You are entitled to the following rights within the legally prescribed framework:

• Right to information Art. 15 GDPR
  You have the right to receive free information from us at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

If you assert the above-mentioned rights, we ask for your understanding that in the event of doubt regarding your identity, we will require you to provide proof that you are the person you claim to be.

In addition to the rights mentioned above, you also have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates the GDPR.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

• you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR,
• the disclosure is permitted in accordance with Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR, as well as this
• is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.

As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this for the service providers concerned in the privacy policy. In order to protect your data in all other cases, we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This sometimes does not apply in the case of data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

Our website may contain links to and from websites of other providers not affiliated with us (“third parties”). After clicking on the link within our website, we no longer have any influence on the processing of any data transmitted to the third party by clicking on the link (such as IP address or the URL on which the link is located), as the behavior of third parties is naturally beyond our control. We cannot accept any responsibility for the processing of such data by third parties.

Our website may contain links to share content from our website on various social networks and/or messenger services. The links we create do not lead to any data being passed on to providers of social networks or messenger services while you are using our website. Only when you click on one of the links to share content from our website will data (such as your IP address or the URL on which the link is located) be transmitted to the respective provider of the social network or messenger service. We have no influence on the further data processing by the respective provider of the social network or messenger service.

9.1 SSL/TLS encryption
This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the “https://” instead of “http://” in the address line of the browser and by the lock symbol in your browser line. We use this technology to protect your transmitted data.

9.2 Data collection when visiting the website & hosting
If you only use our website for information purposes, if you do not register or otherwise provide us with information or do not give your consent to processing that requires consent, we only collect data that is technically necessary for the provision of the service. This is regularly data that your browser transmits to our server (“in so-called server log files”). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following can be recorded

• browser types and versions used,
• the operating system used by the accessing system,
• the website from which an accessing system reaches our website (so-called referrer),
• the sub-websites that are accessed via an accessing system on our website,
• the date and time of access to the website,
• an Internet Protocol address (IP address) and,
• the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order

• to deliver the content of our website correctly,
• to optimize the content of our website and the advertising for it,
• to ensure the long-term functionality of our IT systems and the technology of our website, and
• to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

Our website is hosted on the servers of our service provider HostPress GmbH, Bahnhofstraße 34, 66571 Eppelborn, Germany. Our service provider will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. We have concluded an order processing contract with the service provider for this purpose in accordance with Art. 28 GDPR.

You can find more information on HostPress GmbH’s data protection provisions at: https://www.hostpress.de/datenschutz/

10.1 General information on cookies
Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. Information is stored in the cookie that results from the connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimization. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.

10.2 Required cookies

BORLABS COOKIE (CONSENT MANAGEMENT TOOL)
We use the WordPress cookie plugin “Borlabs Cookie” from Borlabs GmbH. This service enables us to obtain and manage the consent of website users for data processing.

Borlabs Cookie uses cookies to collect data generated by end users who use our website. When an end user gives consent, the following data, among others, is automatically logged:

• Cookie duration,
• Cookie version,
• Domain and path of the WordPress page,
• Selection in the cookie banner,
• UID (a randomly generated ID)

The consent status is also stored in the end user’s browser so that the website can automatically read and follow the end user’s consent in all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). The data will then be deleted immediately.

The functionality of the website is not guaranteed without the processing described above. The user has no right to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations, Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR.

The data collected will not be forwarded to Borlabs GmbH, nor will Borlabs GmbH have access to it.

Information from the service provider:
Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany

Website:
https://de.borlabs.io/

Privacy policy of the service provider:
https://de.borlabs.io/datenschutz/

LANGUAGE RECOGNITION (WPML)
Our website uses the WPML cookie from OnTheGoSystems Limited to offer a multilingual language version of the website. We use this cookie to determine the current language of the respective website visitor in order to be able to display the desired language in a user-oriented manner. No data is transferred to the service provider.

Information from the service provider:
OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong

Website:
https://wpml.org

Explanations regarding the cookie:
https://wpml.org/documentation/support/browser-cookies-stored-wpml/

Privacy policy of the service provider:
https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

On what legal basis are necessary cookies used?
In order to be able to prove whether you have consented to the use of cookies requiring consent, we store the information about the granting or non-granting of consent in order to fulfill our legal obligation to provide evidence pursuant to Art. 6 para. 1 lit. c, para. 3 lit. a GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR.

In addition, we use necessary cookies to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.

Our pursued legitimate interests are:

• Ensuring the security and stability of our website and the IT security of our systems;
• Assertion, exercise and defense of legal claims;
• Providing and ensuring the proper functioning of our website.

10.3 Optional Cookies

GOOGLE ANALYTICS 4 (GA4)
On our website we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website may include, but is not limited to:

• Short-term recording of the IP address without permanent storage
• Location data
• Browser type/version
• Operating system used
• Referrer URL (previously visited page)
• Time of the server request

The pseudonymized data may be transmitted by Google to a server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.
These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.
Google’s default data storage period is 14 months. Otherwise, the personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Information from the service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA

Website:
https://marketingplatform.google.com/about/analytics/

Information regarding the use of data by Google Analytics:
https://support.google.com/analytics/answer/6004245?hl=de

Privacy policy of the service provider:
https://policies.google.com/privacy?hl=de

GOOGLE ANALYTICS 4 (GA4) – Additional information on Consent Mode, simple implementation
Under the Digital Markets Act, Google is obliged to obtain user consent before processing user data for personalized advertising. Google meets this requirement with the “Consent Mode”. Users are obliged to implement this and thus prove that they have obtained the consent of website visitors.
Google offers two implementation modes, the simple and the extended implementation.
We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above) will a connection to Google be established, a Google code executed and the processing described above carried out. If you refuse consent, Google will only receive information that consent has not been given. The Google code is not executed and no Google Analytics cookies are set.

GOOGLE MAPS
We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (land) maps in order to visualize geographical information. By using this service, you can, for example, view our location and make it easier for you to find us.
Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there as soon as you access the sub-pages in which the Google Maps map is integrated, provided you have given your consent. In addition, Google Maps loads Google Web Fonts and Google Photos as well as Google stats. The provider of these services is also Google Ireland Limited. When you access a page that integrates Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. The browser you are using also establishes a connection to Google’s servers for this purpose. This informs Google that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account that you are logged into or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

These processing operations are only carried out if express consent has been granted in accordance with Art. 6 (1) (a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Information from the service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA

Website:
https://cloud.google.com/maps-platform

Privacy policy of the service provider:
https://policies.google.com/privacy

Terms of use of the service provider:
https://www.google.com/intl/de_US/help/terms_maps.html

MICROSOFT TEAMS
We use the tool “Microsoft Teams” (“MS Teams”) to carry out our communication both in written form (chat) and in the form of telephone conferences, online meetings and video conferences. The operating company of the service is Microsoft Ireland Operations, Ltd, 70 Sir John Rogerson’s Quay, Dublin, Ireland; parent company: Microsoft Corporation, One Microsoft Way, Redmond, Washington, USA (“Microsoft”).

When using MS Teams, the following personal data is processed:

• Meetings, chats, voicemails, shared files, recordings and transcriptions.
• Data that is shared about you. Examples of this are your e-mail address, your profile picture and your telephone number.
• A detailed history of the telephone calls you make.
• Call quality data.
• Support/feedback data Information related to troubleshooting tickets or feedback sent to Microsoft.
• Diagnostic and service data Diagnostic data related to service usage.

To enable the display of video and playback of audio, the data from the microphone on your end device and from a video camera on the end device is processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.

If we make recordings of video conferences, the processing takes place exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. The legal basis for the use of “MS Teams” in the context of contractual relationships or pre-contractual measures is Art. 6 para. 1 lit. b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. Our interest here is in the effective conduct of online meetings.

As a cloud-based service, “MS Teams” processes the aforementioned data as part of the provision of the service. To the extent that “MS-Teams” processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for such use and as such is responsible for compliance with applicable laws and data controller obligations. If you access the MS Teams website, Microsoft is responsible for the data processing. Accessing the website is necessary to download the MS-Teams software.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Information from the service provider:
Microsoft Ireland Operations, Ltd, 70 Sir John Rogerson’s Quay, Dublin, Ireland; parent company: Microsoft Corporation, One Microsoft Way, Redmond, Washington, USA (“Microsoft”)

Website:
https://www.microsoft.com/de-de/microsoft-teams/group-chat-software

Privacy policy of the service provider:
https://privacy.microsoft.com/de-de/privacystatement

Terms of use of the service provider:
https://www.microsoft.com/de-de/rechtliche-hinweise/nutzungsbedingungen

Detailed information from the service provider:
https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

YOUTUBE VIDEOS IN EXTENDED DATA PROTECTION MODE (YOUTUBE-NOCOOKIES)
We embed videos stored on YouTube directly on some subpages of our website. The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). With this integration, content from the YouTube website is displayed in parts of a browser window. When you call up a (sub)page of our website on which YouTube videos are integrated, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

The integration of YouTube content only takes place in “extended data protection mode”. This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on your device. However, when the relevant pages are accessed, the IP address and, if applicable, other data are transmitted and thus, in particular, which of our websites you have visited. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google service before accessing the page or are permanently logged in. As soon as you start playing an embedded video by clicking on it, YouTube only stores cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by making the appropriate browser settings and extensions.

These processing operations are only carried out if express consent has been granted in accordance with Art. 6 (1) (a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Information from the service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA

Website:
https://www.youtube.com/

Privacy policy of the service provider:
https://policies.google.com/privacy

CONTACT / CONTACT FORM
On our website, we offer you the opportunity to send us messages or inquiries via contact forms. You also have the option of contacting us directly by e-mail, telephone or fax. If you make use of this option, we will process the data collected via the respective form in order to process your message or inquiry and, if necessary, to contact you. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.

What data do we process and for what purposes?
We process the following data:

• Last name, first name
• Company name
• E-mail address
• Telephone number
• Content data (your message/request)

This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.

On what legal basis do we process your data?
Your data is processed to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR and to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.

Our legitimate interests are the proper response and processing of your message or request as well as a customer-oriented approach and communication.

You have the right to object to processing on the basis of Art. 6 para. 1 lit. f GDPR at any time for reasons arising from your particular situation.

APPLICATION MANAGEMENT
We collect and process the personal data of you as an applicant for the purposes of handling the application process. Processing may also be carried out electronically. This is particularly the case if you send us the relevant application documents electronically, for example by e-mail or via the contact form on our website.

What data do we process and for what purposes?
We process the following data:

• Last name, first name
• Address data (street, house number, zip code, city, country)
• Telephone number
• E-mail address
• Content data (application email/contact field)
• Date of birth
• Current profession
• Vocational training, if applicable
• Curriculum vitae, if applicable
• Cover letter, if applicable
• Gender, if applicable
• Nationality, if applicable
• If applicable, salary expectations (monthly/annually)
• Period of notice, if applicable
• If applicable, (work) references, certificates, qualification data, etc.
• If applicable, appointment information regarding interviews and job interviews
• If applicable, all other data and documents that you submit as part of your application

We only process this data for the following purposes:

• Carrying out an application procedure and pre-contractual measures
• For the settlement of legal disputes, enforcement of existing contracts and for the assertion, exercise and defense of legal claims
• If applicable, to establish and implement an employment relationship if the application process results in an employment relationship

On what legal basis do we process your data?
Your data is processed on the following legal bases:

• Fulfillment of a contract or implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
• Protection of legitimate interests (Art. 6 para. 1 lit. f GDPR)

If an employment relationship is established following the application process, your data will be processed within the framework of the data protection regulations for employees and thus for the implementation of the employment relationship in accordance with Art. 6 para. 1 lit. b GDPR. We will then inform you of this separately.

Our legitimate interests pursued are economic interests and the settlement of legal disputes or the assertion, exercise and defense of legal claims.

You have the right to object to processing on the basis of Art. 6 para. 1 lit. f GDPR at any time for reasons arising from your particular situation.

If the application process does not result in an employment relationship, your data will be deleted no later than 6 months after notification of rejection or notification from you that you do not wish to enter into an employment relationship with us. In individual cases, the data may be stored longer for the assertion, exercise or defense of legal claims.

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services to those already purchased from our range by e-mail. In accordance with Section 7 (3) UWG, we do not need to obtain separate consent from you for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f) GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the controller named at the beginning. You will only incur transmission costs for this in accordance with the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be discontinued immediately.

So that we can also communicate with you on social networks and inform you about our services, we have our own pages there. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this, within the meaning of Art. 26 GDPR. We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.

As a precautionary measure, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing in social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behavior is assigned to your own social network member profile.

The described processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR.

As we do not have access to the providers’ databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:

14.1 Facebook
(Joint) controller for data processing in Europe:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy):
https://www.facebook.com/about/privacy

14.2 Instagram
(Joint) controller for data processing in Germany:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy):
https://instagram.com/legal/privacy/

14.3 LinkedIn
(Joint) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy policy:
https://www.linkedin.com/legal/privacy-policy

14.4 YouTube
(Joint) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:
https://policies.google.com/privacy

In principle, we process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal regulations to which our company is subject. If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.

This privacy policy is currently valid and has the status: July 2024.

It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at“https://www.absaugwerk.de/datenschutz”.

Langenau in July 2024

ABSAUGWERK GmbH
Eichlesstraße 16
D-89129 Langenau

www.absaugwerk.de