4. Who receives my data?
Within our company, those departments that need your data to fulfil our contractual and legal obligations will have access to it.
Processors used by us (Art. 28 GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, software, logistics, sales and marketing. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.
Data is only passed on to third parties who are not processors within the framework of the legal requirements. We only pass on user data to third parties if this is necessary, e.g. on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in the economic and effective operation of our business operations or if you have consented to the transfer of data. When using the website for purely informational purposes, we do not pass on any data to third parties.
5. How long will my data be stored?
For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of 14 days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of an agreement via the contact form or by email.
Applicant data will be deleted after 6 months in the event of a rejection. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted there if you withdraw your consent or after 5 years at the latest. If we fill the advertised position with you, your data will be stored in our personnel management system.
In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are six to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.
If you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period in accordance with Section 31 (2) No. 1 OWiG, Section 41 (1) BDSG, Art. 83 (5) lit b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of enquiries from supervisory authorities).
6. Is data transferred to a third country or to an international organisation?
The data provided will be processed within the European Union and in the USA. Please note that with recipients of your data for countries without an adequacy decision by the Commission pursuant to Article 45 GDPR, we ensure that we have agreed EU standard data protection clauses with these recipients. When transferring data to the USA, we ensure that the recipients of the data are certified in accordance with the EU-U.S. Data Privacy Framework or that we agree EU standard data protection clauses with recipients without certification.
When we agree standard data protection clauses, we take additional measures to ensure adequate protection. This is in order to protect your data and to achieve an appropriate level of protection for your personal data. You have the option of receiving or viewing a copy of the EU standard data protection clauses. If necessary, we will obtain your consent for the data transfer.
7. What data protection rights do I have?
Each person concerned has
• the right of access in accordance with Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time) ,
• the right to rectification in accordance with Art. 16 GDPR (i.e. if your personal data is incorrect or incomplete, you can request the rectification of this data) ,
• the right to erasure in accordance with Art. 17 GDPR and the right to restriction of processing in accordance with Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention obligations do not require further storage) ,
• the right to data portability under Art. 20 GDPR (i.e. you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us) .
You can also withdraw your consent with effect for the future.
In addition, you have the right to lodge a complaint with a data protection authority (Art. 77 GDPR in conjunction with Section 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
We would also like to draw your attention to your right to object in accordance with Art. 21 GDPR:
Information about your right to object in accordance with Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) sentence 1 (e) GDPR (data processing in the public interest) and Article 6 (1) sentence 1 (f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 no. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and no costs other than the transmission costs according to the basic tariffs will be incurred.
If you would like to exercise your right to object, an informal message, e.g. to the contact details above, is sufficient.
8. To what extent is there automated decision-making in individual cases, including profiling?
When you access our website or contact us by form or email, we generally do not use fully automated decision-making in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you of this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
As part of our website, you must provide the personal data that is technically necessary for the use of our website or for IT security reasons. If you do not provide this data, you will not be able to use our website.
When contacting us by form or e-mail, you only need to provide the personal data required to process your enquiry. Otherwise we will not be able to process your enquiry.
10. Cookies
General
We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user's computer when visiting certain websites.
Some of these cookies are essential for the functioning of our website, while other cookies help us to improve our website by giving us insights into how you use the website.
By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by making the appropriate settings in your browser.
We only use cookies that are not necessary for the website to function ("non-essential cookies") if you have given your consent via our cookie banner. You can return to our privacy notice at any time and withdraw your consent or make changes.
Click on the his button for information on the cookies we use:
Alternatively, you can prohibit the storage of cookies individually via the settings of your browser (you can find out how to set the cookie handling on the browser's help page). You can find help on cookie management in the most common browsers at the following addresses:
· Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
· Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
· Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
· Opera: http://www.opera.com/de/help
· Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE.
Cookie management
The cookie consent tool Usercentrics is implemented on our website so that you can conveniently manage the cookies used. Usercentrics Cookie Management is a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Saving a cookie is technically necessary for the use of Usercentrics.
Usercentrics shows you a list of cookies sorted by group and explains the purpose of the cookie groups and the individual cookies as well as their storage duration. If technically necessary cookies are deselected, the use of the website or individual functions on the website may be restricted or impossible.
If you have consented to the setting of cookies when visiting this website, you can withdraw your consent by opening Usercentrics (see button above) and deselecting the cookies in question.
11. Processing of personal data in the context of the use of external online services
11.1 Google Analytics
Based on your consent, we use the web analytics service Google Analytics version 4 from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information generated by Google Analytics about the use of our website is generally transmitted to a Google server in the USA and stored there. By giving your consent via our cookie banner, you consent to the processing of your data, Art. 6 para. 1 sentence 1 lit. a GDPR.
Google is an active participant in the EU-US Privacy Framework, which regulates the correct and safe transfer of personal data from EU citizens to the USA.
The processing of the data is a joint responsibility between Google and us in accordance with Art 26 GDPR. It has been agreed with Google that the primary controller under the GDPR for the processing of personal data is Google and that all obligations under the GDPR with regard to the processing of personal data are fulfilled by Google (in particular the information obligations pursuant to Article 12 et seq. GDPR, safeguarding the rights of data subjects pursuant to Article 15 et seq. GDPR, notification of data breaches pursuant to Articles 33, 34 GDPR). Google processes the data in order to analyse the use of our website by website visitors, to compile reports on the activities within our website and to provide other services associated with the use of the website. Pseudonymised usage profiles of website visitors are created from the processed data. The data is stored for a maximum of 14 months and then deleted.
Google Analytics 4 uses IP anonymisation. This means that the IP address of users is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by the user's browser will not be merged with other Google data. If you wish to prevent the use of your data, you can install a corresponding browser add-on from Google in addition to withdrawing your consent via our cookie banner: https://support.google.com/analytics/answer/181881?hl=en You can find Google's privacy notice here: https://policies.google.com/privacy?hl=de
11.2 Google Tag Manager
We use the Google Tag Manager service from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland on the basis of your consent.
Google Tag Manager is a service that organises the loading of other tools - in particular analysis tools. The Google Tag Manager itself does not set any cookies, but Google does receive your IP address. The Google Tag Manager servers are usually located in Ireland, but also in the USA.
By giving your consent via our cookie banner, you consent to the processing of your data, Art. 6 para. 1 sentence 1 lit. a GDPR; § 25 para. 1 TTDSG.
Further information on Google Tag Manager can be found in Google's privacy notice at https://www.google.de/intl/de/policies/privacy/.
11.3 Mouseflow
Based on your consent, we use the analysis and tracking software "Mouseflow" from the service provider ApS, Flaesketorvet 68, 1711 Copenhagen V, Denmark.
Mouseflow is a service for recording user activity in the profine online shop. Typical technologies are cookies and pixels that are placed in the browser. The following data is collected and pseudonymised through the use of Mouseflow: Clicks and mouse movementsClicks and mouse movements, use of scroll wheel and scroll bar, use of form fields or feedback tools, visitor type (first-time visitors/returning visitors), browser, operating system and medium desktop, tablet or mobile, navigation (URLs visited) and referrer URL, screen resolution, page content (HTML), ISP and location (city, state/region, country), customised tags and variables.
By giving your consent via our cookie banner, you consent to the processing of your data, Art. 6 para. 1 sentence 1 lit. a GDPR; § 25 para. 1 TTDSG.
Click here for more information about the data processor: https://mouseflow.com/legal/visitor/privacy-policy/
11.4 Newsletter
With the following information we inform you about our newsletter as well as the registration, dispatch and evaluation procedure and clarify your rights to object. If you subscribe to our newsletter, you agree to receive the newsletter and the procedures described.
Newsletter content: We send newsletters, emails and other electronic notifications containing promotional information (hereinafter referred to as "newsletters") only based on the consent of the recipients or on the basis of legal authorisation. If we specifically describe individual newsletters as part of the registration process, this description is decisive for the consent of a newsletter subscriber. If there is no separate description, you will receive information about our products, offers and promotions as well as information about our company in our newsletters.
Double opt-in: Registration for our newsletter takes place using the so-called double opt-in procedure. This means that after registering for the newsletter, we will send you an e-mail asking you to confirm your registration. This confirmation serves to ensure that only people who have access to the email address provided register for our newsletter. We keep a record of newsletter registrations in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.
The newsletter is sent via "Cleverreach". You can view the newsletter service provider's privacy policy here: https://www.cleverreach.com/de-de/datenschutz/
According to its own information, the newsletter service provider uses the data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services. However, the newsletter service provider does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.
To subscribe to the newsletter, all you need to do is enter your e-mail address. Optionally, we ask you to enter a name so that we can address you personally in the newsletter.
The newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from the newsletter service provider's server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and your reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavour nor that of the mailing service provider to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The newsletter is sent and its success measured on the basis of the consent of the recipients pursuant to Art. 6 (1) sentence 1 lit. a), Art. 7 GDPR in conjunction with Section 7 (2) no. 3 UWG or on the basis of the legal authorisation pursuant to Section 7 (3) UWG.
The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR and serves as proof of consent to receive the newsletter.
You can unsubscribe from our newsletter at any time, i.e. withdraw your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.
13. Unsere Social Media Präsenzen
Sie finden uns mit Präsenzen innerhalb sozialer Netzwerke und Plattformen, damit wir auch dort mit Ihnen kommunizieren und sie dort über unsere Leistungen informieren können.
Wir weisen darauf hin, dass dabei Ihre Daten außerhalb der Europäischen Union verarbeitet werden können und dass die Daten im Regelfall für Marktforschungs- und Werbezwecke verarbeitet werden. Aus dem Nutzungsverhalten und sich daraus ergebenden Interessen der Nutzer können Nutzungsprofile erstellt werden. Diese Nutzungsprofile können wiederum verwendet werden, um z. B. Werbeanzeigen innerhalb und außerhalb der Plattformen zu schalten, die mutmaßlich den Interessen der Nutzer entsprechen. Hierfür werden u. U. Cookies auf den Computern der Nutzer gespeichert, in denen das Nutzungsverhalten und die Interessen der Nutzer gespeichert werden. In diesen Nutzungsprofilen können auch anderweitige Daten gespeichert werden, insbesondere wenn die Nutzer Mitglieder der jeweiligen Plattformen sind und bei diesen eingeloggt sind.
Wir verlinken auf unserer Website lediglich auf unsere Unternehmensprofile bei den jeweiligen sozialen Netzwerken. Beachten Sie jedoch, dass beim Klick auf einen Link zu den sozialen Netzwerken Daten zu deren Servern übertragen werden. Sind Sie bei dem jeweiligen sozialen Netzwerk zu diesem Zeitpunkt mit Ihrem Benutzernamen und Kennwort eingeloggt, wird dorthin die Information übertragen, dass Sie von unserer Webseite aus unser Unternehmensprofil bei dem jeweiligen sozialen Netzwerk besucht haben und der jeweilige Anbieter kann diese Information in Ihrem Benutzerkonto speichern.
Wir haben grundsätzlich keinen maßgeblichen Einfluss auf die Datenverarbeitung der sozialen Netzwerke. Wir erhalten von den Anbietern jedoch Statistiken über die Nutzung und Besuche unserer Unternehmensprofile in den sozialen Netzwerken (z. B. Angaben über Anzahl der Aufrufe, Interaktionen wie Likes und Kommentare sowie zusammengefasste demografische und andere Informationen oder Statistiken). Nähere Informationen zu den von den Anbietern genutzten daten finden Sie in den unten verlinkten Datenschutzhinweisen der Anbieter.
Soweit wir im Rahmen unserer Social-Media-Präsenzen Ihre personenbezogenen Daten erhalten (z.B. im Rahmen einer Mitteilung), stehen Ihnen diesbezüglich die in dieser Datenschutzinformation oben genannten Rechte zu. Sie können Ihre Anfragen im Hinblick auf die Datenverarbeitung im Rahmen unserer Unternehmensprofile an uns über die oben genannten Kontaktdaten richten.
Sollten Sie darüber hinaus Rechte gegenüber dem Anbieter des sozialen Netzwerks geltend machen wollen, können Sie sich hierfür am einfachsten direkt an die jeweiligen Anbieter wenden. Der Anbieter kennt sowohl die Details zum technischen Betrieb der Plattform und die damit verbundene Datenverarbeitung als auch die konkreten Zwecke der Datenverarbeitung. Die Kontaktdaten finden sich jeweils in den unten verlinkten Datenschutzinformationen. Gern unterstützen wir Sie auch bei der Geltendmachung Ihrer Rechte, soweit es uns möglich ist.
Die Verarbeitung der personenbezogenen Daten der Nutzer erfolgt grundsätzlich auf Basis Ihrer Einwilligung gemäß Art. 6 Abs. 1 Satz 1 lit. a) DSGVO. Rechtsgrundlage ist zudem Art. 6 Abs. 1 lit. b DSGVO, wenn wir Ihre Daten im Rahmen einer vertragsbezogenen Anfrage über unsere Social-Media-Präsenz erhalten und verarbeiten. Rechtsgrundlage für die Verlinkung und den Betrieb unserer Unternehmensprofile in den sozialen Netzwerken einschließlich den Erhalt der Statistiken über die Nutzung unserer Unternehmensprofile ist Art. 6 Abs. 1 lit. f DSGVO basierend auf unserem berechtigten Interesse an unserer Unternehmenskommunikation in den jeweiligen sozialen Netzwerken.
Für Informationen über die jeweiligen Verarbeitungen und die jeweiligen Widerspruchsmöglichkeiten verweisen wir auf die nachfolgend verlinkten Datenschutzinformationen der Anbieter:
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland), soziales Netzwerk zur Pflege bestehender und zum Knüpfen von neuen Geschäftskontakten – Datenschutzinformation https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland), Videoportal – Datenschutzinformation: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated
• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland), soziales Netzwerk zur Pflege bestehender und zum Knüpfen von neuen Geschäftskontakten – Datenschutzinformation/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
12. ProLine Webshop
We use your personal data to process your online purchases and to send notifications regarding delivery status or notifications in the event of delivery problems. For the operation of our online shop, we use the B2B shop solution "ProLine" from ECOPLAN E-Commerce GmbH, located at Justus-Liebig-Straße 6, 36093 Künzell, Germany.
After initial registration in the online shop, we manually check whether you already have a customer number in our system. This ensures that only people with access to the specified e-mail address can log in. The registration processes are logged in order to be able to prove the process in accordance with the legal requirements. This includes the storage of login and confirmation times as well as IP addresses. The logging serves as proof of consent to receive newsletters and is based on our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
The lawfulness of the collection of registration and address information is based on Art. 6 para. 1 lit. b GDPR to process your registration enquiry and our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to enable user-friendly order processing. In addition, the processing is based on the fulfilment of the purchase contract concluded with you in accordance with Art. 6 para. 1 lit. b GDPR.
We use the following hoster for the provision of our web shop: maxcluster GmbH, Lise-Meitner-Str. 1b, 33104 Paderborn. Further information about the hoster can be found in the privacy notice at https://maxcluster.de/datenschutz
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. It will also be deleted if you object to the processing or request the deletion of your personal data.
13. Our social media presence
You can find us on social networks and platforms so that we can also communicate with you there and inform you about our services.
We would like to point out that your data may be processed outside the European Union and that the data is generally processed for market research and advertising purposes. Usage profiles can be created from the usage behaviour and resulting interests of users. These user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on users' computers, in which the usage behaviour and interests of the users are stored. Other data may also be stored in these user profiles, in particular if the users are members of the respective platforms and are logged in to them.
On our website, we only link to our company profiles on the respective social networks. Please note, however, that when you click on a link to the social networks, data is transferred to their servers. If you are logged in to the respective social network with your user name and password at this time, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can save this information in your user account.
In principle, we have no significant influence on the data processing of social networks. However, we receive statistics from the providers about the use of and visits to our company profiles in the social networks (e.g. information about the number of views, interactions such as likes and comments as well as summarised demographic and other information or statistics). You can find more information on the data used by the providers in the providers' privacy notices linked below.
If we receive your personal data as part of our social media presence (e.g. as part of a message), you are entitled to the rights set out above in this privacy notice. You can address your enquiries regarding data processing in the context of our company profiles to us using the contact details above.
If you wish to assert any further rights against the provider of the social network, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the privacy notices linked below. We are also happy to support you in asserting your rights, insofar as this is possible for us.
The processing of users' personal data is generally based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. The legal basis is also Art. 6 para. 1 lit. b GDPR if we receive and process your data as part of a contract-related enquiry via our social media presence. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.
For information about the respective processing and the respective objection options, we refer to the privacy notices of the providers linked below:
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts - privacy notice https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), video portal - privacy notice: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated
• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany), social network for maintaining existing and making new business contacts - privacy notice/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.