Fleck | Dachzubehör!

1. DATA PROTECTION AT A GLANCE

Basic information

We, Fleck GmbH, as the operator of this website, take the protection of your personal data very seriously. We treat your personal data confidentially and according to the statutory data protection regulations as well as this Privacy Policy.

On our website, and if you use our services, personal data is only collected to the necessary extent and is processed for a specific purpose. Personal data are data by which you are personally identifiable or other data linked to you.

The following notes provide you with a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Detailed information on the topic of data privacy is given in our Privacy Policy that follows this text.

Data collection on our website

Responsible body (Controller) within the meaning of the GPDR:

Fleck GmbH
Industriestr. 12
45711 Datteln, Germany

Phone:+49 2363 / 9123-0
Fax:+49 2363 / 9123-80
Email:

The Controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

You can also contact our data protection officer by email or letter if you have any suggestions or complaints regarding the processing of your personal data:

Datenschutz Consult Bernd Schulz
Endelner Weg 205 a
46286 Dorsten, Germany

Phone:+49 2369 / 2080428
E-Mail: datenschutz@fleck-dach.de

How do we collect your data?

Your data are collected on the one hand by you disclosing it to us. This can be data, for example, that you enter in a contact form. Other data are collected automatically by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system or time the page was viewed). These data are collected automatically as soon as you access our website.

What do we use your data for?

Part of the data is collected to ensure fault-free provision of the website. Other data can be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to demand the rectification, restriction or erasure of these data. To this end, and if you have any other questions about data privacy, you can contact us at any time at the address given in the Legal notice. Furthermore, you also have the right to lodge a complaint with the competent supervisory authority.

Analysis tools and tools of third party providers

When you visit our website, your surfing behaviour can be evaluated statistically. This is mainly done with cookies and so-called analysis programs. Your surfing behaviour is normally analysed anonymously; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information on this is provided in the following Privacy Policy.

You can object to this analysis. We inform you about your objection options in this Privacy Policy.

2. GENERAL NOTES AND MANDATORY INFORMATION

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw an already issued consent at any time. An informal notification sent by email is sufficient for this. The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to lodge a complaint with the competent supervisory authority

In case of breaches of data protection law, the person (“data subject”) concerned has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection law issues (in Germany) is the State Data Protection Officer of the federal state in which our company has its registered office. A list of the data protection officers and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have the data which we process automatically on the basis of your consent or for the performance of a contract issued to you or to a third party in a commonly used machine-readable form. If you demand the direct transfer of the data to another data controller, this is done only insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential contents, such as orders or enquiries, which you send to us as the site operator. You can identify an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be intercepted and read by third parties.

Objection to advertising emails

We herewith object to use of the contact details published under the mandatory legal notice to send advertising and information material that we have not explicitly requested. The operators of the site reserve the right to take legal steps in case of the sending of unsolicited advertising information, for example, in the form of spam emails.

3. DATA COLLECTION ON OUR WEBSITE

Cookies

Some pages of this site use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, more effective and more secure. Cookies are small text files which are placed on your computer and are stored by your browser.

Most of the cookies used by us are so-called “session cookies”. They are deleted automatically at the end of your visit. Other cookies remain on your terminal device until you delete them. These cookies enable us to recognise your browser the next time you visit our site.

You can set your browser so that you are informed of the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of the cookies on closing the browser. If you disable cookies, the functions of this website can be limited.

Cookies, which are required to implement the electronic communication process or for the provision of certain functions required by you (e.g. shopping basket function), are stored on the basis of Art. 6 Para. 1 (f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of their services. Insofar as other cookies are stored (e.g. cookies for the analysis of your surfing behaviour), they are dealt with separately in this Privacy Policy.

Server log files

The provider of the pages collects and stores information automatically in so-called server log files, which your browser sends to us automatically. These are:

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

These data are not merged with other data sources.

The basis for this data processing is our legitimate interest pursuant to Art. 6 Para. 1 (f) GDPR.

Contact form

If you send us enquiries by contact form, your details from the enquiry form including the contact details given there by you are stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on these data without your consent.

The data entered in the contact form are there processed solely on the basis of your consent (Art. 6 Para. 1 (a) GDPR). You can withdraw this consent at any time. An informal notification sent by email is sufficient for this. The lawfulness of the data processing operations carried out until the withdrawal remains unaffected by the withdrawal.

The data entered by you in the contact form remain with us until you request their erasure, withdraw your consent to their storage or the purpose of the data storage no longer applies (e.g. after completed processing of your enquiry). Mandatory legal provisions – especially retention periods – remain unaffected.

Matomo

We use the “Matomo” software (www.matomo.org), a service of the provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, for statistical evaluation of visitor accesses to this website. The software sets a cookie (a text file) on your computer, with which your browser can be recognised. If subpages of our website are opened, the following data are stored:

the IP address of the user, shortened by the last two bytes (anonymised)
the opened subpage and time of opening
the site from which the user accessed our website (referrer)
which browser with which plug-ins, which operating system and which screen resolution is used
the length of time spent on our website
the sites accessed from the opened subpage

The data collected with Matomo (including your shortened IP address) are stored on our own servers. It is not passed on to third parties. This analysis tool is used solely on the basis of your consent as required in Art. 6 para. 1 (a) GDPR, in order to continuously optimise our offer based on your user behaviour. The data are never used to personally identify the users of the website and are not merged with other data. By anonymising the IP address we additionally take into account users’ interest in the protection of their personal data. The data are erased as soon as they are no longer required for our recording purposes. In our case, this occurs automatically after 6 months. Further information on the Matomo terms of use and data protection arrangements can be found at: https://matomo.org/privacy/

4. PLUG-INS AND TOOLS

YouTube

Our website uses plug-ins of the YouTube site operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plug-in, a connection is established to the YouTube servers. The YouTube server is notified which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of providing an attractive display of our online offers. This requires your consent pursuant to Art. 6 Para. 1 (a) GDPR. Please note that data collected with your consent as specified in the consent banner are stored for a period of 6 months before they are deleted automatically. Further information of how user data is handled can be found in the YouTube Privacy Policy at: https://www.google.de/intl/de/policies/privacy.

Google Maps

This site uses the Google Maps service via an API. Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transferred to a Google server in the USA where it is stored. The provider of this site has no influence on this data transfer.

Google Maps is used in the interest of providing an attractive display of our online offers and easy findability of the places given by us on the website. This requires your consent pursuant to Art. 6 Para. 1 (a) GDPR. Please note that data collected with your consent as specified in the consent banner are stored for a period of 6 months before they are deleted automatically. More information on how user data is handled can be found in the Google Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

5. Social media

This privacy policy applies to our presence in the following social media

Data processing via social media platforms

Social networks such as Facebook, LinkedIn, etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (such as Like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are initiated. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies which are stored on your terminal device or by recording your IP address.

The operators of the social media portals can use the data collected in this way to create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based (personalised) advertising within and outside the respective social media presence. If you have an account with the respective social network, the personalised advertising can be displayed on all devices on which you are or were logged in.

Please also note that we are not able to trace all processing processes on the social media portals. Depending on the provider, other processing operations may therefore also be implemented by the operators of the social media portals. For details, refer to the terms of use and data protection/privacy provisions of the respective social media portals.

Legal basis

Our use of social media is intended to ensure our comprehensive presence on the internet. This is a legitimate interest as defined in Art. 6 para. 1 (f) GDPR. The analysis processes initiated by the social networks may possibly be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent as defined in Art. 6 para. 1 (a) DSGVO)..

Controller and enforcement of rights

When you visit our social media presences (e.g. Facebook), together with the operator of the social media platform, we are responsible for the data processing operations initiated by this visit. You can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaints) not only in relation to us but also in relation to the respective social media portal (e.g. Facebook).

Please note that despite our joint responsibility with the social media portal operators, we do not have complete influence on the data processing operations of the social media portals. Our options are essentially dependent on the corporate policy of the respective provider.

Storage period

The data collected by us directly via our social media presence are erased by our systems as soon as you request their erasure, withdraw your consent to storage or the purpose of the data storage no longer exists. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We do not have any influence on the period during which your data are stored by the operators of the social networks for their own purposes. For details, please refer directly to the operators of the social networks (e.g. their privacy policy, see below).

Your rights

You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to object, to data portability and a right to lodge a complaint with the competent supervisory authority. Furthermore, you can demand the rectification, blocking, erasure and, under certain circumstances, the restriction of processing of your personal data.

Facebook:

Purpose of the processing:

We use Facebook to optimiser the representation of our company in public and to maintain fast contact with users.

Legal basis:

Your data are processed by Facebook on the basis of your consent (Art. 6 para. 1 (a) GDPR) or our legitimate interest as set out in data protection law (Art. 6 para. 1 (f) GDPR).

Data transfer/Controller/Enforcement of rights:

Facebook transfers data to the USA, among other places. This transfer takes place on the basis of the adequacy decision for the EU-US Data Privacy Network adopted by the European Commission on 10/07/2023. This framework contains conditions which are intended to serve as appropriate guarantees for secure data transfer between the EU and the USA. One requirement for this is that US companies certify under the EU-US Data Privacy Framework and undertake to meet specific data protection provisions. The providers of the social media channels and meta platforms used by us currently meet these conditions for (non-HR data).

Which data are stored by Facebook:

If you visit our website and link to Facebook, personal data may be processed. Automatically determined information about your visit is often recorded, which can also include personal data such as your IP address, email addresses, data on user behaviour and information about the device used. For details of the information recorded and processed by Facebook, refer to the Facebook privacy policy. The following link takes you directly to the described policy: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

If you are logged in via Facebook, a cookie with your Facebook ID is stored on your terminal device. With it, Facebook automatically recognises that you have visited our site. To prevent this, you can log out of Facebook or disable the “stay logged in” function. Information on your data subject rights can be found here: https://de-de.facebook.com/help/2069235856423257

Instagram

Purpose of the processing:

By using Instagram, we aim to optimise our company’s presentation in public and to maintain efficient communication with users.

Legal basis:

Your data are processed by Instagram on the basis of your consent as referred to in Article 6 paragraph 1 (a) of the General Data Protection Regulation (GDPR). In addition, with our use of social media we pursue the legitimate interest of ensuring a comprehensive presence on the internet referred to in Article 6 paragraph 1 point (f) GDPR.

Data transfer/Controller/Enforcement of rights:

Instagram processes data in the USA, among other places. This data transfer takes place on the basis of the adequacy decision of the EU-US Data Privacy Framework, which was adopted by the European Commission on 10/07/2023.

Which data are stored by Instagram:

If you visit our website and link to Instagram, personal data may be processed. Automatically determined information about your visit can be recorded, including your IP address, email addresses, data on user behaviour and information about the device used. These data are processed by Instagram and may possibly be transferred to countries outside the EU. Further information on the data collected and processed by data can be found in the Instagram privacy policy under the following link: https://help.instagram.com/155833707900388

If you are logged in via Instagram, a cookie with your Instagram ID is stored on your terminal device and Instagram automatically recognises your visit to our site. To prevent this, you can log out of Instagram or disable the “stay logged in” function.

For information on your data subject rights and other details, please refer to the Instagram privacy policy: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect&tid=311942099

Purpose of the processing:

By using LinkedIn, we aim to optimise our company’s presentation in public and to maintain efficient communication with users.

Legal basis:

Your data are processed by LinkedIn on the basis of your consent as referred to in Article 6 paragraph 1 (a) of the General Data Protection Regulation (GDPR). In addition, with our use of social media we pursue the legitimate interest of ensuring a comprehensive presence on the internet referred to in Article 6 paragraph 1 point (f) GDPR.

Data transfer/Controller/Enforcement of rights:

If you visit our website and link to LinkedIn, personal data may be processed. Automatically determined information about your visit can be recorded, including your IP address, email addresses, data on user behaviour and information about the device used.

Which data are stored by LinkedIn:

To create an account, you must provide certain data, including your email address and/or your mobile phone number, your general location (e.g. town/city) and a password. If you register for a premium service, you are obliged to provide payment and invoicing information, for example, credit card details. You decide which information you would like to make public in your profile. This can include, for example, training, higher education and job experience details, skills, a photo, your location or region and skill endorsements. If you visit our website and link to Instagram, personal data may be processed. Automatically determined information about your visit can be recorded, including your IP address, email addresses, data on user behaviour and information about the device used.

The LinkedIn privacy policy can be found here: https://de.linkedin.com/legal/privacy-policy

Xing

Purpose of the processing:

By using Xing, we aim to optimise our company’s presentation in public and to maintain efficient communication with users.

Legal basis:

Your data are processed by Xing on the basis of your consent as referred to in Article 6 paragraph 1 (a) of the General Data Protection Regulation (GDPR). In addition, with our use of social media we pursue the legitimate interest of ensuring a comprehensive presence on the internet referred to in Article 6 paragraph 1 point (f) GDPR.

Data transfer/Controller/Enforcement of rights:

If you visit our website and link to Xing, personal data may be processed. Automatically determined information about your visit can be recorded, including your IP address, email addresses, data on user behaviour and information about the device used.

Which data are stored by Xing:

To create an account, you must provide certain data, including your email address and/or your mobile phone number, your general location (e.g. town/city) and a password. If you register for a premium service, you are obliged to provide payment and invoicing information, for example, credit card details. You decide which information you would like to make public in your profile. This can include, for example, training, higher education and job experience details, skills, a photo, your location or region and skill endorsements. If you visit our website and link to Xing, personal data may be processed. Automatically determined information about your visit can be recorded, including your IP address, email addresses, data on user behaviour and information about the device used.

The Xing privacy policy can be found here: https://privacy.xing.com/de/datenschutzerklaerung

YouTube

Purpose of the processing:

By using YouTube, we aim to optimise our company’s presentation in public and to maintain efficient communication with users.

Legal basis:

Your data are processed by YouTube on the basis of your consent as referred to in Article 6 paragraph 1 (a) of the General Data Protection Regulation (GDPR). In addition, with our use of social media we pursue the legitimate interest of ensuring a comprehensive presence on the internet referred to in Article 6 paragraph 1 point (f) GDPR.

Data transfer/Controller/Enforcement of rights:

Which data are stored by YouTube:

To create a YouTube account, you must provide certain data, including your email address and/or your mobile phone number, your general location (e.g. town/city) and a password. If you register for a charged service such as YouTube Premium, you are obliged to provide payment and invoicing information, for example, credit card details. It is your responsibility to decide which information you would like to make public in your YouTube profile. For example, this can include your profile image, your channel settings, your public videos and playlists. If you visit our website and link to YouTube, personal data may be processed. Automatically determined information about your visit can be recorded, including your IP address, email address, data on user behaviour and information about the device used.

The YouTube privacy policy can be found here: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/

6. SEPARATE INFORMATION

Provisions for seminar participants

In the following we inform you pursuant to Art. 13, 14 of the EU General Data Protection Regulation (EU GDPR) of the purposes for which your personal data are processed by us and your resulting rights.

1. Name and contact details of the controller

Fleck GmbH

Industriestr. 12

45711 Datteln

Tel.: 02363 / 9123-0

Email:

2. Contact details of the data protection officer

Datenschutz Consult Bernd Schulz

Endelner Weg 205 a, 46286 Dorsten

Phone: 02369 / 2080428

Email:

3. Purposes for which personal data are processed and the legal basis of the processing

We process data for the conducting of seminars and courses in performance of a contract or for taking steps prior to entering into a contract (Art. 6 Para. 1 (b) GDPR, e.g. within the scope of the registration or related to the management of the proofs of qualification), to fulfil a legal obligation (Art. 6 Para. 1 (c) GDPR, e.g. commercial and tax retention obligations under § 257 HGB and § 147 AO), to safeguard the legitimate interests of the Controller or a third party (Art. 6 Para. 1 (f) GDPR, e.g. to make legal claims and defence in the event of legal disputes) as well as on the basis of the consents of data subjects (Art. 6 Para. 1 (a) GDPR, e.g. passing on data to third parties and the creation of photographs).

4. Sources and categories of the processed personal data

We process personal data, which we receive from you or third parties, e.g. your employer, when contact is made and within the scope of our business relationship, e.g. for processing an enquiry or an order.

Relevant personal data are, in particular, personal details (such as your last name, first name, address, bank details, invoice address) and other contact details (such as phone number, email address, name and contact details of the employer).

5. Recipients or categories of recipients of the personal data

Within the company, access to the data is granted to the persons and positions that need it to fulfil the contractual and legal obligations. Processors engaged by us pursuant to Art. 28 GDPR can also process data for these purposes, e.g. IT service providers as well as cloud providers.

Outside of the company, data can be forwarded to service providers, authorities, tax consultants, banks, collection agencies, solicitors.

6. Transfer to a third country (outside the EU/EEA) or to an international organisation

Transfer to a third country does not take place and is also not planned.

7. Period for which the personal data will be stored and the criteria used to determine this period

The required personal data are retained according to the legally specified periods. Corresponding obligations to produce proof and retention obligations result from the German Commercial Code (“Handelsgesetzbuch”, HGB) and the Revenue Code (“Abgabenordnung”, AO). The retention and documentation periods specified there are accordingly up to ten years. If the data are no longer required to fulfil contractual or legal obligations they are erased regularly.

In addition to the above-named information, the following is an overview of your other data protection rights:

Right of access and information about the personal data concerned (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) as well as the restriction of processing (Art. 18 GDPR)
Right to object to the processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up until it is withdrawn (Art. 7 Para. 3 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

We do not use any fully automated decision-making pursuant to Art. 22 GDPR to justify, perform or undertake the business relationship or for the taking of steps prior to entering into a contract. Should we use this procedure in individual cases, we will inform you separately or obtain your consent, where this is required by law.

Is there an obligation to provide data?

Within the scope of the contractual relationship or the contract initiation, you must provide the personal data which are required for the starting, performance and ending as well as the associated contractual obligations or which we are required to acquire by law. Without these data, in general we will not be able to conclude or implement the contract with you for conducting seminars.

Separate information about your right to object according to Article 21 GDPR

According to Art. 21 Para. 1 GDPR, you have the right to lodge an objection to the processing of your personal data at any time, undertaken on the basis of Article 6 Para. 1 (f) GDPR (data processing on the basis of a weighing up of interests), for reasons which result from your particular situation.

If you submit an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercising or defence of legal claims. If the processing is for direct marketing purposes, according to Art. 21 Para. 2 GDPR, you have the right to object to the processing of your personal data for the purposes of such marketing at any time; this also applies to profiling to the extent that it is related to such direct marketing.

If you would like to exercise your right to object or other data subject rights, it is sufficient to notify us in text form. You can write to us or contact us by email.

Provisions for applicants

We are pleased that you are applying or have applied for a position within our company. In the following we inform you pursuant to Art. 13, 14 of the EU General Data Protection Regulation (EU GDPR) of the purposes for which we process the application documents (data) received from you on a voluntary basis and what your related rights are.

1. Name and contact details of the controller

Fleck GmbH

Industriestr. 12

45711 Datteln

Tel.: 02363 / 9123-0

Email:

2. Contact details of the data protection officer

Datenschutz Consult Bernd Schulz

Endelner Weg 205 a, 46286 Dorsten

Phone: 02369 / 2080428

Email:

3. Purposes for which personal data are processed and the legal basis of the processing

We process the data you sent us in relation to your application to check your suitability for the job (or any other vacant positions within our company) and to implement the application process.

The legal basis for the processing of your personal data in this application process is primarily § 26 BDSG (German Data Protection Act). Accordingly, processing of the data required in relation to the decision regarding the establishment of an employment relationship is permitted.

Furthermore, we can process your personal data, provided this is required to fulfil legal obligations (Art. 6 para. 1 (c) GDPR, e.g. remuneration of travel expenses) and to defend against legal claims made against us that arise out of the application process. The legal basis for this is Art. 6 para. 1 (f) GDPR; the legitimate interest is, for example, a burden of proof in a procedure under the German General Act on Equal Treatment (Allgemeinen Gleichbehandlungsgesetz, AGG). If a need for longer-term storage exists (e.g. for other vacant positions or positions that become vacant), this is done on the basis of your written consent (as set out in Art. 6 para. 1 (a) GDPR). The same applies to the forwarding of your application data to other companies within our Group.

Where special categories of personal data, as defined in Art. 9 para. 1 GDPR, are provided voluntarily as part of the application process, they are processed additionally according to Art. 9 para. 2 (b) GDPR in conjunction with § 26 para. 3 BDSG (e.g. severely disabled status). Where special categories of personal data, as defined in Art. 9 para. 1 GDPR, are requested from applicants as part of the application process, they are processed additionally according to Art. 9 para. 2 (a) GDPR in conjunction with § 26 para. 2 and para. 3 sentence 2 BDSG (e.g. health details, if these are required for the exercising of a profession/an occupation).

4. Sources and categories of the processed personal data

We process personal data that we receive from you or recruiters as part of the application process, in particular, personal master data (name, address and other contact details, date and place of birth, nationality), bank account details (for the reimbursement of travel expenses), qualification documents (e.g. certificates, references, assessments and other proofs of training), IP addresses and photos.

5. Recipients or categories of recipients of the personal data

Where provided, applicants can send us their applications by using an online form on our website. The data are transmitted to us encrypted to state-of-the-art standards. Furthermore, applicants can send us their documents by email. However, in this case, we ask that you note that emails are basically sent unencrypted and applicants must ensure encryption themselves. We can therefore not accept any responsibility for the application transmission route between the sender and reception on our server and therefore recommend that you use an online form or send your application by post.

After receipt of your application, your data are examined by the personnel department. Suitable applications are then made available internally to the persons responsible for the respective vacant position. Within the company, your data is only accessed by persons who need this for proper completion of the application process.

We can transfer your personal data to companies affiliated with us, provided this is permitted within the scope of the purposes and legal bases set out in item 3. Otherwise, your personal data are processed on our behalf on the basis of processor agreements according to Art. 28 GDPR, this particularly applies to IT service providers, cloud computing and applicant management systems and software. We can also use recruiters as part of the application process. All service providers are contractually obliged to handle your data confidentially.

Otherwise, data is only passed on to recipients outside the company to the extent allowed or mandated by legal provisions, the passing on is required to fulfil legal obligations or we have your consent.

6. Transfer to a third country (outside the EU/EEA) or to an international organisation

The data are only processed in data centres in the Federal Republic of Germany. Transfer to a third country does not take place and is also not planned.

7. Period for which the personal data will be stored and the criteria used to determine this period

If an employment relationship does not come about subsequent to your application, we keep the application data for a maximum of six months after receipt of the rejection decision, so that we can answer any follow-up questions about the application and can meet our obligations to produce proof that arise out of the German General Act on Equal Treatment (AGG). This does not apply where legal provisions exclude erasure (e.g. archiving of travel expenses reimbursements according to the taxation law requirements for up to 10 years), continued storage is required for the purposes of providing evidence or you have expressly agreed to longer storage. If you have given your consent to longer storage of your personal data, we will include your data in our applicant pool. There your data are erased after one year has expired.

If you receive an offer for a position as a result of the application process, the relevant and required data from the application data are transferred into our personnel data system.

In addition to the above-named information, the following is an overview of your other data protection rights:

Right of access and information about the personal data concerned (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) as well as the restriction of processing (Art. 18 GDPR)
Right to object to the processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up until it is withdrawn (Art. 7 Para. 3 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

The decision regarding your application is not based solely on automated processing. There is therefore no automated individual decision-making as described in Art. 22 GDPR.

Is there an obligation to provide data?

As part of the application process, you must only provide the personal data required for the application process. You are not obliged to provide these data. However, in general, without these data we will not be able to implement the application process and make a decision about whether to establish an employment relationship.

Separate information about your right to object according to Article 21 GDPR

If you would like to exercise your right to object or other data subject rights, it is sufficient to notify us in text form. You can write to us or contact us by email.

Provisions for business partners

In the following we inform you pursuant to Art. 13, 14 of the EU General Data Protection Regulation (EU GDPR) about the processing of your personal data by us and your rights under data protection law.

1. Name and contact details of the controller

Fleck GmbH

Industriestr. 12

45711 Datteln

Tel.: +49 (0) 2363/9123-0

Email:

2. Contact details of the data protection officer

Datenschutz Consult Bernd Schulz

Endelner Weg 205 a, 46286 Dorsten

Phone: +49 (0) 2369/2080428

Email:

3. Purposes for which personal data are processed and the legal basis of the processing

We process personal data insofar as they are required for the establishment, implementation and performance of a contract as well as to take steps prior to entering into a contract (Art. 6 Para. 1 (b) GDPR, e.g. related to the initiation, execution and administration of orders), to fulfil a legal obligation (Art. 6 Para. 1 (c) GDPR, e.g. commercial and tax retention obligations under § 257 HGB and § 147 AO), to safeguard the legitimate interests of the controller or a third party (Art. 6 Para. 1 (f) GDPR, e.g. the storage of data for a reasonable time during acquisition efforts or to make legal claims and defence in the event of legal disputes) as well as on the basis of the consents of data subjects (Art. 6 Para. 1 (a) GDPR, e.g. passing on data to third parties, evaluation for marketing purposes or promotional contact by email).

4. Sources and categories of the processed personal data

We process personal data, which we receive from you or from public sources such as commercial registers, the internet and directories or from third parties including commercial credit agencies and credit reference agencies or from business partners, as part of making contact and our business relationship, e.g. for the processing of an enquiry or an order.

Relevant personal data are, in particular, personal details (such as your last name, first name, address, bank account details, invoice address, tax number or VAT number) and other contact details (such as phone number, email addresses). In addition, these can also be contract or order data (e.g. turnover data, order volume), information about your financial situation (e.g. Creditworthiness data) and data about you personally (such as your profession, position, tasks and authorities assigned to you) and other data comparable with the named categories. In individual cases, device data are also recorded, such as the name and IMEI number.

5. Recipients or categories of recipients of the personal data

Within the company, access to the data is granted solely to the persons and positions that need it to fulfil the contractual and legal obligations or to realise our legitimate interest (e.g. sales department). We can transfer your personal data to companies affiliated with us, provided this is permitted within the scope of the purposes and legal bases set out in item 3 of this data protection information sheet. Processors engaged by us pursuant to Art. 28 GDPR can also process data for these purposes, e.g. IT service providers, cloud providers and disposal service providers in the data destruction sector. All service providers are contractually obliged to handle your data confidentially.

Data is forwarded to recipients outside the company only in compliance with the application data protection regulations. Recipients of personal data can be, for example, logistics companies, service providers, suppliers, subcontractors, tax consultants, financial and business auditors, credit and financial service providers, credit rating information agencies, collection agencies, solicitors and public authorities. In such cases, information is passed on to these companies or individual persons to enable further processing by them.

6. Transfer to a third country (outside the EU/EEA) or to an international organisation

Transfer to a third country does not take place and is also not planned.

7. Period for which the personal data will be stored and the criteria used to determine this period

The personal data required are stored for the duration of the existence of warranty and guarantee claims. In addition, the personal data are retained for the legally specified periods. Corresponding obligations to produce proof and retention obligations result from the German Commercial Code (“Handelsgesetzbuch”, HGB) and the Revenue Code (“Abgabenordnung”, AO). The retention and documentation periods specified there are accordingly up to ten years. If the data are no longer required to fulfil contractual or legal obligations they are erased regularly.

In addition to the above-named information, the following is an overview of your other data protection rights:

Right of access and information about the personal data concerned (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) as well as the restriction of processing (Art. 18 GDPR)
Right to object to the processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up until it is withdrawn (Art. 7 Para. 3 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Is there an obligation to provide data?

Within the scope of the contractual relationship or the contract initiation, you must provide the personal data which are required for the starting, performance and ending as well as the associated contractual obligations or which we are required to acquire by law. Without these data, in general we will not be able to take steps prior to entering into a contract or implement the contractual relationship with you.

Separate information about your right to object according to Article 21 GDPR

If the processing is for direct marketing purposes, according to Art. 21 Para. 2 GDPR, you have the right to object to the processing of your personal data for the purposes of such marketing at any time; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for the purpose of direct advertising, we will not continue to process your data for these purposes.

If you would like to exercise your right to object or other data subject rights, it is sufficient to notify us in text form. You can write to us or contact us by email.

Data privacy statements for online meetings with “MS Teams” of Fleck GmbH

In the following we inform you on the basis of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) about the processing of personal data relating to holding of online meetings using the “Microsoft Teams” video conference tool.

1. Name and contact details of the controller

The controller responsible for data processing directly related to the holding of “online meetings” is

Fleck GmbH

Industriestr. 12, 45711 Datteln

Tel.: +49 (0) 2363/9123-0

Email:

Note: If you open the “Microsoft Teams” internet site, the provider of “Microsoft Teams” is responsible for the data processing. However, it is only necessary to open the internet site to use “Microsoft Teams” to download the software for its use.

If you do not want to or cannot use the “Microsoft Teams” app you can also use “Microsoft Teams” via your browser. The service is then also provided via the “Microsoft Teams” website.

2. Contact details of the data protection officer

We have named a data protection officer. You can reach them as follows:

Datenschutz Consult Bernd Schulz
Endelner Weg 205 a, 46286 Dorsten
Phone: +49 (0) 2369 / 2080428
Email:

3. Purposes for which personal data are processed and the legal basis of the processing

We use the “Microsoft Teams” tool to hold phone conferences, video conferences and webinars (in the following: “online meetings”). “Microsoft Teams” is a service of the Microsoft Corporation. Where personal employee data of Fleck GmbH are processed, the legal basis of the data processing is, in particular, Art. 6 para. 1 (b) GDPR. If, in relation to the use of “Microsoft Teams”, personal data are not required for the establishment, implementation or ending of the employment relationship, but are nevertheless an elementary component of use of “Microsoft Teams”, the legal basis for the data processing is Art. 6 para. 1 (f) GDPR. In these cases, our interest lies in holding effective “online meetings”..

If the processing of personal data within the scope of the online meeting is required for the performance of a contract, of which you are its contractual party, or for taking steps prior to entering into a contract at your request, Art. 6 para. 1(b) GDPR serves as the legal basis for the processing of personal data.

If a contractual relationship does not exist, the legal basis is Art. 6 para. 1 (f) GDPR. Here, too, our interest lies in holding effective “online meetings”.

If video and sound recordings are required in exceptional cases, we will notify you beforehand and transparently and request your consent pursuant to Art. 6 para. 1 (a) GDPR.

4. Sources and categories of the processed personal data

The following personal data are the subject of the processing for use of “Microsoft Teams”, whereby the scope of data also depends on which data you provide before or during the participation in an “online meeting”:

Details of the user (registration information): e.g. user name, activation and reference codes, email address, first and last name, company, organisation ID, participant IP, profile image (optional)
Configuration and communication data, e.g. device name, IP address, geodata, time zone, activity logs, hardware type
Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostics information
Text, audio and video data: you may have the opportunity to use the chat function in an “online meeting”. In this case, your text inputs are processed to display them in the “online meeting”. To enable the display of video and playback of audio, the data from your terminal device’s microphone and any video camera of the terminal device are processed during the meeting. You can switch off or mute the camera or microphone yourself at any time via the “MS Teams” applications.

5. Recipients or categories of recipients of the personal data

With regard to the processing of personal data related to participation in “online meetings”, they are basically not forwarded to third parties provided they are not directly intended for forwarding. Please note that content from “online meetings”, as is the case with in-person meetings, is frequently used to communicate information with customers, potential customers or third parties and are thus intended for passing on.

Another recipient is the provider of “Microsoft Teams”, the Microsoft Corporation.

6. Transfer to a third country (outside the EU/EEA) or to an international organisation

There is no data processing in third countries as we or the service provide have/has limited the storage location to data centres in the EU or the EEA.

However, we cannot rule out that the service provider also uses servers outside the EU or EEA or that data is routed via internet servers located outside the EU or EEA. In this case, an appropriate data protection level is ensured by the certification of the service provider for the EU-US Data Privacy Framework. In addition, as an additional protection measure, the data are encrypted during transport over the internet and are therefore basically secured against unauthorised access by third parties.

7. Period for which the personal data will be stored and the criteria used to determine this period

Your personal data, which we process within the scope of your use of “Microsoft Teams”, are basically deleted as soon as they are no longer needed for the purposes for which they were collected. A need for storage can exist, in particular, if the data are still needed to perform contractual services and to check and grant or defend against warranty and possibly guarantee claims. In case of the legal retention obligations of 6 and 8 years under commercial and taxation law respectively, erasure is only considered after the respective retention obligation has expired. If and insofar as the processing is based on your consent, the data are only stored until you retract your consent, unless another legal basis for the processing exists.

In addition to the above-named information, the following is an overview of your other data protection rights:

Right of access and information about the personal data concerned (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) as well as the restriction of processing (Art. 18 GDPR)
Right to object to the processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up until it is withdrawn (Art. 7 Para. 3 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Separate information about your right to object according to Article 21 GDPR

If you would like to exercise your right to object or other data subject rights, it is sufficient to notify us in text form. You can write to us or contact the controller
or our data protection team by email using the contact details provided above.