Information on the responsible authority
The following party is responsible for processing your personal data:
aprimeo diagnostics GmbH & Co. KG
Reißstraße 1a
64319 Pfungstadt
GERMANY
Tel: +49 6151 800238 – 0
Fax: +49 6151 800238 – 99
E‑Mail: email hidden; JavaScript is required
Email: email hidden; JavaScript is required
Further information can be found in the legal notice.
We at aprimeo diagnostics GmbH & Co. KG (“aprimeo”) take the privacy of your personal data very seriously. Therefore we process your personal data in accordance with the applicable statutory data protection requirements regarding the purposes listed below for each group of data subjects:
Personal data, in the context of the data protection information presented here, includes all data with reference to your person. This covers, contractual data including your contact data, your settlement data, plus details on communication with you (“personal data”). We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below.
- Privacy policy for website users
- Privacy policy for social media platforms
- Privacy policy for employees
- Privacy policy for customers (incl. interested parties) and other parties concerned
- Privacy policy for applicants
Use of service providers
Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, a transfer to a third country takes place. We will contractually establish data protection agreements with these service providers in accordance with the legal requirements in order to establish an appropriate level of data protection and agree on appropriate guarantees.
Information on your rights
You have the right
- to request confirmation from us as to whether your personal information is being processed; if this is the case, you are entitled to obtain details about this personal data; you may also receive the information specified in Art. 15 of the GDPR .
- to request that we correct your data if it is deemed to be incorrect, inapplicable and/or incomplete. Such rectification of data also covers duties of completion through explanation or notification.
- to request that we delete personal data relevant to you without delay if one of the reasons specified in Art. 17 of the GDPR applies. Unfortunately, we may not delete data that is subject to a legal retention period.If you would prefer that we never collect data from you or never contact you again in the future, we shall store such relevant contact details in a blacklist.
- to revoke any consent given by you with future effect and without any negative consequences for you.
- to request from us that processing be restricted if one of the prerequisites listed in Art. 18 of the GDPR is provided.
- to object at any time to the processing of personal data relevant to you on grounds relating to your particular situation. We shall no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds to do so, which override your interests, rights and freedoms, or such processing is required for the establishment, exercise or defense of legal claims (Art. 21 of the GDPR).
- to request that the data relevant to you be issued in a commonly used electronic and machine-readable format. This also covers the issuance (if possible) to another responsible party specified by you directly. (Art. 20 of the GDPR)
- without prejudice to another administrative or judicial remedy and if you believe that the processing of your personal data is in breach of the GDPR, to file a complaint with
- our data protection officer: email hidden; JavaScript is required or by post (see Site Notice)
- to assert claims vis-à-vis the supervisory authority in the member state of your place of stay, your place of work or the location where the alleged violation took place.
Deletion of your data
Unless otherwise regulated in the more detailed data protection declarations, we will delete your personal data once the contractual relationship with you has ended, you have exercised your right to deletion, all mutual claims have been met and there are no other legal storage obligations or legal justifications for storage. As a rule, storage periods under commercial law for financially relevant data are up to 10 years. We may also store data for as long as is necessary to protect ourselves from claims that may be asserted against us. These periods can be up to 30 years.
Definition
For the purposes of this general information concerning employees, the following definitions apply:
- personal data — any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Examples are contact data, communication data, billing data.
- Controller — the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or national law, provision may be made for the controller or for the specific criteria for his or her identification in accordance with Union or national law.
- Processor — a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient — a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party.
- Employees — employees, including temporary workers in relation to the hirer, persons employed in relation to their vocational training, participants in benefits for participation in working life as well as in clarifications of occupational aptitude or work trials (rehabilitation candidates), persons employed in recognised workshops for disabled persons, volunteers performing a service in accordance with the Youth Voluntary Service Act or the Federal Voluntary Service Act, persons who are to be regarded as persons similar to employees on account of their economic dependence. These also include homeworkers and their equals, federal civil servants, federal judges, soldiers and persons performing community service. As well as applicants for employment and persons whose employment is terminated.
- Third party — a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
- Profiling — any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyse or predict aspects relating to the job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person. Restriction of processing — marking of stored personal data with the aim of restricting your future processing.
Changes to the Privacy Policy
We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. Subject to the applicable legal provisions, the updated declaration will enter into force upon publication. If we have already collected information about you that is affected by the change and/or is subject to a statutory duty to provide information, we will also inform you of any material changes to our privacy policy.
Privacy policy for website users
Scope of application
This privacy statement applies to all pages of our online network that link to this statement.
The overarching disclosures can be found on our main privacy page.
Purpose of data collection
The purpose of the data collection is the optimization of the website, error analysis, the individual tailoring to your needs, the offer to contact you and, if necessary, the sale of goods and services.
General information on data processing
We collect and use personal data from our users strictly only to the extent necessary for providing a functional website as well as our content and products/services. The collection and use of our users’ personal data generally only takes place with the user’s consent. An exception is made in cases where it is actually impossible to obtain priorconsent and the processing of the data is permitted by statutory regulations.
Legal basis for the processing of your data:
- Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
- When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
- If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.
Legitimate interests can be in particular:
- the answering of inquiries;
- the performance of direct marketing activities;
- the provision of services and/or information intended for you;
- the processing and transfer of personal data for internal or administrative purposes;
- the operation and management of our website;
- the technical support of users;
- the prevention and detection of fraud and crime;
- the protection against payment defaults when obtaining credit reports for requests for supplies and services; and/or
- ensuring network and data security, to the extent that such interests are, in each case, consistent with applicable law and with the rights and freedoms of the user;
- achieving efficiency gains by bundling services in individual Group companies (in particular marketing, IT, procurement).
Categories of recipients
- Service providers for website optimisation, online marketing service providers and tools, service companies for information and communication technology, companies for software and equipment maintenance, some of which are described in more detail below.
- Social networks and communities
- Internal recipients according to the “need to know” principle
Usage data/server log files
Each time our webpages are accessed, our systems automatically collect data and information from the computer system of the accessing computer.
In this case, the following types of data are collected: Browser type, version used, operating system of the user, internet service provider, IP address of the user, date and time accessed, websites from which the user’s system are directed to our website or which the user is directed to from our website.
The legal basis for the temporary storage of the data and the log files is art.6 (1) f of the GDPR with the aforementioned legitimate interests.
The temporary storage of the IP address by the system is necessary to make it possible for the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain saved for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. Furthermore, we use the data to optimise the website and to ensure the safety of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also justify our legitimate interests to perform data processing pursuant to art. 6(1) f of the GDPR. The data will be deleted assoon as they are no longer necessary to fulfil the purpose of their collection. In the case of the collection of the data for the provision of the website, this is the case when the respective session is terminated. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Furthermore, we reserve the right to review the files when concrete indications exist which point to a justified suspicion of unlawful use or a specific attack on the pages. In this case, it is within our legitimate interests to perform processing for the purposes of clarifying the issue and the criminal prosecution of such attacks and unlawful use.
Use of cookies
We use cookies. Cookies are text files which are stored in the internet browser and/or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters which makes it possible to uniquely identify the browser when the website is accessed again in future. We use cookies to make our website more user-friendly. A number of elements of our website make it necessary to be able to identify the accessing browser even after switching to a different page. In this case, the following data is stored in the cookies and transmitted: Language settings, items in a shopping cart, login information etc.
Furthermore, on some of our websites, we also use cookies which make it possible to analyse the surfing behaviour of users. In this manner, search terms entered, the frequency of pages accessed, the use of website functions etc. are transmitted. The data on users collected in this fashion are pseudonymised via technical measures. Hence, it is no longer possible to reference the data to the accessing user. The data will not be stored with the user’s other personal data.
Legal basis for data processing via cookies: The legal basis for the processing of personal data via the use of cookies is art. 6 (1) f GDPR. The legal basis for the processing of personal data via the use of technically necessary cookies is art. 6 (1) f GDPR. The legal basis for the processing of personal data via the use of cookies for purposes of analysis, provided that the corresponding consent has been obtainedfrom the user, is art. 6 (1) a GDPR.
The purpose of the use of technically necessary cookies is to simplify the use of websites for users. A number of the functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognised again even after switching to a different page. We require cookies for the provision of the shopping cart, applying language settings, remembering search terms etc. The use of the analysis cookies takes places with the purpose of improving the quality of our website and its content. Via the analysis cookies, we find out how the website is used, allowing us to constantly optimise our offerings. These purposes also justify our legitimate interests to perform data processing. When our website is accessed, the user is informed of the use of cookies for the purposes of analysis and his consent obtained for the processing of the personal data used in this context. Reference to this privacy statement is also made in this context. Cookies are stored on the user’s computer and transmitted from it to our website. Hence, you as a user also have full control over the use of cookies. By modifying the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies which have already been saved can be deleted at any time. This can also take place in an automated fashion. If cookies are deactivated for our website, it may no longer be possible to use the full extent of all functions of the website. You can manage cookies from a number of US companies via the American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.
Cookie Consent
We use the “Cookie Consent” application from Silktide (Silktide Ltd, Brunel Parkway, Pride park, Derby, DE24 8HR (UK)) on our websites. This is a plugin that can be used to obtain consent for the use of
cookies and/or tracking technologies. “Cookie Consent” does not itself collect any personal data. Details about this tool can be found at https://cookieconsent.insites.com/.
Google Tag Manager
On this website we use the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool that implements the tags is a cookie-less domain. This means that the Google Tag Manager does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation is made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. The use of Google Tag Manager facilitates the use of our website. Further information on the use of the Google Tag Manager in terms of data protection law can be found at http://www.google.de/tagmanager/use-policy.html.
Use of the XING button
We use the “XING Share Button” on our website. When accessing this website, your browser will quickly establish a connection to the XING AG servers (“XING”), with which the “XING Share Button” functions (in particular the calculation / display of the counter value) will be provided. XING does not store personal data about you by accessing this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior via the use of cookies in connection with the “XING Share Button”. The current data protection information on the “XING Share Button” and additional information can be found on this website: https://www.xing.com/app/share?op=data_protection.
Use of LinkedIn button
We use the social network plugin of LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States (“LinkedIn”). The plugin can be recognized by the LinkedIn logo or a corresponding “Recommend” label on the button. When you visit our website, the plugin will create a connection between your browser and LinkedIn. LinkedIn receives information from your IP address that you have visited our site. If you click the LinkedIn button while logged in to LinkedIn, you can link the contents of our pages to your LinkedIn profile. This allows LinkedIn to associate your visit to our website with your profile. As provider of the websites, we have no knowledge of the content of the transmitted data and their use by LinkedIn. For more information on the purpose and scope of the collection, processing or use of the data, please refer to LinkedIn’s privacy policy: http://www.linkedin.com.
Use of Facebook button
We use the social media plugins of the social network Facebook, which are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” sign) or by the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/. When a user accesses a website of this offer that contains such a plugin, his browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website by it. The provider therefore has no influence on the extent of the data that Facebook collects with the help of this plugin and therefore informs the user according to his level of knowledge: By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, for example by clicking the Like button or commenting, the corresponding information is transferred directly from your browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his IP address and save it. According to Facebook, only an anonymous IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options to protect the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about him via this offer and link it with his Facebook stored member data, he must log out of Facebook before visiting the website. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads=ads.
Integration of YouTube videos
On some of our web pages, YouTube videos are integrated, which are stored on https://www.youtube.com/ and can be played directly from our website.
By visiting the website, YouTube receives the information that you have called up the corresponding subpage of our website. In addition, personal data (browser type, browser version, IP address, operating system) is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing advertising tailored to your needs and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.
For more information on the purpose and scope of data collection and processing by YouTube, please see the Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Standard contractual clauses apply to the exceptional cases in which personal data is transferred to the USA. The legal basis for the use of the YouTube videos is art. 6 para. 1 lit. a) GDPR.
Use of Vimeo plugins
Use of Vimeo plugins
Our website uses plugins from the video portal Vimeo.
The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our sites equipped with a Vimeo plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged in to your Vimeo account, you allow Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
For more information on how Vimeo handles user data, please refer to the Vimeo privacy policy at: https://vimeo.com/privacy. The legal basis for the use of the Vimeo plugin is art. 6 para. 1 lit. a) GDPR.
Contact form and e‑mail contact
Our webpage contains a contact form which can be used for getting in touch electronically. If a user makes use of this option, the data entered into the input form will be transmitted to us and saved. This data comprises: Name, address, e‑mail address, telephone number etc. At the time the message is sent, the following data will also be saved: The IP address, date, and time. For processing the data, your consent will be obtained as part of the sending procedure, and reference will be made to this privacy statement.
Alternatively, you can also get in touch via the e‑mail address provided. In this case, the personal data of the user transmitted with the e‑mail will be saved. No disclosure of the data to third parties takes place in this context. The data will be used exclusively for processing the conversation.
The legal basis for the processing is:
- For the processing of the data after the user registers for the newsletter, provided that the user has given consent, Art. 6 (1) a GDPR.
- For the processing of data which is transmitted as part of the sending of an e‑mail, Art. 6 (1) f GDPR with the aforementioned legitimate interests.
- If the e‑mail contact serves the purpose of entering into a contract, Art. 6 (1) b of the GDPR serves as the additional legal basis for the processing.
For us, the processing of the personal data from the input form is exclusively for processing the establishment of contact. In the case of the establishment of contact via e‑mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending procedure serve to prevent the abuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as they are no longer necessary to fulfil the purpose of their collection. For the personal data from the input fields of the contact form and data that have been transmitted via e‑mail, this is the case when the respective conversation with the user has terminated. The conversation is terminated when circumstances allow one to surmise that the respective issue has been conclusively resolved. The additional personal data collected during the sending procedure will be deleted no later than after a deadline of seven days.
The user has the option of revoking his consent for the processing of the personal data at any time. If the user establishes contact with us via e‑mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
Google Analytics
Our website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics may be combined with other data from Google. The legal basis for the processing of personal data of users is Art. 6 para. 1 lit. a) GDPR. We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This website uses Google Analytics with the extension “_anonymizeIp()”. This enables IP addresses to be further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is immediately deleted. Standard contractual clauses apply for the exceptional cases in which personal data is transferred to the USA.
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, or Google Analytics of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
Terms of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.
You have the right to revoke your consent granted under Art. 6 para. 1 lit. a) GDPR at any time. To do so, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can set an opt-out cookie to prevent detection by Google Analytics across devices. Opt-out cookies prevent the future collection of your data when you visit this website. You must opt-out on all systems and devices in use to be fully effective. Click here to set the opt-out cookie: Disable Google Analytics
For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.
Transmission of data via the internet
The transmission of data via the internet generally involves certain risks. Deliberate encryption of the data does not take place; in particular, messages from the contact form of our website and messages in the service chat are transmitted unencrypted.
Please bear this in mind when transmitting data. If you would like to communicate with us via encrypted e‑mail, this can be done via S/MIME encryption. Please specifically request this encryption from us, as we generally send messages unencrypted due to the currently low market penetration of e‑mail encryption procedures.
Disclosure of data
When you provide us with personal data, it is only disclosed to third parties to the extent necessary for the performance of the contractual relationship or other legal grounds legitimize this disclosure.
However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken corresponding measures to protect your personal data.
Storage durations
The personal data of the data subjects are deleted or rendered unavailable as soon as the purpose of storage no longer applies. Furthermore, storage may also take place when this is provided for via European or national legislation in Union regulations, laws, or other provisions which the controller is subject to. The data is also rendered unavailable or deleted when a prescribed storage duration mandated by the specified standards expires, unless there exists a necessity for the continued storage of the data for the conclusion of a contract or the fulfilment of a contract.
Privacy policy for social media plattforms
Privacy policy for the XING page
We operate a company website on the professional social media network XING, in particular for self-presentation, but also for recruiting.
According to the judgment of the European Court of Justice (ECJ) of 05.06.2018, Az. C‑210/16, is the operator of social media sites — at least on Facebook fan pages — partly responsible within the meaning of Art. 26 GDPR. We suspect an analogous applicability of this decision to other social networks, including XING. So far, we are not aware that XING offers an agreement that meets the requirements of Art. 26.
We process your data only if you contact our Human Resources department via the XING platform or apply for an advertised position via XING. In this case, XING will collect your data and make it available to us.
Under certain circumstances, a storage and further processing by us can take place. The processing of your personal data in the case of an application is based on our application privacy policy.
The legal basis for the processing of the personal data is depending on the case: The processing for the initiation and execution of a contract with you in accordance with Art. 6 (1) b GDPR or based on our legitimate interest in communicating with users and our external presentation for the purposes of advertising in accordance with Art. 6 (1) f GDPR. If you have given consent to the above-mentioned data processing with effect for us to the provider of the social network, the legal basis Art. 6 (1) a GDPR.
If you have given consent to the above-mentioned data processing with effect for us to the provider of the social network, the legal basis Art. 6 (1) a GDPR.
Under certain circumstances, a storage and further processing by us takes place. The processing of your personal data in the case of an application is based on our application privacy policy.
We may also collect data from visitors to our corporate site if the ad as a visitor can be defined as processing. However, we do not store these data on our own systems, nor are they systematically processed through an occasional notice.
For these processing steps, our information regarding the responsible entity, the data protection officer and the declaration of your rights as the data subject apply.
We would like to point out that the data protection declaration of XING SE, Dammtorstr. 30, DE-20354 Hamburg, Germany, Tel .: +49 40 419 131 – 0, Fax: +49 40 419 131 applies for any further processing on our XING company website ‑11, E‑Mail: email hidden; JavaScript is required, (hereinafter: XING).
Further information on the processing of personal data by XING can be found here: https://privacy.xing.com/en/your-privacy.
Privacy policy for the LinkedIn page
Our company operates a social media channel on the platform LinkedIn. According to the judgment of the European Court of Justice (ECJ) of 05.06.2018, Az. C‑210/16, is the operator of social media sites — at least on Facebook fan pages — partly responsible within the meaning of Art. 26 GDPR. So far, we do not know that LinkedIn offers an agreement that meets the requirements of Art. 26.
We only process your data when you contact our Human Resources department via the LinkedIn platform or when you contact us on LinkedIn for an advertised job. In that case, LinkedIn collects your information and makes it available to us.
The legal basis for the processing of the personal data is depending on the case: The processing for the initiation and execution of a contract with you in accordance with Art. 6 (1) b GDPR or based on our legitimate interest in communicating with users and our external presentation for the purposes of advertising in accordance with Art. 6 (1). f GDPR. If you have given consent to the above-mentioned data processing with effect for us to the provider of the social network, the legal basis Art. 6 (1) a GDPR.
Under certain circumstances, a storage and further processing by us can take place. The processing of your personal data in the case of an application is based on our application privacy policy.
We may also collect data from visitors to our corporate site if the ad as a visitor can be defined as processing. However, we do not store these data on our own systems, nor are they systematically processed through an occasional notice.
For these processing steps, our information regarding the responsible entity, the data protection officer and the declaration of your rights as the data subject apply.
For any processing beyond that, we point out that the LinkedIn Ireland Unlimited Company privacy policy, Wilton Place, Dublin 2, Ireland (LinkedIn), applies to our LinkedIn Company page.
For more information on LinkedIn’s processing of personal information, visit https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.
Privacy policy for Facebook page
We operate a company website (“fan page”) on the professional social media network Facebook. We operate this fan page for self-presentation, branding but also for the purpose of customer communication and recruiting.
According to the judgment of the European Court of Justice (ECJ) of 05.06.2018, Az. C‑210/16, is the operator of social media sites — at least on Facebook fan pages — partly responsible within the meaning of Art. 26 GDPR. Although Facebook offers such a declaration at https://www.facebook.com/legal/terms/page_controller_addendum, we do not know whether it now meets the requirements of the GDPR. We only process your data — apart from any further procedures below — if you contact us via the platform. In this case, Facebook collects your data and makes it available to us. Under certain circumstances, your data may also be stored and further processed by us. The processing of your personal data in the event of an enquiry or application is governed by our other relevant data protection declarations.
The legal basis for the processing of personal data is, depending on the case constellation, the processing to initiate and execute a contract with you pursuant to Art. 6 (1) b GDPR or based on our legitimate interest in communication with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) f GDPR. If you have given the provider of the social network your consent to the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a GDPR.
Furthermore, we may collect data from visitors to our company website, provided that the advertisement can be defined as visitor processing. Subject to the further procedures listed below, we do not store this data on our own systems, nor do we systematically process it by means of occasional information. For these processing steps, our information regarding the data controller, the data protection officer and the declaration of your rights as a data subject applies.
We would like to point out that the privacy policy of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA) or Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) applies for any further processing on our fan page. Data transfer to third countries is based on the use of standard contractual clauses according to the European Commission: https://de-de.facebook.com/help/566994660333381.
For more detailed information about Facebook’s data processing and how to opt-out, please visit https://www.facebook.com/about/privacy/. Facebook is the provider of this service and only Facebook can provide complete information about data processing on Facebook.
We draw your attention to the fact that the assertion of data subject rights and requests for information are best addressed to Facebook. Only Facebook has access to your data and can take immediate measures to delete, restrict, etc. the data, or to provide information. Of course, we will support you in asserting your rights if necessary. You will find options for an opt out at: http://www.youronlinechoices.com/uk/your-ad-choices and https://www.facebook.com/settings?tab=ads.
Additional information Facebook Insight
We use the analysis function “Facebook Insight” on our fan page. This function is used for advertising and market research purposes to provide you with more relevant content and to develop new features that may be of interest to you. Facebook uses cookies to help analyze your fan page visits. The information generated by the cookies about your use of the fan pages is usually transferred to Facebook servers in the USA and stored there.
Facebook relies on standard contractual clauses of the European Commission when transferring data to third countries and thus undertakes to comply with the European data protection rules: https://de-de.facebook.com/help/566994660333381.
The processing is based on a legitimate interest according to Art. 6 (1) f GDPR, whereby our legitimate interest consists in the display of targeted advertising and the targeted design of our fan page. If you have given the provider of the social network a consent to the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a GDPR.
Further information on terms of use and data protection can be found at https://www.facebook.com/about/privacy/. Detailed information on the respective processing operations and the possibilities for objection can be found at http://www.youronlinechoices.com/=ads or https://www.facebook.com/legal/terms/page_controller_addendum
Privacy Policy for employees
Information on data processing
Hereby we would like to inform our employees about our processing of their personal data within the scope of their employment contract.
Purpose of data collection
During the period of your employment, your personal data will be processed mainly for the purpose of implementing and/or terminating the contractual relationship, including the tasks related to the respective activity. Other purposes may include processing for the purpose of complying with legal regulations (including third party claims for information) or for measures for corporate development or communication.
Types of data that are processed by us
Within the scope of your employment contract, we process the following personal data:
- candidate data: name Date of birth, CV, nationality/work permit, etc. for the selection, recruitment, entry and exit management;
- private contact details: address, telephone number, e‑mail;
- business contact data: e.g. telephone numbers, e‑mail, place of work, job title;
- image data: photo for identification and photographs taken during company events;
- identification/payment data: personal identity card data or work permit data for identification and determination of the legitimacy of employment, place of birth, marital status, parental status, tax identification number, health insurance membership, income tax class, allowances, religious affiliation for church tax, account number, any attachment of wages (for the purpose of payroll accounting and fulfilment of social security, tax and other legal obligations);
- health data: e.g. within the scope of payroll accounting, for settlement with health insurance companies or professional associations or within the scope of legal obligations as an employer, such as company integration management or fulfilment of duties in the protection of severely disabled persons or within the scope of company self-control, such as occupational health and safety or company medical examinations;
- time recording, access and usage data: vacation times, work time accounts, shift schedules, closing times or access protocols, time protocols relating to the activities performed, closing times or access protocols, also electronic protocols within the scope of the use of our IT infrastructure, etc;
- data within the scope of personnel screening (e.g. police clearance certificate, reliability test (ZUP));
- data on suitability and for performance/behaviour monitoring: training and further training information, data for the purpose of measuring the achievement of objectives, e.g. for variable remuneration components, data on violations of road traffic regulations (“nodules”);
- other data in personnel administration: secondary employment, data within the framework of company health care and company health management, occupational health and safety, any degree of severe disability, driving licence holders, any employee surveys, data within the framework of proposal management, employee inventions,
Categories of recipients
We send your personal data to the following recipients, e.g. to comply with legal obligations or obligations arising from the employment relationship:
- Bank service providers, financial service providers, possibly service providers for the calculation of pension provisions,
- service providers for payroll accounting (tax consultants), auditors, service providers for information and communication technology, companies for software and equipment maintenance, service providers only restructuring in the personnel sector,
- health, social security, pension and accident insurance institutions and other insurance undertakings and institutions providing capital formation benefits,
- authorities such as tax authorities, social security funds, employment agencies, safety, health, road traffic or related fine offices, customs authorities or monitoring bodies for undeclared work and minimum wages; other authorities,
- company medical service,
- companies affiliated under company law (group companies) as joint responsible parties: the main contents of the regulation of tasks with regard to the rights of data subjects can be enquired about at the contact address given, but under Art. 26 Para. 3 GDPR these rights can be claimed by data subjects from all companies involved,
- third-party debtor in the case of wage garnishment, insolvency administrator in the case of private insolvency,
- business partners and customers (official contact details), temporary employment agencies
Legal basis of the processing
When processing your personal data, we naturally comply with applicable law. Processing is therefore only carried out on a legal basis. The following legal bases come into consideration in particular in the employment relationship:
- § 26 BDSG (German Federal Privacy Act — version from 25.05.2018) as far as necessary for the execution of the employment relationship or for the clarification of a concrete suspicion of criminal offences
- Art. 6 para. 1 lit. a) GDPR on the basis of your consent, whereby in principle none is required for the conclusion or continuation of an existing contract,Art. 6 para. 1 lit. b) GDPR on the establishment, performance and termination of a contractual relationship,
- Art. 6 para. 1 lit. c) GDPR to fulfil a legal obligation,
- Art. 6 para 1 lit. f) GDPR to safeguard a legitimate interest
- Art. 88 GDPR on the basis of collective agreements (company agreements)
Legitimate interests
If we process your data within the scope of our legitimate interest, this is e.g. in:
- the implementation of electronic access controls,
- the optimization of personnel planning,
- achieving efficiency gains by bundling services in individual Group companies (especially human resources, IT, procurement)
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defence of legal claims, including data for the documentation of power flows,
- the prevention of damage and/or liability of the company by taking appropriate measures,
- the implementation of internal information and communication measures,
- reporting on company information.
You have the right to object to the processing of personal data within the scope of a legitimate interest for reasons arising from your particular situation. We will then no longer process your data unless we can prove that there are compelling reasons for us to protect your rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
We do not use the personal data provided by you to make automated decisions concerning you.
Data collected by third parties
Using the ELSTAM procedure, we collect data for payroll accounting, which the tax authorities provide us with for correct accounting. This applies in particular to the payroll data mentioned below. Note: The general information can be found on our main data protection page.
Storage period
After the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods, usually 6 or 10 years, for various data categories such as occupational pension schemes 30 years and longer.
Privacy policy for customers (incl. interested parties) and other parties concerned
Information on data processing
As a customer and as an interested party or other affected party, we process your personal data primarily for the purpose of establishing and fulfilling a contractual relationship with you or on the basis of a legitimate interest. Your data will be collected, stored and, if necessary, passed on by us to the extent necessary to provide the contractually agreed service, to provide information, to carry out direct marketing activities or other activities of our business operations. Failure to provide such information may result in the contract not being concluded. In addition, we will only process your data if you have consented to the processing or another legal permission has been granted.
Purposes of data processing
We process your personal data to achieve the following purposes in relation to the initiation and implementation of a contractual relationship or other activities in the interest of the company:
- the contractual processing (including shipping, after-sales, complaint management)
- the communication with business partners about products, services and projects as well as for answering inquiries, customer service
- Existing customer advertising, used as a selection criterion for direct marketing in order to offer you a service tailored to your needs
- for credit checks
- the management of our customer and supplier relation, dealer support
- the quality management
- the improvement and development of intelligent and innovative services
- for customer analysis for market and opinion research
- the handling of our logistics/materials management
- the reporting on our company
- the compliance with legal or contractual requirements
- the settlement of legal disputes, enforcement of contracts and assertion of claims, defence and exercise of legal rights, detection and prosecution of fraudulent and other illegal activities.
Furthermore, we process your data only with your express declaration of consent.
Types of data processed by us
The following personal data are processed:
- Contact details: name, address, telephone number
- Identification/payment details: account number, VAT ID number
- Ordering data: quantitiy, revenue, intervals
- Geodata: addresses, delivery conditions
- Image data: photos and video recordings in the context of corporate events and trade fair appearances
- Other data: other necessary information relating to the business relationship or provided voluntarily and from publicly available sources
Categories of recipients
These service providers were carefully selected by us, commissioned in writing and are bound by our instructions. Our service providers are regularly checked by us. The service providers will not pass this data on to third parties, but will delete it after the contract has been fulfilled and statutory storage periods have been concluded, unless you have consented to storage beyond this.
This concerns e.g:
- bank, payment service provider
- Logistics companies
- Specialist craft businesses
- IT service provider
- Marketing service provider
- etc.
For orders on account, we reserve the right to carry out an assessment of the credit risk on the basis of mathematical-statistical procedures (scoring). For this purpose, your data, which are necessary for credit assessment, will be transferred to a credit agency (e.g. Schufa, Creditreform, Bürgel, Atradius, Coface). If the credit assessment is positive, an order on account is possible. If the credit assessment is negative, we cannot offer you payment on account. You can object to the transmission of this data to the credit agency at any time, but then it is no longer possible to order on account.
Legal basis for processing
Legal bases for the processing of your data are in particular
- Art. 6 para. 1 lit. a) on the basis of your consent, whereby in principle none is required for the conclusion or continuation of an existing contract,
- Article 6 para 1 lit. b) on the establishment, performance and termination of a contractual relationship,
- Article 6 para. 1 lit. c) to fulfil a legal obligation,
- Art. 6 para . 1 lit. f) to safeguard a legitimate interest
Legitimate interests
Our legitimate interests lie in the achievement of the above-mentioned purposes and, in addition, in, for example
- safeguarding our business interests, including direct marketing and credit assessment,
- the raising of efficiency and effectiveness potentials, also in cooperation with partners and possibly affiliated companies,
ensuring compliance with safety regulations, requirements, industry standards and contractual obligations, - the assertion, exercise or defence of legal claims,
- the avoidance of damage and/or liability of the company through appropriate measures
- the implementation of information and communication activities, including promotional activities
- reporting on corporate information.
Data collected by third parties
If necessary, data may be made available to us by third parties, e.g. in the context of recommendations. In this case it is usually contact data in connection with data on specific product or service needs. If necessary, we collect data from credit agencies regarding creditworthiness and/or negative characteristics.
Storage period
Once the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods.
Privacy policy for applicants
When you apply for a position in our company, we process and store your personal data.
We take your privacy very seriously and would therefore like to inform you at this point how we handle your applicant data.
Purpose of data collection
Before joining our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the required extent.
Types of data that are processed by us
The following types of personal data are regularly processed:
- Candidate data; name, date of birth, CV, nationality/work permit, etc. for the selection, recruitment, entry and exit management,
- Private contact details; address, telephone number, e‑mail (for the purpose of contacting you),
- Data within the framework of personnel screening (for example, police clearance certificate, reliability check (ZUP));
- If applicable, data that is subject to professional secrecy; for example, data on health suitability and any restrictions
- other data in personnel management; severe disability (if relevant), driving licence ownership
- For the establishment, implementation and termination of a contractual relationship pursuant to Art. 6 para. 1 lit. b) GDPR in conjunction with § 26 BDSG (German federal data protection act — version as of 25 May 2018),
- to fulfil a legal obligation under Art. 6 para. 1 lit. c) GDPR
- in the case of processing, to safeguard a legitimate interest under Art. 6 para. 1 lit. f) GDPR,
- as well as on the basis of your consent through the voluntary provision of data that are not absolutely necessary for the purpose (such as hobbies in your curriculum vitae)
(however, such a provision is generally not necessary for the conclusion or continuation of an existing contract) under Art. 6 para. 1 lit. a) GDPR. - the optimization of the application processes,
- the achievement of efficiency gains by bundling services in individual Group companies (especially human resources, IT),
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defence of legal claims,
- the prevention of damage and/or liability of the company by taking appropriate measures.
- Internal recipients according to the “need to know” principle,
- Companies affiliated under company law (group companies) as joint responsible parties:
The main contents of the regulation of the tasks with regard to the rights of data subjects can be obtained from the contact address given,
pursuant to Art. 26 Para. 3 GDPR, however, these rights can be claimed by data subjects from all companies involved.
We do not require any information from you that is not usable according to the General Equal Treatment Act (AGG) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sex life).
We kindly request that such data not be transmitted to us. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, personal rights, press law or general rights of third parties).
Legal basis of the processing
- For the establishment, implementation and termination of a contractual relationship pursuant to Art. 6 para. 1 lit. b) GDPR in conjunction with § 26 BDSG (German federal data protection act — version as of 25 May 2018),
- to fulfil a legal obligation under Art. 6 para. 1 lit. c) GDPR
- in the case of processing, to safeguard a legitimate interest under Art. 6 para. 1 lit. f) GDPR,
- as well as on the basis of your consent through the voluntary provision of data that are not absolutely necessary for the purpose (such as hobbies in your curriculum vitae)
(however, such a provision is generally not necessary for the conclusion or continuation of an existing contract) under Art. 6 para. 1 lit. a) GDPR.
Legitimate interests
- the optimization of the application processes,
- the achievement of efficiency gains by bundling services in individual Group companies (especially human resources, IT),
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defence of legal claims,
- the prevention of damage and/or liability of the company by taking appropriate measures.
Categories of recipients
- Internal recipients according to the “need to know” principle,
- Companies affiliated under company law (group companies) as joint responsible parties:
The main contents of the regulation of the tasks with regard to the rights of data subjects can be obtained from the contact address given,
pursuant to Art. 26 Para. 3 GDPR, however, these rights can be claimed by data subjects from all companies involved.
Deletion periods
After the respective purpose has been achieved, your data will be deleted. However, data will be kept for as long as necessary to defend legal claims. The storage period is usually 6 months. If your profile was sent to us by a personnel service provider and if commission claims of this service provider exist, the storage period can be until they are fulfilled or the limitation period expires. If processing relevant for accounting purposes has been carried out, such as the reimbursement of travel expenses, the data required for this purpose will be deleted in compliance with the statutory retention periods, usually 6 or 10 years. If the application was successful and we conclude a contract with you, we transfer the data collected during the application process to our personnel file.