Privacy Policy

For our website
For our Social Media Channels
For applicants
In general
For our website

Thank you for visiting our website and your interest in our company. In the following we would like to inform you about the management of your personal data in accordance with Art. 13 General Data Protection Regulation (GDPR).

Controller

The controller responsible for the described data collection and processing is named in the imprint.

Usage Data 

When you visit our website, the data collected from the use of the website is temporarily stored on our web server for statistical purposes in order to improve the quality of our website. This data set contains

- the name and address of the data file,
- the date and time of the query,
- the amount of data transferred,
- the access status (file transmitted, file not found),
- a description of the type of browser used,
- the page, from which the data is requested
- the IP address of the requesting computer shortened to such an extent that no reidentification of any persona data is possible.

The listed usage data is stored anonymously.

Storage of IP address

In addition, we do not store any IP addresses.

Data Security

To avoid unauthorized access to your data, we have implemented technical and organizational measures. We use encryption technologies on our website. Your data will be transferred to our servers and back again via a connection that is protected by a TLS encryption technology. You can recognize that you are browsing on an encryption secured website by the lock-symbol shown in the address bar of your browser and by the address bar starting with https://.

Necessary Cookies

We use cookies on our websites that are necessary for the use of our website. 

Cookies are small pieces of data that are stored and read in your end-device. A distinction is made between session cookies, which are deleted when you close your browser, and permanent cookies, which are stored even after your visit has expired. 

We do not use these necessary cookies for the purposes of analyses, tracking or advertisement.

Some of these cookies only contain information about certain settings and cannot be related to a person. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies in accordance to Art. 6 Para. 1 S. 1 lit. f GDPR.

Please be aware that you can set your browser to inform you when cookies are being stored or used on the website you are visiting. Thus, any use of cookies is transparent to you. You have the possibility to delete your browser configuration at any time and prevent any use of new cookies. In the event you refuse the use of cookies, please note that our websites may not be displayed optimally and some functions are then no longer technically available.

Cookies Table

Depending on your settings via our banner, the following cookies are used.

Technically necessary cookies
These cookies are necessary for the operation of the website and can therefore not be deselected.
WSESSIONID
Duration of storagesession
Necessary standard cookie to be able to use PHP session data.
hideCookieNotice
Duration of storagedepending on selection up to 30 days
Saves that the cookie or data protection notice is not displayed again each time it is called up.
allowLoadExternRessources
Duration of storagedepending on selection up to 30 days
Remembers the user decision whether external components may be loaded automatically.
allowTracking
Duration of storagedepending on selection up to 30 days
Remembers the user decision that visitor behavior may be tracked.
Marketing-/Tracking Cookies
These cookies serve marketing purposes and analyze your visitor behavior.
_ga
Duration of storage2 years
Contains a randomly generated User-ID. This ID enables Google Analytics to recognize returning users on this website and to merge data from previous visits.
_gid
Duration of storage24 hours
Contains a randomly generated User-ID. This ID enables Google Analytics to recognize returning users on this website and to merge data from previous visits.
_gat
Duration of storage1 minute
Certain data is only sent to Google Analytics once per minute at most. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are blocked.
visitor_id
Duration of storage2 years
Includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Salesforce account. The visitor value is the visitor_id in your Salesforce account. This cookie is set for visitors by the Salesforce tracking code
pi_opt_in
Duration of storage2 years
Sets a true or false value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to true, and the visitor is stored and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to false. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id-hash
Duration of storage2 years
Contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor and access corresponding prospect information.
lpv
Duration of storage2 years
Is set to keep from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.

Google Tag Manager

We have integrated the Google Tag Manager on our website, a utility service that itself processes personal data (IP address) only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data.

You can find more information about the Google Tag Manager in Google's privacy policy.

We use the Google Tag Manager on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR and in the legitimate interest of optimal functionality of our website. If you do not wish this, please do not visit our website again.

Google Analytics

We use Google Analytics to create pseudonymous user profiles for improving and designing our website on demand. Google Analytics uses “cookies”, which are text files placed on your end device and can be read by us. In this way, we are able to recognize and count returning visitors.

We also use the Google Signals service to create cross-device user statistics (e.g. numbers, user groups) and to play out cross-device remarketing campaigns for Google users. Google only processes the data of users who have activated the "personalised advertising" option in their Google account settings. You can also object in principle to the collection by Google Signals by deactivating the "personalised advertising" function in your Google account.

Google Ireland Limited and Google LLC (USA) support us as part of Google Analytics as a processor according to Art. 28 GDPR. The data processing may therefore also take place outside the EU or the EEA. With regard to Google LLC, no adequate level of data protection can be assumed due to processing in the USA. There is a risk that authorities will access the data for security and surveillance purposes without you being informed or being able to appeal. Please take this into account if you choose to give your consent to our use of Google Analytics.

This data processing is carried out on the basis of Art. 6 Para. 1 S. 1 lit. a GDPR, provided that you have given your consent via our banner. The transfer to a third country is based on Art. 49 Para. 1 lit. a GDPR.  

You can withdraw your consent at any time. Please use the following button and make the appropriate settings via our banner.

Marketing Cloud Account Engagement (Salesforce.com)

We also use the Marketing Cloud Account Engagement ("MCAE") tool, a service provided by Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. MCAE is a tool linked to our Salesforce CRM system for recording and evaluating the use of a website by website visitors, whereby your click path is recorded when you visit our website and an individual usage profile is created using a pseudonym. We may combine the usage profiles created by MCAE with your other customer data stored by us (e.g. name, professional contact details, information about your organisation and position, etc.) as well as with information from third-party providers (e.g. on your interactions with our social media presences) in order to address you individually, i.e. based on interests and usage. For this purpose, cookies are used that enable recognition of your browser.

As part of the use of MCAE, Salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich (Germany) supports us as processor according to Art. 28 GDPR. Due to data transfers between Salesforce.com Germany GmbH and Salesforce.com, Inc. data processing may therefore also take place outside the EU or the EEA. With regard to Salesforce.com, Inc. no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and surveillance purposes without you being informed or being able to appeal. Please take this into account if you choose to give your consent to our use of MCAE.

This data processing is carried out on the basis of Art. 6 Para. 1 S. 1 lit. a GDPR, provided that you have given your consent via our banner. The transfer to a third country is based on Art. 49 Para. 1 lit. a GDPR.  

In addition, you can deactivate the creation of pseudonymized user profiles at any time by configuring your Internet browser so that cookies from the "salesforce.com" domain are not accepted.

You can withdraw your consent at any time. Please use the following button and make the appropriate settings via our banner.

Embedded Videos

Besides locally stored videos we also embed videos on our websites that are not stored on our servers. So that calling up our website with embedded videos does not automatically result in third-party content being reloaded, in a first step we only display locally saved preview images of the videos. This means that the third party provider does not receive any information.

Only after clicking on the preview image will the content of the third-party provider be reloaded. In this way, the third-party provider receives the information that you have accessed our site and the usage data that is technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider.

The embedding takes place on the basis of your consent in accordance with. Art. 6 Para. 1 S. 1 lit. a GDPR, provided you have given your consent by clicking on the preview image. Please note that the embedding of many videos means that your data will be processed outside the EU or the EEA. In some countries, there is a risk that authorities will access the data for security and monitoring purposes without you being informed of this or being able to appeal. If we use providers in insecure third countries and you consent, the transfer to an insecure third country takes place on the basis of Art. 49 Para. 1 lit. a GDPR.

ProviderAppropriate level of data protectionRevocation of consent
YouTube / Google (USA)No adequate level of data protection. The transmission takes place on the basis of Art. 49 Para. 1 lit. a GDPR.If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such a reload on other pages, please do not click on the preview images any more.

Social Media

We maintain an online presence within social networks and platforms in order to be able to communicate with customers, interested parties and users who are active there and to provide them with additional information about our services. When visiting the respective networks and platforms as well as links to other providers, the terms and conditions and data protection guidelines of the respective operator apply.

We do not integrate any social plugins directly into our website. When you visit our website, no data is transmitted directly to social media services such as Facebook, LinkedIn or XING. Only when you click on the logos you will be directed to the respective website. Further data from you may be processed on these. We have no influence on this data processing on the respective linked websites.

We provide information about the processing of your data in this context in the privacy policy for our Social Media Channels - you can find this in the separate tab.

Contact

You have the possibility to get in touch with us by telephone, fax, e-mail, post mail or via our contact form. Furthermore, you have the opportunity to contact us via our callback service. To use our contact form or the callback service, we first need the data marked as mandatory fields from you. We use this data on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR to answer your request.

In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not absolutely necessary to contact you. We process your voluntary information on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

If the contact is aimed at concluding a contract, Art. 6 Para. 1 lit. b GDPR provides an additional legal basis for processing.

Your data will only be processed to answer your request. We delete your data if it is no longer required and if there are no statutory retention requirements.

If you have given us your consent via the cookie banner, we will also process your request via the MCAE tool, a service provided by Salesforce.com, Inc. This allows us to combine your data with your other customer data stored by us as well as with information from third-party providers in order to address you individually, i.e. based on interests and usage. For details, see MCAE (Marketing Cloud Account Engagement).

Insofar as your data transmitted is processed based on Art. 6 Para. 1 S. 1 lit. f GDPR, you can object to the processing at any time. You can also revoke your consent to the processing of the voluntary information at any time. For this purpose, please contact the e-mail address given in the imprint.

Registration Forms and Newsletter

You can register with us for various services, e. g. to participate in (online) events and to receive newsletters. For the registration we need certain data (at least your e-mail address, possibly name and other contact data), which are marked accordingly as mandatory information. In addition, you can provide additional information voluntarily.

The processing of your data takes place on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time. Until your revocation, we store your data for the purpose of reuse for recurring services.

When registering, you will also receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). If necessary, we store further data so that we can prove that you have registered. This may include the storage of the complete IP address at the time of registration or confirmation as well as a copy of the confirmation e-mail sent by us. The corresponding data processing is carried out on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR and is carried out in the interest of being able to account for the legality of the implementation of the services.

We also use MCAE, a service provided by Salesforce.com, Inc. to process your data. This allows us - if you have given us your consent via the cookie banner - to combine your data with your other customer data stored by us as well as with information from third-party providers in order to address you individually, i.e. based on interests and usage. Furthermore, MCAE can be used to analyse the newsletter. For this purpose, the newsletter messages contain so-called "web beacons". These are pixel-sized files that are retrieved from the server of our service provider when the newsletter is opened. For the evaluations, the data you provide and the "web beacons" are linked to your e-mail address and an individual ID. For details, see MCAE (Marketing Cloud Account Engagement).

Information for Healthcare Professionals

Some information we make available only to a specific and limited group of people who belong to the medical community. You can get access to this information through a previous verification via the website of the service provider DocCheck linked by us. We do not process any personal data from you as an external visitor ourselves. 

Further information about the processing of your data by DocCheck can be found here.

Product Complaints

If you have noticed a product defect or an undesirable product effect, you can report it to us. In addition, we are legally obliged to clarify suspected cases of side effects in medicinal products and medical devices and to forward them to the competent authorities under certain circumstances. For the notification, we provide you with a registration form on our website. In this context, we require some mandatory information from you, which we use on the basis of Art. 6 Para. 1 S. 1 lit. c and Art. 9 Para. 2 lit. i GDPR (in conjunction with further laws such as AMG, MPG, KosmetikV), to assess and answer your product complaints and, if necessary, to comply with our legal obligation. In addition, you can provide us with other information that may be helpful for an evaluation, but is not mandatory. This information is provided voluntarily and we process it on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a, possibly Art. 9 Para. 2 lit. a GDPR.

Your notification may contain special categories of personal data in accordance with Art. 9 GDPR. The web form offered on our website ensures a correspondingly secure and encrypted recording. The form can be stored locally, printed out and sent as an e-mail attachment. If the message form is to be sent encrypted, take appropriate measures in your e-mail settings.

Due to the medical significance and importance, all data processed in this context will be stored for a period of at least 15 years and then deleted, provided that there are no statutory retention obligations to the contrary.

Whistleblower System

We have set up a system for reporting breaches of Union law. The processing of your personal data in the context of the use of our whistleblower system and the reporting channels takes place within the framework of the implementation of the obligation to maintain a whistleblower system. This obligation follows from the general compliance obligation according to § 43 GmbHG and is structured in the EU Whistleblower Directive, (DIRECTIVE (EU) 2019/1937 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 October 2019).

As part of the whistleblower system, data must be provided in order to clarify, terminate and prevent the reported violations for the future. Data must also be collected if it is transmitted voluntarily, such as a contact option, be it by e-mail, postal address or telephone number. This information is always voluntary. By submitting your consent, you consent to this processing.

In fulfilling this general compliance obligation, we are supported by a service provider - namely datenschutz nord GmbH, Mr. Dominik Bleckmann -, who acts in this context as an external ombudsman office strictly confidential and independent of instructions to us.

Applications

We offer vacancies via our job / career portal, which you can use to send us your application. We inform you about the processing of your data in this context in the privacy policy for our career portal - you can find this in the separate tab. 

You have also the option of applying for the positions advertised by us via the email or postal address provided. In order to be able to consider your application, at least the following information is required:
· Cover letter
· Curriculum vitae
· Certificates and qualifications
· Further documents and information according to the respective job advertisement.

We process your data exclusively for the purpose of selecting applicants in accordance with Art. 88 Para. 1 GDPR. There is no data processing for other purposes. In addition, you can decide for yourself whether you want to provide us with further information, such as your telephone number, your leisure interests, a picture, etc. for a better assessment of your application or for easier communication. This information is provided voluntarily and is not absolutely necessary for the application. If you include voluntary information in your application, you give your consent that we use this data exclusively for the purpose of applicant selection in accordance with Art. 88 Para. 1 GDPR. You can revoke your consent at any time with effect for the future. Please send your revocation to the office named in the imprint.

Your details will be treated as strictly confidential. If your application is unsuccessful, your documents will be deleted no later than six months after you have sent the notification of rejection. The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. f GDPR in the legitimate interest of warding off any legal claims.

In the event that your application should also be considered for other or future job advertisements, this will only be done on the basis of your consent. Please inform us of this in your application letter. We then process your data on the basis of Art. 6 Para. 1 S. 1 lit. a GDPR and delete your application after 2 years at the latest. You can revoke your consent at any time with effect for the future. Please send your revocation to the office named in the imprint.

Storage Duration

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes, you have revoked your consent to data processing and there are no statutory retention requirements to prevent destruction/deletion.

Data Recipients

We pass on your personal data within our company to the areas and persons who need this data to fulfil the respective purpose. Insofar as this is necessary within the scope of the purposes set out above, we may also transfer your personal data to companies affiliated with us.

Your data will not be transferred to third parties, i. e. outside the schülke group, or only if this is permitted under data protection law. We can also pass on your data to external service providers (a. o. providers for IT service, marketing, sales, data and document destruction) who support us with data processing in the context of order processing, strictly bound by instructions and on the basis of an order processing contract. We make sure that the data processing is limited as far as possible to within the European Union (EU) or the European Economic Area (EEA), e. g. by selecting storage locations on corresponding data centers in the European Union. However, it cannot be ruled out that your data may also be processed outside the EU or the EEA or transmitted to third-country service providers. Should we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the EU Commission has confirmed an appropriate level of data protection for the third country, an appropriate level of data protection has been agreed with the data recipient (for example by means of standard contractual clauses) and further measures required to ensure an adequate level of data protection have been taken or you have given us your consent in accordance with the requirements of Art. 49 Para. 1 S. 1 lit. a GDPR.

Your Rights as a Data Subject

As a data subject, the GDPR grants you certain rights when processing your personal data.

Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case to obtain access to the personal data and the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)
You have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

Right to data portability (Art. 20 GDPR)
In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

Right of withdrawal (Art. 7 GDPR)
If the processing of data takes place on the basis of your consent, you are entitled according to Art. 7 Para. 3 GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

Right to object (Art. 21 GDPR)
If the data is processed pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Asserting your rights
Unless otherwise described above, please contact the office named in the imprint to assert your rights as a data subject.

Contact Details of our Data Protection Officer

In fulfilling our data protection obligations, we are supported by our data protection officer, who can be reached under the following contact details:

datenschutz nord GmbH
Sechslingspforte 2
22087 Hamburg
Germany
www.dsn-group.de
schlkdtnschtz-nrdd

If you contact our data protection officer, please also indicate the responsible body that is named in the imprint.

02.2023

For our Social Media Channels

When you visit our social media sites, it may be necessary for the data relating to you to be processed. We would therefore like to inform you about the management of your personal data and your resulting rights in accordance with Art. 13 General Data Protection Regulation (GDPR).

Responsibility

We, Schülke & Mayr GmbH, as headquartes of the schülke group, operate the following social media sites:

- Facebook: https://www.facebook.com/myschulke/
- XING: https://www.xing.com/companies/sch%C3%BClke%26mayrgmbh
- LinkedIn: https://www.linkedin.com/company/schulke-&-mayr/
- YouTube: https://www.youtube.com/user/schuelkeChannel

You can find our contact details in the imprint.

In addition to us, the respective operator of the social media platform is also responsible for processing your personal data. As far as we can influence this and parameterize the data processing, we work within the scope of the possibilities available to us to ensure data protection-compliant handling by the operator of the social media platform. In this context, please also note the privacy policies of the respective social media platform.

Data processing by us

The data you enter on our social media sites, such as user names, comments, videos, pictures, likes, public messages, etc., are published by the social media platform and are never processed by us for other purposes. We only reserve the right to delete content if this is necessary. Where appropriate, we will share your content on our site, if this is a function of the social media platform, and communicate with you via the social media platform.

If you send us a request on the social media platform, we may also refer you to other, secure communication channels that guarantee confidentiality, depending on the content. For example, you have the option at any time to send us your inquiries to the address given in the imprint or via our contact form. It is your own responsibility to choose the appropriate communication channel.

The legal basis for processing your data is Art. 6 Para. 1 S. 1 lit. f GDPR. The data processing takes place in the legitimate interest to conduct public relations for our company and to be able to communicate with you.

We also use our social media sites to carry out special campaigns, e.g. competitions or registration for online events. In this context, we only process the personal data that is absolutely necessary for participation or determining the winner and that you provide to us voluntarily. This includes your first and last name or your social media profile name, your email address and, if applicable, the content of your comments. In case of further measures resulting from the participation, e.g. the delivery of the prize or answering your questions, we would contact the transmitted email address and request further necessary data. In addition, the processing of your personal data set out in this privacy policy may take place in the context of visiting our social media account. 

The legal basis for processing your data is your consent pursuant to Art. 6 Para 1 S. 1 lit. a GDPR. You have the option at any time to object to the processing of your personal data in the context of these actions for the future. In this case, you will no longer be able to participate in the promotion. All personal data stored for this purpose will be deleted in this case, at the latest 6 months after the end of the promotion, unless there are legal obligations to keep records. Comments that you leave on the social media platform in this context can be deleted by yourself at any time.

Some social media platforms create statistics that are created on the basis of usage data and contain information about your interaction with our social media site. We cannot influence or prevent the implementation and provision of these statistics. However, we do not use optional statistics from the social media platform.

We process this information in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR in the legitimate interest of validating the use of our social media sites and improving our content in a target group-oriented manner.

In addition, we can occasionally use the social media platforms described to display targeted advertising. In this case, we use target group definitions that are made available to us by the social media provider. We only use anonymous target group definitions - we define characteristics, for example, on the basis of general demographic information, behavior, interests and connections. The operator of the social media platform uses these to display advertisements accordingly to its users. The legal basis for this is the consent that the operator of the social media platform has obtained from its users. If you want to revoke this consent, please use the revocation options provided by the provider of the social media platform, as the social media platform operator is responsible for this processing. Occasionally we or the provider of the social media platform also use publicly available data to define target groups. The legal basis for this processing is then Art. 6 Para. 1 S. 1 lit. f GDPR. The legitimate interest on our part is to define a target group that is as suitable as possible. We never use sensitive categories of personal data, which are mentioned in Art. 9 and 10 GDPR, to define target groups.

We do not use targeting based on location data. We do not pass on any personal data within the scope of the target group definition to the operator of the social media platform.

Occasionally we also use information about visits to or interaction with other sites (so-called remarketing) to define target groups. For this we use, among other things, also cookies. In these cases, however, we obtain the consent of the users in advance on the respective other sites via a consent banner and at this point provide information about the data processing. You can revoke this consent at any time by calling up the consent banner on the relevant website again.

If you would like to object to certain data processing over which we have an influence, please refer to the contact details given in the imprint.

Storage duration 

We delete your personal data when it is no longer required for the aforementioned processing purposes and there are no statutory retention requirements to prevent deletion.

Data procession by the operator of social media platform

The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform.

We would therefore like to point out that it cannot be ruled out that the provider of the social media platform will use your profile and behavioral data to evaluate your habits, personal relationships, preferences, etc. In this respect, we have no influence on the processing of your data by the provider of the social media platform, so that you use the social media platform at your own risk.

You can find more detailed information on data processing by the provider of the social media platform, configuration options to protect your privacy and other options for objection and, if available and concluded, the agreement pursuant to Art. 26 GDPR in the provider's privacy policy:

- Facebook: https://www.facebook.com/about/privacy and
https://www.facebook.com/legal/terms/page_controller_addendum
- XING: https://privacy.xing.com
- LinkedIn: https://www.linkedin.com/static?key=privacy_policy and
https://legal.linkedin.com/pages-joint-controller-addendum
- YouTube: https://www.youtube.com/privacy

Your rights as a website user

As a website user, you have the option of asserting the following rights towards us as well as towards the provider of the social media platform if the requirements are met:

Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case to obtain access to the personal data and the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)
You have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

Right to data portability (Art. 20 GDPR)
In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

Right to object (Art. 21 GDPR)
If the data is processed pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the data is processed on the basis of legitimate interest for the purpose of direct advertising, you have your own right of objection, which you can assert at any time without giving reasons and the exercise of which leads to the termination of the processing for the purpose of direct advertising.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Asserting your rights
Unless otherwise described above, please contact the office named in the respective imprint to assert your rights.

Contact Details of our Data Protection Officer

In fulfilling our data protection obligations, we are supported by our data protection officer, who can be reached under the following contact details:

datenschutz nord GmbH
Sechslingspforte 2
22087 Hamburg
Germany
www.dsn-group.de
schlkdtnschtz-nrdd

If you contact our data protection officer, please also indicate the responsible body that is named in the imprint.

For applicants

Thank you for your visit and your interest in a position within the schülke Group (hereinafter referred to as "schülke"). If you use the career pages and the functions offered, it is necessary that personal data about you is also processed by schülke. 

We would therefore like to draw your attention to the following information in accordance with Art. 13 General Data Protection Regulation (GDPR).

Controller

The controller responsible for the described data collection and processing is named in the imprint.

Data processing within the career pages

Access and use

By accessing the career pages, usage data is automatically collected for the purpose of optimal delivery of the content, which your Internet browser transmits to our web server and which can represent personal data from a data protection point of view. These include:

- the IP address of the requesting computer
- the date and time of the query
- the page accessed
- the amount of data transferred
- the referral link indicating the source/reference from which you visit us
- the description of the web browser used and the operating system
- the access status (file transferred, file not found)

We also store the above data set for a period of seven days in the interest of detecting, limiting and eliminating attacks on our websites. The legal basis is Art. 6 Para. 1 lit. f GDPR. The overriding legitimate interest lies in ensuring the trouble-free functionality of our website.

Necessary cookies

We use cookies on our website. Cookies are small pieces of data that are stored and read in your end-device. A distinction is made between session cookies, which are deleted when you close your browser, and permanent cookies, which are stored even after your visit has expired.

We do not use these necessary cookies for the purposes of analyses, tracking or advertisement.

Some of these cookies only contain information about certain settings and cannot be related to a person. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies in accordance to Art. 6 Para. 1 S. 1 lit. f GDPR.

Please be aware that you can set your browser to inform you when cookies are being stored or used on the website you are visiting. Thus, any use of cookies is transparent to you. You have the possibility to delete your browser configuration at any time and prevent any use of new cookies. In the event you refuse the use of cookies, please note that our web sites may not be displayed optimally and some functions are then no longer technically available.

zsessionid
Duration of storage: session
Used with cross-application global session management.

JSESSIONID
Duration of storage: session
Used with J2EE session management. 

OptierRQUUID
Duration of storage: session
Used for troubleshooting and analysis.

loginMethodCookieKey
Duration of storage: permanent
Determines the login method when partial enterprise SO is enabled. The cookie improves the suitability for the end if the wrong login method is used. 

deeplinkCookieKey
Duration of storage: valid for the second of redirection
Supports deep links to pages with SSO. 

Fontstyle
Duration of storage: session
Support for user settings and help with restrictions. 

BIGipServerP_-80
Duration of storage: session
Web Server Session Management 

AssertingPartyCookieKey
Duration of storage: permanent
Used to save the name of the confirmed SMAL party. 

Ms_cookie_set
Duration of storage: session
Used for media service.

bizxCompanyId
Duration of storage: permanent
Used to store the company ID that a user used to log in. So when you return to the login page, the page does not have to ask for the company ID again.

Further information you will find in the Cookie Consent Manager of our career pages.

Online application

On the career page, you have the opportunity to apply for a position at schülke that is of interest to you. To do this, you must first create a profile by entering your first and last name and your e-mail address. An automatically generated password will then be sent to the e-mail address you have provided, with which you can confirm the creation of your profile. The password is valid for a period of 10 minutes and must be replaced by an individual password in the user profile within this period.

If you are logged in with your profile, you can apply for this position after selecting a job advertisement. To do so, upload your Curriculum vitae and certificates in the appropriately marked areas of the career portal. In addition, you must enter your data in the fields marked as "Mandatory". In order to consider your application, at least the following information is required:
- Name and address
- E-mail address
- Curriculum vitae
- Certificates and qualifications

The provision of an additional personal cover letter is voluntary.

Application by e-mail and post

In addition, you have the option of applying to schülke by post at the address stated in the imprint or by e-mail at personal@schuelke.com. We then process the data received from you for the purpose of organizing and selecting applicants in the IT application SAP Success Factors intended for the career portal.

Notification of job advertisements

If you have registered for the notification function, we process your name and e-mail address in order to keep you electronically informed about positions of interest to you at schülke or its subsidiaries. The processing is then carried out on the basis of your voluntary consent, which can be revoked at any time with effect for the future in accordance with Art. 6 Para. 1 S. 1 lit. a and Art. 7 GDPR.

In this context, your data will be processed for the purpose of managing your application by us and organising the selection process.

With regard to the registration and creation of a profile in the career portal, the legal basis for the processing of the data concerning you is Art. 6 Para. 1 S. 1 lit. b GDPR and, to the extent of the mandatory information on the application form and your uploaded documents or documents sent by e-mail/post, Art. 88 Para. 1 GDPR (in conjunction with § 26 Para. 1 S. 1 Federal Data Protection Act (BDSG)).

If you also voluntarily provide us with further content, such as a personal cover letter, image data or information that is not absolutely necessary, the legal basis is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a and Art. 7 GDPR. Your consent is voluntary and can be revoked at any time with effect for the future. This does not result in any negative consequences for you and the application process.

Of course, we treat your information confidentially. Applications received by us will only be disclosed by schülke and internally only to the responsible authorities and persons. The data collected in this respect will be deleted as soon as the purpose for the provision no longer applies and deletion does not conflict with any statutory retention obligations or legitimate interests.

Your profile created in the career portal and the documents posted therein will remain in place for a period of 6 months. During this time, you can also use your profile and documents for further applications. Your user account will then be deleted. In the event of non-recruitment, your data will be deleted no later than 6 months after the rejection letter has been sent. The basis for the storage of your data beyond the end of the application process is our legitimate interest in being able to defend ourselves against possible legal claims.

Finally, we may store your data in our talent pool and for future job advertisements if we have obtained your consent in individual cases. We will then keep your data for a period of 6 months. If you do not agree to a storage extension afterwards and at our request, your data will be automatically deleted.

In the event of the establishment of an employment relationship, we will use the data contained by you in the career portal for the purpose of onboarding and induction and transfer the data to the personnel file. The legal basis for this is also Art. 88 Para. 1 GDPR (in conjunction with § 26 Para. 1 S. 1 BDSG) and is necessary for the execution of the employment relationship.

Data recipients

According to your settings, the recipients of your data are only internal bodies and persons responsible for the respective processing as well as external service providers who support us in accordance with instructions on the basis of an order processing contract in the context of the provision of the career websites and the associated processes. Specifically, these are:

ProcessorPurposeAdequate level of data protection
SAP Deutschland SE & Co. KGWebhosting and SupportIt has been agreed with the processor that only data centers within the EEA/Switzerland will be used and that no data export outside the EEA/Switzerland will take place. For Switzerland, there is an adequacy decision pursuant to Art. 45 GDPR. In the event of isolated and necessary data processing outside the EU/EEA, e.g. in the case of support, we have concluded standard contractual clauses with the processor in order to ensure an adequate level of data protection.

Data security

To avoid unauthorized access to your data, we have implemented technical and organizational measures. We use encryption technologies on our website. Your data will be transferred to our servers and back again via a connection that is protected by a TLS encryption technology. You can recognize that you are browsing on an encryption secured website by the lock-symbol shown in the address bar of your browser and by the address bar starting with https://.

Your rights as a data subject

As a data subject, you have the right to obtain information about the personal data concerning you processed by us (Art. 15 GDPR). In the event of inaccuracy of the processed information, you can request the correction (Art. 16 GDPR). If the prerequisites are met, you also have the right to erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) as well as to data portability in accordance with Art. 20 GDPR.

If your data is processed in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR to safeguard legitimate interests, you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process your personal data unless there are demonstrably compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

If data is processed on the basis of your consent, you are entitled under Art. 7 Para. 3 GDPR to revoke your consent at any time with effect for the future.

Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Contact details of our data protection officer

In fulfilling our data protection obligations, we are supported by our data protection officer, who can be reached under the following contact details:

datenschutz nord GmbH
Sechslingspforte 2
22087 Hamburg
Germany
www.dsn-group.de
schuelke@datenschutz-nord.de

If you contact our data protection officer, please also indicate the responsible body that is named in the imprint.

In general

In the following we would like to inform you about the handling of personal data in general in accordance with Art. 13 General Data Protection Regulation (GDPR). Please note that this general data protection information does not represent the privacy policy of our website - you can find it in the separate tab.

Controller

The controller responsible for the described data collection and processing is named in the imprint.

We collect and process personal data in accordance with the legal basis of Art. 6 Para. 1 S. 1 General Data Protection Regulation (GDPR), in particular on the following bases:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes (right of withdrawal see "Your rights as a data subject"); 

the processing of your personal data is necessary to carry out pre-contractual measures that precede a contractually regulated business relationship or to fulfill the obligations arising from a contract concluded with you. This can include, for example, the processing of purchase orders, deliveries or payments, or the preparation and answering of requests for quotations from individuals, to determine the establishment or conditions of a contractual relationship;

processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. tax, commercial and foreign trade or sanctions law); 

the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. The legitimate interests are in particular the conclusion or implementation of contracts and other business relationships with our business partners, suppliers or interested parties for whom you may act as a representative or as an employee. Furthermore, legitimate interests are internal administrative purposes (e.g. for accounting) or to ensure IT security and IT operations as well as to carry out compliance investigations, to guarantee building and system security or to assert, exercise or defend of legal claims (right to object see "Your rights as a data subject").

Regarding any data processing in detail:

1. Direct Marketing

If we receive your business or private e-mail address or postal address in connection with our business relationship through consulting or the sale of a product or service, we can use this address for direct advertising for our own similar products or services, provided you have not objected to the processing. When collecting your address and every time it is used, we clearly point out that you can object to its use at any time without incurring any costs other than the transmission costs according to the basic tariffs.

It is used on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR and in the interest of promoting the sale of our goods or services. If you do not want direct mail, you can object to data processing for this purpose by contacting the office named in the imprint. If we are not allowed to process your data on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR, we will only do so on the basis of your previously declared voluntary consent (right of withdrawal see "Your rights as a data subject").

2. Data Processing in the Context of Contacting

We process your data that you transmit to us in connection with the establishment of contact via contact form, telephone, fax, e-mail or post mail exclusively to process your request.

Depending on the content of your request, the legal basis here is, among other things, Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purpose of processing and answering your request. If your request is aimed at the conclusion of a contract, the legal basis for processing can also be Art. 6 Para. 1 S. 1 lit. b GDPR.

Your data will only be processed to answer your request. We delete your data if it is no longer required and if there are no statutory retention requirements.

If your contact is aimed at concluding a contract with us or if we already have a business relationship with you, we do not delete your data immediately, but may store it in our (CRM) system until the contractual and/or legal obligations have been fulfilled respectively a business relationship no longer exists and legal retention periods do not prevent deletion.

3. Sale / Purchase of Goods and Services as well as Continuous Business Relationship

We process your personal data respectively personal data of the contact persons of your company in the context of consulting and the sale respectively purchase of goods and services for the purpose of performing pre-contractual measures and fulfilling the contract as well as for the continuous business relationship. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR resp. Art. 6 Para. 1 S. 1 lit f GDPR. We process the following categories of data:

  • Master data (e.g. surname, first name, address, position)
  • Contact data (e.g. telephone/fax number, e-mail address)
  • Communication data (e.g. call/consultation logs, offers)
  • Contract/banking data (e.g. subject matter of contract, contract history, bank details)

The purpose of the processing of the aforementioned personal data is the initiation, implementation and fulfillment of the respective contractual relationship, the organisation and implementation of binding consultation appointments as well as our legitimate interest in maintaining an active business relationship with you (for the right to object in the event of data processing based on Art. 6 Para 1 S. 1 lit. f GDPR, see "Your rights as a data subject").

Your personal data as well as the personal data of the contact persons of your company will be deleted as soon as they are no longer required for achieving the purpose for which they were collected, i.e. when the contract on which the order is based has been fulfilled and all claims from the contractual relationship are statute-barred or there are no longer any statutory retention periods. In the case of continuous business relationship, we will delete your personal data (contact details of the contact person) if there is finally no longer interest in a continuous relationship and a business contact over a certain period of time no longer exists or your part has declared a corresponding objection to data processing, at the latest however after 10 years.

4. Online Meetings

To conduct online meetings and events or job interviews via telephone / video conferences (hereinafter: "Online Meetings"), we use the tool "Teams" of the US provider Microsoft Corporation. For special event livestreams, the platform of the US providers Vimeo.com, Inc. or Zoom Video Communications, Inc. can also be used.

The processing of your data takes place on the basis of Art. 6 Para. 1 S. 1 lit. b GDPR, if your participation as an external participant ("guest") in the Online Meeting is necessary for the fulfillment of a contract concluded with you or for the implementation of pre-contractual measures or on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in our legitimate interest of maintaining location-independent communication, the maintenance of business contacts and the provision of services owed. If you also voluntarily provide information about yourself when using the tool or voluntarily use functions that are not absolutely necessary, the associated data processing will take place on the basis of your revocable consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future (for the right to object see "Your rights as a data subject"). Please note that processing carried out before the revocation is not affected.

Depending on the type and scope of use of the tools, different types of data are collected or processed. This includes in particular

  • Information about your person (e. g. first and last name, e-mail address, profile picture),
  • Meeting metadata (e. g. date, time and duration of communication, participant IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or speaker, type of connection),
  • Text, audio and video data (e. g. chat histories, video and audio playback),
  • Connection data (e. g. phone numbers, country names, start and end times, IP addresses).

If you participate in an Online Meeting as an external participant ("guest"), you will receive an access link from the host (schülke) by e-mail or calendar entry. For some online meetings, prior registration is also required (see registration forms). You can join Online Meetings directly from the browser without installing the apps. The service is then provided via the website by the respective service provider, who is responsible for data processing as the provider. You are free to use the chat functions during the Online Meeting. Likewise, you can decide whether to activate your camera and/or microphone or to leave it off. If you use the chat function, the text entries you make will be processed in order to display them in the Online Meeting and, if necessary, to log them. When you turn on your camera or microphone, the data from your device's microphone and any video camera from your device will be processed for the duration of the meeting.

Please note that pseudonymised participation is only possible for event livestreams. For other online meetings, your personal details are visible to all other participants and any information that you or others upload, provide or create during an Online Meeting will be processed for the duration of the meeting and will remain stored even after the end of the Online Meeting. There is no possibility of central deletion of the Online Meeting by the host. We therefore recommend that you as a participant do not use the chat function if you want to prevent storage in the Online Meeting.

In certain circumstances, we may record individual Online Meetings (primarily events) for the purpose of documentation or further publication afterwards. Both the audio track and the camera view of the participants can be recorded. You are free to activate the camera and microphone. Before the start of the recording, we will inform you of this and of the intended place of publication, if applicable. By continuing to participate under the settings you have selected, you hereby declare your consent to the recording and further use. If you participate without activating the camera and/or microphone, none of your personal data (except for your username or pseudonym) will be recorded. You can then also place questions via the chat. The chat content is not part of the recording. If the recording is published on the Intranet or Internet, we would like to point out that it will then be accessible worldwide and at any time and can be found with search engines and linked to other information. In principle, therefore, any information that is placed on the Internet can be copied and redistributed without any problems. A revocation of your consent with effect for the future is possible, provided that it is technically possible to remove your personal data from the recording (right of withdrawal see "Your rights as a data subject").

In the processing of your data the following external service provider and processor within the meaning of Art. 28 GDPR support us:

5. Exhibitions and Events

We are regularly active at exhibitions, congresses and other events as exhibitor and occasional organizer. During planning, implementation and follow-up, we process personal data if you are already in an active business relationship with us or if such a relationship is in the offing. In doing so, we process your personal data required in each case, e. g. in the context of registration for the event, on the basis of your participation in competitions or surveys offered by us and/or on the basis of personal contact or consultation.

If you register for one of our exclusive, possibly participant-limited events, your data will be processed on the basis of Art. 6 Para. 1 S. 1 lit. b GDPR for the purpose of planning and carrying out the event and, if necessary, issuing a proof of participation. An individual approach in the run-up to or after the event (e. g. as part of feedback or information about other similar events) is based on our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. We process further voluntarily provided data on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit a GDPR.

In the case of freely accessible marketing events that are purely informational and at which, for example, no proof of participation is issued, we process the data required for this (names, contact details) on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in the interest of providing information about our products or services. We process further voluntarily provided data on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

The legal basis for participation in competitions and surveys is Art. 6 Para. 1 S. 1 lit. a GDPR. Contact requests are processed on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. The purpose of the processing of your personal data is the execution and fulfilment of the respective activities as well as our legitimate interest in establishing or maintaining an active business relationship with you (information on your rights can be found under "Your rights as a data subject").

For the purpose of documentation or further publication afterwards, we can create photo and video recordings and record individual events or lectures. The focus of the camera view is primarily on the speaker and not on individual participants, whereby the audio track of individual participants can be recorded, provided that an active contribution emanates from them. Before the start of the event, we will inform you of the recordings and intended publication locations, if any. If possible, we will also set up recording-free areas at the venue. By registering to participate in our events, you hereby declare your consent to the possible recording and further use. If the recording is published on the intranet or Internet, we would like to point out that it will then be accessible worldwide and at any time and can be found with search engines and linked to other information. In principle, therefore, any information that is placed on the Internet can be copied and redistributed without any problems. A revocation of your consent with effect for the future is possible, provided that it is technically possible to remove your personal data from the recording (right of withdrawal see "Your rights as a data subject").

6. Visitor Management on site

When you visit us at our headquarters, e.g. as part of an event, work meeting or service delivery, registration is required to ensure a smooth visit. Our employees are required to register visitors in advance. In the course of this, you will receive an e-mail to the known e-mail address previously provided to us, which will give you access to the visitor management system in order to complete your details and confirm any necessary information (e.g. house rules) in advance. Your first and last name as well as your e-mail address and, if applicable, your license plate number is mandatory data for visitor registration. Further information is marked as voluntary or optional. During your visit, you can then check in digitally via QR code and receive a corresponding visitor badge that legitimizes your access.

We process your data received in this context on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in the legitimate interest of reliably carrying out access controls to our locations and implementing our obligations to ensure secure data processing in accordance with Art. 32 GDPR. If you provide further voluntary information about yourself during registration, the associated data processing will be carried out on the basis of your revocable consent in accordance with Art. 6 Para. 1 S. 1 lit a GDPR. You can revoke your consent at any time with effect for the future (for the right to object see "Your rights as a data subject"). 

Usually, your data will be deleted no later than 4 weeks after your visit. For regularly returning visitors, it is possible to give us consent for a longer storage, so that in this case your data will only be deleted after one year or the period specified in the consent. If an event occurs that requires the data to be stored for a longer period of time in order to fulfil the purpose of visitor management, such as a data protection or other security incident, etc., your data will be stored for the period for which it is required and then deleted immediately.

As part of our visitor management, we use a system of an external service provider (unival Group GmbH, Germany), which supports us as a processor bound by instructions in accordance with Art. 28 GDPR.

Storage Duration

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes, you have revoked your consent to data processing and there are no statutory retention requirements to prevent destruction/deletion.

Data Recipients

We pass on your personal data within our company to the areas and persons who need this data to fulfil the respective purpose. Insofar as this is necessary within the scope of the purposes set out above, we may also transfer your personal data to companies affiliated with us.

Your data will not be passed on to third parties, i. e. outside the schülke group, or only if this is permitted under data protection law, e.g. to specialist/wholesalers or distribution partners, if this is necessary for the purpose of fulfilling the contract. We can also pass on your data to external service providers (a. o. providers for IT service, marketing, sales, data and document destruction) who support us with data processing in the context of order processing, strictly bound by instructions and on the basis of an order processing contract. We make sure that the data processing is limited as far as possible to within the European Union (EU) or the European Economic Area (EEA), e. g. by selecting storage locations on corresponding data centers in the European Union. Should data be processed or transferred to service providers outside the EU or EEA (e. g. the U.S.), the transfer will only take place if the EU Commission has confirmed an appropriate level of data protection for the third country, an appropriate level of data protection has been agreed with the data recipient (for example by means of standard contractual clauses) and further measures required to ensure an adequate level of data protection have been taken or you have given us your consent in accordance with the requirements of Art. 49 Para. 1 S. 1 lit. a GDPR.

Your Rights as a Data Subject

As a data subject, the GDPR grants you certain rights when processing your personal data.

Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case to obtain access to the personal data and the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)
You have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

Right to data portability (Art. 20 GDPR)
In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

Right of withdrawal (Art. 7 GDPR)
If the processing of data takes place on the basis of your consent, you are entitled according to Art. 7 Para. 3 GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

Right to object (Art. 21 GDPR)
If the data is processed pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Asserting your rights
Unless otherwise described above, please contact the office named in the imprint to assert your rights as a data subject.

Contact Details of our Data Protection Officer

In fulfilling our data protection obligations, we are supported by our data protection officer, who can be reached under the following contact details:

datenschutz nord GmbH
Sechslingspforte 2
22087 Hamburg 
Germany
www.dsn-group.de
schlkdtnschtz-nrdd 

If you contact our data protection officer, please also indicate the responsible body that is named in the imprint.

04.2024