1) NAME AND CONTACT INFORMATION OF THE CONTROLLER RESPONSIBLE FOR PROCESSING AND THE COMPANY’S DATA PROTECTION OFFICER
This data protection information shall apply for data processing by:
Stabitec Stanz-Biege-Technik GmbH
Lars Gorschlüter, Dieselstr. 70, 42489 Wülfrath,
Tel.: +49 (0)2058 78 82-60
Fax: +49 (0)2058 78 82-59
e-mail: info [at] stabitec.de
(hereinafter also called “we” or “us”)
2) COLLECTION AND STORAGE OF PERSONAL DATA AS WELL AS THE TYPE AND PURPOSE OF ITS USE
We take physical, technical and administrative security measures to reasonably protect your personal data from loss, abuse, unauthorised access, dissemination and alteration. These security measures include firewalls, data encryption, physical access restrictions for our data centres, and authorization controls for access to data. Occasionally, we also use information about you from other sources and add them to our information. This particularly includes information from public directories (e.g. commercial register).
a) When visiting the website
When visiting our website stabitec.de, the browser that you use on your device automatically sends information to our website’s server. This information is temporarily stored in what is known as a log file. The following information is recorded and saved until automatic deletion without any action on your part:
- IP address of the requesting computer, truncated by the last three digits
- Date and time of access,
- Name and URL of the requested file,
- Website from which the access is made (referrer URL),
- The browser used and, if necessary, your computer’s operating system as well as the name of your ISP,
- The requested access methods/functions from the requesting browser,
- Access status of the web server (file sent, file not found, command not executed, etc.)
We process the aforementioned data for the following purposes:
- Ensure convenient use of our website,
- System security and stability and
- Other administrative purposes.
b) When accessing with a mobile device
Most mobile devices enable their users to disable location-based services. In most cases, this option can be found under the “Settings” menu. Click here for information about certain devices. If you still have questions about how you can disable location-based services on your device, we recommend that you contact your mobile phone carrier and/or your device manufacturer.
c) When contacting via e-mail
Data that you send us via e-mail is processed for the purposes of communication and data exchange as per Art. 6 Para. 1 lit. a), b), c), f) GDPR. This data is stored for as long as its processing is necessary for these purposes and/or until any subsequent retention periods lapse, particularly in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). If you send us personal data belonging to another person, you must take the necessary measures as per data protection law beforehand, e.g. obtain the required prior permission from this person and inform them about the purpose for which you are sending us this data.
d) When using our contact form
If you have any questions, we provide you with the option of contacting us via a contact form provided on the website. It is important to provide a valid e-mail address and your last name so that we know who is sending the inquiry and so that we can respond to it. Additional information may be provided voluntarily.
Data processing for the purpose of contacting us is carried out according to Art. 6 para. 1 pg. 1 lit. a GDPR based on your voluntarily provided consent. The personal data that we collect for using the contact form is automatically deleted once the inquiry you have submitted is complete.
e) When sending a job application via e-mail
Your job application data will be received by the human resources department and forwarded solely to the department responsible for the respective job position and/or to the person entrusted with processing it. Data processing is based on Art. 6. para. 1 lit. a) GDPR. By sending the application data, you agree to the processing of your personal data as part of the job application process. Once the applicant selection process is complete, we will store your job application for an additional three months and afterwards erase it if we have not concluded any work agreement with you. If necessary, we will provide you with a separate questionnaire in which you can actively consent to continued storage of your documents. Please note that applications that you send us by e-mail are sent to us unencrypted.
4) STORAGE DURATION
5) RIGHTS OF THE DATA SUBJECT
You have the right to do the following at any time free of charge:
- Request information about your personal data that we process as per Art 15. GDPR. Particularly, you may request information about the processing purposes, the category of the personal data, the categories of the recipients to whom your personal data has been or is being disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or revocation, the existence of a right to object, the origin of your data – unless we did not gather this – as well as information about the existence of an automatic decision-making process including profiling and, where applicable, detailed information about its particularities;
- Request the immediate rectification of errors in your personal data stored with us or completion of your personal data stored with us as per Art. 16 GDPR;
- Request the deletion of your personal information stored on our systems as per Art. 17 GDPR, unless the processing is required to exercise the right to free speech and information, to comply with a legal obligation, for reasons of the public interest or to assert, exercise or defend legal rights;
- Request a restriction to the processing of your personal data as per Art. 18 GDPR if you dispute the accuracy of the data, the processing is illegal, but you reject its deletion and we no longer require the data, although you need this data to assert, exercise, or defend legal claims or you have filed an objection against the processing as per Art. 21 GDPR;
- Request to receive your personal information that you have provided to us in a structured, commonly used and machine-readable format or request to send this information to another controller as per Art. 20 GDPR. However, this shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, you have the right to have the personal data transferred directly from one controller to another controller if it is technically feasible and if this does not affect any rights and freedoms of other people;
- As per Art. 21 GDPR, file an objection against the processing of your personal data – which takes place based on Article 6 paragraph 1 letters e or f – at any time for reasons arising from your particular situation; this shall also apply for any profiling based on these provisions. The right to objection includes the option for data subjects to object to the further processing of their personal data in a special situation, provided that this is justified by the performance of public tasks or for public and private interests. The exceptions for this rule governed by § 36 of the German Federal Data Protection Act [BDSG] shall apply.
- As per Art. 7 para. 3 GDPR, you have the right to revoke any permission that you have issued to us at any time. This would result in us no longer being allowed to continue data processing based on this permission in the future and
- as per Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. Generally, you may contact the supervisory authority of your habitual residence or workplace or our headquarters. You can find a list with the addresses of the state data protection supervisory authorities on this website: Federal Commissioner for Data Protection and Freedom of Information https://www.bfdi.bund.de
6) RIGHT TO OBJECT
If your personal data is processed based on a legitimate interest as per Art. 6 para. 1 pg. 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data as per Art. 21 GDPR if there are grounds for it that arise from your particular situation or if the objection is against direct advertising. In the latter case, you have a general right to object that is implemented without us specifying a particular situation. If you wish to make use of your right of revocation or right to object, an e-mail to info [at] stabitec.de shall suffice.
7) PRIVACY OF MINORS
We do not knowingly gather nor request any information on people who are younger than 16 years of age and/or allow such persons to unknowingly send us data. Our website and its content is not intended for children under 16 years of age. If we determine that we have gathered personal information about a person who is younger than 16 years of age without the consent of the legal guardian, we will erase this information as quickly as possible unless we are legally compelled to retain this data.
8) DATA SECURITY
When you visit the website, we use the widespread SSL (Secure Socket Layer) protocol together with the highest level of encryption supported by your browser, which is generally 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell if a page from our website is sent encrypted by the closed padlock symbol shown on the bottom status bar of your browser. Apart from that, we use technical and organisational security measures to protect your data from random or intentional manipulations, partial or full loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
9) TRANSMISSION TO THIRD COUNTRIES AND LEGAL BASIS
We also process personal data in countries outside of the European Economic Area (“EWR”), i.e. the U.S. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as the law in the member states of the European Union does. If there is an adequacy decision from the European Commission for the respective third country, we have concluded the standard contractual clauses of the EU Commission as per Art. 46 para. 2 lit. c GDPR to ensure an adequate level of data protection with the services used in third countries:
- Standard contractual clauses withprocessors
- Standard contractual clauses withcontrollers
As of 27 September 2021, we are using the new standard contractual clauses of the European Commission: Standard contractual clauses
10) TRANSMISSION TO PROSECUTORIAL AND CRIMINAL INVESTIGATION AUTHORITIES
In exceptional cases, we send personal data to prosecutorial and criminal investigation authorities. This is carried out based on the corresponding legal obligations, e.g. from criminal procedure code, fiscal code, money laundering laws or state police laws.