Data privacy

For applicants, frequently asked questions about career opportunities, application documents and job interviews:

FAQ for applicants

For companies: frequently asked questions about our services, excepteur sint occaecat cupidatat non proident:

FAQ for companies

Data privacy information

pursuant to Art. 13, 14 GDPR

 

Brief overview: How we process your data on our website

Our website informs you about our products and our company history. In order to make this information available to you, we process personal data in the form of data so that we can send it to your IT device such as your smartphone (in the form of log files) and optimise how our website is displayed (cookies).

When you contact us via our contact forms or other communication devices such as e-mail, we collect and process your contact data and your message contents so that we can reply to you as necessary.

We would like to find out more about your interests and usage behaviour so that we can market our products to even better effect. This is why we evaluate how you use our website. In doing so, we use log files, cookies, analysis software and services from third parties, among other things – but naturally only with your permission.

Below you will find information about your rights as the data subject. If you have any questions, requests or comments, please send them to our Data Protection Officer.

Content of our privacy policy::

I. Name and contact details of the data controller

II. Name and contact details of the Data Protection Officer

III. Data processing via contact forms and communication devices

IV. Data processing on the website

1. Log files
2. Cookies
3. zvoove
4. Google Analytics
5. Google Maps
6. Google Fonts
7. Google Remarketing
8. Google Recapture
9. Google/YouTube
10. Facebook and Instagram
11. Cookiebot
12. Flockler
13. Google Tag Manager
14. Data processing via LinkedIn
15. Data processing with applications via the LinkedIn profile

V. Information for automated decision-making processes

VI. Information on data security

VII.  Your rights as the data subject

Content of our privacy policy:

I. Name and contact details of the data controller

The following company is responsible pursuant to Art. 4 No. 7 General Data Protection Regulation (hereinafter referred to as GDPR):

Da Vinci Engineering GmbH
Hauptstätter Straße 149
70178 Stuttgart

Represented by:

Dipl.-Ing. Massimiliano Cava (Managing Director)
Phone: +49 (0)711 722 40 – 0
Fax: +49 (0)711 722 40 – 198
E-mail: info@davinci.de

II. Name and contact details of the Data Protection Officer

Da Vinci Engineering GmbH
FAO The Data Controller
Hauptstätter Straße 149
70178 Stuttgart

Phone: +49 (0)711 722 40 – 0
Fax: +49 (0)711 722 40 – 198
E-mail: datenschutz@davinci.de

 

III. Data processing via contact forms and communication devices

1. Scope of the processing

You can contact us via post, e-mail, contact form, fax and telephone. Simple enquiries that do not require you to identify yourself can be made anonymously. However, we will collect your contact data should it be necessary for you to identify yourself so that we can reply to you or call you back, for example.

If you send us a message via our contact form, we will record the personal data that you entered (first name, last name, e-mail address and message content). We will also record your IP address and log files relating to the date and time when you sent the message.

2. Purpose of processing the data

Your personal data will be processed so that we can identify you and so that we can assign your message to an existing contract, a job advertisement, an application procedure or another business relationship, and so that we can save it, reply to it, or forward it on if necessary.

3. Legal basis for the data processing

If you have given us your permission during our correspondence, we can process your data within the context of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

In individual cases, it may be necessary to process your data for the fulfilment of a contract in which you are the contracting party, or to perform pre-contractual measures that take place at your request, pursuant to the first sentence of Art. 6 Par. 1 (b) GDPR.

Here, too, personal data can be processed on the basis of our legitimate interests pursuant to the first sentence of Art. 6 Par. 1 (f) GDPR.

4. Legitimate interests

We have a legitimate business interest in being available via our contact forms and (electronic) communication devices so that we can process and reply to enquiries relating to our products and respond to your enquiries. We also have a legitimate interest in processing your data if you are a managing director, employee, applicant, customer, potential customer or other representative of our contracting party. We also collect information so that we can verify your job application. We will also process your data for the purpose of fulfilling the contract or to assert or defend claims.

5. Recipients or categories of recipients

Your personal data is usually processed by us. We will forward your personal data that we have received via electronic communication devices on to external recipients only if this is necessary for processing your enquiry in individual cases.

6. Transmission to third countries

We will not transmit your personal data abroad unless you agree to this.

7. Duration of storage

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, and if it is no longer required to be retained under contractual, commercial or tax law. Application documents will be stored for at least two months after they have been rejected (Section 15 Par. 4 AGG). Invoice documents will be stored for 10 years, commercial correspondence will be stored for 6 years.

8. Right to objection and removal

As the data subject, you have the right to object at any time and for reasons relating to your particular situation to the processing your personal data that takes place on the basis of the first sentence of Art. 6 Par. 1 (e) or (f) GDPR (Art. 21 Par. 1 GDPR). If we base the processing of your data on the permission that you have granted us or on a contract, you do not have the right to object.

9. Obligation to provide information (Art. 13 II (e) GDPR)

We need your personal data such as your title, first name, last name and e-mail address so that you can send your enquiry to us via the contact form. In all other respects, the provision of your personal data is on a voluntary basis. If you do not provide your personal data, we may not be able to process or reply to your enquiry, requests or wishes. If you do not provide your e-mail address on the contact form, or if you provide an incorrect e-mail address, we will not be able to respond to you.

IV. Data processing on the website

1. Log files

1.1 Scope of processing

Each time our website is called up, our system automatically stores data and information relating to the computer system with which you as the data subject called up our website. This data is stored and processed on our server in a log file. The following personal data is collected here:

Log files store inter alia the IP address, the browser that is used, the time and date and the system that was used by a website visitor. We store only anonymised IP addresses of the visitors to our website. At web server level, this is done by storing an IP address 123.123.123.XXX in the log file by default (instead of storing the visitor’s actual IP address such as 123.123.123.123), where XXX is a random value between 1 and 254. As a result, it is no longer possible to relate the data to an individual.

1.2 Purpose of the processing

The IP address is a character string that uniquely assigns your computer system at the time when our website was called up. The IP address is used to send and receive data packages and enables a user to call up a website. The IP address needs to be stored temporarily on our server so that once our website has been called up, the website contents can be sent to the user’s computer system and they can see the contents.

The data is stored in log files in order to ensure the functional capability of the website and so that any transmission errors that occur can be identified. We also use this data to optimise the website and to ensure the security of our IT systems. The data is not analysed for marketing purposes in this context.

1.3 Legal basis of the processing

The data is processed based on our legitimate interest pursuant to the first sentence of Art. 6 Para. 1 (f) GDPR.

1.4 Legitimate interests

We have a legitimate interest in processing the aforementioned personal data for the aforementioned purposes so we can ensure that information about our services is always available online.

1.5 Recipients or categories of recipients

We will forward your personal data to our IT department and to contractors that we commission with hosting and providing the IT resources for operating our website.

1.6 Transmission to third countries

We do not intend to send your personal data abroad.

1.7 Duration of storage

Your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data is collected and provided to our website, this will be done at the end of the respective session. The user’s IP address must be stored for the duration of the session to ensure that the user can use the website.

In the event that your data is stored in the log file, the data that is collected will be stored for an indefinite period.

1.8 Right to objection and removal

As the data subject, you have the right to object at any time and for reasons relating to your particular situation to the processing your personal data that takes place on the basis of the first sentence of Art. 6 Par. 1 (e) or (f) GDPR (Art. 21 Par. 1 GDPR). In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that are worth protecting and which outweigh your interests, rights and freedoms as the data subject, or if the processing serves to establish, exercise or defend legal claims.

The processing of your personal data for provision to the website and for creating the log file is essential for the operation of the website. For this reason, the user may not object to this form of processing.

1.9 Obligation to provide information (Art. 13 II (e) GDPR)

Log files have to be processed so that the website can be displayed correctly. If you do not provide an IP address, the website will not be displayed for technical reasons.

2. Cookies

2.1 Scope of processing

We use what are called cookies on our website. Cookies are text files that are stored in the user’s IT system as soon as they call up our website. Cookies contain characteristic character strings that enable the browser to be identified uniquely the next time the website is called up.

We use cookies to make our website more user friendly. Some elements of our website require the requesting Internet browser to be identified even after you navigate to a different page on our website.

The following cookies are described in more detail below.

 

2.2 Purpose of the processing

The purpose of the cookies that are technically required is to make the use of websites easier for the user. Some functions on our website cannot be offered without the use of cookies. These require the browser to be recognised even after you change the page. Data is collected, stored and sent to us in these cookies that are technically required. They enable our website to be called up. The user data that is collected by the cookies that are technically required are not used for creating user profiles.

We use cookies that are not technically required to help us get to know our target groups better, evaluate their interests, and so that we can make them more aware of our products and our company by means of direct marketing.

2.3 Legal basis of the processing

If the cookies are not “essential”, that is, they are not technically necessary for the operation of our website, then they are processed only on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

In all other respects, the data is processed on the basis of our legitimate interests pursuant to the first sentence of Art. 6 Para. 1 (f) GDPR.

2.4 Legitimate interests

We have a legitimate business interest in how our company is portrayed externally and also in advertising our services. Cookies help us to display our website optimally.

2.5 Recipients or categories of recipients

The data stored in the cookies is forwarded to our internal departments and to our contractors that are commissioned with hosting and providing our IT resources.

2.6 Transmission to third countries

Information that is stored in cookies is not transmitted to third countries unless the user needs to be identified.

2.7 Duration of storage

Your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data is processed and provided to our website, this will be done at the end of the respective session. Cookies are saved in the user’s IT system and are transmitted by it to our server. You as the user therefore have full control over the use of cookies. You can deactivate or restrict the storage of cookies by making changes to the settings in your Internet browser. Cookies that are already saved can be deleted at any time. This can also be done automatically.

2.8 Right to objection and removal

The data subject has the right to object at any time and for reasons arising from their special situation (Art. 21 Par. 1 GDPR) to the processing of their personal data based on the first sentence of Art. 6 Par. 1 (e) or (f) GDPR. If cookies are deactivated for our website, you may not be able to use all of the functions on our website to their full extent, such as the shopping cart.

2.9 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing cookies on a voluntary basis. If you do not provide your data, we may not be able to address your IT system and you may not be able to use our website to its full extent.

 

3. Zvoove

3.1 Responsible service provider

We use a software solution from zvoove Development GmbH & Co. KG, Rudolf-Vogt-Straße 2, 93053 Regensburg.

3.2 Scope of processing

We will process your personal data by integrating the aforementioned service into our website. Candidates submit their applications via an online form. This online form is provided on our website. Once your application has been sent (first name, last name, telephone number, e-mail, title, attachments, consent to data processing), this data will be sent to zvoove and can be processed in zvoove.

The following types of data are processed: address data, contact data, bank details, social insurance data, contract data, data relating to salary and wages, health records, applications, CVs, references.

3.3 Restriction of processing

We use zvoove to initiate working relationships. zvoove enables us to manage candidate pools and to create a candidate profile in a specific format, thereby making searches for suitable candidates more efficient.

3.4 Legal basis of the processing

We will process your personal data by integrating the aforementioned service into our website.

If your enquiry is necessary for the fulfilment of a contract with us in which you as the data subject are the contracting party, or to perform pre-contractual measures upon your request, then the legal basis is the first sentence of Art. 6 Par. 1 (b) GDPR. The processing of your personal data can also be based on our legitimate interests or the legitimate interests of a third party. The legal basis is then the first sentence of Art. 6 Para. 1 (f) GDPR.

3.5 Legitimate interests

We have a legitimate interest in processing personal data for the aforementioned purposes so that we can improve our market presence and how we are portrayed externally, and so that we can provide pertinent, effective and up-to-date information. This is particularly effective if we can manage candidates using corresponding databases and can communicate with our customers accordingly.

3.6 Recipients or categories of recipients

We process personal data internally.

3.7 Transmission to third country

No personal data is transmitted to third countries.

3.8 Obligation to provide information

Personal data is provided on a voluntary basis. In case the data should not be provided, it may not be possible to submit the application.

 

4. Google Analytics

4.1 Scope of processing

We use the functions of the Google Analytics web analysis service. It is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660

E-mail: support-deutschland@google.com Google Analytics uses cookies. These are text files that are stored on your computer and enable your use of the website to be analysed. Google will use this information on our account to evaluate your use of our website in order to create reports about activities on the website.

4.2 Purpose of the processing

We use this data to design and optimise this website so it meets the needs of users and to ensure the security of our IT systems. We receive reports on how users behave when using our website. We also evaluate the data for marketing purposes. This enables us to better understand our customers’ interests and to improve our service portfolio and service.

4.3 Legal basis of the processing

Here, too, personal data is processed on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

4.4 Recipients or categories of recipients

Your personal data, provided that it is not already anonymous by way of IP anonymisation, will be processed only by us and Google.

4.5 Transmission to third countries

Where applicable, personal data will be transmitted to affiliated companies of Google Ireland Ltd. in the USA. We have activated the IP anonymisation function on the website. This means that your IP address is abbreviated by Google within the Member States of the European Union or in other member states of the European Economic Area. Only in exceptional circumstances will your full IP address be sent to a Google server in the USA and abbreviated there. Unfortunately, we are not aware of the process at Google.

The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Google Inc. is certified accordingly.

4.6 Duration of storage

We no longer store any personal data based on the reports that are created by Google Analytics.

4.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing by Google Analytics on a voluntary basis. There are no shortcomings if you do not provide your data.

4.8 Right to objection and removal

You can prevent this data from being recorded by Google Analytics by clicking on the following link. This sets an opt-out cookie that prevents your data from being recorded the next time you visit this website: tools.google.com/dlpage/gaoptout.

 

5. Google-Maps

5.1 Scope of processing

We use the Google Maps offering on this website. It is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660

E-mail: support-deutschland@google.com

When you visit the website, Google receives the information that you have called up the corresponding sub-site of our website. The following personal data is collected: Log data (especially the IP address), location-based information, unique application numbers, cookies and similar technologies. This is done irrespective of whether Google provides a user account that you are signed in to, or whether no user account exists. If you are signed in to Google, your data is allocated directly to your account.

5.2 Purpose of the processing

We use Google Maps so that we can graphically visualise our locations and so that we can enable our users to view the individual locations interactively on the map.

5.3 Legal basis of the processing

Here, too, personal data is processed on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

5.4 Recipients or categories of recipients

Your personal data is processed only by us and by Google.

5.5 Transmission to third countries

Where applicable, personal data will be transmitted to affiliated companies of Google Ireland Ltd. in the USA.

The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Google Inc. is certified accordingly.

5.6 Duration of storage

We no longer store any personal data based on the reports that are created by Google Maps.

5.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing by Google Maps. There are no shortcomings if you do not provide your data. You might not be able to see the map.

 

6. Google Fonts

6.1 Scope of processing

We use the Google Fonts offering on this website. It is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660

E-mail: support-deutschland@google.com

When you visit the website, Google receives the information that you have called up the corresponding sub-site of our website. The following personal data is collected: Log data (especially the IP address), location-based information, unique application numbers, cookies and similar technologies. This is done irrespective of whether Google provides a user account that you are signed in to, or whether no user account exists. If you are signed in to Google, your data is allocated directly to your account.

6.2 Purpose of the processing

We use Google Fonts so that we can display an attractive font on our website.

6.3 Legal basis of the processing

Here, too, personal data is processed on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

6.4 Recipients or categories of recipients

Your personal data, especially IP addresses, are sent to Google.

6.5 Transmission to third countries

Personal data is transmitted to affiliated companies of Google Ireland Ltd. in the USA, to Google Inc. The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Google Inc. is certified accordingly.

6.6 Duration of storage

We do not process any personal data based on the reports that are created by Google Fonts.

6.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing by Google Fonts on a voluntary basis. There are no shortcomings if you do not provide your data. You might not be able to see the map.

 

7. Google Ads/ Remarketing

7.1 Scope of processing

We use the Google Ads service on this website. It is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). Google enables advertisers to place advertisements in the Google search engine results and in the Google advertising network. As advertisers, by using Google Ads we can define specific keywords and target groups so that they are displayed in the Google search engine results only if the user searches for a term that is relevant to the keyword. In the Google advertising network, the advertisements are placed on thematically relevant websites with the help of an automated algorithm and taking the defined keywords and target groups into account.

We use the Remarketing function within the Google Ads service here. This enables us to address people specifically with advertisements by showing personalised and interest-related advertisements to visitors to this website based on an analysis of their website use, if they visit other websites in the Google Display network, or if they use the Google search engine.

What are called “cookies” are used for this. These are text files that are stored on your computer and enable your use of the website to be analysed. Google will use this information on our account to evaluate your use of our website in order to create reports about activities on the website.

This cookie records your visits to the website and it can trace whether you accessed our website via an Ads advertisement and have generated sales. Accordingly, personal data (especially your IP address) is transmitted to Google each time you visit this website.

Further information and the applicable data protection provisions of Google may be retrieved under www.google.com/intl/en/policies/privacy/.

7.2 Purpose of the processing

We use Google Remarketing because we want to offer advertisements relating to our services to interested users, possible applicants and customers who have visited our website, including on the websites of third-party companies and in search engine results.

We also evaluate the data for marketing purposes so that we can better understand the interests of our customers for our services and so that we can improve our service portfolio and service.

7.3 Legal basis of the processing

Here, too, personal data is processed on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

7.4 Recipients or categories of recipients

Your personal data is processed only by us and by Google.

7.5 Transmission to third countries

Where applicable, personal data will be transmitted to affiliated companies of Google Ireland Ltd. in the USA. The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Google Inc. is certified accordingly.

7.6 Duration of storage

We do not process any personal data based on the reports that are created by Google Ads.

7.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing by Google Ads on a voluntary basis. There are no shortcomings if you do not provide your data.

7.8 Right to objection and removal

You can prevent this data from being recorded by Google Ads by clicking on the following link. This sets an opt-out cookie that prevents your data from being recorded the next time you visit this website: tools.google.com/dlpage/gaoptout.

It is also possible to object to interest-related advertising by Google.

To do this, for each Internet browser that you use, you have to call the following link: www.google.de/settings/ads and select the corresponding settings there.

 

8. Google ReCapture

8.1 Scope of processing

We use the Google ReCapture service on this website. It is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google).

We use the “ReCapture” service and a cookie so that we can prevent unauthorised access to our website.

For more information and Google’s applicable data protection provisions, see www.google.de/intl/de/policies/privacy/.

8.2 Purpose of the processing

Google ReCapture protects our website from attacks by third parties and especially from spam via customer contact forms.

8.3 Legal basis of the processing

Personal data is processed on the basis of our legitimate interests pursuant to the first sentence of Art 6 Par. 1 (f) GDPR. We have a legitimate interest in protecting our systems, and especially our website, from unauthorised access by third parties and especially from spam.

8.4 Recipients or categories of recipients

Your personal data is processed only by us and by Google.

8.5 Transmission to third countries

Where applicable, personal data will be transmitted to affiliated companies of Google Ireland Ltd. in the USA. The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Google Inc. is certified accordingly.

8.6 Duration of storage

The cookie will be stored for 10 years.

8.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing by Google on a voluntary basis. If you do not provide your data, you may not be able to use our website.

8.8 Right to objection and removal

As the data subject, you have the right to object at any time and for reasons relating to your particular situation to the processing of your personal data that takes place on the basis of the first sentence of Art. 6 Par. 1 (f) GDPR (Art. 21 Par. 1 GDPR). In this case, the data controller no longer processes the personal data.

 

9. Google/YouTube

9.1 Scope of processing

We use the Google Ads service on this website. It is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google).

This cookie records your visits to our website and it can trace when you viewed a YouTube video via our website.

Accordingly, personal data (especially your IP address) is transmitted to Google each time you visit this website.

Further information and the applicable data protection provisions of Google may be retrieved under www.google.com/intl/en/policies/privacy/.

9.2 Purpose of the processing

We use YouTube so that you can display videos from us on the website.

9.3 Legal basis of the processing

Here, too, personal data is processed on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

9.4 Recipients or categories of recipients

Your personal data is processed only by us and by Google.

9.5 Transmission to third countries

Where applicable, personal data will be transmitted to affiliated companies of Google Ireland Ltd. in the USA. The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Google Inc. is certified accordingly.

9.6 Duration of storage

The cookie will be stored for 6 months.

9.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing by Google on a voluntary basis. If you do not provide your data, you may not be able to use our website.

 

10. Data processing via Facebook and Instagram

10.1 Scope of processing

We have a fan page on Facebook, www.facebook.com/DaVinciEngineering/, and an Instagram profile. For both websites, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) is responsible for collecting and processing personal data. Please note that Facebook collects and processes specific information from your visit to our Facebook page, even if you do not have your own Facebook user account or are not logged in to Facebook. You can find information about how personal data is processed by Facebook in Facebook’s privacy policy: www.facebook.com/privacy/explanation

We can see your public profile only on Facebook from our Facebook page. Furthermore, we will process your personal data (such as your name and the content of your messages) if you contact us via our Facebook page. We will then process this data for the purpose of processing and where necessary replying to your posts.

Facebook also provides us with what are called Page Insights data. This information involves anonymous statistics that we use to evaluate the quality of our Facebook page and our contents. Facebook has agreed to assume primary responsibility for the processing of Insights data pursuant to the GDPR and to comply with your rights. For more information, see: www.facebook.com/legal/terms/page_controller_addendum

10.2 Purpose of the processing

We process personal data via Facebook and Instagram fan pages only to advertise our company and, where applicable, to provide the Messenger channels for enquiries from customers, job applicants or interested parties.

10.3 Legal basis of the processing

With this data processing, we are observing legitimate business interests by being represented on social media with a marketing campaign pursuant to the first sentence of Art. 6 Subsection 1 Par. 1 (f) GDPR. If we need to contact you for the purpose of entering into or fulfilling a contract with you, then the legal basis is the first sentence of Art. 6 Subsection 1 Par. 1 (b) GDPR.

10.4 Recipients or categories of recipients

Your personal data is processed only by us and by Facebook.

10.5 Transmission to third countries

Facebook Ireland Ltd. is responsible for processing the data of EU citizens or persons residing in the EU. In this respect, the data is not transmitted to a third country.

Personal data may be transmitted to affiliated companies of Facebook Ireland Ltd. in the USA, such as to Facebook Inc. The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant e.g. to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Facebook Inc. is certified accordingly.

10.6 Duration of storage

We do not store personal data that is processed via our fan pages outside of this website and the data will be deleted if you delete your comments or if you ask for a chat record to be deleted, for example. In any case, we will store personal data in the fan pages only for as long as this is required for making contact or for correspondence purposes.

10.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing on a voluntary basis. If you do not provide your data, we may not be able to contact you (any longer).

 

11. Cookiebot

11.1 Scope of processing

We have integrated Cookiebot on our website. Cookiebot is a consent management solution from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark that can be used for maintaining and documenting a user’s permission for the storage of cookies. Cookiebot uses cookies or other web technologies for identifying users and storing the permissions that they have granted or withdrawn.

11.2 Purpose of the processing

The cookie banner is used to query and save the user selection regarding consent to the processing of cookies and other technologies.

11.3 Legal basis of the processing

The processing of personal data is necessary for the provision of the website. We have a legitimate interest in advertising using this website pursuant to the first sentence of Art. 6 Par. 1 (f) GDPR.

11.4 Recipients or categories of recipients

Your personal data is processed only by us and by Cybot.

11.5 Transmission to third countries

No data is transmitted to third countries.

11.6 Duration of storage

We do not have any influence over the specific storage period of the data that is processed, this is determined by Cybot A/S. For more information, see the privacy policy for Cookiebot: www.cookiebot.com/de/privacy-policy/.

11.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing on a voluntary basis. If you do not provide your data, it may not be possible to deactivate the cookie banner, in which case it will always be displayed.

 

12. Flockler

12.1 Scope of processing

To display social media contents on our Social Wall, we use the “Flockler” service from Flockler Oy Rautatienkatu 26 B 32, 33100 Tampere, Finland. This aggregates relevant social media channels and displays them on our social media wall.

Interacting with the respective content creates a connection to Flockler’s servers and your IP address is transmitted to them. When the contents are loaded, data is also passed on to the respective social media provider. This also applies if you are not logged in to the respective social media provider, or if you do not have an account with them. Please note that as a provider of the pages, we are not aware of the content of the data that is transmitted or how it is used by the social media provider. For more information, see the privacy policy for the providers.

You can find the privacy policies and other information for this service provider at: https://www.flockler.com/privacy-policy.

12.2 Purpose of the processing

This service provider is used for operating a social media wall. A social media wall (often called a social wall), is a marketing tool with which social media contents on various networks (Facebook, Twitter, Instagram, YouTube, etc.) can be collected and displayed at one location.

12.3 Legal basis of the processing

Here, too, personal data is processed on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

12.4 Recipients or categories of recipients

The service provider receives personal data.

12.5 Transmission to third countries

No data is transmitted to third countries.

Interacting with the respective content creates a connection to Flockler’s servers and your IP address is transmitted to them. When the contents are loaded, data is also passed on to the respective social media provider. This also applies if you are not logged in to the respective social media provider, or if you do not have an account with them. Please note that as a provider of the pages, we are not aware of the content of the data that is transmitted or how it is used by the social media provider. For more information, see the privacy policy for the providers.

Facebook and Instagram: www.facebook.com/privacy/explanation

LinkedIn: de.linkedin.com/legal/privacy-policy

Flockler plug-ins are used on the basis of Article 6 Par. 1 (f) GDPR. The website operator has a legitimate interest in being as visible as possible on social media.

 

13. Google Tag Manager

13.1 Scope of processing

We use the functions of Google Tag Manager. It is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660. Google Tag Manager is a free-of-charge tag management system. It can be used to integrate code snippets such as tracking codes or conversion pixels into the website. IP addresses are processed.

13.2 Purpose of the processing

Google Tag Manager is used for analysing usage behaviour. We use this data to design and optimise this website so it meets the needs of users. We also evaluate the data for marketing purposes. This enables us to better understand our customers’ interests and to improve our service portfolio and service.

13.3 Legal basis of the processing

Here, too, personal data is processed on the basis of your permission pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

13.4 Recipients or categories of recipients

Your personal data is processed only by us and by Google.

13.5 Transmission to third countries

Where applicable, personal data will be transmitted to affiliated companies of Google Ireland Ltd. in the USA. This means that your IP address is abbreviated by Google within the Member States of the European Union or in other member states of the European Economic Area. Only in exceptional circumstances will your full IP address be sent to a Google server in the USA and abbreviated there. Unfortunately, we are not aware of the process at Google.

The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. Google Inc. is certified accordingly.

13.6 Duration of storage

We no longer store any personal data based on the reports that are created by Google Analytics.

13.7 Obligation to provide information (Art. 13 II (e) GDPR)

Your data is provided for processing by Google Tag Manager on a voluntary basis. There are no shortcomings if you do not provide your data.

 

14. Data processing via LinkedIn

14.1 Scope of processing

The data controller has a business profile on the “LinkedIn” portal from LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland. This is available at: www.linkedin.de .

When using their LinkedIn profile, the data controller processes the following personal data: All of your data that you have made publicly visible within the platform, in particular your first and last name, biographical information, age, user names, user URL, profile picture, information from your profile pages such as timelines, comments or user interactions on your profile, message contents (such as in messengers or comments) or other media content that you have provided to the data controller or published in any other way.

The application functions also provide the data controller with aggregated, anonymised statistical data about the users of these profiles, such as access figures, countries of origin or information about whether or not they liked the content.

The privacy policy for LinkedIn is available at https://www.linkedin.com/legal/privacy-policy.

14.2 Purpose of the processing

The data controller processes your personal data for advertising its services or products. LinkedIn is also used to promote employee communication.

14.3 Legal basis of the processing

If you are a LinkedIn user, you have given this provider your permission to process your personal data for one or more specific purposes as part of your user contract. In this case, this permission represents the legal basis pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR. The aforementioned provider may also process your personal data in the scope that is required to enter into and fulfil your user contract pursuant to the first sentence of Art. 6 Par. 1 (b) GDPR. 

The data controller will process your personal data when you visit the profile and, furthermore, to determine the legitimate business interest of optimising the company’s public image pursuant to the first sentence of Art. 6 Par. 1 (f) GDPR.

14.4 Recipients or categories of recipients

Your data is processed by the data controller and the provider. Whether and to what extent the aforementioned provider forwards on your personal data can be found in the privacy policy of the relevant provider.

14.5 Transmission to third countries

Personal data is transmitted by the service provider to third countries, that is, to the USA and Australia. The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. The service provider is certified accordingly. The EU Commission has also decided that Australia has an appropriate protection level for transmitting personal data.

14.6 Duration of storage

Your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and provided that no retention periods have to be observed. The data controller has no control over the storage of your personal data by the named provider. However, this provider’s cookies are stored on your end devices. You therefore have full control over how these cookies are used. You can deactivate or restrict the receipt of cookies by making changes to the settings in your Internet browser. Cookies that are already saved can be deleted at any time. This can also be done automatically. The data controller will save your personal data only for as long as this is required to answer your query, provided that your data does not have to be kept for a longer period of time due to retention obligations. It is recommended that you delete cookies on a regular basis and use “do not track” applications to protect your data.

14.7 Obligation to provide information

The use of the aforementioned profile is on a voluntary basis. If you do not provide your data, you may not be able to use all of the functions on our website to their full extent.

 

15. Data processing with applications via the LinkedIn profile

15.1 Scope of processing

The data controller receives applications via the career website, via e-mail, post, or via its LinkedIn profile. Within the application process, the data controller processes personal data that identifies you. In particular this involves your name (first and last names), e-mail addresses, telephone number (s), where applicable your LinkedIn profile, public information from or via the channel through which you became aware of the data controller. In addition, the data controller stores the following information: the date from when you would be available for the vacant position, salary expectations and the data provided by you that contains your application documents, including your date of birth, information about your professional and private background where applicable (testimonies, reference letters, portrait photos, information about your family status or private situation).

15.2 Purposes and legal basis for the data processing

The data controller will process the aforementioned personal data to identify you, to verify your application, to contact you, or to hire you as an employee where necessary. This data processing is necessary to enter into an employment contract with you pursuant to the first sentence of Art. 6 Par. 1 (b) GDPR. By submitting your documents, by implication you are also giving the data controller your permission to process your data for these purposes. The data is processed on the basis of your permission, pursuant to the first sentence of Art. 6 Par. 1 (a) GDPR.

In the event that you are (no longer) considered for the vacant position, you can grant the data controller your permission to save your personal data in its database (“talent pool”) until you revoke this permission, so that the data controller can use your application documentation for subsequent application procedures and contact you as a possible applicant (first sentence of Art. 6 Par. 1 (a) GDPR). This consent is voluntary and may be withdrawn at any time by sending an e-mail to the Data Protection Officer.

Your application documents will also be stored until it is ensured that their deletion does not conflict with any legal claims. This data processing is based on the protection of legitimate interests pursuant to the first sentence of Art. 6 Par. 1 (f) GDPR. The data controller has a legitimate interest in transmitting your documents to persons who are subject to a legal obligation of professional secrecy so that they can check the legal situation to defend or assert claims. Furthermore, the data controller will retain your documents for as long as this is necessary to comply with retention obligations in the respective individual case, pursuant to the first sentence of Art. 6 Par. 1 (c) GDPR.

15.3 Recipients or categories of recipients

Only authorised employees from the HR department have access to your personal data or, in the event of an interview, employees who are involved in the application process. Employees of the data controller who work with HR issues have pledged in writing to maintain confidentiality and have been informed about the legal consequences of violating this. In the event that it should be necessary to verify the legal situation or to defend or assert legal claims relating to (employment) law, the data controller’s solicitors as persons subject to a legal obligation of professional secrecy are given access to your data and will process it accordingly.

15.4 Transmission to third countries

Personal data is transmitted by the service provider to third countries, that is, to the USA and Australia. The appropriate protection level for transmitting personal data to the USA is secured by an adequacy decision that was made by the EU Commission pursuant to Art. 45 Par. 9 GDPR. This decision (EU-U.S. Data Privacy Framework) requires self-certification by the US companies that are subject to this decision. The service provider is certified accordingly. The EU Commission has also decided that Australia has an appropriate protection level for transmitting personal data.

15.5 Duration of storage

Your personal data is stored exclusively for the purpose of filling the vacant position to which you have submitted an application. Your data will be stored for a period of 180 days after the end of the application process. This is usually done to comply with legal obligations or to defend any claims arising from legal obligations. The data controller is then obliged to delete or anonymise your data. In this case, the data is available to the data controller only in the form of what is called metadata, without any personal reference for statistical reports (such as the percentage of male or female applicants, number of applicants per period and so on).

If the data controller unfortunately decided not to offer you employment, your personal data will be restricted (Art. 18 GDPR). Your data will be saved in this restricted form for a period of 6 months following receipt of the rejection.

If, as part of the application process, you receive an offer of employment from the data controller and if you accept it, the data controller will store your personal data that was collected as part of the application process for the duration of the employment relationship and beyond, for as long as this is necessary to comply with statutory retention obligations.

15.6 Obligation to provide information

You may need to provide your data to conclude a contract. If you choose to include yourself in the data controller’s talent pool, you provide your data on a voluntary basis, although it is possible that the data controller cannot identify you within the talent pool if your data is not provided for this, or if it is not provided in full.

 

V. Information for automated decision-making processes

To find out which of the aforementioned service providers subjects your data to an automated decision-making process, please see the privacy policies of the respective data controllers. We deliberately avoid automated decision-making processes.

 

VI. Information on data security

Our website is encrypted with SSL to ensure the security of your data. Our server settings enforce the use of "https://", which makes unencrypted connections impossible.

 

VII. Your rights as the data subject

As the data subject, you have the right pursuant to Art. 7 Par. 3 GDPR to withdraw the permission that you have granted us at any time (for example in writing or in text form). The consequence of this is that we may not continue processing the data that was based on this consent in future;

Pursuant to Art. 15 GDPR, to request information about your personal data that is processed by us. You can request information about the processing purposes, the category of personal data that we process, the categories of recipients to whom your data is or was disclosed, the planned storage period, the existence of a right to correction, deletion and restriction of the processing or objection, the existence of a right to complain to a supervisory authority, the origin of your data if it was not collected from you, and the existence of automated decision-making including profiling within the meaning of Art. 22 Par. 1 GDPR and, where applicable, meaningful information about its details;

Pursuant to Art. 16 GDPR, to request the immediate correction of your incorrect or incomplete personal data that is stored by us;

Pursuant to Art. 17 GDPR, to request the deletion of your personal data that is stored by us, if a reason to do so exists pursuant to the first sentence of Art. 17 Par. 1 (a-f) GDPR, and provided that the processing is not required to exercise the right of free expression and information, to comply with a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims;

Pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its deletion or if we no longer require the data, yet you require this data to establish, exercise or defend legal claims, or if you have submitted an objection to the processing pursuant to Art. 21 GDPR and whether our legitimate reasons outweigh yours has not yet been established;

Pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format if the processing is based on permission pursuant to Art. 6 Par. 1 or Art. 9 Par. 2 (a) GDPR, or on a contract pursuant to the first sentence of Art. 6 Par. 1 (b) GDPR, and the data is processed by using automated processes. By exercising this right, you also have the right to have your personal data sent directly by us to a different data controller, provided this is technical feasible. This must not affect the freedoms and rights of other people.

Pursuant to Art. 21 GDPR, in the event that your data is processed due to legitimate interests, you may object to the processing of your personal data if there are reasons for this that arise from your particular situation.

Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority, especially in the member state of your place of residence, your workplace, or the location of the suspected infringement, if you believe that the processing of your personal data violates the GDPR.

Please contact your Data Privacy Officer for all queries and requests relating to your rights.