Purposes of data processing and legal framework
Visiting our website
When accessing our website the browser that you use will automatically send information to our website’s server. This information is stored temporarily in a so-called log file. This involves the following information, which is stored by us until it is automatically deleted:
- IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Content of the request (specific page);
- Access status / http status code;
- Website from which the request came;
- Operating systems and its interface;
- Language and version of the browser software.
We process these data to ensure a smooth connection setup and user-friendly application of our website, to guarantee network and information security, to analyse system security and stability and also for administrative purposes. The legitimacy of our data processing is based on Art. 6(1) sentence 1(f) GDPR. Our legitimate interest derives from the aforementioned data recording purposes. We do not use data to draw conclusions about you as an individual. We also deploy cookies and tracking services on our website. Further details of this are to be found in paragraph 7 of this Privacy Statement.
Subscribing for our newsletter
If you have consented to receive our newsletter, invitations to events and other information relevant to you (Art. 6 para. 1 sentence 1 lit. a GDPR), we use the following information from you:
- The page from which the page was requested (so-called referer URL);
- The date and time of the request;
- The description of the type of web browser used;
- The IP address of the requesting computer, which is shortened so that a personal reference can no longer be established;
- Your name;
- Your e-mail address for this purpose.
To register for our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the provided e-mail address asking you to confirm your registration. The purpose of this procedure is to verify your registration and, if necessary, to be able to clarify any possible misuse of your personal data. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by e-mail or by sending a message to the contact details provided in the imprint. This means that we will no longer process the data based on this consent in the future and will delete the personal data, unless there is another legal basis or there are legal obligations to retain data.
Using of our contact form
For questions of any kind, we offer you the possibility to contact us via a form provided on the website. We collect the following data from you:
- Your gender;
- Your first and last name;
- The content of your enquiry;
- Your e-mail address.
It is necessary to provide a valid e-mail address so that we from whom the request originates and can answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is based on your prior consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. To do so, use the above-mentioned e-mail address from us. The revocation has the consequence that we will no longer continue the data processing based on this consent for the future and will delete the data.
The data is stored in order to answer your questions. We delete the data accruing in this context, if the request is assigned to a contract, after the deadlines for the contract period, otherwise after the storage is no longer required, or restrict the processing if there are statutory retention obligations.
In order to fulfil our contract with you, we process the following personal data:
- Customer master data (title, first name, surname, e-mail address, address, telephone and, if applicable, fax number);
- Contract data.
The personal data that we collect for the purpose of fulfilling the contract will be stored for 3 years after the end of the calendar year in which the contractual relationship was terminated and then deleted, unless we have consented to longer storage in accordance with Art. 6 (1) sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations in accordance with Art. 6 (1) sentence 1 lit. a GDPR.
Job application portal
During the application process, we process the following categories of your personal data:
- Master data (e.g. name, gender, date of birth);
- Contact details (e.g. certificates, curriculum vitae);
- Data on your professional career and acquired skills (this includes, for example, education and training, professional experience, additional qualifications);
- In the case of online applications, usage and inventory data (this includes e.g. IP address, name of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval, web browser).
All personal data is processed exclusively for the following purposes:
- Initiation, establishment, implementation and termination of the employment relationship;
- Declarations and information based on legal obligations or otherwise permitted by law;
- Safeguarding and enforcing our legitimate interests.
Legal bases for the processing of your data include:
- Art. 6 para. 1 sentence 1 lit. b GDPR;
- Art. 6 para. 1 sentence 1 lit. c GDPR;
- Art. 6 para. 1 sentence 1 lit. f GDPR.
If you have provided "special categories of personal data" within the meaning of Art. 9 GDPR in your application (e.g. a photo that shows your ethnic origin or your eyesight, or information on severe disability, marital status, etc.), this is done on the basis of your consent within the meaning of Art. 9 para. 2 lit. a GDPR. However, we would like to evaluate all applicants solely on the basis of their qualifications and therefore ask you to omit such information from your application if possible.
Your data will only be passed on to companies within the group of companies, unless we are legally obliged to pass on your data to other bodies. If we do not establish an employment relationship with you, your application data will be stored for up to six months after the end of the application process and then deleted.
Duration of data processing
Your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.
However, storage may take place beyond the specified time in the event of (impending) litigation with you or other legal proceedings or if storage is provided for by legal regulations to which we are subject as the responsible party. If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted, unless further storage is required by us and there is a legal basis for this. For information on the use and storage period of cookies, please refer to our comments on cookies.
Disclosure of personal data
We will not disclose your personal data to third parties unless:
- You have given your consent to this pursuant to Art. 6(1) sentence 1(a) GDPR;
- Disclosure is necessary under Art. 6(1) sentence 1(f) GDPR in order to assert, establish or defend legal claims and there is no reason to assume that you have an overriding and legitimate interest in non-disclosure of your data;
- There should be a statutory obligation of disclosure pursuant to Art. 6(1) sentence 1(c) GDPR, or
- Permissible by law and necessary for the performance of contracts with you pursuant to Art. 6(1) sentence 1(b) GDPR.
Where we process data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)), where this is done whilst using third-party services or when disclosing or transmitting data to third parties, then this will only be done so as to fulfil our (pre)contractual duties, with your consent, where required by law to do so, or where we have a legitimate interest in so doing. Unless there should be a statutory exemption we will only process data in a third country if the special statutory conditions under Art. 44 et seq. GDPR are fulfilled.
We share your personal data within the BPW Group (BPW Bergische Achsen Kommanditgesellschaft, Ohlerhammer, 51674 Wiehl, Germany and the companies affiliated with BPW) if the legal requirements are met.
When you visit our social networks (e.g. LinkedIN, Xing), your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This also happens if you yourself do not have a profile in the respective social network. The individual data processing procedures and their scope differ depending on the operator of the respective social network and are not necessarily traceable. For details on the collection and storage of your personal data as well as on the type, scope and purpose of their use by the operator of the respective social network, please refer to the data protection declarations of the respective operator:
Rights of data subjects
You have the right:
- under Art. 15 GDPR to ask for information about your personal data processed by us. You may specifically ask for information as to the purpose of such processing, the categories of personal data concerned, the categories of recipients to whom your data has been or is being disclosed and the length of time that it is intended to be kept, as to the existence of a right to amend, delete or limit such processing or raise an objection, the existence of a right of appeal, the origin of your data if it has not been obtained from us and as to the existence of automated decision-making, including profiling, and details of any significant information;
- under Art. 16 GDPR to require the rectification without undue delay of inaccurate personal data recorded by us or the supplementation of personal data recorded by us;
- under Art. 17 GDPR to require the erasure of personal data recorded by us unless its processing should be necessary in the exercise of the right of freedom of expression and information, to fulfil a legal requirement, for reasons of public interest or in order to assert, establish or defend legal claims;
- under Art. 18 GDPR to require a restriction to be put on the processing of your personal data where the accuracy of data is disputed by you, processing is unlawful but you refuse its erasure and we no longer need the data but you need it in order to assert, establish or defend legal claims or where you have filed an objection to processing under Art. 21 GDPR;
- under Article 20 of the GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller ("data portability");
- under Article 7(3) of the GDPR, to withdraw your consent - i.e. your voluntary, informed and unambiguous expression of your consent to the processing of the personal data concerned for one or more specific purposes by means of a declaration or other unambiguous affirmative act - at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future and that we may no longer use your data for any other purpose.
- to complain to a data protection supervisory authority about the processing of your personal data in our company under Article 77 GDPR, for example to the data protection supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision (BayLDA) Promenade 18, 91522 Ansbach. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
Right to object
Insofar as your personal data is processed for the purpose of legitimate interests under Art. 6(1) sentence 1(f) GDPR you have the right under Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation or where the objection is levelled at direct marketing. In the latter case you have a general right to object which will be implemented by us without a particular situation having to be specified.
If you should wish to exercise your right to object or ask for rectification kindly send an email to the above email address.
When our website is visited we use the SSL method (Secure Socket Layer) in conjunction with the highest level of encryption that is supported by your browser. We also apply appropriate technical and organisational security measures to safeguard your data from accidental or deliberate manipulation, complete or partial loss, destruction or access by unauthorised third parties. Our security measures are continually being improved in line with technological progress.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
- Technical cookies: these are essential to navigate the website, to use basic functions and to ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which website you have visited;
- Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
- Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or third party offers and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.
You can change or withdraw your consent at any time from the cookie statement on our website.