for website visitors, customers, suppliers, interested parties, applicants and other affected persons
With the following information we would like to give you as a visitor to our online offer, as a customer or interested party in our services, as a supplier, as an applicant or other affected person, an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the agreed services. Therefore, not all parts of this information will apply to you.
1. Responsible body and contact details of the data protection officer
Responsible for the processing of personal data on this website is:
Julius Zöllner GmbH & Co. KG
Tel.: +49 (0) 9264 807 0
(hereinafter "Company" called)
You can reach our data protection officer at:
Julius Zöllner GmbH & Co. KG
- Data Protection Officer -
2. Processing of personal data in connection with your use of our websites, applications and online platforms
Data collection when visiting our website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if necessary: in anonymous form)
The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
Hosted by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for the purpose of hosting and displaying the online shop on the basis of a processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data may also be processed as part of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the event that data is transmitted to Shopify Inc. in Canada, the European Commission’s adequacy decision ensures the appropriate level of data protection. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those of Shopify mentioned above only takes place within the scope communicated below.
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings in your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If individual cookies used by us also process personal data, the processing takes place in accordance with Article 6 (1) (b) GDPR either for the execution of the contract, in accordance with Article 6 (1) (a) GDPR in the event that consent has been given or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
Please note that if cookies are not accepted, the functionality of our website may be restricted.
Integration of the Trusted Shops Trustbadge / other widgets
Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected reviews) and to offer Trusted Shops products to buyers after an order.
This serves to safeguard our overriding legitimate interests in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible for data protection according to Art. 26 DSGVO. In the context of this data protection notice, we will inform you below about the essential contents of the contract in accordance with Art. 26 (2) GDPR.
The Trustbadge is provided by a US CDN provider (Content Delivery Network) as part of a shared responsibility. An appropriate level of data protection is ensured by standard data protection clauses and other contractual measures. Further information on data protection at Trusted Shops GmbH can be found in their Data protection.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, amount of data transferred and the requesting provider (access data) and documents the call. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to you personally. The anonymized data is used in particular for statistical purposes and for error analysis.
After completing the order, your hashed e-mail address using a one-way cryptographic function will be sent to Trusted Shops GmbH. The legal basis is Article 6 Paragraph 1 Clause 1 Letter f GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of buyer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6 paragraph 1 sentence 1 lit. f GDPR required. If this is the case, further processing takes place in accordance with the contractual agreement made between you and Trusted Shops. If you are not yet registered for the services, you will then be given the opportunity to do so for the first time. Further processing after registration is also based on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.
Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Article 6(1)(f) GDPR for the purpose of ensuring trouble-free operation. Processing can take place in third countries (USA and Israel). An appropriate level of data protection is ensured in the case of the USA by standard data protection clauses and other contractual measures, and in the case of Israel by an adequacy decision.
As part of the joint responsibility between us and Trusted Shops GmbH, please contact Trusted Shops GmbH using the contact options given in the data protection information linked above if you have any data protection questions or want to assert your rights. Irrespective of this, you can always contact the responsible person of your choice. If necessary, your request will then be forwarded to the other person responsible for an answer.
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted once your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.
Data processing when opening a customer account and for contract processing
In accordance with Article 6 (1) (b) GDPR, personal data will continue to be collected and processed if you provide it to us to execute a contract or open a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data you provide to process the contract. After the contract has been completed or your customer account has been deleted, your data will be blocked with regard to retention periods under tax and commercial law and deleted after these periods have expired, unless you have expressly consented to further use of your data or have reserved the right to further data use permitted by law on our part became.
Data processing for order processing
To process your order, we work together with the following service providers, who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institute as part of the payment process, provided this is necessary for the payment process. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Article 6 (1) (b) GDPR.
Use of special service providers for order processing and processing
Shipping is via the "shipcloud" shipping portal (shipcloud GmbH, Lüdmoor 35a,
22175 Hamburg). According to Art. 6 Para. 1 lit. b DSGVO we give your data (name,
Address and, if necessary, further information) exclusively for the purpose of
processing of your online order to shipcloud. A transfer only takes place
as far as this is actually necessary for the processing.
Details on shipcloud's data protection are available on shipcloud's website
can be viewed at "shipcloud.io".
Use of payment service providers (payment services)
If you decide to use the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the "Apple Pay" function of your device running iOS, watchOS or macOS by debiting a payment card stored with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to release a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your terminal device.
For the purpose of payment processing, the information you provide during the ordering process, along with the information about your order, will be sent to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is sent to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment details. After payment is made, Apple will send your device account number and a transaction-specific dynamic security code to the originating website to confirm payment success.
If personal data is processed in the transmissions described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Apple retains anonymized transaction information, including approximate purchase amount, date and time, and whether the transaction was successfully completed. The anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that personally identifies you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
If you decide to use the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment will be processed using the “Google Pay” application on your device with at least Android 4.4 ("KitKat") operated mobile device with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To release a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification measure set up (e.g. face recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provide during the ordering process together with the information about your order will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the source website, which is used to verify that the payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a uniquely valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment stored with Google Pay.
If personal data is processed in the transmissions described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photographs you included with the transaction, the name and email addresses of the seller and buyer, or of the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing takes place exclusively in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and functional maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.
Further information on data protection with Google Pay can be found at the following Internet address:
If a Klarna payment service is selected, the payment will be processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable the payment to be processed, your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, telephone number and IP address) as well as data relating to the order will be processed (e.g. invoice amount, item, type of delivery) to Klarna for the purpose of identity and creditworthiness checks, provided that you have expressly consented to this in accordance with Art. 6 (1) (a) GDPR during the ordering process. You can see here which credit agencies your data can be forwarded to:
The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Klarna uses the information received about the statistical probability of non-payment for a balanced decision on the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
Your personal information will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy treated.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), further. The transfer takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
Data protection information on Stripe Payments Europe Ltd. You will find here: https://stripe.com/de/privacy
If you select the "SOFORT" payment method, payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 Paragraph 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT and only to the extent that it is necessary for this. You can find more information about SOFORT's data protection regulations at the following Internet address: https://www.klarna.com/sofort/datenschutz.
Use of Google Ads conversion tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers with the help of advertising material (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are pursuing the goal of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.
The conversion tracking cookie is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your end device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. This means that cookies cannot be tracked via the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can block this use by deactivating the Google Conversion Tracking cookie in your Internet browser under the keyword "User settings". You will then not be included in the conversion tracking statistics. We use Google Ads based on our legitimate interest in targeted advertising in accordance with Article 6 (1) (f) GDPR. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. come in the US.
You can find more information about Google's data protection regulations at the following Internet address: https://www.google.de/policies/privacy/
You can permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the Google browser plug-in available under the following link:
Insofar as this is legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR to process your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie-Consent-Tool" provided on the website or alternatively follow the option described above to make an objection.
web analytics services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies", which are text files that are stored on your end device and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transmitted to a Google server and stored there. This can also result in transmission to the servers of Google LLC. come in the US.
This website uses Google (Universal) Analytics exclusively with the "_anonymizeIp()" extension, which ensures that the IP address is anonymized by shortening it and excludes direct personal reference. As a result of the extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google LLC server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics is not merged with other Google data.
All of the processing described above, in particular the setting of Google Analytics cookies for reading information on the end device used, will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. Without this consent, Google Analytics will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website. We have concluded an order processing contract with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass it on to third parties.
For the transmission of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
Tools and Miscellaneous
This website uses the cookie consent tool "GDPR Legal Cookie" from beeclever GmbH, Universitätsstrasse 3, D-56070 Koblenz a. Rh. ("beeclever").
So that the cookie content tool can clearly assign page views to individual users and can individually record, log and save the consent settings made by the user for the duration of the session, certain user information (including the IP address) is stored by the cookie content tool when our website is accessed. collected, transmitted to the beeclever server and stored there.
This data processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and therefore in a legally compliant design of our website.
Another legal basis for the data processing described is Art. 6 (1) (c) GDPR. As the person responsible, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
You can find further information on the use of data by beeclever under https://beeclever.de/pages/datenschutz
Applications for job advertisements by e-mail
On our website we advertise currently vacant positions in a separate section, for which interested parties can apply by e-mail to the contact address provided.
Inclusion in the application process requires that applicants provide us with all the personal data required for a well-founded and informed assessment and selection together with the application by e-mail.
The required information includes general personal information (name, address, a telephone or electronic contact option) as well as performance-specific evidence of the qualifications required for a position. It may also be necessary to provide health-related information, which must be taken into account in the interest of social protection in the person of the applicant in terms of labor and social law.
Which components an application must contain in individual cases in order to be considered and the form in which these components are to be sent by e-mail can be found in the respective job advertisement.
After receipt of the application sent using the email contact address provided, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. For questions that arise in the course of processing, we use, at our discretion, either the e-mail address provided by the applicant with his application or a telephone number provided.
The legal basis for this processing, including contacting us for queries, is Article 6 Paragraph 1 Letter b GDPR (for processing in Germany in conjunction with Section 26 Paragraph 1 BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract.
Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, processing is carried out in accordance with Article 9 (2) lit. b. GDPR so that we can exercise our rights under labor law and social security and social protection law and comply with our obligations in this regard.
Cumulatively or alternatively, the processing of the special data categories can also be based on Art. 9 Para. 1 lit health or social care treatment or for the administration of health or social care systems and services.
If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws his application prematurely, his data transmitted by e-mail and all electronic correspondence including the original application e-mail will be deleted after 6 months at the latest after notification. This period is based on our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, in being able to meet our obligations to provide evidence from the regulations on the equal treatment of applicants.
In the event of a successful application, the data provided will be processed on the basis of Article 6 Paragraph 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 Paragraph 1 BDSG) for the purposes of carrying out the employment relationship.
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. Using this service will show you our location and make it easier to get there.
Insofar as this is legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR to process your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the above-described option to make an objection.
3. Processing of personal data of business partners
As part of the cooperation with business partners, the company processes personal data of contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter "Business partner"):
- Contact information, such as first and last name, business address, business telephone number, business mobile phone number, business fax number and business e-mail address,
- Payment data, such as information required to process payment transactions or prevent fraud, including credit card information and card verification numbers,
- further information, the processing of which is necessary within the framework of a contractual relationship and which is provided voluntarily by business partners, such as orders, inquiries or details of projects,
- Personal data collected from publicly available sources, information databases or credit agencies and
- to the extent required by law as part of compliance screenings: date of birth, ID card and ID card numbers, information on relevant court proceedings or other legal disputes in which business partners are involved.
Furthermore, personal data is processed for the following purposes:
- Communication with business partners about products, services and projects, for example to process inquiries from business partners or to provide technical information about products,
- Planning, implementation and management of the contractual business relationship, for example to process the ordering of products and services, collect payments, for accounting and billing purposes and to carry out deliveries, maintenance work or repairs,
- Implementation of marketing campaigns, market analyses, sweepstakes, etc.,
- Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraudulent activities or other criminal or malicious activities,
- Comparison of personal data with US sanctions lists based on European Regulations 2580/2001 and 881/2002,
- Compliance with (i) legal requirements (e.g. tax and commercial law retention requirements), (ii) existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering) and (iii) guidelines and industry standards and
- Settling legal disputes, enforcing existing contracts and asserting, exercising and defending legal claims.
The processing of personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise when collecting personal data, the legal basis for data processing is:
- the execution and fulfillment of a contract with you in accordance with Art. 6 Para. 1 lit. b DS-GVO,
- the fulfillment of legal obligations to which the company is subject under Art. 6 Para. 1 lit. c GDPR, or
- the protection of legitimate interests according to Art. 6 Para. 1 lit. f GDPR. The legitimate interest lies in the initiation, implementation and processing of the business relationship in business dealings.
If you have expressly given your consent to the processing of your personal data in individual cases, this consent is the legal basis for processing in accordance with Article 6 (1) (a) GDPR.
4. Processing of applicants' personal data
a. Categories of data and purpose of data processing
As part of the application process, we generally process the following categories of personal data:
- Personal data (first and last name, date of birth, address, school qualifications)
- Communication data (telephone number, mobile phone number, fax number, e-mail address)
- Data on the assessment and evaluation in the application process
- Data on training (school, vocational training, civil/military service, studies, doctorate)
- Data on previous professional career, training and job references
- Information on other qualifications (e.g. language skills, PC knowledge, voluntary work)
- Application photo
- Desired salary information
- application history
Personal data that you provide to us as part of your application will be stored and used exclusively for the purpose of processing the application and, if necessary, for carrying out the subsequent employment relationship.
b. Legal basis for data processing
The processing of your personal data as part of the application process takes place on the basis of Art. 6 Para. 1 lit. b DS-GVO (justification and implementation of a contract) and Section 26 Para. 1 S. 1 BDSG.
c. Sharing of Data
Your data will be made accessible to the responsible employees in the HR department and the responsible employees or supervisors in the specialist department(s) for the position for which you have applied. In the case of an unsolicited application, your documents will be made available to the responsible employees in the HR department and the responsible employees or supervisors in the relevant departments who might be interested in your application.
Data will also be passed on if we are obliged to do so due to legal provisions and/or official or court orders.
i.e. Transfer of personal data to third countries
A transfer to third countries is not planned.
e. Deletion periods for applicant data
If no employment relationship is established, the application documents will be deleted six months after rejection. The legal basis for the storage in this regard is Art. 6 Para. 1 lit. f GDPR. Our legal interest in this regard is the defense against any claims arising from the General Equal Treatment Act (“AGG"). Otherwise, the general deletion deadlines and information under Section 8 apply.
5. Processing of personal data for customer satisfaction surveys and direct marketing
If you have given us your consent or we are entitled to do so within the framework of existing customer relationships, your contact details will also be used for direct marketing purposes (e.g. invitations to trade fairs, newsletters) or to carry out customer satisfaction surveys. You have the right to object to the use of your contact details for these purposes at any time. If you want to make use of your right to object in this regard, send us an email email@example.com or follow the corresponding instructions that you have received from us in any advertising email. The legal basis for processing your data for advertising purposes is Art. 6 Para. 1 lit. f GDPR in the case of existing customer relationships or Art. 6 Para. 1 lit. a GDPR if you have given us your consent.
6. Social Media
On our website we place references (“Links") on the social networks Facebook, Google+, Instagram and YouTube to draw attention to our services and products and to get in touch with you as a visitor and user of these social media pages and our website.
You can recognize the links by the logo of the respective social network. By clicking on the logo, a direct connection is established between your browser and the server of the respective service and you are forwarded to the website of the service provider.
These are not so-called social plug-ins, where a connection and data transmission to the respective social network is established when you visit our website. We would like to point out that you use the following services and their functions at your own risk. Please also note that when you call up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Specifically, these are the following third-party providers:
- Facebook, 1 Hacker Way, Menlo Park, California 94025, USA, privacy information at: https://de-de.facebook.com/policy.php
- Google+ from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Data protection information at: https://policies.google.com/privacy?hl=de
- Instagram by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, data protection information at: https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc=Instagram Help Center&bc=Privacy%C3%A4re%20and%20Security
- YouTube of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland data protection information at: https://policies.google.com/privacy?hl=de
7. Recipients and categories of recipients
Within our company, those departments that need your data to fulfill their contractual and legal obligations will have access to it. Service providers and vicarious agents used by us may also receive data for these purposes if they maintain confidentiality and integrity in particular. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, and sales and marketing.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. In principle, we may only pass on information about you if this is required by law, if you have given your consent or if we are authorized to provide information. Under these conditions, recipients of personal data can be:
- Public bodies and institutions (e.g. tax authorities, law enforcement authorities, family courts, land registries) if there is a legal or official obligation,
- Credit and financial services institutes or comparable institutions to which we transmit personal data in the course of conducting the business relationship (e.g. banks, credit agencies),
- Creditors or insolvency administrators who inquire about a foreclosure,
- Service providers that we use in the context of order processing relationships.
8. Transfer to third countries
A data transfer to offices in countries outside the European Union (so-called third countries) takes place, insofar as
- it is necessary for the execution of your orders (e.g. delivery orders),
- it is required by law (e.g. tax reporting obligations) or
- you have given us your consent.
Furthermore, transmission to bodies in third countries cannot be ruled out in the following cases:
- to maintain and ensure the IT operations and IT security of the company and
- to combat money laundering, terrorist financing and other criminal activities.
9. Duration of storage
We process and store your personal data for as long as it is necessary to fulfill our contractual obligations and exercise our rights.
If the data is no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their - limited - further processing is necessary for the following purposes:
- Fulfillment of commercial and tax storage obligations from the German Commercial Code (HGB), the Tax Code (AO) and the Money Laundering Act (GwG). The retention and documentation periods specified there are generally two to ten years.
- Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
10. Data Security
Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational security measures to protect your personal data from loss, alteration, destruction and from access by unauthorized persons or unauthorized disclosure. Our security measures are constantly being improved in line with technological developments.
11. Data subject rights
Every data subject has the right to information in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 DS-GVO and the right to data transferability from Art. 20 DS-GVO.
The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 DS-GVO in conjunction with Section 19 BDSG).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only applies to the future.
You also have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based in particular on Art. 6 (1) (f) GDPR. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms. In particular, this includes the fact that the processing is necessary to assert, exercise or defend legal claims.
In addition, you have the right in accordance with Art. 22 DS-GVO not to be subject to fully automated decision-making. In principle, we do not use fully automated decision-making to establish, implement and terminate the business relationship. If we use these procedures in individual cases (e.g. to improve our products and services), we will inform you separately about this and your rights in this regard, if this is required by law.
12. Obligation to provide data
As part of our business relationship, you must provide the personal contract data that is required for the establishment, implementation and termination of a business relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to enter into, perform and terminate a contract with you.
The same applies to visiting our online offer and collecting usage data. Without the collection of the usage data, we and our service providers are not able to make our online offer available to you.
We do not automatically process your personal data in a way that produces legal effects on you or significantly affects you in a similar way.
This data protection declaration is currently valid and has the status of September 2021.