§ 1 INFORMATION ABOUT THE COLLECTION
OF PERSONAL DATA
(1) The following information concerns the
collection of personal data while using this website. Personal data are all
data that can be personally related to you, e.g. name, address, email
addresses, user behaviour.
(2) The responsible officer pursuant to
Article 4 (7) EU General Data Protection Regulation (GDPR) is Kistenmacher Auto
+ Technik GmbH & Co. KG, Lindenstraße 2-10, 21244 Buchholz, Tel. +49
(0)4181 990540, Mail: kat@kat-germany.de . You can contact our data protection
officer Jens Borchardt, LL.M. (IT&T) at j.borchardt@schlutius-privacy.de or
at our postal address with the addition "Data protection officer".
(3) When you contact us by email or using a
contact form, the data you give us (your email address, your name and phone
number if applicable) is stored by us in order to answer your question. When
storage is no longer necessary, we will delete the applicable data or restrict
the processing of it if legal retention requirements apply.
(4) If we use contracted service providers
for individual functions of our web-based services, or if we wish to use your
data for advertising purposes, we will inform you below in detail about the
respective processes, naming the defined criteria for storage duration.
§ 2 FUNCTIONS AND OFFERS ON OUR
WEBSITE
(1) As well as the purely informational use
of our website, we offer various services that you may use if they interest
you. To do so, you must generally provide further personal data, which we use
in order to provide the respective service and to which the above-mentioned
principles of data processing apply.
(2) We sometimes use external service
providers to process your data. They have been carefully selected and
commissioned by us, are bound to our instructions and are regularly monitored.
(3) We can also pass your personal data on
to third parties if we offer special offer participation, lotteries, contract
conclusions or similar services together with partners. You can find more
information about this if you enter your personal data or below in the
description of the offer.
(4) If our service providers or partners
are located in a country outside the European Economic Area (EEA), we will
inform you about the consequences of this in the description of the offer.
§ 3 COLLECTION OF PERSONAL DATA WHEN
YOU VISIT OUR WEBSITE
1. Visiting our website
If you are only using the website for
information and do not register or transmit information to us in any other way,
we only collect the personal data which your browser transmits to our server.
If you wish to view our website, we collect the following data that are
technically necessary for us to display our website to you and guarantee its
stability and security (the legal basis is Article 6 (1) sentence 1 lit. f
GDPR):
·
IP address – Date and time of the enquiry
·
Time zone difference from Greenwich Mean Time
(GMT)
·
Content of the request (specific page)
·
Access status / HTTP status code
·
Quantity of data transferred in each case
·
The website from which the request comes
·
Browser
·
Operating system and its interface
·
Language and version of the browser software.
2. Cookies
(1) Cookies are stored on your computer
system whenever you use our website. Cookies are text files that are stored in
the internet browser or by the internet browser in your computer system. A
cookie can be stored in your operating system whenever you access a website.
This cookie contains a characteristic string of characters that allow your
browser to be identified when you visit the website again in the future.
(2) Cookies can be differentiated in
different ways:
First, we can differentiate between
first-party cookies and third-party cookies, depending on the origin of the
cookie:
First-party cookies are cookies that are
placed and retrieved by the website operator as the controller or a processor
commissioned by the website operator. Third-party cookies are cookies that are
placed and retrieved by parties that are controllers other than the website
operator which do not act as processors on behalf of the website operator.
We can also differentiate between transient
and persistent cookies, depending on their duration:
Transient cookies (session cookies) are
cookies that are deleted automatically when you close your browser. Persistent
cookies are cookies that remain stored on your end device for a certain period
of time after you have closed your browser.
Furthermore, we can differentiate between
cookies that do not require consent and cookies that require consent:
Depending on their function and purpose,
the use of certain cookies may require the user’s consent. In this respect,
cookies can be differentiated depending on whether their use requires the
user’s consent.
(3) You can give your consent using a “cookie banner”:
When you access our website, we display a
“cookie banner”. Our cookie banner allows you to declare that you consent to
the use of all cookies requiring consent on this website by clicking on “Accept
Cookies”. If you do not provide such consent, we do not enable any cookies
requiring consent. By clicking on “Reject Cookies”, you can completely reject
the use of cookies that require consent. This decision is stored in a cookie.
We store your cookie settings on your end device in the form of a cookie to
determine whether you have already made decisions regarding cookies from our
website when you visit our website again.
Cookies that are required for the operation
of the website cannot be disabled using the cookie management feature of this
website. However, you can disable such cookies in general in your browser at
any time. Different browsers provide different options for the configuration of
cookie settings in the browser. Additional comprehensive information on this
subject can be found on http://www.allaboutcookies.org/ge/cookies-verwalten,
for example. Please note, however, that some features of the website may not properly
work (anymore) if you disable cookies in your browser in general.
§ 4 GOOGLE ANALYTICS
1. Type and scope of processing
(1) We use Google Analytics from Google
Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, as an analysis
service for the statistical evaluation of our online offer. This includes, for
example, the number of visits to our online offer, subpages visited and the
length of stay of visitors.
(2) Google Analytics uses cookies and other
browser technologies to evaluate user behavior and recognize users.This
information is used, among other things, to compile reports on the activity of
the website.
2. Purpose and legal basis
(1) The use of Google Analytics is based on
your consent in accordance with Article 6 (1) sentence 1 lit. a. GDPR and
Section 25 (1) Act on Data Protection and the Protection of Privacy in
Telecommunications and Telemedia.
(2) We intend to transfer personal data to
third countries outside the EWR, in particular the USA. The transfer of data to
the USA takes place in accordance with Article 45 (1) GDPR on the basis of the
adequacy decision of the European Commission. The participating U.S. companies
and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy
Framework.
In cases where there is no adequacy
decision by the European Commission (including US companies that are not
EU-U.S. DPF certified), we have other appropriate safeguards with the
recipients of the data within the meaning of Article 44 et seq. GDPR. Unless
otherwise stated, these are standard contractual clauses of the EU Commission.
In addition, before such a third country
transfer, we obtain your consent in accordance with Article 49 (1) sentence 1
lit. a. GDPR, which you give via consent in the “cookie banner”. We would like
to point out that in the case of transfers to third countries, there may be
risks unknown in detail (e.g. data processing by security authorities of the
third country, the exact scope and consequences of which we do not know for
you, over which we have no influence and of which you may not become aware).
3. Storage period
The specific storage period of the
processed data cannot be influenced by us, but is determined by Google Ireland
Limited. Further information can be found in the privacy policy for Google
Analytics: https://policies.google.com/privacy.
§ 5 USE OF YOUTUBE VIDEO
1. Type and scope of processing
(1) We have integrated YouTube Video on our
website. YouTube Video is a component of the YouTube, LLC's video platform
where users can upload content, share it over the internet, and get detailed
statistics. YouTube Video allows us to integrate content from the platform into
our website.
(2) YouTube Video uses cookies and other
browser technologies to evaluate user behavior, recognize users and create user
profiles. This information is used, among other things, to analyze the activity
of the content listened to and to create reports. If a user is registered with
YouTube, LLC, YouTube Video can assign the videos played to the profile. When
you access this content, you establish a connection to servers of the YouTube,
LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Irland, whereby
your IP address and, if applicable, browser data such as your user agent are
transmitted.
2. Purpose and legal basis
(1) The use of YouTube Video is based on
your consent in accordance with Article 6 (1) sentence 1 lit. a. GDPR and
Section 25 (1) Act on Data Protection and the Protection of Privacy in
Telecommunications and Telemedia.
(2) We intend to transfer personal data to
third countries outside the EWR, in particular the USA. The transfer of data to
the USA takes place in accordance with Article 45 (1) GDPR on the basis of the
adequacy decision of the European Commission. The participating U.S. companies
and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy
Framework.
In cases where there is no adequacy
decision by the European Commission (including US companies that are not
EU-U.S. DPF certified), we have other appropriate safeguards with the
recipients of the data within the meaning of Article 44 et seq. GDPR. Unless
otherwise stated, these are standard contractual clauses of the EU Commission.
In addition, before such a third country
transfer, we obtain your consent in accordance with Article 49 (1) sentence 1
lit. a. GDPR, which you give via consent in the “cookie banner”. We would like
to point out that in the case of transfers to third countries, there may be
risks unknown in detail (e.g. data processing by security authorities of the
third country, the exact scope and consequences of which we do not know for
you, over which we have no influence and of which you may not become aware).
3. Storage period
The specific storage period of the
processed data cannot be influenced by us, but is determined by YouTube, LLC.
Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.
§ 6 USE OF DATA WHEN USING OUR
SOCIAL MEDIA CHANNELS
If you use our profiles in social networks
to contact us (e.g. by creating your own posts, responding to one of our posts
or sending us private messages), the data you provide to us will be used by us
exclusively for this purpose processed to be able to contact you. The legal
basis for data collection is Article 6 (1) sentence1 lit. b and f GDPR. We
delete stored data as soon as it is no longer necessary to store it or you ask
us to delete it; In the case of statutory retention requirements, we limit the
processing of the stored data accordingly.
§ 7 SOCIAL WALL
We integrate content from our social media
channels on the website via the "Curator.io" plug-in from the
provider Curator Group Pty Ltd, 53619769112, 69 Ruthven Street, Bondi Junction,
New South Wales, 2022 Australia. For the integration, the data is retrieved by
the plug-in, displayed on the website and linked. However, the plug-in does not
transmit any of your personal data to social media platforms. Insofar as
cookies are used in connection with the use of the service, this is done on the
basis of your consent in accordance with Article 6 (1) sentence 1 lit. a GDPR
and Section 25 (1) Act on Data Protection and the Protection of Privacy in
Telecommunications and Telemedia. Information on the data protection of the
provider of Curator.io can be found here: https://curator.io/privacy-policy/.
§ 8 USE OF APPLICANT AND EMPLOYEE
DATA
(1) In order to establish, conduct and
terminate the employment relationship, we collect and process information (both
in paper format and in digital form).
(a) These data may essentially include:
·
Master data (name, academic title, address, date
and place of birth, gender, personnel number)
·
marital status, children, religion and
nationality
·
contract data (type of employment, level of
employment, start / end of employment)
·
organizational data (job title, supervisor,
location, management level)
·
wage and salary payment data (basic salary,
variable salary components, surcharges, tariff classification, tax code,
payslip data, bank details, information on social security, information on wage
garnishment)
·
Performance data (assessments)
·
Business contact and communication data
·
Profile data, certifications, information on
school and vocational training, completed training courses for further
education and qualification, language skills, other qualifications such as
primary, disaster, fire and evacuation helpers
·
working hours, absenteeism, holidays, travel and
travel time, exemptions (paid, unpaid, maternity and parental leave)
·
Permissions (access rights and access bookings,
access rights to IT systems and data processing procedures, protocol data on
the use of communication and data processing systems, photographs, video
surveillance recordings)
·
Ergonomic data on workplace equipment and
workplace design, equipment used and company property used by you
·
Applicant data (application, CV, certificates,
evidence of education and training, diplomas)
·
previous values of the aforementioned data
(history data)
(b) Furthermore, information on health and
occupational reintegration management, disability status and other
workplace-relevant health data can be included, as far as they relate to
employment.
(c) In addition, organizational data and
administrative information about your position and the workplace as well as log
data on the operation and use of data processing systems and data processing
procedures are collected and processed. It is necessary to provide data for the
employment relationship and the use of the IT systems. Without the processing
of employee data, the employment relationship can not be carried out.
(2) We collect, process and use your
personal information solely for employment purposes and for business purposes
permitted by our business, which are related to your role and function in our
business.
(a) These include:
·
Processing of applications
·
justification, implementation and termination of
the employment relationship
·
Exercise and fulfillment of the rights and
obligations of employees' interests arising from a law, collective agreement or
works agreement
·
detection of possible crimes committed by
employees in the employment relationship
·
Performance determination and performance
management
·
Fee calculation and payroll
·
Human Resources, Personnel Planning, Personnel
Management, Personnel Development and Training
·
Compliance with legal requirements, e.g. according
to labor law, tax law and social security law
·
Internal administrative and organizational
purposes
·
Ensuring the security and protection of
processing methods and data from unauthorized access, falsification and
unauthorized use
·
Protecting the company's assets, assets and
assets from theft and other damage
(b) Your data will be processed for
purposes other than those mentioned only to the extent that such processing is
compatible with the purposes of the employment relationship. We will inform you
about such processing of your data about this processing and, if necessary,
obtain your consent.
(3) The legal basis for the processing of
data is Article 6 (1) sentence 1 lit. a GDPR (consent) or Article 6 (1)
sentence 1 lit. b GDPR, Section 26 Federal Data Protection Act.
(4) Your personal data will only be
transmitted or disclosed to external parties to the extent required by law or
required to fulfill the contract of employment concluded with you (e.g. to tax
and social security authorities, banks, auditors).
Your personal data may also be transmitted
to service companies for the purpose of performing data processing tasks, e.g. to
carry out the automated personal data processing or payroll. We will observe
the data protection regulations.
§ 9 REVOCATION OR WITHDRAWAL OF CONSENT TO THE PROCESSING OF
YOUR DATA
(1) If you have agreed to the processing of
your data, you can revoke this at any time. After you have pronounced it to us,
the revocation influences the permissibility of processing your personal data.
(2) If we base the processing of your
personal information on consideration of interests, you can revoke your consent
to processing. This is the case, in particular, if processing is not necessary
for fulfilment of a contract with you, which is always outlined by us in the
subsequent description of the functions. When exercising the right of
revocation, we ask you to cite the reasons why we should not process your
personal information as we have previously done. In the case of a justified
revocation, we will examine the situation and either stop or adjust the data
processing or convey to you our protection-worthy and necessary reasons for
continuing the processing.
(3) Of course, you can revoke consent to
the processing of your personal data for advertising and data analysis purposes
at any time. You can inform us of your advertising revocation at the following
contact points: info@schlutius-privacy.de.
§ 10 YOUR RIGHTS
(1) You
have the following rights towards us with regard to your personal data:
·
Right to information,
·
Right to correction or deletion,
·
Right to restriction of processing,
·
Right to refusal of processing,
·
Right to data portability.
(2) You also have the right to lodge a
complaint about our processing of your personal data with a data protection
authority.