Data Protection Statement

Data Protection Statement

§ 1     INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA

 

(1) The following information concerns the collection of personal data while using this website. Personal data are all data that can be personally related to you, e.g. name, address, email addresses, user behaviour.

 

(2)  The responsible officer pursuant to Article 4 (7) EU General Data Protection Regulation (GDPR) is Kistenmacher Auto + Technik GmbH & Co. KG, Lindenstraße 2-10, 21244 Buchholz, Tel. +49 (0)4181 990540, Mail: kat@kat-germany.de . You can contact our data protection officer Jens Borchardt, LL.M. (IT&T) at j.borchardt@schlutius-privacy.de or at our postal address with the addition "Data protection officer".

 

(3) When you contact us by email or using a contact form, the data you give us (your email address, your name and phone number if applicable) is stored by us in order to answer your question. When storage is no longer necessary, we will delete the applicable data or restrict the processing of it if legal retention requirements apply.

 

(4) If we use contracted service providers for individual functions of our web-based services, or if we wish to use your data for advertising purposes, we will inform you below in detail about the respective processes, naming the defined criteria for storage duration.

 

§ 2     FUNCTIONS AND OFFERS ON OUR WEBSITE

 

(1) As well as the purely informational use of our website, we offer various services that you may use if they interest you. To do so, you must generally provide further personal data, which we use in order to provide the respective service and to which the above-mentioned principles of data processing apply.

 

(2) We sometimes use external service providers to process your data. They have been carefully selected and commissioned by us, are bound to our instructions and are regularly monitored.

 

(3) We can also pass your personal data on to third parties if we offer special offer participation, lotteries, contract conclusions or similar services together with partners. You can find more information about this if you enter your personal data or below in the description of the offer.

 

(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.

 

§ 3 COLLECTION OF PERSONAL DATA WHEN YOU VISIT OUR WEBSITE

 

1. Visiting our website

 

If you are only using the website for information and do not register or transmit information to us in any other way, we only collect the personal data which your browser transmits to our server. If you wish to view our website, we collect the following data that are technically necessary for us to display our website to you and guarantee its stability and security (the legal basis is Article 6 (1) sentence 1 lit. f GDPR):

 

·  IP address – Date and time of the enquiry

·  Time zone difference from Greenwich Mean Time (GMT)

·  Content of the request (specific page)

·  Access status / HTTP status code

·  Quantity of data transferred in each case

·  The website from which the request comes

·  Browser

·  Operating system and its interface

·  Language and version of the browser software.

 

2.       Cookies

 

(1) Cookies are stored on your computer system whenever you use our website. Cookies are text files that are stored in the internet browser or by the internet browser in your computer system. A cookie can be stored in your operating system whenever you access a website. This cookie contains a characteristic string of characters that allow your browser to be identified when you visit the website again in the future.

 

(2) Cookies can be differentiated in different ways:

 

First, we can differentiate between first-party cookies and third-party cookies, depending on the origin of the cookie:

 

First-party cookies are cookies that are placed and retrieved by the website operator as the controller or a processor commissioned by the website operator. Third-party cookies are cookies that are placed and retrieved by parties that are controllers other than the website operator which do not act as processors on behalf of the website operator.

 

We can also differentiate between transient and persistent cookies, depending on their duration:

 

Transient cookies (session cookies) are cookies that are deleted automatically when you close your browser. Persistent cookies are cookies that remain stored on your end device for a certain period of time after you have closed your browser.

 

Furthermore, we can differentiate between cookies that do not require consent and cookies that require consent:

 

Depending on their function and purpose, the use of certain cookies may require the user’s consent. In this respect, cookies can be differentiated depending on whether their use requires the user’s consent.

 

(3) You can give your consent using a “cookie banner”:

 

When you access our website, we display a “cookie banner”. Our cookie banner allows you to declare that you consent to the use of all cookies requiring consent on this website by clicking on “Accept Cookies”. If you do not provide such consent, we do not enable any cookies requiring consent. By clicking on “Reject Cookies”, you can completely reject the use of cookies that require consent. This decision is stored in a cookie. We store your cookie settings on your end device in the form of a cookie to determine whether you have already made decisions regarding cookies from our website when you visit our website again.

 

Cookies that are required for the operation of the website cannot be disabled using the cookie management feature of this website. However, you can disable such cookies in general in your browser at any time. Different browsers provide different options for the configuration of cookie settings in the browser. Additional comprehensive information on this subject can be found on http://www.allaboutcookies.org/ge/cookies-verwalten, for example. Please note, however, that some features of the website may not properly work (anymore) if you disable cookies in your browser in general.

 

§ 4 GOOGLE ANALYTICS

 

1. Type and scope of processing

 

(1) We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of visits to our online offer, subpages visited and the length of stay of visitors.

 

(2) Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.This information is used, among other things, to compile reports on the activity of the website.

 

2. Purpose and legal basis

 

(1) The use of Google Analytics is based on your consent in accordance with Article 6 (1) sentence 1 lit. a. GDPR and Section 25 (1) Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia.

 

(2) We intend to transfer personal data to third countries outside the EWR, in particular the USA. The transfer of data to the USA takes place in accordance with Article 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework.

 

In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have other appropriate safeguards with the recipients of the data within the meaning of Article 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission.

 

In addition, before such a third country transfer, we obtain your consent in accordance with Article 49 (1) sentence 1 lit. a. GDPR, which you give via consent in the “cookie banner”. We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).

 

3. Storage period

 

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

 

§ 5 USE OF YOUTUBE VIDEO

 

1. Type and scope of processing

 

(1) We have integrated YouTube Video on our website. YouTube Video is a component of the YouTube, LLC's video platform where users can upload content, share it over the internet, and get detailed statistics. YouTube Video allows us to integrate content from the platform into our website.

 

(2) YouTube Video uses cookies and other browser technologies to evaluate user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can assign the videos played to the profile. When you access this content, you establish a connection to servers of the YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Irland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.

 

2. Purpose and legal basis

 

(1) The use of YouTube Video is based on your consent in accordance with Article 6 (1) sentence 1 lit. a. GDPR and Section 25 (1) Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia.

 

(2) We intend to transfer personal data to third countries outside the EWR, in particular the USA. The transfer of data to the USA takes place in accordance with Article 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework.

 

In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have other appropriate safeguards with the recipients of the data within the meaning of Article 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission.

 

In addition, before such a third country transfer, we obtain your consent in accordance with Article 49 (1) sentence 1 lit. a. GDPR, which you give via consent in the “cookie banner”. We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).

 

3. Storage period

 

The specific storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

 

§ 6 USE OF DATA WHEN USING OUR SOCIAL MEDIA CHANNELS

 

If you use our profiles in social networks to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide to us will be used by us exclusively for this purpose processed to be able to contact you. The legal basis for data collection is Article 6 (1) sentence1 lit. b and f GDPR. We delete stored data as soon as it is no longer necessary to store it or you ask us to delete it; In the case of statutory retention requirements, we limit the processing of the stored data accordingly.

 

§ 7 SOCIAL WALL

 

We integrate content from our social media channels on the website via the "Curator.io" plug-in from the provider Curator Group Pty Ltd, 53619769112, 69 Ruthven Street, Bondi Junction, New South Wales, 2022 Australia. For the integration, the data is retrieved by the plug-in, displayed on the website and linked. However, the plug-in does not transmit any of your personal data to social media platforms. Insofar as cookies are used in connection with the use of the service, this is done on the basis of your consent in accordance with Article 6 (1) sentence 1 lit. a GDPR and Section 25 (1) Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia. Information on the data protection of the provider of Curator.io can be found here: https://curator.io/privacy-policy/.

 

§ 8 USE OF APPLICANT AND EMPLOYEE DATA

 

(1) In order to establish, conduct and terminate the employment relationship, we collect and process information (both in paper format and in digital form).

 

(a) These data may essentially include:

 

·  Master data (name, academic title, address, date and place of birth, gender, personnel number)

·  marital status, children, religion and nationality

·  contract data (type of employment, level of employment, start / end of employment)

·  organizational data (job title, supervisor, location, management level)

·  wage and salary payment data (basic salary, variable salary components, surcharges, tariff classification, tax code, payslip data, bank details, information on social security, information on wage garnishment)

·  Performance data (assessments)

·  Business contact and communication data

·  Profile data, certifications, information on school and vocational training, completed training courses for further education and qualification, language skills, other qualifications such as primary, disaster, fire and evacuation helpers

·  working hours, absenteeism, holidays, travel and travel time, exemptions (paid, unpaid, maternity and parental leave)

·  Permissions (access rights and access bookings, access rights to IT systems and data processing procedures, protocol data on the use of communication and data processing systems, photographs, video surveillance recordings)

·  Ergonomic data on workplace equipment and workplace design, equipment used and company property used by you

·  Applicant data (application, CV, certificates, evidence of education and training, diplomas)

·  previous values of the aforementioned data (history data)

 

(b) Furthermore, information on health and occupational reintegration management, disability status and other workplace-relevant health data can be included, as far as they relate to employment.

 

(c) In addition, organizational data and administrative information about your position and the workplace as well as log data on the operation and use of data processing systems and data processing procedures are collected and processed. It is necessary to provide data for the employment relationship and the use of the IT systems. Without the processing of employee data, the employment relationship can not be carried out.

 

(2) We collect, process and use your personal information solely for employment purposes and for business purposes permitted by our business, which are related to your role and function in our business.

 

(a) These include:

 

·  Processing of applications

·  justification, implementation and termination of the employment relationship

·  Exercise and fulfillment of the rights and obligations of employees' interests arising from a law, collective agreement or works agreement

·  detection of possible crimes committed by employees in the employment relationship

·  Performance determination and performance management

·  Fee calculation and payroll

·  Human Resources, Personnel Planning, Personnel Management, Personnel Development and Training

·  Compliance with legal requirements, e.g. according to labor law, tax law and social security law

·  Internal administrative and organizational purposes

·  Ensuring the security and protection of processing methods and data from unauthorized access, falsification and unauthorized use

·  Protecting the company's assets, assets and assets from theft and other damage

 

(b) Your data will be processed for purposes other than those mentioned only to the extent that such processing is compatible with the purposes of the employment relationship. We will inform you about such processing of your data about this processing and, if necessary, obtain your consent.

 

(3) The legal basis for the processing of data is Article 6 (1) sentence 1 lit. a GDPR (consent) or Article 6 (1) sentence 1 lit. b GDPR, Section 26 Federal Data Protection Act.

 

(4) Your personal data will only be transmitted or disclosed to external parties to the extent required by law or required to fulfill the contract of employment concluded with you (e.g. to tax and social security authorities, banks, auditors).

 

Your personal data may also be transmitted to service companies for the purpose of performing data processing tasks, e.g. to carry out the automated personal data processing or payroll. We will observe the data protection regulations.

 

§ 9 REVOCATION OR WITHDRAWAL OF CONSENT TO THE PROCESSING OF YOUR DATA

 

(1) If you have agreed to the processing of your data, you can revoke this at any time. After you have pronounced it to us, the revocation influences the permissibility of processing your personal data.

 

(2) If we base the processing of your personal information on consideration of interests, you can revoke your consent to processing. This is the case, in particular, if processing is not necessary for fulfilment of a contract with you, which is always outlined by us in the subsequent description of the functions. When exercising the right of revocation, we ask you to cite the reasons why we should not process your personal information as we have previously done. In the case of a justified revocation, we will examine the situation and either stop or adjust the data processing or convey to you our protection-worthy and necessary reasons for continuing the processing.

 

(3) Of course, you can revoke consent to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your advertising revocation at the following contact points: info@schlutius-privacy.de.

 

§ 10 YOUR RIGHTS

 

(1) You have the following rights towards us with regard to your personal data:

 

·  Right to information,

·  Right to correction or deletion,

·  Right to restriction of processing,

·  Right to refusal of processing,

·  Right to data portability.

 

(2) You also have the right to lodge a complaint about our processing of your personal data with a data protection authority.