Data protection declaration

1. Introduction

With the following information, we would like to give you as the "data subject" an overview of the processing of your personal data by us and your rights under the current data protection laws. It is basically possible to use our web pages without entering personal data. However, if you wish to make use of special services provided by our company via our website, it may be necessary for us to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

Personal data such as your name, address or e-mail address is always processed in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to "Groche Technik GmbH". With this data protection declaration, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete possible protection of personal data processed via this website. Nevertheless, Internet-based data transfers can have security loopholes, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or by post.

2. Data controller

The data controller in the sense of the GDPR is:

Groche Technik GmbH, Am Lehmstich 12, 32689 Kalletal, Germany
Telephone: +49 5264 656610
Fax: +49 5264 6566120
E-mail: [email protected]

Head of the responsible office: Armin Groche

3. Data protection officer

The contact person for data protection:

Frank Sommerfeld
Actus-IT, Obere Str. 28a, 32108 Bad Salzuflen
Telephone: +49 5222 921315
E-mail:[email protected]

4. Definitions

The data protection declaration is based on the terms used in European directives and regulations when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand both for the general public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration:

Personal data

Personal data is all information relating to an identified or identifiable natural person. A natural person is identifiable if he or she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).

Processing

Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, recording, organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

Profiling

Profiling is any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of this natural person.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not assigned to an identified or identifiable natural person.

Contract processor

A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.

Recipient

A recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigative mandate are not regarded as recipients.

Third party

A third party is a natural or legal person, authority, institution or body other than the data subject, the data controller, the contract processor and the persons authorised to process the personal data under the direct responsibility of the data controller or the contract processor.

Consent

Consent means any informed and unequivocal expression of will voluntarily given by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.

5. Legal basis of the processing

Art. 6 para. 1(a) GDPR provides our company with the legal basis for processing operations in which we obtain consent for a specific processing purpose.

If it is necessary to process personal data for the fulfilment of a contract to which you are a party, as is the case for example with processing operations which are necessary for the delivery of goods or the rendering of another service or consideration, the processing is based on Art. 6 para. 1(b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 para. 1(c) GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. Processing would then be based on Article 6 para. 1(d) GDPR.

Ultimately, processing operations could be based on Article 6 para. 1(f) GDPR. Processing operations which are not covered by any of the aforementioned legal grounds are justified on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to undertake such processing operations in particular because they are specifically mentioned in European legislation. In this respect, the legislation takes the view that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).

6. Technology

6.1 Data collection when visiting the website

When you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (in so-called "server logfiles"). Our website collects a series of general data and information each time you access a page or an automated system. This general data and information is stored in the logfiles of the server. The following information can be recorded:

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. the sub-websites which are accessed via an accessing system on our website,
  5. the date and time of access to the website,
  6. an Internet Protocol (IP) address,
  7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is needed for the following purposes:

  1. to deliver the contents of our website correctly,
  2. to optimise the contents of our website as well as the advertising for it,
  3. to ensure the long-term functionality of our IT systems and the technology of our website, and
  4. to provide law enforcement agencies with the information necessary for law enforcement in the event of a cyber attack.

We therefore evaluate the data and information collected statistically and with the aim of increasing data protection and data security in our company in order ultimately to ensure an optimum level of protection for the personal data that we process. The data of the server logfiles is stored separately from all personal data provided by a data subject.

The legal basis for the data processing is Art. 6 para. 1 sentence 1(f) GDPR. Our legitimate interest follows from the aforementioned data collection purposes.

7. Cookies

7.1 General information about cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your device; they do not contain viruses, Trojans or other malware.

Information is stored in each cookie in connection with the specifically used terminal device. However, this does not mean that we become aware of your identity directly.

Cookies are used on the one hand to make our website more convenient for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These session cookies will be deleted automatically after you leave our site.

In addition, we also optimise user-friendliness by means of temporary cookies that are stored on your device for a specified period of time. If you visit our site again to use our services, it will automatically detect that you have already been with us, and what entries and settings you have made, so that you do not have to enter them again.

Another reason why we use cookies is to record statistics about the use of our website and to evaluate them for the purpose of optimising what we offer. These cookies enable us automatically to recognise, when you return to our site, that you have already been with us. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 para. 1 sentence 1(f) GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer, or so that a message always appears before a new cookie is created. However, deactivating cookies entirely can lead to you being unable to use all the functions of our website.

8. Contents of our website

8.1 Application management / situations vacant

We collect and process the personal data of applicants for the purpose of handling the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us by electronic means, for example by e-mail or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment contract in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part stand in the way of deletion. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Act on Equality of Treatment (AGG).

In this respect, data processing is carried out solely on the basis of our legitimate interest pursuant to Art. 6 para. 1(f) GDPR.

8.2 Contact form

On our website, you are given the opportunity to contact our company via a form. The personal data that is transmitted results from the input screen used for this purpose.

The personal data collected within the scope of contacting us will be collected and stored exclusively for processing the enquiries. The personal data collected in the course of establishing contact will not be passed on to third parties. The consent to the storage of personal data that you have given us for contacting you can be revoked at any time. The legal basis for data processing for the purpose of establishing contact is Art. 6 para. 1(a) or Art. 6 para. 1(b) GDPR.

9. Your rights as a data subject

9.1 Right of access by the data subject Art. 15 GDPR

You have the right to be informed by us free of charge at any time about the personal data stored about you as well as to receive a copy of this data.

9.2 Right to rectification Art. 16 GDPR

You have the right to request the rectification of incorrect personal data concerning you. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

9.3 Right to erasure Art. 17 GDPR

You have the right to demand that we erase your personal data without delay, provided that one of the reasons provided for in law applies and insofar as processing is not necessary.

9.4 Right to restrict processing Art. 18 GDPR

You have the right to request us to restrict processing if one of the legal requirements is met.

9.5 Right to data portability Art. 20 GDPR

You have the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format. You also have the right to transmit this data to another data controller without hindrance by us, to whom the personal data has been provided, provided that the processing is based on the consent pursuant to Art. 6 para. 1(a) GDPR or Art. 9 para. 2(a) GDPR or on a contract pursuant to Art. 6 para. 1(b) GDPR and that the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority which was transferred to us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to request that the personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.

9.6 Right to object Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1(e) GDPR (data processing in the public interest) or 1(f) GDPR (data processing on the basis of a balance of interests).

This also applies to profiling based on these provisions within the meaning of Art. 4 no. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In individual cases we process personal data in order to carry out direct advertising. You may at any time object to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If you object to our processing for direct advertising purposes, we will no longer process your personal data for these purposes.

You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary to fulfil a task in the public interest.

You are free to exercise your right of objection in connection with the use of social media services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

9.7 Revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

9.8 Complaint to a supervisory authority

You have the right to complain to a supervisory data protection authority about our processing of personal data.

10. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period necessary to achieve the storage purpose or insofar as this has been provided for in the legal provisions to which our company is subject.

If the storage purpose no longer applies, or if a prescribed storage period expires, the personal data will be blocked or deleted routinely and in accordance with legal regulations.

11. Duration of storage of personal data

The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer needed for the fulfilment or initiation of a contract.

12. Current version and amendments of the data protection declaration

This data protection declaration is currently valid and has the status as of May 2018.

Due to the further development of our internet pages and offers or due to changing legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current version of the data protection declaration at any time on the website at "www.groche.com".