feel free to contact us at any time with regard to this and other questions about the topic of personal data.
Right to restriction of processing
You have the right to require that the processing of your personal data be restricted. You can contact us at any time in this regard. The right to restriction of processing applies in the following cases:
- If you dispute the accuracy of personal data concerning you that is stored with us, we generally need time to check this. For as long as it takes to check it, you have the right to require that the processing of your personal data be restricted.
- If the processing of your personal data is/was unlawful, you can require that the processing be restricted rather than erased.
- Once we no longer need your personal data but you require it in order to exercise, defend or assert legal claims, you have the right to require that the processing of your personal data be restricted rather than erased.
- If you have lodged an objection according to Art. 21(1) GDPR, your interests have to be weighed against ours. Until it has been established whose interests bear more weight, you have the right to require that the processing of your personal data be restricted.
With the exception of storage, if you have restricted the processing of your personal data, this personal data may only be processed with your consent or for the assertion, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest for the European Union or a Member State.
Objection to commercial emails
We hereby explicitly object to the use of contact data published in accordance with the legal notice requirements to send advertising and information materials which have not been explicitly requested. The operators of the sites expressly reserve the right to take legal action if advertising information which has not been requested, such as spam emails, is sent.
4) Data collection on this website
Server log files
The website provider automatically collects and stores information in server log files which your browser sends to us automatically. This includes:
- browser type and version
- operating system used
- referrer URL
- hostname of the computer accessing the site
- time of the server request
- IP address
This data is not combined with other data sources.
The capture of this data is based on Art. 6(1) f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and the optimisation of its website – the server log files have to be captured to achieve this.
If you send us a request using the contact form, we will store what you write on the request form including the contact data you enter in order to process the request and in case there are any subsequent questions. We do not pass on this data without your consent.
This data is processed based on Art. 6(1) b) GDPR provided that your request is connected to the performance of a contract or is necessary to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of requests sent to us (Art. 6(1) f) GDPR) or on your consent (Art. 6(1) a) GDPR) as far as this was requested; the consent can be withdrawn at any time..
The data you enter in the contact form remains with us until you request its erasure, withdraw your consent to its storage, or the purpose of the data storage no longer applies (e.g. after your request has been fully processed). Stringent statutory provisions – particularly retention periods – remain unaffected.
Request by email, telephone or fax
When you contact us by email, telephone or fax, we store and process your request here including all personal data which results from it (name, request) in order to deal with your request. We do not pass on this data without your consent.
This data is processed based on Art. 6(1) b) GDPR provided that your request is connected to the performance of a contract or is necessary to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of requests sent to us (Art. 6(1) f) GDPR) or on your consent (Art. 6(1) a) GDPR) as far as this was requested; the consent can be withdrawn at any time.
The data you send to us by contacting us with your request remains with us until you request its erasure, withdraw your consent to its storage or the purpose of the data storage no longer applies (e.g. after your request has been fully processed). Stringent statutory provisions – particularly statutory retention periods – remain unaffected.
5) Analysis tools and advertising
This website uses Matomo, the open-source web analytics service. Matomo uses technologies that enable the user to be recognised across websites in order to analyse their user behaviour (e.g. cookies or device fingerprinting). The information on the use of this website which Matomo collects is stored on our server. The IP address is anonymised before it is stored.
With the help of Matomo, we are able to capture and analyse data on the visitors’ use of our website. By doing this, we can find out which pages were accessed when and what region they were accessed from, for example. In addition, we collect various log files (e.g. IP address, referrer, browser and operating systems used) and can measure whether the visitors to our website perform certain actions or not (e.g. clicks, purchases and so on).
The use of this analysis tool is based on Art. 6(1) f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both its web offering and its advertising. If respective consent was requested, the data is exclusively processed on the basis of Art. 6(1) a) GDPR and section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act) to the extent that the consent includes the storing of cookies or the access to information on the user’s end device (e.g. device fingerprinting) in terms of the TTDSG. The consent can be withdrawn at any time.
We host Matomo exclusively on our own servers so that all data analysed remains with us and is not passed on.
If you would like to receive the newsletter offered on the website, we need an email address for you and also information that allows us to check that you are the owner of the email address given and that you agree to receiving the newsletter. No other data is collected, or only on a voluntary basis. We only use this data to send the information requested and do not pass it on to third parties.
The data entered on the newsletter registration form is processed exclusively based on your consent (Art. 6(1) a) GDPR). You can withdraw the consent you granted regarding the storage of the data and the email address and their use in sending the newsletter at any time. To do so, you can use the “unsubscribe” (“Austragen”) link in the newsletter, for instance. The lawful nature of the data processing procedures which have already been carried out remains unaffected by the withdrawal.
We store the data you have stored with us so that you can receive the newsletter either at our company or with the newsletter service provider until you unsubscribe from the newsletter, and we delete it from the newsletter distribution list after you cancel the newsletter or after the necessary cessation. We reserve the right to delete email addresses from our newsletter distribution list or to block email addresses in this list at our own discretion in the context of our legitimate interest according to Art. 6(1) f) GDPR.
Data stored with us for other purposes remains unaffected by this.
If necessary, once you have been taken off the newsletter distribution list, your email address will be stored in a black list at our company or with the newsletter service provider as far as this is necessary to prevent direct mailing in future. The data in the blacklist is only used for this purpose and is not combined with other data. This serves both your interests and our interest in compliance with the statutory regulations with regard to the sending of newsletters (legitimate interest in terms of Art. 6(1) f) GDPR). There is no time limit on storage in the blacklist. You may object to the storage provided that your interests outweigh our legitimate interest.
7) Our own services
Handling applicants’ data
We offer you the option of applying to our company (e.g. by email, post or online application form). In the following, we provide you with information about the scope, purpose and use of your personal data that is collected during the application process. We affirm that your data is collected, processed and used in accordance with the applicable data protection laws and all other statutory provisions and that your data is treated as strictly confidential.
Scope and purpose of the data collection
When you send us an application, we process the personal data associated with it (e.g. contact details, application documents, notes in the context of interviews, etc.) to the extent necessary for the decision to be made regarding the justification for an employment relationship. The legal basis for this is section 26 of the Federal Data Protection Act (BDSG) under German law (initiation of an employment relationship), Art. 6(1) b) GDPR (general initiation of a contract) and – provided that you have granted your consent – Art. 6(1) a) GDPR. The consent can be withdrawn at any time. Within our company, your personal data will only be passed on to people involved in processing your application.
If your application is successful, the data you have submitted will be stored in our data processing systems for the purpose of executing the employment relationship based on section 26 BDSG and Art. 6(1) b) GDPR.
Data retention period
If we are unable to offer you a job, you turn down a job offer or you withdraw your application, we reserve the right to retain the data you sent at our company for up to six (6) months from the end of the application procedure (refusal or withdrawal of the application) based on our legitimate interests (Art. 6(1) f) GDPR). The data will subsequently be erased and the physical application documents destroyed. The retention particularly serves the purpose of proof in the case of a legal dispute. If it is evident that the data will be required after the six-month time period has ended (e.g. due to an imminent or pending legal dispute), it will not be erased until the purpose of the continued retention ceases to apply.
Furthermore, the data may be retained for a longer period if you have granted your consent to this accordingly (Art. 6(1) a) GDPR) or statutory retention requirements bar its erasure.