Privacy Policy

Privacy Policy


1. Privacy policy at a glance


GENERAL INFORMATION

The following information gives you a simple overview of what happens to your personal data when you visit our website. Personal data refers to all data that can be used to identify you on a personal level. Detailed information about data protection can be found in our Privacy Policy below.


DATA COLLECTION ON OUR WEBSITE

Who is responsible for the collection of data on this Website?
The Website operator is responsible for the processing of data on this Website. You can find the operator’s contact details in the Imprint section of this Website.

How do we record your data?
We primarily obtain your data as a result of you sharing this information with us. This might involve data, e.g. that you enter in a contact form.

Other data is automatically recorded by our IT systems when you visit the Website. This is above all technical data (e.g. Web browser, operating system, or time the page was accessed). This data is recorded automatically from the moment you click on our Website.

What do we use your data for?
Part of the data is recorded in order to ensure a smooth provision of the Website service. Other data can be used to analyse your user behaviour.

What rights do you have with regard to your data?
You have the right at any time to free-of-charge access to your saved personal data, its origin and recipient, and the purpose of the data processing, in addition to a right to rectification, blocking or deletion of this data. You can contact us at any time via the address stated in the Imprint section if you have any questions about this or about your personal data in general. You also have the right to lodge a complaint with the relevant supervisory authorities.

Analysis tools & tools of third-party providers
Your user behaviour may be analysed when you visit our Website. This takes place above all with cookies in so-called analysis programs. The analysis of your user behaviour is usually anonymous; this behaviour cannot be traced back to you individually. You can object to this analysis, or prevent it by refraining to use certain tools. You will find detailed information about this in the following Privacy Policy.

You can object to this analysis. We shall inform you in this Privacy Policy about the objection options available to you.


2. General Notices & Mandatory Information


DATA PROTECTION

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially, and in accordance with both legal data protection regulations and the provisions in this Privacy Policy.
Whenever you use this Website, various personal data will be recorded. Personal data refers to data  which can be used to identify you personally. This Privacy Policy outlines which data we record and for what purposes we use it.
Please take into consideration that the transfer of data online (e.g. in communication via e-mail) may be prone to security breaches. It is not possible to ensure the full protection of data from access by third parties.


INFORMATION ABOUT THE DATA CONTROLLER

The data controller responsible for data processing on this website is:

Charlotte Meentzen Kräutervital Kosmetik GmbH
Carl-Eschebach-Str.10
01454 Radeberg
Germany
Telefon: (035 28) 41 41-18
E-Mail: info@meentzen.de

The data controller is the natural or legal person who determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.) either alone or together with other parties.


REVOCATION OF YOUR CONSENT TO DATA PROCESSING

Many data processing activities are only possible with your explicit consent. You can revoke the consent you have already provided at any time. An informal message to this effect via e-mail shall suffice here. The lawfulness of the data processing that took place up until revocation shall remain unaffected.


RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

In the case of any data protection breaches, the individual affected shall be entitled to lodge a complaint with the supervisory authority responsible. This authority in the case of data protection matters is the Commissioner for Data Protection in the German federal state in which our company has its  headquarters. Click the following link for a list of Data Protection Officers and their respective contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.


RIGHT TO DATA PORTABILITY

You have the right to have a copy of the data that we process automatically, on the basis of your consent or to perform a contract, sent to your or a third party in a standard, machine-readable format.  If you request the direct transfer of data to another data controller, this shall only be implemented provided it is technically possible.


SSL AND/OR TLS ENCRYPTION

This Website makes use of SSL or TLS encryption for security reasons and for the safeguarding of the transfer of confidential content such as orders or requests that you send to us as Website operator. You can recognise an encrypted connection by the fact that the address bar in your browser changes from  "http://" to "https://", and a lock symbol appears in your browser bar.

If SSL or TLS encryption is activated then the data that you transfer to us will not be able to be read by any third parties


ENCRYPTED PAYMENT TRANSFERS ON THIS WEBSITE

If closure of a contract liable to costs results in an obligation for you to share your payment details with us (e.g. account number for a direct debit), this data will be required for processing the payment.

Payment transactions via common means of payment (Visa/MasterCard, direct debit) shall only take place via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address bar in your browser changes from  "http://" to "https://", and a lock symbol appears in your browser bar.

This encrypted communication means that your payment details that you share with us cannot be accessed by any third parties.

 
ACCESS TO DATA, BLOCKING & DELETION

Within the framework of currently valid legal regulations, you have the right at any time to free-of-charge access to your saved personal data, its origin and recipient, and the purpose of the data processing, in addition to, where applicable, a right to rectification, blocking or deletion of this data. You can contact us at any time via the address stated in the Imprint section if you have any questions about this or about your personal data in general.

 
OBJECTION TO RECEIVING PROMOTIONAL E-MAILS

The use of contact details released within the scope of the imprint obligations to send advertising and information materials that have not been expressly requested is herewith rejected. The operators of the sites explicitly reserve the right to take legal steps in the case of unwanted promotional information being sent, e.g. in the form of spam e-mails.


3. Data Protection Officer


LEGALLY REQUIRED DATA PROTECTION OFFICER

We have appointed a Data Protection Officer for our company. You can contact them at the following address:

Data Protection Officer of Charlotte Meentzen Kräutervital Kosmetik GmbH
Carl-Eschebach-Str.10
01454 Radeberg
E-Mail: meentzen@ifdds.eu


4. Data collection on our Website


COOKIES

Websites sometimes make use of so-called cookies. Cookies do not cause any harm to your computer and do not contain any viruses. Cookies serve to make our offering more user-friendly, more effective and more secure. Cookies are small text files that are stored on your computer and which your browser saves.

Most of the cookies used by us are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies remain saved on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can adjust the settings in your browser so that you are informed whenever cookies are enabled and only allow cookies in individual cases, so that you don’t allow cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing your browser. Deactivating cookies may restrict the level of functionality of this website.

Cookies that are required for enabling the electronic communication process or provision of certain features requested by you (e.g. shopping cart function) are saved in accordance with Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the saving of cookies for the technically faultless and optimised provision of its services. If other cookies (e.g. cookies for analysing user behaviour) are saved, these will be specified separately in this Privacy Policy.
SERVER-LOG-FILES

The provider of the pages shall automatically record and save information in so-called server log files that your browser automatically sends to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
This data shall not be conflated with other data sources.

The basis for data processing is Article 6 (1) (f) of the GDPR, which permits the processing of data to perform a contract or pre-contractual measures.

 
CONTACT FORM

If you submit an enquiry to us using our contact form, the information you provide in the contact form including the contact details you provide will be saved by us for the purposes of processing your enquiry and in case of any follow-up questions. We shall not pass this data on to any other parties without your consent.

The processing of the data entered in the contact form shall thereby only take place on the basis of your consent (Article 6 (1) (a) of the GDPR). You can revoke this consent at any time. An informal message to this effect via e-mail shall suffice here. The lawfulness of the data processing that took place up until revocation shall remain unaffected.

The data you enter in the contact form shall be saved by us until you ask us to delete this information, revoke your consent for the saving of this data, or the purpose for the data being saved becomes invalid (e.g. once your request has been completely processed). Mandatory legal provisions – in particular retention periods – shall remain unaffected here.


REGISTRATION ON THIS WEBSITE

You can register on this Website in order to make use of additional features available on this Website. The data you enter for this will be used by us for the purpose of use of the respective offer or service that you have registered for. The mandatory information for the registration must be provided by you in full. If this is not the case, your registration will be rejected.

For important changes, e.g. to the scope of the offer or any required technical changes, we shall make use of the e-mail you provided upon registration to inform you of these changes.

The processing of the data you entered during registration shall take place on the basis of your consent (Article 6 (1) (a) of the GDPR). You can revoke this consent at any time. An informal message to this effect via e-mail shall suffice here. The lawfulness of the data processing that took place up until revocation shall remain unaffected.

The information recorded during registration is saved by us for as long as you remain registered on our Website, and will then be subsequently deleted. Legally stipulated retention periods shall remain unaffected here.

 
PROCESSING OF DATA (CUSTOMER & CONTRACTUAL DATA)

We shall only record, process and use personal data if it is required for the establishment, content-related performance or alteration of the legal relationship (inventory data). The basis for this is Article 6 (1) (f) of the GDPR, which permits the processing of data to perform a contract or pre-contractual measures. We shall only record, process and use personal data relating to the use of our Websites (usage data) if this is necessary to enable or invoice usage of the service by the user.

The customer data recorded shall be deleted after closure of the order or termination of the business relationship. Legal retention periods shall remain unaffected here.

 
DATA TRANSFER UPON CONTRACT CLOSURE FOR ONLINE SHOPS, RETAILERS AND DISPATCH OF GOODS

We shall only transfer your personal data to third parties if this is necessary within the scope of performance of the contract, e.g. to the company entrusted with the delivery of the goods or the credit institute involved in the payment processing. Any other transfer or data shall only take place if you have provided your explicit consent for this. Your data shall not be shared with any third parties, e.g. for advertising purposes, without your explicit consent.

The basis for data processing is Article 6 (1) (f) of the GDPR, which permits the processing of data to perform a contract or pre-contractual measures.


5. Analysis Tools & Advertising


GOOGLE ANALYTICS

This Website makes use of the functions of the Web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics makes use of so-called "Cookies". These are text files that are saved on your computer and enable an analysis of how you make use of the Website. The information generated by the cookie about the usage of this Website is usually transferred to a Google server in the USA and saved there.

The saving of Google Analytics cookies shall take place in accordance with Article 6 (1) (a) of the GDPR in conjunction with Article 7 of the GDPR, as a result of your consent to the analysis of user behaviour in order to optimise both our online offering and our advertising.

 
IP ANONYMISATION

We have activated IP anonymisation on this Website. As a result, your IP address will be shortened by Google within the member states of the European Union or in other countries where the legislation of the European Economic Area applies, before being transferred to the USA. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this Website, Google shall make use of this information to analyse your usage of the Website in order to compile reports about website activities and to provide services to the website operator associated with Website usage and online usage. The IP address transferred from your browser via Google Analytics will not be associated with any other data saved by Google.

 
BROWSER PLUGIN

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note however that you may not be able to make full use of the features of this Website as a result. In addition, you can prevent the transfer of data recorded by the cookie and relating to your usage of the Website (incl. your IP address) to Google and the processing of this data by Google, by downloading and installing the browser plugin under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.


REVOCATION OF YOUR CONSENT TO HAVE YOUR DATA RECORDED

You can deactivate the recording of data by Google Analytics by clicking on the following link. It will set an opt-out cookie that prevents your data from being recorded during future visits to this Website: Deactivate Google Analytics.

You can find more information about the treatment of user data on Google Analytics in the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.


PROCESSING OF ORDER DATA

We have entered into a contract with Google regarding the processing of order data and adhere fully to the strictest provisions stipulated by German data protection regulatory bodies in the use of  Google Analytics.


6. Newsletter


NEWSLETTER DATA

If you would like to subscribe to the newsletter offered on the Website we require an e-mail address from you and information that allows us to verify that you are the owner of the e-mail address entered and that you agree to receiving the newsletter. Additional data shall not be collected, unless on a voluntary basis. We shall use this data exclusively for the mailing of the information requested and shall not pass this data on to any third parties.

The processing of the data you entered in the newsletter subscription form shall only take place on the basis of your consent (Article 6 (1) (a) of the GDPR). You can revoke your consent to the saving of data, the e-mail address and its use to send the newsletter at any time, e.g. by clicking on the “Unsubscribe” link in the newsletter. The lawfulness of the data processing that took place up until revocation shall remain unaffected.

The data saved by us for the purposes of sending you the newsletter shall remain saved by us up until you unsubscribe to the newsletter, and shall be deleted once you have unsubscribed to the newsletter.  Data that we have saved for other purposes (e.g. e-mail addresses for the members section) shall remain unaffected here.

 
NEWSLETTER2GO

This Website uses Newsletter2Go to send out newsletters. The provider is Newsletter2Go GmbH, Nürnberger Strasse 8, 10787 Berlin, Germany.

Newsletter2Go is a service which can be utilised, amongst other things, for organising and analysing the mailing of newsletters. The data entered by you for the purposes of receiving the newsletter will be saved on the servers of Newsletter2Go in Germany.

If you do not wish your data to be analysed by Newsletter2Go you must unsubscribe to the newsletter.  A respective link for this is included in every newsletter message sent. Moreover, you can unsubscribe to the newsletter directly on the Website.

 
DATA ANALYSIS BY NEWSLETTER2GO

With the help of Newsletter2Go it is possible for us to analyse our newsletter campaigns. We can, for example, see whether a newsletter message has been opened and which links have been clicked on or not. This way we can ascertain which links are clicked on particularly frequently.

In addition, we can ascertain whether defined actions were carried out after opening/clicking (Conversion Rate). We can find out here whether you have made a purchase after clicking on the newsletter.

Newsletter2Go enables us to categorise (“cluster”) newsletter recipients on the basis of various different criteria. Newsletter recipients can be divided up here according to e.g. age, gender, or place of residence. This allows newsletters to be customised to specific individual target groups.

Click on the following link for detailed information about the functionality offered by Newsletter2Go: https://www.sendinblue.com/newsletter-software/?rtype=n2go.


LEGAL BASIS

The processing of data shall take place on the basis of your consent (Article 6 (1) (a) of the GDPR). You can revoke this consent at any time. The lawfulness of the data processing that took place up until revocation shall remain unaffected.

 
RETENTION PERIOD

The data saved by us for the purpose of subscribing to the newsletter shall remain saved up until the time you unsubscribe to the newsletter, at which point it shall be deleted both from our servers and from the servers of Newsletter2Go. Data that has been saved for other purposes by us  (e.g. e-mail addresses for the members section) shall remain unaffected by this.

For more information about the data protection provisions of Newsletter2Go please visit: https://www.newsletter2go.de/features/datenschutz-2/.

 
CLOSURE OF A CONTRACT FOR THE PROCESSING OF ORDER DATA

We have a contractual agreement with Newsletter2Go in which Newsletter2Go commits to protecting the data of our customers and not passing them on to any third parties. This contract can be viewed by clicking on the following link:

https://www.newsletter2go.de/docs/datenschutz/ADV_Muster_Newsletter2Go_GmbH_latest_Form.pdf?x48278.


7. Social Media


Our Website uses plugins of the social networks Facebook and Instagram.

If you visit our Website and are logged in to one of the social networks stated (Facebook, Instagram) at the same time, your browser will make a connection to the Social Plugins and content from this Website will be loaded. Your visit to our Website can therefore be traced by Facebook and the other Social Plugins, even if you don’t actively use this function. If you have an account with Facebook or the other social platforms specified, you can make use of these and share information with your friends. We do not however have any influence over the content of the Social Plugins and the possible transfer of information.

The privacy policies of the social media platforms Facebook and Instagram can be read by clicking on the following links:

Facebook Privacy Policy

Instagram Privacy Policy


8. Payment Providers


PAYPAL

One of the payment options we offer on our Website is payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (referred to hereinafter as “PayPal”).

If you select payment via PayPal, the payment data you enter will be transferred to PayPal.

The transfer of your data to PayPal shall take place in accordance with Article 6 (1) (a) of the GDPR (consent) and Article 6 (1) (b) of the GDPR (processing necessary for the performance of a contract). You have the option of revoking your consent at any time to your data being processed. Any revocation shall not affect the efficacy of data processing activities in the past.

 
PAYONE

One of the payment options we offer on our Website is payment via PAYONE. The provider of this payment service is BS PAYONE GmbH, Lyoner Strasse 9, D-60528 Frankfurt/Main (referred to hereinafter as “PAYONE”).

If you select payment via PAYONE, the payment data you enter will be transferred to PAYONE.The transfer of your data to PAYONE shall take place in accordance with Article 6 (1) (a) of the GDPR (consent) and Article 6 (1) (b) of the GDPR (processing necessary for the performance of a contract). You have the option of revoking your consent at any time to your data being processed. Any revocation shall not affect the efficacy of data processing activities in the past.


9. Google Web Fonts


This Website makes use of so-called Web Fonts, provided by Google, to ensure the standardised depiction of fonts. Whenever you access a page, your browser will load the required Web Fonts in your browser cache in order to display the texts and fonts correctly.

For this purpose, the browser you use must make a connection to the servers of Google. This means that Google will register that our Website has been accessed via your IP address. The use of Google Web Fonts takes place in the interest of a standardised and visually appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Article 6 (1) (f) of the GDPR.

If your browser does not support Web fonts, a standard font will be used by your computer.

For further information about Google Web Fonts please visit https://developers.google.com/fonts/faq and/or refer to the Google Privacy Policy: https://www.google.com/policies/privacy/.


10. Alterations / Updates to the Privacy Policy


Privacy Policy may be subject to change as a result of the ongoing development of our Charlotte Meentzen Online Shop and new legal provisions. We therefore reserve the right to make amendments or addendums to this Privacy Policy as and when needed. We will publish these changes here. You should therefore access this Website on a regular basis in order to find out about the current version of the Privacy Policy.


11. Notices about information requirements pursuant to Art. 13 ff. of the GDPR


INFORMATION ABOUT THE PROCESSING YOUR PERSONAL DATA (FOR CUSTOMERS AND POTENTIAL CUSTOMERS)

In the following we shall inform you about the processing of your personal data by Charlotte Meentzen GmbH and the rights you are entitled to in accordance with data protection legislation.

Who is responsible for the processing of data and who is the Data Protection Officer?
The data controller responsible for the processing of data is:

Charlotte Meentzen Kräutervital Kosmetik GmbH
Carl-Eschebach-Str. 10
01454 Radeberg
Germany

Telefon: 03528 - 41410
Fax: 03528 - 414199
E-Mail: info@meentzen.de

You can contact our Data Protection Officer at the following address: meentzen@ifdds.eu

What categories of data do we use and where do these derive from?


The categories of personal data processed include first name, last name, name affixes, private address, (mobile) phone number, and e-mail address.

Your personal data is generated collected directly from you during initiation of the contract.

Additionally, we process personal data that we have acquired reliably from publically accessible sources.

For what purposes and on what legal basis is your data processed?

We process your personal data while adhering to the provisions of the EU General Data Protection Regulation (GDPR), the latest version of the German Federal Data Protection Act (BDSG-neu), and all other key relevant legislation (e.g. German Fair Trade Practices Act (UWG), German Telemedia Act (TMG), etc.).

First and foremost, the processing of data serves to initiate a contract, i.e. to perform a contract. The predominant legal basis for this is Art. 6 (1) (b) of the GDPR. In addition, our legitimate interests pursuant to Article 6 (1) (f) of the GDPR and possibly your special consent pursuant to Art. 6 (1) (a) and Art. 7 of the GDPR shall be used as a data protection authorisation prescript. These interests shall include, in particular, marketing activities.

We also carry out data processing for statistical purposes.

We shall inform you in advance if we intend to process your personal data for a purpose that is not specified above.

Who is given access to your data?

Within our company, only those people and departments will receive access to your personal data who require this data to fulfil contractual and legal obligations, or who are entrusted with the respective fulfilment of tasks relating to the purpose.

In addition, we may in some cases make use of various service providers for the fulfilment of our contractual and legal obligations and purpose-related tasks.

This might be, for example:

•  Website hosts
•  Newsletter service providers
•  Software for processing the order
•  Producers of printed materials
•  Financial service providers and credit agencies

What rights can you exercise as a data subject?

You can request access to information about your saved personal data via the address specified above. In addition, you can request the rectification or deletion of your data under certain circumstances. You also have the right to restrict the processing of your data and the right to publish the data you have provided in a structured and standard machine-readable format.

Right of revocation

You have the right to object to your personal data being processed for the purposes of direct advertising without having to provide any reasons. If we process your data to preserve legitimate interests you have the right to object to this processing for reasons arising from your particular situation. We shall then cease to process your personal data unless we can prove compelling, legitimate grounds for the processing that outweigh your interests, rights and liberties or if the processing serves the enforcement, exercising or defending of legal claims.

Where do you file a complaint?

You have the option of filing a complaint to the Company’s aforementioned Data Protection Officer or to a data protection regulatory authority. The data protection regulatory authority responsible for our Company is:

Sächsischer Datenschutzbeauftragter
Postfach 11 01 32
01330 Dresden
Germany

How long will your data be saved for?

We will delete your personal data as soon as they are no longer required for the aforementioned purposes. After the end of the contractual relationship, your personal data will be save for as long as is legally required. This is dictated on a regular basis by legal verification and retention obligations, which are specified in the German Commercial Code (“Handelsgesetzbuch”), the German Fiscal Code (“Abgabenordnung”), and other legal provisions. Accordingly, storage periods can be up to thirteen years. It may also be the case that personal data is kept stored for the period of time in which legal claims may be made (legal period of limitation of three or up to thirteen years). Moreover, we may reserve the right to keep your personal data stored for the purpose of market and initiating a new contract, on the basis of our legitimate interest, for a period of five years, and to process this data.

Will your data be transferred to a non-EEA country?

If we transfer any personal data to service providers outside of the European Economic Area (EEA), this transfer shall only take place provided an appropriate level of data protection has been confirmed for the non-EEA country and other relevant data protection guarantees (e.g. binding company-internal data protection regulations or EU standard contractual clauses) are in place. You can also request information regarding this matter using the contact details specified above.

Are you obliged to make your data available?

For the performance of the contract you must make that personal data available that is required to form the grounds for and implement the contractual relationship, and to fulfil the contractual obligations contained therein, or for the saving of data to which we are legally obliged. Without this data we shall not be able to enter into a contract with you.

To what extent are automated decisions or profiling activities carried out?

We also make use of automated processing to come to a decision – including profiling – about the grounds for and implementation of a contractual relationship in the following cases: (e.g. credit assessment, etc.)


INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA (FOR APPLICANTS)

In the following we shall inform you about the processing of your personal data by Charlotte Meentzen GmbH and the rights you are entitled to in accordance with data protection legislation.

Who is responsible for the processing of data and who is the Data Protection Officer?

The data controller responsible for the processing of data is:

Charlotte Meentzen Kräutervital Kosmetik GmbH
Carl-Eschebach-Str. 10
01454 Radeberg
Germany
Telefon: 03528 - 41410
Fax: 03528 - 414199
E-Mail: info@meentzen.de

You can contact our Data Protection Officer at the following address: meentzen@ifdds.eu

What categories of data do we use and where do these derive from?

We process the data that is sent to us in relation to your application, in order to assess your suitability for the position (or possibly other vacant positions within our company) and to conduct the application process (e.g. first name, last name, name affixes, nationality, contact details such as private address, (mobile) phone number, e-mail address). This might also include special categories of personal data such as health-related data.

Your personal data is collected directly from you during the application process. We may also have obtained data from third parties (e.g. via job placement services).

Additionally, we process personal data that we have acquired reliably from publically accessible sources (e.g. business networks).

For what purposes and on what legal basis is your data processed?

We process your personal data while adhering to the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other key relevant legislation.

First and foremost, the processing of data serves to establish the possible grounds for an employment relationship. The predominant legal basis for this is Art. 6 (1) (b) of the GDPR in conjunction with Clause 26 (1) of the German Federal Data Protection Act (BDSG). In addition, your special consent pursuant to Art. 6 (1) (a) and Art. 7 of the GDPR shall be used as a data protection authorisation prescript.

If required, we also process your data in accordance with Article 6 (1) (f) of the GDPR, in order to preserve the legitimate interests of ourselves or of third parties (e.g. authorities). There shall be a legitimate interest in particular if any claims are asserted or defended.

Moreover, we are obliged pursuant to the European Anti-Terrorism Regulations 2580/2001 and 881/2002, to match your data against so-called “EU Terror Lists“ in order to ensure that no funds or other financial resources have been made available for terrorist purposes.

We also carry out data processing for statistical purposes.

If other categories of personal data pursuant to Article 9 (1) of the GDPR are processed, this shall serve within the scope of the application process to exercise rights or for the fulfilment of legal obligations relating to labour law, the right to social security and social protection (e.g. recording of severe disability in relation to additional leave and the assessment of disability contributions). This shall take place in accordance with Article 9 (2) (b) of the GDPR in conjunction with Clause 26 (3) of the German Federal Data Protection Act (BDSG). Additionally, the processing of health-related data may be required for the assessment of an individual’s capacity to work, pursuant to Art. 9 (2) (h) of the GDPR in conjunction with Clause 22 (1) (b) of the German Federal Data Protection Act (BDSG).

Alongside this, the processing of particular categories of personal data shall be based on consent pursuant to Article 9 (2 (a) of the GDPR in conjunction with Clause 26 (2) of the German Federal Data Protection Act (BDSG).

We shall inform you in advance if we want to process your personal data for a purpose that is not specified above.

Who is given access to your data?

Your applicant data shall be viewed after receipt of your application by the HR department. Suitable applications will then be forwarded internally to the head of particular departments for the specific vacant position. The next steps in the application process will then be determined. Generally speaking, only those people within the company shall have access to your data who require this information for the orderly implementation of our application process.

In addition, we make use of various service providers. These include, in particular, software providers that may also receive access to your personal data in relation to the maintenance and administration of the systems. We have entered into a processing agreement with these providers, which ensure that date is processed in a reliable way.

In addition, we can share your personal data with other recipients within the company provided this is required for the fulfilment of contractual and legal obligations. This might be, e.g.:

• Authorities (e.g. pension insurance institutes, occupational care facilities, social insurance agencies, financial authorities, courts of law)

What rights can you exercise as a data subject?

You can request access to information about your saved personal data via the address specified above. In addition, you can request the rectification or deletion of your data under certain circumstances. You also have the right to restrict the processing of your data and the right to publish the data you have provided in a structured and standard machine-readable format.

Right of revocation

You have the right to object to your personal data being processed for the purposes of direct advertising without having to provide any reasons. If we process your data to preserve legitimate interests you have the right to object to this processing for reasons arising from your particular situation. We shall then cease to process your personal data unless we can prove compelling, legitimate grounds for the processing that outweigh your interests, rights and liberties or if the processing serves the enforcement, exercising or defending of legal claims.

Where do you file a complaint?

You have the option of filing a complaint to the Company’s aforementioned Data Protection Officer or to a data protection regulatory authority. The data protection regulatory authority responsible for our Company is:

Sächsischer Datenschutzbeauftragter
Postfach 11 01 32
01330 Dresden
Germany

How long will your data be saved for?

We will delete your personal data as soon as they are no longer required for the aforementioned purposes. In the case of a rejection, your personal data will be stored for the period in which claims for damages can potentially be made against us (a maximum of 6 months).

If you have consented to your personal data being saved once again we will transfer your data into our applicant pool. The data here will be deleted after a period of two years, provided no new communication has taken place with you in the meantime.

If you are accepted for a position as a result of the application process, your data will be transferred from the applicant data system to our HR information system.

Will your data be transferred to a non-EEA country?

If we transfer any personal data to service providers outside of the European Economic Area (EWR), this transfer shall only take place provided an appropriate level of data protection has been confirmed for the non-EEA country and other relevant data protection guarantees (e.g. binding company-internal data protection regulations or EU standard contractual clauses) are in place. You can also request information regarding this matter using the contact details specified above.

Are you obliged to make your data available?

Within the scope of your application, you may have to provide those personal details that are required for the possible establishment of grounds for a contractual relationship and for the fulfilment of contractual obligations, as well as in cases where we are legally obliged to record data. Without this data we will not be able to enter into an employment contract with you.