Privacy Policy

Privacy Policy
for website visitors, customers, suppliers, interested parties, applicants and other data subjects

With the following information, we would like to provide you, as a visitor to our website, as a customer, interested party in our services, as a supplier, as an applicant, or as any other data subject, with an overview of how we process your personal data and your rights under data protection law. Which data is processed and how it is used depends largely on the agreed services. Therefore, not all parts of this information will apply to you.

1. Responsible body and contact details of the data protection officer

Responsible for the processing of personal data within the scope of this website is:

Julius Zöllner GmbH & Co. KG
Chew 4
D-96328 Küps

Phone: +49 (0) 9264 807 0
Web: https://www.julius-zoellner.de
Email: info@julius-zoellner.de
(hereinafter referred to as “Company” )

You can reach our data protection officer at:

Julius Zöllner GmbH & Co. KG
- Data Protection Officer -
Chew 4
D-96328 Küps
info@julius-zoellner.de

2. Processing of personal data in connection with your use of our websites, applications and online platforms

Data collection when visiting our website

If you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

- Our visited website

- Date and time of access

- Amount of data sent in bytes

- Source/reference from which you came to the page

- Browser used

- Operating system used

- IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. However, we reserve the right to subsequently review the server log files if there are concrete indications of illegal use.

Hosting

Hosting by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned services provided by Shopify, data may also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on our behalf. In the event that data is transmitted to Shopify Inc. in Canada, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz

Further processing on Shopify servers other than those mentioned above will only take place within the framework communicated below.

Cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie. You can find out how long a cookie is stored for in the overview of the cookie settings in your web browser.

Some cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either to execute the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent, or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Please note that you can set your browser to inform you about the use of cookies and to decide individually whether to accept them or to reject them in certain cases or generally. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these settings for the respective browsers at the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

Integration of the Trusted Shops Trustbadge / other widgets

Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g. seal of approval, collected reviews) and to offer Trusted Shops products to buyers after an order.

This serves to safeguard our legitimate interests, which prevail within the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Art. 6 (1) (f) GDPR. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible for data protection pursuant to Art. 26 GDPR. Within the scope of this data protection notice, we inform you below about the essential contractual content pursuant to Art. 26 (2) GDPR.

The Trustbadge is provided by a US CDN (Content Delivery Network) provider under joint responsibility. An appropriate level of data protection is ensured through standard data protection clauses and other contractual measures. Further information on Trusted Shops GmbH's data protection policy can be found in their Privacy Policy .

When you access the Trustbadge, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to you personally. The anonymized data is used primarily for statistical purposes and error analysis.

After completing your order, your email address, hashed using a cryptographic one-way function, will be transmitted to Trusted Shops GmbH. The legal basis is Art. 6 (1) (f) GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary to fulfill our and Trusted Shops' overriding legitimate interests in providing the buyer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6 (1) (f) GDPR. If this is the case, further processing will take place in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services, you will then be given the opportunity to do so for the first time. Further processing after registration is also governed by the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and personal reference will then no longer be possible.

Trusted Shops uses service providers for hosting, monitoring, and logging. The legal basis is Art. 6 (1) (f) GDPR for the purpose of ensuring uninterrupted operation. Processing may take place in third countries (the USA and Israel). An appropriate level of data protection is ensured in the case of the USA through standard data protection clauses and other contractual measures, and in the case of Israel through an adequacy decision.

Within the scope of the joint controllership that exists between us and Trusted Shops GmbH, please contact Trusted Shops GmbH with any data protection questions or to assert your rights using the contact options provided in the data protection information linked above. Regardless of this, you can always contact the controller of your choice. Your inquiry will then be forwarded to the other controller for response, if necessary.

Contact us

When you contact us (e.g. via contact form or email), personal data is collected. Which data is collected when you use a contact form can be seen in the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been finally processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention periods to the contrary.

Data processing when opening a customer account and for contract processing

According to Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed if you provide it to us to perform a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. You can delete your customer account at any time and can do so by sending a message to the above-mentioned address of the person responsible. We store and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with regard to retention periods under tax and commercial law and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of the data as permitted by law.

Data processing for order processing

To process your order, we work with the following service providers, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment details to the commissioned credit institution as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Art. 6 (1) (b) GDPR.

Use of special service providers for order processing and fulfillment

Shipcloud

Shipping is carried out via the shipping portal "shipcloud" (shipcloud GmbH, Lüdmoor 35a,
22175 Hamburg). According to Art. 6 (1) (b) GDPR, we will provide your data (name,
address and, if applicable, further information) solely for the purpose of
Processing your online order to shipcloud. Data will only be passed on if
to the extent that this is actually necessary for processing.
Details on shipcloud’s data protection policy can be found on the shipcloud website
can be viewed at "shipcloud.io".

Use of payment service providers (payment services)

Apple Pay

If you choose to use the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment will be processed using the "Apple Pay" function on your iOS, watchOS, or macOS device by charging a payment card stored with "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you will need to enter a previously specified code and verify your payment using your device's "Face ID" or "Touch ID" function.

For payment processing, the information you provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to process the payment. This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment.

If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely eliminates any personal identification. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, your Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you personally. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac."

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027

Google Pay

If you choose the "Google Pay" payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing will be carried out via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality. The payment will be charged to a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification method configured (e.g., facial recognition, password, fingerprint, or pattern).

For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the originating website in the form of a unique transaction number, which is used to verify a completed payment. This transaction number does not contain any information about the actual payment data of your payment method stored in Google Pay, but is created and transmitted as a one-time, valid numeric token. For all transactions via Google Pay, Google acts solely as an intermediary for processing the payment process. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made through Google Pay. This includes the date, time, and amount of the transaction, the merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer, or the sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) (f) GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and maintenance of the functionality of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information that Google collects and stores when using other Google services.

The Google Pay terms of use can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection at Google Pay can be found at the following internet address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

Klarna

If you select a Klarna payment service, payment processing will be carried out by Klarna Bank AB (publ) [ https://www.klarna.com/de ], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable payment processing, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address) as well as data related to the order (e.g., invoice amount, item, delivery method) will be passed on to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 (1) (a) GDPR during the ordering process. You can see which credit agencies your data may be forwarded to here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the credit report results, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Klarna uses the information obtained regarding the statistical probability of a payment default to make a considered decision regarding the establishment, implementation, or termination of the contractual relationship.

You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.

Your personal information will be processed in accordance with applicable data protection regulations and in accordance with the information in Klarna's privacy policy for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy .

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "payment in installments" via PayPal, we will transfer your payment data to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. This transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to conduct a credit check for payment methods such as credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "payment by installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of default to decide whether to provide the respective payment method. The credit check may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. For further information on data protection, including information on the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, payment processing will be carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provided during the ordering process, along with information about your order (name, address, account number, bank sort code, credit card number (if applicable), invoice amount, currency, and transaction number) in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Shopify Payments' data protection can be found at the following internet address: https://www.shopify.com/legal/privacy.

Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

IMMEDIATELY

If you select the "SOFORT" payment method, payment processing will be carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we will pass on the information you provided during the ordering process, along with information about your order, in accordance with Art. 6 (1) (b) GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be passed on exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose. You can find further information about SOFORT's data protection provisions at the following website address: https://www.klarna.com/sofort/datenschutz .

Stripe

If you choose a payment method from the payment service provider Stripe, payment processing will be carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provided during the ordering process, along with information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information on Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation .

Online marketing

Use of Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising materials (so-called Google Adwords). Based on the data from the advertising campaigns, we can determine the success of the individual advertising measures. Our goal is to show you advertising that is of interest to you, to make our website more interesting for you, and to achieve a fair calculation of the advertising costs incurred.

The cookie for conversion tracking is set when a user clicks on an ad placed by Google Ads. Cookies are small text files that are stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information collected using the conversion cookie is used to compile conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can block this use by deactivating the Google Conversion Tracking cookie in your internet browser under the keyword "User Settings." You will then not be included in the conversion tracking statistics. We use Google Ads based on our legitimate interest in targeted advertising pursuant to Art. 6 (1) (f) GDPR. Using Google Ads may also result in the transmission of personal data to Google LLC's servers in the USA.

You can find further information about Google’s privacy policy at the following internet address: https://www.google.de/policies/privacy/

You can permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in from Google available at the following link:

https://www.google.com/settings/ads/plugin?hl=de

Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies.

To the extent legally required, we have obtained your consent to process your data as described above in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect. To exercise your consent, deactivate this service using the "Cookie Consent Tool" provided on the website or, alternatively, follow the opt-out procedure described above.

Web analysis services

Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses "cookies," which are text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your shortened IP address) is typically transferred to a Google server and stored there. This may also include transmission to Google LLC servers in the USA.

This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures that the IP address is anonymized by shortening it and prevents it from being directly linked to a person. This extension shortens your IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.

All processing described above, in particular the setting of Google Analytics cookies for reading information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. Without this consent, Google Analytics will not be used during your visit to the site.

You can revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics, which obligates Google to protect the data of our website visitors and not to share it with third parties.

For the transfer of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de

Tools and Other

beeclever

This website uses the cookie consent tool “GDPR Legal Cookie” from beeclever GmbH, Universitätsstraße 3, D-56070 Koblenz a. Rh. (“beeclever”) to obtain effective user consent for cookies that require consent and cookie-based applications.

By integrating appropriate JavaScript code, users are shown a banner when they visit the page, allowing them to grant consent for specific cookies and/or cookie-based applications by checking the appropriate boxes. The tool blocks the setting of all cookies requiring consent until the respective user provides their consent by checking the appropriate box. This ensures that such cookies are only set on the user's device if consent has been granted.

In order for the Cookie Consent Tool to be able to clearly assign page views to individual users and to individually record, log and save the consent settings made by the user for a session duration, certain user information (including the IP address) is collected when our website is accessed by the Cookie Consent Tool, transmitted to beeclever servers and stored there.

This data processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

A further legal basis for the data processing described is Art. 6 (1) (c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user's consent.

Further information on data usage by beeclever can be found at https://beeclever.de/pages/datenschutz

Applications for job vacancies by email

We advertise currently vacant positions in a separate section on our website, for which interested parties can apply by email to the contact address provided.

In order to be accepted into the application process, applicants must provide us with all the personal data required for a well-founded and informed assessment and selection along with their application by email.

The required information includes general personal information (name, address, telephone or email contact details) as well as performance-specific evidence of the qualifications required for a position. In addition, health-related information may be required, which, in the interest of social protection, must be specifically considered under labor and social law.

The relevant job advertisement will specify which components an application must contain in order to be considered and in what form these components must be submitted by email.

After receiving the application submitted using the email address provided, we will store the applicant data and evaluate it solely for the purpose of processing the application. For any queries arising during the processing of the application, we will use either the email address provided by the applicant with their application or a telephone number provided, at our discretion.

The legal basis for this processing, including contacting us for queries, is generally Art. 6 (1) (b) GDPR (for processing in Germany in conjunction with Section 26 (1) BDSG), within the meaning of which completing the application process is considered the initiation of an employment contract.

If special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severe disability) are requested from applicants as part of the application process, the processing will be carried out in accordance with Art. 9 (2) (b) GDPR so that we can exercise the rights arising from employment law and social security and social protection law and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data may also be based on Article 9 (1) (h) GDPR if it is carried out for the purposes of health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector.

If the applicant is not selected as part of the evaluation described above, or if the applicant withdraws their application prematurely, their data submitted via email and all electronic correspondence, including the original application email, will be deleted after a maximum of six months following notification. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, fulfilling our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 (1) (b) GDPR (for processing in Germany in conjunction with Section 26 (1) BDSG) for the purposes of implementing the employment relationship.

Google Maps

Our website uses Google Maps (API) provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps is a web service for displaying interactive maps to visually present geographical information. Using this service will show you our location and make it easier to find us.

As soon as you access the subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there. This may also involve transmission to the servers of Google LLC in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account already exists. If you are logged in to Google, your data is assigned directly to your account. If you do not wish to be assigned to your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 (1) (f) GDPR on the basis of Google's legitimate interest in displaying personalized advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles; to exercise this right you must contact Google. If you do not agree to the future transmission of your data to Google when using Google Maps, you can also completely deactivate the Google Maps web service by disabling JavaScript in your browser. Google Maps, and thus the map display on this website, will then not be available.

You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional.html , and the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html

Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/

To the extent legally required, we have obtained your consent to process your data as described above in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect. To exercise your consent, please follow the objection procedure described above.

3. Processing of personal data of business partners

As part of the cooperation with business partners, the company processes personal data of contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter "business partners" ):

• Contact information, such as first and last name, business address, business telephone number, business mobile number, business fax number and business email address,
• Payment data, such as information required to process payment transactions or prevent fraud, including credit card information and card security numbers,
• further information, the processing of which is necessary within the framework of a contractual relationship and which is provided voluntarily by business partners, such as orders, inquiries or details of projects,
• personal data collected from publicly available sources, information databases or credit agencies and
• where legally required for compliance screenings: date of birth, ID and ID numbers, information on relevant court proceedings or other legal disputes in which business partners are involved.

Furthermore, personal data is processed for the following purposes:

• Communication with business partners about products, services and projects, for example to process business partner inquiries or to provide technical information about products,
• Planning, implementation and administration of the contractual business relationship, for example to process orders for products and services, collect payments, for accounting and billing purposes and to carry out deliveries, maintenance activities or repairs,
• Implementation of marketing campaigns, market analyses, competitions, etc.,
• Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraudulent activities or other criminal or malicious activities,
• Comparison of personal data with US sanctions lists based on European Regulations 2580/2001 and 881/2002,
• Compliance with (i) legal requirements (e.g. tax and commercial retention obligations), (ii) existing obligations to conduct compliance screenings (to prevent economic crime or money laundering) and (iii) guidelines and industry standards and
• Settle legal disputes, enforce existing contracts and assert, exercise and defend legal claims.

The processing of personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise when collecting the personal data, the legal basis for data processing is:

• the execution and fulfillment of a contract with you according to Art. 6 (1) (b) GDPR,
• the fulfilment of legal obligations to which the company is subject according to Art. 6 (1) (c) GDPR, or
• the protection of legitimate interests pursuant to Art. 6 (1) (f) GDPR. The legitimate interest lies in the initiation, implementation, and processing of the business relationship in commercial transactions.

If you have expressly given your consent to the processing of your personal data in an individual case, this consent is the legal basis for the processing according to Art. 6 (1) (a) GDPR.

4. Processing of personal data of applicants

a. Data categories and purpose of data processing

As part of the application process, we generally process the following categories of personal data:

• Personal data (first and last name, date of birth, address, school leaving certificate)
• Communication data (telephone number, mobile number, fax number, email address)
• Data on assessment and evaluation in the application process
• Education data (school, vocational training, civil/military service, university studies, doctorate)
• Data on previous professional career, training and employment references
• Information on other qualifications (e.g. language skills, computer skills, voluntary work)
• Application photo
• Information on desired salary
• Application history

Personal data that you provide to us as part of your application will be stored and used exclusively for the purpose of processing the application and, if applicable, for the implementation of the subsequent employment relationship.

b. Legal basis for data processing

The processing of your personal data within the scope of the application process is based on Art. 6 (1) (b) GDPR (establishment and execution of a contract) and Section 26 (1) (s) 1 BDSG.

c. Sharing of data

Your data will be made available to the relevant HR staff and the relevant employees or supervisors in the department(s) for the position you have applied for. If you submit an unsolicited application, your documents will be made available to the relevant HR staff and the relevant employees or supervisors in the relevant departments who may be interested in your application.

Data will also be passed on if we are obliged to do so due to legal provisions and/or official or court orders.

d. Transfer of personal data to third countries

There are no plans to transfer data to third countries.

e. Deletion periods for applicant data

If no employment relationship is established, the application documents will be deleted six months after rejection. The legal basis for this storage is Art. 6 (1) (f) GDPR. Our legal interest in this regard is the defense against any claims under the General Equal Treatment Act ( AGG ). Otherwise, the general deletion periods and information under Section 8 apply.

5. Processing of personal data for customer satisfaction surveys and direct marketing

If you have given us your consent or we are authorized to do so within the framework of existing customer relationships, your contact details will also be used for direct marketing purposes (e.g. trade fair invitations, newsletters) or to conduct customer satisfaction surveys. You have the right to object to the use of your contact details for these purposes at any time. If you wish to exercise your right of objection in this regard, write us an email to info@julius-zoellner.de or follow the relevant instructions that you received from us in any advertising email. The legal basis for the processing of your data for advertising purposes is Art. 6 (1) (f) GDPR in the case of existing customer relationships or Art. 6 (1) (a) GDPR if you have given us your consent.

6. Social Media

On our website, we use references (“ links ”) to the social networks Facebook, Google+, Instagram and YouTube on the basis of Art. 6 (1) (f) GDPR in order to draw attention to our services and products and to get in touch with you as a visitor and user of these social media pages and our website.

You can recognize the links by the logo of the respective social network. Clicking on the logo establishes a direct connection between your browser and the server of the respective service, and you are redirected to the service provider's website.

These are not so-called social plug-ins, which establish a connection and transmit data to the respective social network when you visit our website. We point out that you use the following services and their functions at your own risk. Please also note that when you access the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. These third-party providers are:

• Facebook, 1 Hacker Way, Menlo Park, California 94025, USA, data protection information at: https://de-de.facebook.com/policy.php
• Google+ of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data protection information at: https://policies.google.com/privacy?hl=de
• Instagram by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data protection information can be found at: https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Privacy%20and%20Security
• YouTube of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data protection information at: https://policies.google.com/privacy?hl=de

7. Recipients and categories of recipients

Within our company, only those departments that need your data to fulfill contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes, provided they, in particular, maintain confidentiality and integrity. These include companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, and sales and marketing.

With regard to the transfer of data to recipients outside our company, please note that we only transfer necessary personal data in compliance with applicable data protection regulations. We may only transfer information about you if required by law, if you have consented, or if we are authorized to provide information. Under these conditions, recipients of personal data may include:

• public bodies and institutions (e.g. tax authorities, law enforcement authorities, family courts, land registry offices) if there is a legal or official obligation,
• Credit and financial service institutions or similar institutions to which we transmit personal data in the context of the business relationship (e.g. banks, credit agencies),
• Creditors or insolvency administrators who request information in the context of enforcement proceedings,
• auditor,
• Service providers that we use within the framework of order processing relationships.

8. Transfer to third countries

Data will be transferred to locations in countries outside the European Union (so-called third countries) if

• it is necessary to execute your orders (e.g. delivery orders),
• it is required by law (e.g. tax reporting obligations) or
• You have given us your consent.

Furthermore, transfer to bodies in third countries cannot be ruled out in the following cases:

• to maintain and ensure the company’s IT operations and IT security, and
• to combat money laundering, terrorist financing and other criminal activities.

9. Storage period

We process and store your personal data as long as it is necessary to fulfill our contractual obligations and exercise our rights.

If the data is no longer required to fulfil contractual or legal obligations, it will be regularly deleted, unless its – limited – further processing is necessary for the following purposes:

• Compliance with commercial and tax retention obligations under the German Commercial Code (HGB), the German Fiscal Code (AO), and the German Money Laundering Act (GwG). The retention and documentation periods specified therein are generally two to ten years.
• Preservation of evidence within the framework of the statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

10. Data security

Our employees and the service providers we engage are obligated to maintain confidentiality and comply with the provisions of applicable data protection laws. The company takes appropriate technical and organizational security measures to protect your personal data from loss, alteration, destruction, and unauthorized access or disclosure. Our security measures are continually being improved in line with technological developments.

11. Rights of data subjects

Every data subject has the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR.

The restrictions under Sections 34 and 35 of the Federal Data Protection Act (BDSG) apply to the right to information and erasure. Furthermore, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 of the Federal Data Protection Act).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e., before May 25, 2018. Please note that the revocation only takes effect for the future.

You also have the right to object at any time to the processing of personal data concerning you, in particular pursuant to Art. 6 (1) (f) GDPR, for reasons related to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. In particular, this includes the need for processing to assert, exercise, or defend legal claims.

Furthermore, you have the right, pursuant to Art. 22 GDPR, not to be subject to fully automated decision-making. We generally do not use fully automated decision-making to establish, conduct, or terminate the business relationship. Should we use these procedures in individual cases (e.g., to improve our products and services), we will inform you separately about this and your rights in this regard, provided this is required by law.

12. Obligation to provide data

As part of our business relationship, you must provide the personal contractual data that is necessary for the initiation, execution, and termination of a business relationship and for the fulfillment of the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will generally not be able to enter into, execute, or terminate a contract with you.

The same applies to visiting our online offering and the collection of usage data. Without collecting usage data, we and our service providers would not be able to provide you with our online offering.

13. Profiling

We do not process your personal data in an automated manner that produces legal effects concerning you or significantly affects you in a similar way.

14. Current status and changes to this privacy policy

This privacy policy is currently valid and is dated September 2021.