Responsible and legally compliant handling of your personal data is very important to us. Therefore, we inform you here comprehensively and transparently in which cases we process personal data from you and how we proceed with it.
Responsible in the sense of the General Data Protection Regulation (DSGVO), other data protection laws applicable in the Member States of the European Union such as the Federal Data Protection Act (BDSG n.F.) and other provisions of a data protection nature is:
At the nut head 35
Responsible person: Thomas Engler
Further information can be found in our imprint:
2. DATA PROTECTION OFFICER
Our data protection officer is Mr. Marco Hess, St.Barbara-Straße 12, 66299 Friedrichsthal. You can reach him for all data protection issues related to our company as well as for possible notifications of data protection violations by phone: 06897-999040 or by e-mail email@example.com.
3. EXPLANATION OF KEY TERMS
This privacy statement uses terms that were defined by the European Directive and Regulation Maker when adopting the General Data Protection Regulation. For a better understanding of this privacy statement, we explain the most important terms below:
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A data subject is any identified or identifiable natural person whose personal data are processed by the controller - for example, you as a customer of our company or user of this website.
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Person(s) responsible or in charge of processing
Controller(s) or person(s) responsible for processing.
is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. In simplified terms, this is us.
Consent is any indication of intention given voluntarily by the data subject for the specific case in an informed and unambiguous manner in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
4. DATA PROCESSED ON THESE WEB PAGES
In the following, we inform you about the processing of personal data when using this website. Personal data in connection with the use of this website are, for example, name, address, also e-mail address and IP address. As a matter of principle, we only process users' personal data to the extent that this is necessary to provide a functional website and its contents. Furthermore, we collect personal data when you contact us by e-mail or via a web form on our website.
4.1 DATA PROCESSING FOR THE PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
Personal data is already processed by your visit to our Internet pages. For example, in order to transmit and display the Internet pages in your browser, it is necessary for us to process the IP address of the terminal device you are using. In addition, there is further information about the browser used by your end device. We are obligated under data protection law to also ensure the confidentiality and integrity of the personal data processed with our IT systems. For this purpose, the following data is logged:
▪ IP address of the terminal device ▪ Host name of the terminal device ▪ Operating system of the terminal device ▪ Browser type and version of the terminal device ▪ Name of the retrieved file ▪ Date and time of the server request ▪ Referrer URL
This information is stored in log files to ensure the functionality of the website. In addition, the data is used on a case-by-case basis to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest within the meaning of this article is the operation of this website and the implementation of the data protection objectives of confidentiality, integrity and availability of the data.
Cookies are used on our Internet pages. Cookies are small pieces of text information that are stored in your terminal device via your browser. Cookies do not install or start any programs or other applications on your end device. Rather, they are necessary to ensure certain functions and the error-free display of our Internet pages. You can prevent cookies from being set by making the appropriate settings in your browser. However, this may have the consequence that the use of our Internet pages will then only be possible to a limited extent. The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO in conjunction with § 15 TMG. Our legitimate interest within the meaning of this legal standard is the proper operation of these web pages.
We use the "Real Cookie Banner" consent tool to manage the cookies and similar technologies used and the related consents. Details on how "Real Cookie Banner" works can be found at https://devowl.io/de/rcb/datenverarbeitung/.
Legal bases for the processing of personal data in this context are Art. 6 para. 1 lit. c DS-GVO and Art. 6 para. 1 lit. f DS-GVO. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
4.3 DATA TRANSMISSION IN THE COURSE OF E-MAIL COMMUNICATION
If you send us an e-mail, we collect and process the personal data that you provide to us in the e-mail. This includes e.g.
▪ your last name, ▪ your first name, ▪ your address, ▪ your telephone number, ▪ your e-mail address and ▪ the content of your message or communication, if it contains personal data.
This is done in order to be able to communicate with you if you have contacted us, e.g. by answering your questions or providing you with requested information. The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest within the meaning of this legal standard is the communication with customers and interested parties.
4.4 USE OF GOOGLE MAPS
The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest within the meaning of this legal norm is an appealing presentation of our online offers and an easy findability of the places indicated by us on the website.
4.5 USE OF MATOMO (FORMERLY PIWIK)
5. PURPOSES OF THE PROCESSING OF PERSONAL DATA
We process the aforementioned data for the operation of our website and to fulfill contractual obligations to our customers. In the case of inquiries from you outside of an active customer relationship, we process the data to carry out pre-contractual measures.
6. INFORMATION ON THE STORAGE PERIOD OF YOUR DATA.
The processed personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage is possible beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. If the data processing takes place in connection with an existing customer relationship, we store the data collected here taking into account the overall context, legal provisions from commercial and tax law and taking into account our contractual obligations arising from the existing customer relationship. In the case of inquiries from you outside of an active customer relationship, we store the data until the inquiry has been completed, unless other legal requirements conflict with this.
7. INFORMATION ON YOUR CONSENT
If we process your personal data on the basis of consent, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
8. VOLUNTARY INFORMATION PROVIDED IN ADDITION TO THE DATA COLLECTED BY US.
Insofar as you voluntarily provide us with data, e.g. in forms, and this data is not required for the fulfillment of our contractual obligations, we process this data on the basis that we assume that the processing and use of this data is in your interest.
9. RECIPIENTS OF THE DATA COLLECTED FROM YOU AND DISCLOSURE OF THIS DATA
Data that you provide to us via these Internet pages will not be passed on to third parties as a matter of principle. However, we use service providers for the operation of these Internet pages, such as our Internet service provider. In doing so, it may happen that a service provider used by us obtains knowledge of personal data. Particularly with regard to data protection and data security, we select our service providers carefully and take all necessary measures required by data protection law for legally permissible data processing.
10. DATA PROCESSING OUTSIDE THE EUROPEAN UNION
With the exception of the use of Google Maps, we do not process your personal data outside the European Union, in a so-called third country.
11. NOTE ON THE NON-EXISTENCE OF AUTOMATED DECISION MAKING INCLUDING PROFILIN
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) does not take place when processing your data on this website.
12. YOUR RIGHTS AS A DATA SUBJECT:R
If your personal data is processed by us, you are entitled to the following rights: Right to information You can request information about your personal data processed by us within the framework of Art. 15 DSGVO. Right to rectification
If the information concerning you is not (or no longer) accurate, you can request a correction in accordance with Art. 16 DSGVO. If your data is incomplete, you can request that it be completed.
Right to deletion
You can request the deletion of your personal data under the conditions of Art. 17 DSGVO.
Right to restriction of processing
Within the framework of the specifications of Art. 18 DSGVO, you have the right to demand a restriction of the processing of the data concerning you.
Right to data portability
Pursuant to Art. 20 DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
Right of objection
According to Art. 21 DSGVO, you have the right to object to processing within the framework of the legal requirements. If the processing of personal data concerning you is carried out to protect our overriding legitimate interest (legal basis under Art. 6(1)(f) DSGVO) or in the public interest (legal basis under Art. 6(1)(e) DSGVO), you have the right to object to the processing at any time on grounds relating to your particular situation. In the event of an objection, we will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to revoke the declaration of consent under data protection law
In accordance with Art. 7 (3) DSGVO, you have the right to revoke your declaration of consent under data protection law at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
Right to lodge a complaint with a supervisory authority
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority (in particular in the Member State of your residence, workplace or the place of the alleged infringement) pursuant to Article 77 of the GDPR. You can reach the data protection authority responsible for us at: Independent Data Protection Center Saarland Fritz-Dobisch-Strasse 12, 66111 Saarbrücken Phone: +49 (0)681 94781-0 http://www.lfdi.saarland.de
13. PROCESSING OF YOUR APPLICATION
If you apply to us, we will only process the information that we receive from you as part of the application process. We assess your suitability only in relation to the vacant position. You do not have to send us a photograph. Your data will initially only be processed for the purpose of carrying out our application procedure. If your application is successful, this data will become part of your personnel file and will be used to implement and terminate the employment relationship. We process your personal data in compliance with the provisions of the DSGVO, the BDSG and, if applicable, other relevant laws. The primary legal basis for this purpose is Art. 6 (1) b DSGVO in conjunction with Section 26 (1) BDSG. Where necessary, we also process your data on the basis of Art. 6 (1) f DSGVO in order to protect legitimate interests of us or of third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis Section 26 (1) sentence 2 BDSG) or if this is necessary for the assertion, exercise or defense of legal claims. Insofar as special categories of personal data are processed pursuant to Art. 9 (1) DSGVO, this may serve the purpose of initiating an employment relationship and may be carried out on the basis of Art. 9 (2) b DSGVO in conjunction with Section 26 (3) BDSG. In addition, the processing of health data may be necessary for the assessment of your fitness for work pursuant to Art. 9 (2) h in conjunction with Section 22 (1) b BDSG. In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 (2) a DSGVO in conjunction with Section 26 (2) BDSG (e.g. voluntary transmission of supplementary information in your application).
What categories of data are processed?
The following categories belong to the processing of personal applicant data: 1. master data (first name, surname, title, nationality, address, telephone number, e-mail address) 2. application documents (cover letter, curriculum vitae, work history, certificates, documents on education, training and further education as well as internship periods) 3. there may also be special categories of personal data (e.g. health data) 4. we also process data that we have permissibly obtained from public sources (e.g. professional networks such as XING etc.).
Who receives access to your applicant data?
Only the persons and departments that need your personal data to process your application will receive it. This is the management as well as the responsible administrator:in the relevant department.
How long do we store your applicant data?
We delete your personal data as soon as it is no longer required for the application process and is no longer needed to assert, defend or exercise legal claims. As a rule, the storage period is up to 6 months after a rejection.
Do we pass on your data?
Your data will only be passed on to external recipients if we are obliged to provide information, report or pass on data in order to comply with legal requirements, if you have given us permission to pass on data to third parties or to external service providers who act as order processors (e.g. IT service providers) on our behalf. The legal basis for the processing of this data results from Art. 6 para. 1 p. 1 lit. a DSGVO; Art. 6 para. 1 p. 1 lit. c DSGVO; Art. 28 DS-GVO.
Voluntary provision of your data
You are not obliged to provide us with your personal data. However, we can only assess your suitability for the position in question if we receive information about your education, work experience and skills in particular. Without providing your contact information, we cannot include you in the application process. Recommendation on the security of your application data Application documents contain sensitive personal data. We are aware of this. We therefore ask you not to send your application documents to our general e-mail address, but to the e-mail address specially set up for applications.
Status: September 2022