Table of Contents
I. General information on Data Protection
III. Information for applicants
IV. Information for business partners
Information about the Data Controller:
Neue Straße 24
We attach particular importance to protecting your personal data. Your personal data is processed in accordance with the data protection regulations, in particular the General Data Protection Regulation of the European Union (GDPR) and the German Federal Data Protection Act (BDSG).
The following information provides an overview of the nature, extent and purpose of collecting, processing and transferring personal data as well as the safety measures deployed to protect these data.
Personal data are individual information on personal or factual circumstances of an identified or identifiable natural person such as e.g. your name, address, telephone number, your date of birth as well your e-mail and IP address.
Legal basis for the processing of personalized data
Data deletion and storage period
Personal data will be deleted as soon as the purpose for storage no longer applies. Due to legal retention periods, we may be obliged to store the data for a longer period of time (e.g. accounting and tax retention periods of up to 10 years).
Upon written request, we will inform you in accordance with Art. 15 GDPR and in accordance with our legal obligation under Art. 12 GDPR whether and which of your personal data is processed or stored by us. Furthermore, you have the right to have incorrect data corrected in accordance with Art. 16 GDPR, data transferability in accordance with Art. 20 GDPR, blocking and deletion of your personal data in accordance with Art. 17 GDPR - provided that there are no legal storage obligations to the contrary - as well as the right to restrict processing in accordance with Art. 18 GDPR. In addition, you have the right to contact the competent supervisory authority pursuant to Art. 77 GDPR.
IN ADDITION, YOU HAVE THE RIGHT TO OBJECT PURSUANT TO ART. 21 GDPR, INSOFAR AS THE PROCESSING RELATES TO LEGITIMATE INTERESTS PURSUANT TO ART. 6 ABS. 1 LIT. F EU DS-GVO.
You have the right to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. To do this, please refer to the contact address below.
If you have any questions regarding the processing of your personal data, you can contact our data protection officer, who is ready to assist with any enquiries, suggestions and complaints that you may have.
Data protection officer of
Neue Straße 24
Changes to our Privacy Statement
Provision of the website
Use of hosting service providers
Our website is hosted on servers of a hosting provider, which is located in the EU, based on an order processing according to Art. 28 GDPR. Within the scope of its services, the hosting service provider may have access to personal data of our users, in particular to technical data, which arise within the scope of the technical communication between you and our website (e.g. server log files). However, he may not use them for his own purposes. The use of a hosting service provider is based on our legitimate interests pursuant to Art. 6 (1) f GDPR in the provision of infrastructure and platform services, computing capacity, e-mail dispatch and security services.
When you visit our website or use our services, the device used for accessing the site automatically transmits log data (connection data) to our servers. The relevant information consists of:
The data collected are used exclusively for evaluating the data statistically to ensure operation and safety and to optimise processing of the offer. For security grounds, however, we reserve the right to inspect log files retroactively, if we have sufficient grounds to suspect illegal usage. The data will be stored for 7 days. This collection is carried out on the basis of our legitimate interest under Art. 6 (1) f GDPR.
Cookies are small files, which are stored on the visitor's hard disk drive. Cookies do not damage your computer and do not contain viruses. Most cookies used on the website are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies stay on your devices and make it possible for your browser to be recognized the next time you visit. These files can be used, for example, to display information on the page that is specifically tailored to your interests.
Security of Your Data
We deploy technical and organisational security measures to adequately protect the data that you have made available to us from being unintentionally or intentionally manipulated, lost, destroyed or accessed by unauthorised persons. Therefore, we are using SSL encryption for the transmission of confidential content, e.g. enquiries which you send to us as the site operator. An encrypted connection can be recognised when the web address changes from "http://" to "https://" and a padlock symbol is shown in your browser bar. When SSL encryption is activated, third parties cannot read the data that you transmit to us. Our security measures are kept up-to-date.
If you contact us (e.g. via contact form, e-mail, telephone, social media), your personal data will be stored and processed by us for the purpose of processing the enquiry and any related follow-up questions pursuant to Art. 6 (1) b GDPR (within the framework of pre-contractual / contractual measures) or pursuant to Art. 6 (1) f GDPR (general enquiries). This data is not transferred to third parties without your consent.
The data entered into the contact form remain with us until you request that they be deleted, you withdraw your consent to the storage of your data, or the purpose of the data storage is no longer given (i.e. after the successful processing of your request), provided there are no legal storage obligations to the contrary.
The analysis measures listed below and used by us are carried out on the basis of Art. 6 (1) a GDPR (consent). With the use of these analysis measures, we want to ensure that our website is designed to meet requirements and is continuously optimised. Using the analysis tools, we record the use of our website under a pseudonym and evaluate it for the purpose of optimising our services.
You can withdraw this processing at any time in accordance with Art. 7 (3) GDPR.
Matomo (formerly PIWIK)
This website uses the open-source web analytics service Matomo (formerly Piwik). Matomo is a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand ("Matomo"). Matomo is used for statistical analysis of user behaviour for optimisation and marketing purposes. Matomo uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymised before storage. The information generated by the cookie about your use of the website will not be passed on to third parties.
If you do not agree to the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be placed in your browser to prevent Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted and you may have to reactivate it.
You can decide here whether a unique web analysis cookie may be stored in your browser to enable us to collect and analyse various statistical data. If you wish to opt out, uncheck the following box to place the Matomo deactivation cookie in your browser.
Links to websites of third parties
Based on the legitimate interest of the provider, it may occur that contents, services and benefits of third parties are integrated which complement our service offerings. When you access web pages which are linked on this website, information such as your name, IP address, browser details etc. can be retrieved again. This Privacy Statement does not govern the collection, dissemination or the processing of personal data by any third parties. In this regard, please also pay attention to the individual privacy statements of the respective third-party providers and service providers to which we link on our website.
We principally address adult persons with our online offer. Personal information of persons under 16 years of age may only be made available to us with the explicit consent of their legal guardian (Art. 8 GDPR). Processing without the consent of the legal guardian is not permitted. We therefore reserve the right to delete all data relating to minors unless we have the consent of a parent or guardian.
Purpose and legal basis for the collection and processing
Your data will be processed by us for the purpose of processing your application in accordance with Art. 88 GDPR in conjunction with § 26 BDSG-neu. If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application procedure, their processing is also carried out in accordance with Art. 9 Para. 2 b GDPR.
Recipient of your data
The recipients of your data are the departments involved in the human resources management process (including human resources, managers and heads of department) at the responsible office. Your data will be treated as strictly confidential and will not be passed on to third parties without your consent. A transfer to third countries or international organisations is not intended.
Storage of your data
Your application data will be deleted 180 days after filling the position. If you are interested in future vacancies, we need your written consent for longer storage of your application documents. You can revoke this consent at any time for the future in accordance with Art. 7 Para. 3 GDPR. To do so, please send an e-mail with a corresponding note to the contact address given above.
Purpose and legal basis for the collection and processing
The primary purpose of data processing is to establish, implement and terminate the contractual relationship. The primary legal basis for this is Art. 6 (1) b GDPR. Without this type of use of your data, the business relationship existing between you and us cannot be carried out.
We also process your data on the basis of Art. 6 (1) f GDPR to protect our legitimate interests or those of third parties (e.g. public authorities). This may be necessary, for example, to maintain IT security and IT operations or for purposes of corporate management, internal communication and other administrative purposes. You can object to this processing by giving special reasons in accordance with Art. 21 GDPR.
In addition, we process your data to fulfil legal obligations, such as regulatory requirements, commercial and tax law storage obligations or documentation obligations. The legal basis for this is Art. 6 (1) c GDPR in conjunction with the nationally applicable laws.
In individual cases, it may also happen that we process your data on the basis of your separately granted consent in accordance with Artt. 6 (1) a, 7 GDPR (e.g. in the context of publishing photo and video recordings). You are always free to decide whether you wish to give your consent. Once you have given your consent, you can revoke it at any time with effect for the future. To do so, please send corresponding enquiries to the contact address given above.
Should we process your personal data for a purpose not mentioned above, we will inform you of this in advance.
Recipient of your data
Within our company, only those persons receive your personal data who need it to fulfil our contractual and legal obligations. In addition, we sometimes use different service providers to fulfill these obligations, so that it may be necessary to transfer your personal data to other recipients outside the company to the extent necessary to fulfill our contractual and legal obligations. These third parties can be, for example, authorities, financial institutions, suppliers, etc.
To process your data technically, we sometimes use external service providers. It is possible that we may transfer and process your data outside the country in which you have your residence / company headquarters or in one of the countries in which we operate. These may also be located outside the European Economic Area. If we transfer personal data to service providers or companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. You can also request detailed information by using the contact information above.
Storage of your data
We store your personal data only as long as they are necessary for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods thereafter are up to ten years. In addition, personal data may be stored for the time during which claims can be made against us (statutory limitation period of three or up to thirty years).