GENERAL INFORMATION ABOUT EU GENERAL DATA PROTECTION REGULATION
Data protection information in accordance with the EU General Data Protection Regulation - Status: 09/2024.
Information on the responsible authority
This data protection declaration applies to the following companies:
BAG Holding GmbH, E-Mail: info@bag-holding.com, Tel.: +49 (0) 6404 / 925 -100
BAG Health Care GmbH, E-Mail: info@bag-healthcare.com, Tel.: +49 (0) 6404 / 925 -250
BAG Diagnostics GmbH, E-Mail: info@bag-diagnostics.com, Tel.: +49 (0) 6404 / 925 -100
Postal address for all companies:
Amtsgerichtsstraße 1-5
35423 Lich
Further information about the companies can be found in the respective imprint.
Each company is responsible for its own web presence, the operation of social media platforms and the processing of customer and supplier data within the meaning of the GDPR.
Applicant management, personnel management and video surveillance are provided centrally as a shared service by BAG Holding GmbH as part of a joint responsibility pursuant to Art 26 GDPR.
If you have any questions regarding data protection, please contact us by e-mail to datenschutz@bag-holding.com, by telephone under +49 (0) 6404 / 925 -100, or by mail to BAG Holding GmbH under the above address.
We have appointed daschug GmbH in Darmstadt as joint data protection officer for the group of companies.
You can reach our data protection officer by e-mail to datenschutz@bag-holding.com, by telephone under 06151 / 62 90 62 0 or by mail to daschug GmbH, Robert Bosch Str. 7, 64293 Darmstadt, Germany.
We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below for each group of data subjects:
- Privacy Policy for Website Users
- Privacy Policy for Social Media Platforms
- Privacy Policy for Customers
- Privacy Policy for Applicants
- Privacy Policy for Employees
- Privacy Policy for Video Surveillance
- Privacy Policy for Whistleblowing
Use of service providers
Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, a transfer to a third country takes place. We will contractually establish data protection agreements with these service providers in accordance with the legal requirements in order to establish an appropriate level of data protection and agree on appropriate guarantees.
Information on your rights
You have the right
- to request confirmation from us as to whether your personal information is being processed;
if this is the case, you are entitled to obtain details about this personal data; you may also receive the information specified in Art. 15 of the GDPR. - to request that we correct your data if it is deemed to be incorrect, inapplicable and/or incomplete. Such rectification of data also covers duties of completion through explanation or notification.
- to request that we delete personal data relevant to you without delay
if one of the reasons specified in Art. 17 of the GDPR applies.
Unfortunately, we may not delete data that is subject to a legal retention period.
If you would prefer that we never collect data from you or never contact you again in the future, we shall store such relevant contact details in a blacklist. - to revoke any consent given by you with future effect and without any negative consequences for you.
- to request from us that processing be restricted if one of the prerequisites listed in Art. 18 of the GDPR is provided.
- to object at any time to the processing of personal data relevant to you on grounds relating to your particular situation.
We shall no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds to do so, which override your interests, rights and freedoms,
or such processing is required for the establishment, exercise or defense of legal claims (Art. 21 of the GDPR). - to request that the data relevant to you be issued in a commonly used electronic and machine-readable format. This also covers the issuance (if possible) to another responsible party specified by you directly. (Art. 20 of the GDPR)
- without prejudice to another administrative or judicial remedy and if you believe that
the processing of your personal data is in breach of the GDPR, to file a complaint with- our data protection officer: datenschutz@bag-holding.com or by post (see imprint)
- to assert claims vis-à-vis the supervisory authority in the member state of your place of stay, your place of work or the location where the alleged violation took place.
Deletion of your data
Unless otherwise regulated in the more detailed data protection declarations, we will delete your personal data once the contractual relationship with you has ended, you have exercised your right to deletion, all mutual claims have been met and there are no other legal storage obligations or legal justifications for storage. As a rule, storage periods under commercial law for financially relevant data are up to 10 years. We may also store data for as long as is necessary to protect ourselves from claims that may be asserted against us. These periods can be up to 30 years.
Definition
For the purposes of this general information concerning employees, the following definitions apply:
- personal data - any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Examples are contact data, communication data, billing data.
- Controller - the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or national law, provision may be made for the controller or for the specific criteria for his or her identification in accordance with Union or national law.
- Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient - a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party.
- Employees - employees, including temporary workers in relation to the hirer, persons employed in relation to their vocational training, participants in benefits for participation in working life as well as in clarifications of occupational aptitude or work trials (rehabilitation candidates), persons employed in recognised workshops for disabled persons, volunteers performing a service in accordance with the Youth Voluntary Service Act or the Federal Voluntary Service Act, persons who are to be regarded as persons similar to employees on account of their economic dependence. These also include homeworkers and their equals, federal civil servants, federal judges, soldiers and persons performing community service. As well as applicants for employment and persons whose employment is terminated.
- Third party - a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
- Profiling - any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyse or predict aspects relating to the job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person. Restriction of processing - marking of stored personal data with the aim of restricting your future processing.
Changes to the Privacy Policy
We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. Subject to the applicable legal provisions, the updated declaration will enter into force upon publication. If we have already collected information about you that is affected by the change and/or is subject to a statutory duty to provide information, we will also inform you of any material changes to our privacy policy.
PRIVACY POLICY FOR WEBSITE USERS
Scope
This privacy policy applies to all pages of the BAG group of companies that link to this page.
This includes the company websites https://www.bag-group.com/, https://www.bag-healthcare.com/ and https://www.bag-diagnostics.com/, but also other product or project-related websites.
Information about the controller and your rights can be found in our Overarching Privacy Policy.
Purpose of the data collection
The purpose of the data collection is to optimise our website(s), analyse errors, customise our website(s) to your needs, provide you the opportunity to get in touch with us and, if applicable, to sell goods and services.
General Data Processing
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is only carried out after the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of their data:
- Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) of the EU General Data Protection Regulation (EU-GDPR) serves as the legal basis.
- In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
- Insofar as it is necessary to process personal data in order to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
- In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR is used as the legal basis.
- If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interest, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR applies as the legal basis for the processing.
Legitimate interests can be in particular:
- the answering of inquiries;
- the performance of direct marketing activities;
- the provision of services and/or information intended for you;
- the processing and transfer of personal data for internal or administrative purposes;
- the operation and administration of our website;
- the technical support of the users;
- the prevention and detection of fraud and criminal offences;
- the protection against non-payment when obtaining creditworthiness information in connection with the requests for goods and services; and/or
- the protection of network and data security, insofar as these interests are in accordance with the applicable law and with the rights of the user
Categories of recipients:
- Service providers for the optimization of websites, online marketing service providers and tools, service companies for information and communication technology, companies for software and equipment maintenance, some of them are described in detail below;
- Social networks and communities;
- Internal recipients according to the “need to know” principle.
User data / Server log files
Whenever you visit our website, our systems automatically collect data and information from the computer system of the calling computer. The following types of data are collected: Browser type, version used, operating system of the user, internet service provider, IP address of the user, date and time of retrieval, websites from which the user's system has come to our website or to which the user of our website accesses. The legal basis for the temporary storage of data and logfiles is Art. 6 para. 1) lit. f) GDPR with the above mentioned legitimate interests. The temporary storage of the IP address by the system is necessary to enable the website to the computer of the user. For this purpose, the user's IP address must remain stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended. The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Furthermore, we reserve the right to check the files if, based on concrete evidence, there is a legitimate suspicion of illegal use or a concrete attack on the pages. In this case, our legitimate interest is the processing for the purpose of clarification and criminal prosecution of such attacks and illegal use.
Use of cookies
We use cookies. Cookies are text files that can be stored and retrieved on the user's computer system when visiting a website in the Internet browser or by the Internet browser. Cookies can contain a characteristic string of characters that enables the browser to be uniquely identified when the website or a service integrated into it is accessed up again. We use cookies to enable the operation of our website (technically necessary cookies), to make our website more user-friendly (functional cookies) and for marketing and advertising purposes (advertising cookies).
Technical cookies: Some elements of our website require that the calling browser can be identified even after a page change. The purpose of this use is to enable the function of the website in the first place. Examples of technically necessary cookies are the provision of a shopping cart or the login as a registered user. The processing is therefore based on Art. 6 para. 1 lit. b) or f) GDPR.
Functional cookies: There may be functions which are not technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the memorization of search terms, etc. Processing is also carried out on the basis of Art. 6 para. 1 lit. b) or f) GDPR.
Advertising cookies: We also use cookies on some of our websites, which enable an analysis of the surfing behavior of the users. In this way, e.g.: search terms entered in search engines, frequency of page views, use of website functions, and information about the operating system and browser, etc. are transmitted. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a) GDPR if the user has given his consent to this - e.g. by selecting in a cookie opt-in banner - otherwise Art. 6 para. 1 lit. f) GDPR in conjunction with If third-party services are integrated, the processing by them is governed by their respective data protection provisions, which are mentioned and/or linked below.
General statements about web beacons / tracking pixel
Web beacons are invisible graphics with the size of a pixel. They are used by partner companies, for the purpose of tracking a user via various web pages to create a profile for use in advertising tailored to the user (targeting). A pixel integrated into the web page is loaded from the partner's server when the web page is accessed. In this way, the partner receives your IP address, as well as information about your browser and its version, browser plug-ins used (browser fingerprint), your operating system and your network operator. For the integration of external services through web beacons / tracking pixels or other scripts, the specifications for advertising cookies apply accordingly.
Content of external providers
On our website we use active JavaScript content and fonts, which may also come from external providers such as Google. By accessing our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plugin 'NoScript' or by deactivating JavaScript in your browser. However, this can lead to functional restrictions.
Some of our web pages integrate third party content within the offer, such as videos from YouTube, map material from Google Maps, images, texts and multi-media files, RSS feeds or other services from other websites. This always requires the transmission of your IP address to the providers of these contents. We cannot make any statement about the use of your data by these providers and have no influence on further processing. We do not know whether the data will be used for other purposes, such as profile building. Please refer to the corresponding data protection information of the respective third-party providers.
You can protect yourself against further persecution by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings.
The legal basis for the transmission of personal data when integrating third party providers is Art. 6 para. 1 lit. a) GDPR if the user has given his consent to this - e.g. by selection in a cookie opt-in banner - otherwise Art. 6 para. 1 lit. f) GDPR in conjunction with recital 47.
Google Analytics
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there. In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your website visit, your user behaviour is recorded in the form of "events". Events can be: page views, first time visiting the website, session start, interaction with the website, scrolls, clicks on external links, internal search queries, interaction with videos, file downloads, ads seen / clicked, language setting.
Also collected: Your approximate location (region), your IP address (in shortened form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution), your internet service provider, the referrer URL (via which website/ via which advertising medium you came to this website).
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.
Recipients of the data are/could be: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR); Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. It cannot be ruled out that US authorities will access the data stored by Google. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. If applicable, you are not entitled to any legal remedies against access by authorities. The data sent by us and linked to cookies will be automatically deleted after 2. The deletion of data whose retention period has been reached takes place automatically once a month. The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
a) not giving your consent to the setting of the cookie or
b) downloading and installing the browser add-on to disable Google Analytics HERE.
For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en.
Google reCaptcha
In order to ensure data security when submitting forms and to protect ourselves from SPAM, we use the reCAPTCHA service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This is primarily used to distinguish whether the input is made by a natural person or improperly by machine and automated processing. After entering and pressing the corresponding confirm button, your IP address and, if applicable, further data required for the reCAPTCHA service will be sent to Google. The legal basis for the processing of your IP address and the use of reCAPTCHA is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure transmission of form data and the smooth operation of our website.
Standard contractual clauses apply to the transfer of personal data to the USA. Furthermore, deviating data protection regulations of Google Inc. apply. Further information on the data protection guidelines of Google Inc. can be found at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.
OpenStreetMap
The mapping tool "Open Street Maps" is implemented on our website via an API interface. This is an open source street map from the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. In order to provide the OpenStreetMap, it is necessary to store your IP address. Your IP address is transmitted to the OpenStreetMap servers and processed there. Tracking and analysis procedures may also be carried out by OpenStreetMap for the purpose of error analysis. We have no influence on this or on the transmission of your data.
OpenStreetMap is used in the interest of making it easier to find our place of business. The legal basis for the provision of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a) GDPR. Further data protection information can be found under the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
Contact form and e-mail contact
On our website is a contact form available, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. These data are: Name, address, e-mail address, telephone number, etc.. Not all of these data must be mandatory. At the time the message is sent, the following data is also stored: The IP address, date and time. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
The legal basis for the processing is:
- For the receipt of the data based on the sending of the contact form as consent in accordance with Art. 6 para. 1 lit. a) in connection with Art. 5 (expected processing) GDPR or alternatively on the basis of the legitimate interest of answering your contact request according to Art. 6 para. 1 lit. f) GDPR.
- For the processing of data transmitted in the context of sending an e-mail, Art. 6 para. 1 letter f) GDPR with the above-mentioned legitimate interests.
- If the e-mail contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. Retention periods under commercial and tax law may exist.
The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
Newsletter
On our website you have the possibility to subscribe to a free newsletter with promotional content. Our newsletters contain information about our service offers, promotions, events, competitions, job offers, contributions / articles. Newsletters, on the other hand, do not include news without advertising information that is sent within the framework of our contractual or other business relationship. This includes, for example, the sending of service e-mails with technical information and queries about orders, events, notifications of competitions or similar messages. When registering for the newsletter, the data from the input mask is transmitted to us. In addition, the IP address of the calling computer and the time of the call are collected. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. In case you purchase goods on our website via our online shop and enter your e-mail address, we reserve the right to send you newsletters with direct advertising for similar goods. In connection with the data processing for the dispatch of newsletters, the data will not be passed on to third parties. The data will be used exclusively for the dispatch of the newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a) GDPR and for the dispatch of the newsletter as a result of the sale of goods in accordance with § 7 para. 3 UCA or Art. 6 para. 1 lit. f) (dispatch based on our legitimate business interest).
The collection of the user's e-mail address is used to send the newsletter. The collection of other personal data in the course of the registration process serves to prevent misuse of the services or the e-mail address used. The subscription to the newsletter can be revoked by the user at any time. For this purpose there is a corresponding link in every newsletter.
A statistical evaluation of the reading behavior only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. This is a function that we use, however, only to check the user activities and to be able to make corresponding optimizations. For this purpose, the newsletter contains a so-called "web beacon", a pixel-sized file that is retrieved from our server when the newsletter is opened. This web-beacon can be personalized, so that personal data is collected. Clicks are tracked via personalized links to the respective website. If personalized data are collected, the legal basis is Art. 6 para. 1 lit. a) GDPR.
Data collection during registration and registered use
Some of our websites require or offer registration. The data collected in the process is used for the purpose of using the respective websites and services, unless otherwise described and explicitly agreed upon during registration. The data collected is derived from the input mask in the context of registration, processing is based on Art. 6 para. 1 lit. b) GDPR. All other data that you can enter at a later date to complete your profile are optional and voluntary and are based on the legal basis of Art. 6 para. 1 lit. a) GDPR. After registration, we may inform you about relevant circumstances related to our offer for which you have registered by means of the deposited e-mail address.
Data in user-generated content
If you write comments or contributions, upload files to our servers, publish pictures or use other services, your IP address and - if you are logged in - your user data will be saved for our security. Due to the large number of illegal contents that are posted on the internet every day, we reserve the right to use this information for the defence in legal disputes or for criminal prosecution, i.e. also to pass it on to the opponents of claims, criminal prosecution authorities and courts. The legal basis for the content provided is Art. 6 para. 1 lit a) and/or b) GDPR, for all other data collected in the process Art. 6 para. 1 lit f) GDPR.
Creditworthiness information
Furthermore, we reserve the right, in the case of orders or commissions, to pass on personal data to third parties for credit information purposes, insofar as this is necessary to protect our legitimate interests. In doing so, only the data required to calculate the creditworthiness using a mathematical-statistical procedure by the credit agency will be transmitted. We require creditworthiness information in order to be able to decide on the establishment and execution of a contractual relationship while safeguarding our legitimate interests.
Data transmission via the internet
Data transmission via the internet is generally associated with certain risks. A special encryption of the data is not carried out, especially messages from the contact form of our website and messages in the service chat are transmitted unencrypted.
Please bear this in mind when transmitting data. If you wish to communicate with us by means of encrypted e-mail, this is possible by using SMIME encryption. Please inform us of your wish to use encryption, as we regularly send unencrypted e-mails due to the current low market penetration of e-mail encryption methods.
Data transfer
If you provide us with personal data, this data will only be passed on to third parties if this is necessary for the processing of the contractual agreement or if another legal reason legitimises this passing on. However, we provide certain services with the cooperation of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data.
Storage periods
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
PRIVACY POLICY FOR CUSTOMERS
Information on data processing
As a customer and as an interested party or other affected party, we process your personal data primarily for the purpose of establishing and fulfilling a contractual relationship with you or on the basis of a legitimate interest. Your data will be collected, stored and, if necessary, passed on by us to the extent necessary to provide the contractually agreed service, to provide information, to carry out direct marketing activities or other activities of our business operations. Failure to provide such information may result in the contract not being concluded. In addition, we will only process your data if you have consented to the processing or another legal permission has been granted.
Purposes of data processing
We process your personal data to achieve the following purposes in relation to the initiation and implementation of a contractual relationship or other activities in the interest of the company:
- the contractual processing (including shipping, after-sales, complaint management)
- the communication with business partners about products, services and projects as well as for answering inquiries, customer service
- Existing customer advertising, used as a selection criterion for direct marketing in order to offer you a service tailored to your needs
- for credit checks
- the management of our customer and supplier relation, dealer support
- the quality management
- the improvement and development of intelligent and innovative services
- for customer analysis for market and opinion research
- the handling of our logistics/materials management
- the reporting on our company
- the compliance with legal or contractual requirements
- the settlement of legal disputes, enforcement of contracts and assertion of claims, defence and exercise of legal rights, detection and prosecution of fraudulent and other illegal activities.
Furthermore, we process your data only with your express declaration of consent.
Types of data processed by us
The following personal data are processed:
- Contact details; name, address, telephone number
- Identification/payment details; account number, VAT ID number
- Ordering data: quantitiy, revenue, intervals
- Geodata: Addresses, delivery conditions
- Medical Data
- Image data: Photos and video recordings in the context of corporate events and trade fair appearances
- Ohter data: other necessary information relating to the business relationship or provided voluntarily and from publicly available sources
Categories of recipients
These service providers were carefully selected by us, commissioned in writing and are bound by our instructions. Our service providers are regularly checked by us. The service providers will not pass this data on to third parties, but will delete it after the contract has been fulfilled and statutory storage periods have been concluded, unless you have consented to storage beyond this.
This concerns e.g:
- bank, payment service provider
- Logistics companies
- Specialist craft businesses
- IT service provider
- Marketing service provider
For orders on account, we reserve the right to carry out an assessment of the credit risk on the basis of mathematical-statistical procedures (scoring). For this purpose, your data, which are necessary for credit assessment, will be transferred to a credit agency (e.g. Schufa, Creditreform, Bürgel, Atradius, Coface). If the credit assessment is positive, an order on account is possible. If the credit assessment is negative, we cannot offer you payment on account. You can object to the transmission of this data to the credit agency at any time, but then it is no longer possible to order on account.
Legal basis for processing
Legal bases for the processing of your data are in particular
- 6 para. 1 lit. a) on the basis of your consent, whereby in principle none is required for the conclusion or continuation of an existing contract,
- 6 para 1 lit. b) on the establishment, performance and termination of a contractual relationship,
- 6 para. 1 lit. c) to fulfil a legal obligation,
- 6 para. 1 lit. f) to safeguard a legitimate interest
Legitimate interests
Our legitimate interests lie in the achievement of the above-mentioned purposes and, in addition, in, for example
- safeguarding our business interests, including direct marketing and credit assessment,
- the raising of efficiency and effectiveness potentials, also in cooperation with partners and possibly affiliated companies,
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defence of legal claims,
- the avoidance of damage and/or liability of the company through appropriate measures
- the implementation of information and communication activities, including promotional activities
- reporting on corporate information.
Data collected by third parties
If necessary, data may be made available to us by third parties, e.g. in the context of recommendations. In this case it is usually contact data in connection with data on specific product or service needs. If necessary, we collect data from credit agencies regarding creditworthiness and/or negative characteristics.
Storage period
Once the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods.
PRIVACY POLICY FOR APPLICANTS
When you apply for a position in our company, we process and store your personal data.
We take your privacy very seriously and would therefore like to inform you at this point how we handle your applicant data.
Purpose of data collection
Before joining our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the required extent.
Types of data that are processed by us
The following types of personal data are regularly processed:
- Candidate data; name, date of birth, CV, nationality/work permit, etc. for the selection, recruitment, entry and exit management,
- Private contact details; address, telephone number, e-mail (for the purpose of contacting you),
- Data within the framework of personnel screening (for example, police clearance certificate, reliability check (ZUP));
- If applicable, data that is subject to professional secrecy; for example, data on health suitability and any restrictions
- other data in personnel management; severe disability (if relevant), driving licence ownership
We do not require any information from you that is not usable according to the General Equal Treatment Act (AGG) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sex life).
We kindly request that such data not be transmitted to us. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, personal rights, press law or general rights of third parties).
Legal basis of the processing
- For the establishment, implementation and termination of a contractual relationship pursuant to Art. 6 para. 1 lit. b) GDPR in conjunction with § 26 BDSG (German federal data protection act - version as of 25 May 2018),
- to fulfil a legal obligation under Art. 6 para. 1 lit. c) GDPR
- in the case of processing, to safeguard a legitimate interest under Art. 6 para. 1 lit. f) GDPR,
- as well as on the basis of your consent through the voluntary provision of data that are not absolutely necessary for the purpose (such as hobbies in your curriculum vitae)
(however, such a provision is generally not necessary for the conclusion or continuation of an existing contract) under Art. 6 para. 1 lit. a) GDPR.
Legitimate interests
- the optimization of the application processes,
- the achievement of efficiency gains by bundling services in individual Group companies (especially human resources, IT),
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defence of legal claims,
- the prevention of damage and/or liability of the company by taking appropriate measures.
Categories of recipients
- Internal recipients according to the "need to know" principle,
- Companies affiliated under company law (group companies) as joint responsible parties:
The main contents of the regulation of the tasks with regard to the rights of data subjects can be obtained from the contact address given,
pursuant to Art. 26 Para. 3 GDPR, however, these rights can be claimed by data subjects from all companies involved.
Deletion periods
After the respective purpose has been achieved, your data will be deleted. However, data will be kept for as long as necessary to defend legal claims. The storage period is usually 6 months. If your profile was sent to us by a personnel service provider and if commission claims of this service provider exist, the storage period can be until they are fulfilled or the limitation period expires. If processing relevant for accounting purposes has been carried out, such as the reimbursement of travel expenses, the data required for this purpose will be deleted in compliance with the statutory retention periods, usually 6 or 10 years. If the application was successful and we conclude a contract with you, we transfer the data collected during the application process to our personnel file.
PRIVACY POLICY FOR EMPLOYEES
Information on data processing
Hereby we would like to inform our employees about our processing of their personal data within the scope of their employment contract.
Purpose of data collection
During the period of your employment, your personal data will be processed mainly for the purpose of implementing and/or terminating the contractual relationship, including the tasks related to the respective activity. Other purposes may include processing for the purpose of complying with legal regulations (including third party claims for information) or for measures for corporate development or communication.
Types of data that are processed by us
Within the scope of your employment contract, we process the following personal data:
- Candidate data; name Date of birth, CV, nationality/work permit, etc. for the selection, recruitment, entry and exit management;
- private contact details; address, telephone number, e-mail;
- business contact data;g. telephone numbers, e-mail, place of work, job title;
- image data; photo for identification and photographs taken during company events;
- identification/payment data; personal identity card data or work permit data for identification and determination of the legitimacy of employment, place of birth, marital status, parental status, tax identification number, health insurance membership, income tax class, allowances, religious affiliation for church tax, account number, any attachment of wages (for the purpose of payroll accounting and fulfilment of social security, tax and other legal obligations);
- health data;g. within the scope of payroll accounting, for settlement with health insurance companies or professional associations or within the scope of legal obligations as an employer, such as company integration management or fulfilment of duties in the protection of severely disabled persons or within the scope of company self-control, such as occupational health and safety or company medical examinations;
- time recording, access and usage data; vacation times, work time accounts, shift schedules, closing times or access protocols, time protocols relating to the activities performed, closing times or access protocols, also electronic protocols within the scope of the use of our IT infrastructure, etc;
- data within the scope of personnel screening; (e.g. police clearance certificate, reliability test (ZUP));
- data on suitability and for performance/behaviour monitoring; training and further training information, data for the purpose of measuring the achievement of objectives, e.g. for variable remuneration components, data on violations of road traffic regulations ("nodules");
- other data in personnel administration; secondary employment, data within the framework of company health care and company health management, occupational health and safety, any degree of severe disability, driving licence holders, any employee surveys, data within the framework of proposal management, employee inventions,
Categories of recipients
We send your personal data to the following recipients, e.g. to comply with legal obligations or obligations arising from the employment relationship:
- Bank service providers, financial service providers, possibly service providers for the calculation of pension provisions,
- service providers for payroll accounting (tax consultants), auditors, service providers for information and communication technology, companies for software and equipment maintenance, service providers only restructuring in the personnel sector,
- health, social security, pension and accident insurance institutions and other insurance undertakings and institutions providing capital formation benefits,
- authorities such as tax authorities, social security funds, employment agencies, safety, health, road traffic or related fine offices, customs authorities or monitoring bodies for undeclared work and minimum wages; other authorities,
- company medical service,
- companies affiliated under company law (group companies) as joint responsible parties: the main contents of the regulation of tasks with regard to the rights of data subjects can be enquired about at the contact address given, but under Art. 26 Para. 3 GDPR these rights can be claimed by data subjects from all companies involved,
- third-party debtor in the case of wage garnishment, insolvency administrator in the case of private insolvency,
- business partners and customers (official contact details), temporary employment agencies
Legal basis of the processing
When processing your personal data, we naturally comply with applicable law. Processing is therefore only carried out on a legal basis. The following legal bases come into consideration in particular in the employment relationship:
- 26 BDSG (German Federal Privacy Act - version from 25.05.2018) as far as necessary for the execution of the employment relationship or for the clarification of a concrete suspicion of criminal offences
- 6 para. 1 lit. a) GDPR on the basis of your consent, whereby in principle none is required for the conclusion or continuation of an existing contract,
- 6 para. 1 lit. b) GDPR on the establishment, performance and termination of a contractual relationship,
- 6 para. 1 lit. c) GDPR to fulfil a legal obligation,
- 6 para. 1 lit. f) GDPR to safeguard a legitimate interest
- 88 GDPR on the basis of collective agreements (company agreements)
Legitimate interests
If we process your data within the scope of our legitimate interest, this is e.g. in:
- the implementation of electronic access controls,
- the optimization of personnel planning,
- achieving efficiency gains by bundling services in individual Group companies (especially human resources, IT, procurement)
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defence of legal claims, including data for the documentation of power flows
- the prevention of damage and/or liability of the company by taking appropriate measures
- the implementation of internal information and communication measures
- reporting on company information.
You have the right to object to the processing of personal data within the scope of a legitimate interest for reasons arising from your particular situation. We will then no longer process your data unless we can prove that there are compelling reasons for us to protect your rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
We do not use the personal data provided by you to make automated decisions concerning you.
Data collected by third parties
Using the ELSTAM procedure, we collect data for payroll accounting, which the tax authorities provide us with for correct accounting.
This applies in particular to the payroll data mentioned below.
Note: The general information can be found on our main data protection page.
Storage period
After the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods, usually 6 or 10 years, for various data categories such as occupational pension schemes 30 years and longer.
PRIVACY POLICY FOR VIDEO SURVEILLANCE
Information on data collection
We use video surveillance systems on our company premises to monitor public areas.
We process your personal data within the scope of video surveillance primarily in the pursuit of our legitimate interests.
Legal basis of video surveillance
The legal basis for the processing of your personal data in the context of video surveillance are in particular:
- 6 para. 1 lit. f) GDPR to ensure a legitimate interest
- on the basis of Art. 88 GDPR in conjunction with § 26 para. 1 sentence 2 BDSG (German Federal Privacy Act) or correspondingly concluded works agreements
Legitimate interests
Our legitimate interests in this context are, for example:
- the establishment of security and order on the company premises (prevention of vandalism, house rules)
- the assertion, exercise or defence of legal claims
- the avoidance of damage and/or liability of the company through appropriate measures (protection of property)
- ensuring compliance with safety regulations, requirements, standard or contractual obligations
- achieving efficiency gains by bundling services in individual group companies (especially IT, corporate security, legal department)
Purposes of data collection
The purpose of video surveillance is usually to protect one of the above-mentioned legitimate interests.
Duration of storage
The video data is stored for a period of 7 days. After that the data is automatically deleted.
Types of data that are processed by us
Visual data
Categories of recipients
- any affiliated companies
- transmission to security service providers
- transmission to legal advisers for the preparation of legal measures
- transmission to law enforcement authorities
Privacy policy for whistleblowing
When an internal or external whistleblower reports an irregular act in the company, this is referred to as ‘whistleblowing’. This confidential report can concern information and substantiated suspicions about actual or potential violations that have either already been committed or are very likely to occur. A whistleblowing system therefore offers the opportunity to uncover potential violations.
‘The EU Whistleblower Directive (Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law) aims to protect persons who report breaches. It also protects persons who are the subject of a report or disclosure and other persons affected by a report or disclosure. For Germany, the requirements are defined in the HinSchG. This results in a legal obligation to introduce a whistleblowing procedure (so-called ‘internal reporting centre’).
In the event of suspected violations of the law, unethical behaviour or other misconduct, the whistleblower reporting office/portal is at your disposal. Our employees, customers, suppliers and business partners can use this to report suspected or actual violations.
Such offences include, for example:
- Fraud, theft, embezzlement
- Bribery/corruption
- Offences relating to the Supplier Due Diligence Act or Supply Chain Act
- Antitrust law offences
- Violation of data protection or IT security guidelines
- Product safety
- Violations of environmental protection regulations
- Conflicts of interest
- Sexual harassment, discrimination, offences against personal integrity
Procedure for reporting suspected cases
If you are convinced that the actions of one or more employees constitute misconduct, you should always report these concerns to your line manager. If you have a justified reason for feeling uncomfortable about clarifying this with your line manager or if you fear negative consequences for yourself, such as reprisals, unfair treatment or dismissal, you can also contact your line manager.
Using the whistleblower portal
The safest way to submit a report is to open the following address in the browser of your private device: https://baggroup.hinweisgebersystem.online/.
This portal guarantees independent and anonymous processing of the reported incidents.
If the whistleblower has personal interests in the matter raised, they should disclose this from the outset.
Joint responsibility for a joint reporting centre for the corporate group
The reporting centre is operated under joint responsibility with other affiliated companies in accordance with Art. 26 GDPR.
The participating companies have concluded an agreement in accordance with Art. 26 GDPR, which will be made available on request.
Participating affiliated companies are
- BAG Holding GmbH
- BAG Health Care GmbH
- BAG Diagnostics GmbH
Incorrect information
The company will treat all reports of misconduct seriously and protect individuals who raise complaints in good faith. However, disciplinary or legal action may be taken against whistleblowers who provide false information. The Whistleblower Protection Act explicitly excludes protection of the whistleblower's identity in the case of false information or even defamation. In such cases, the malicious whistleblower is even obliged to compensate the damage (Section 38 of the Whistleblower Protection Act).
Dealing with reports
Incoming reports are processed according to a standardised and fair process. All information received is treated in strict confidence, reports can be submitted anonymously if desired, whereby anonymity is guaranteed in any case during the further course of the process.
After your report, you will receive notification of receipt and acknowledgement of the report within 7 days. You can rest assured that the information will be handled discreetly and confidentially. You will be informed of the information from the investigation process and corresponding follow-up measures no later than 3 months after your report.
The Whistleblower Protection Act includes protection against being penalised for providing information. The whistleblower therefore does not have to fear any negative consequences. If violations of German law are reported, the law protects the whistleblower from any negative consequences. In addition, the whistleblower is not liable for any damage caused by the discovery of the offence.
Protecting the identity of the whistleblower is the top priority of the Whistleblower Protection Act. This is guaranteed by the option of confidential reporting. The identity of the whistleblower will only be disclosed with their consent. An exception is made in the case of judicial or official investigations. In this case, the whistleblower is informed before their identity is disclosed.
Processed data, purposes of processing and legal bases
The processing of personal data includes
- data on the whistleblower (if not reported anonymously), if applicable on the accused and other persons involved (e.g. witnesses)
- other data depending on the content of the report (data in the report)
- furthermore, the related data processed in the course of internal investigations.
The purposes of the processing are the investigation and, if necessary, the proof of violations of applicable law and/or internal instructions as well as the defence of the company against legal claims and any official investigations and proceedings by documenting the processing, procedures and investigations.
The legal bases are
- essentially the legal obligation to process in accordance with Art. 6 para. 1 lit. C GDPR in conjunction with § 10ff. HinSchG, insofar as it relates to the content of reports
- in addition, Art. 6 para. 1 lit. a GDPR, insofar as data is provided voluntarily and without necessity or data is processed on the basis of consent.
Consent can be revoked at any time with effect from the time of revocation.
- Alternatively, Art. 6 para. 1 lit. f GDPR as a legitimate interest if it affects any conflicting interests, for example for documentation within the company to avoid liability or to defend against unjustified legal claims or to defend oneself in any legal proceedings.
Recipient (categories)
The reporting centre is operated by an external service provider, which in turn uses a cloud-based whistleblowing and communication platform.
Furthermore, data is passed on to the relevant internal departments within the company or group of companies in accordance with the HinSchG.
Other recipients may include other external service providers, such as legal service providers and/or forensic experts and, depending on the circumstances, consultants called in.
Other information
The data subject rights mentioned in the parent page of the privacy policy apply.
A transfer to third countries is not intended.
Deletion of the data
All data related to the report/case will be deleted in accordance with Section 11 (5) HinSchG 3 years after the conclusion of the procedure, unless there are other legal grounds for keeping the case for longer.
This could be the case if there are longer retention periods due to commercial or tax regulations.
PRIVACY POLICY FOR SOCIAL MEDIA PLATFORMS
Facebook
We operate a company website ("fan page") on the professional social media network Facebook. We operate this fan page for self-presentation, branding but also for the purpose of customer communication and recruiting.
According to the judgment of the European Court of Justice (ECJ) of 05.06.2018, Az. C-210/16, is the operator of social media sites - at least on Facebook fan pages - partly responsible within the meaning of Art. 26 GDPR. Although Facebook offers such a declaration at https://www.facebook.com/legal/terms/page_controller_addendum, we do not know whether it now meets the requirements of the GDPR. We only process your data - apart from any further procedures below - if you contact us via the platform. In this case, Facebook collects your data and makes it available to us. Under certain circumstances, your data may also be stored and further processed by us. The processing of your personal data in the event of an enquiry or application is governed by our other relevant data protection declarations.
The legal basis for the processing of personal data is, depending on the case constellation, the processing to initiate and execute a contract with you pursuant to Art. 6 (1) b GDPR or based on our legitimate interest in communication with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) f GDPR. If you have given the provider of the social network your consent to the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a GDPR.
Furthermore, we may collect data from visitors to our company website, provided that the advertisement can be defined as visitor processing. Subject to the further procedures listed below, we do not store this data on our own systems, nor do we systematically process it by means of occasional information. For these processing steps, our information regarding the data controller, the data protection officer and the declaration of your rights as a data subject applies.
We would like to point out that the privacy policy of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA) or Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) applies for any further processing on our fan page. Data transfer to third countries is based on the use of standard contractual clauses according to the European Commission: https://de-de.facebook.com/help/566994660333381.
For more detailed information about Facebook's data processing and how to opt-out, please visit https://www.facebook.com/about/privacy/. Facebook is the provider of this service and only Facebook can provide complete information about data processing on Facebook.
We draw your attention to the fact that the assertion of data subject rights and requests for information are best addressed to Facebook. Only Facebook has access to your data and can take immediate measures to delete, restrict, etc. the data, or to provide information. Of course, we will support you in asserting your rights if necessary. You will find options for an opt out at: http://www.youronlinechoices.com/uk/your-ad-choices and https://www.facebook.com/settings?tab=ads.
Additional Information about Facebook Insight
We use the analysis function "Facebook Insight" on our fan page. This function is used for advertising and market research purposes to provide you with more relevant content and to develop new features that may be of interest to you. Facebook uses cookies to help analyze your fan page visits. The information generated by the cookies about your use of the fan pages is usually transferred to Facebook servers in the USA and stored there.
Facebook relies on standard contractual clauses of the European Commission when transferring data to third countries and thus undertakes to comply with the European data protection rules: https://de-de.facebook.com/help/566994660333381.
The processing is based on a legitimate interest according to Art. 6 (1) f GDPR, whereby our legitimate interest consists in the display of targeted advertising and the targeted design of our fan page. If you have given the provider of the social network a consent to the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a GDPR.
Further information on terms of use and data protection can be found at https://www.facebook.com/about/privacy/. Detailed information on the respective processing operations and the possibilities for objection can be found at http://www.youronlinechoices.com/=ads or https://www.facebook.com/legal/terms/page_controller_addendum.
Twitter
We operate a company website on the professional social media network Twitter, especially for self-expression, but also for recruiting.
According to the judgment of the European Court of Justice (ECJ) of 05.06.2018, Az. C-210/16, is the operator of social media sites - at least on Facebook fan pages - partly responsible within the meaning of Art. 26 GDPR. We suspect an analogous applicability of this decision to other social networks, including Twitter. So far, we are not aware that Twitter offers an agreement that meets the requirements of Art. 26.
We would like to point out that you use the offered Twitter short message service and its functions on your own responsibility. This applies also to the use of interactive functions (e.g. sharing, rating).
We only process your data if you contact us via the Twitter platform. In this case, Twitter collects your data and makes it available to us.
Under certain circumstances, your data may also be stored and further processed by us. The processing of your personal data in the case of an application is based on our applicant data protection declaration.
Your data will be processed by us to the extent that we may re-tweet your tweets or reply to them or write tweets that refer to your account. Data freely published and disseminated by you on Twitter are thus included by us and made accessible to third parties.
The legal basis for the processing of personal data is, depending on the case constellation, the processing to initiate and execute a contract with you in accordance with Art. 6 (1) b GDPR (insofar as it concerns concrete requests for quotations or an existing customer relationship with you) or on the basis of our legitimate interest in communication with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) f GDPR.
If you have given the provider of the social network your consent to the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) a GDPR.
Under certain circumstances, we may also store and further process the data. The processing of your personal data will then be governed by one of our other data protection declarations, depending on which group of affected parties you belong to.
Furthermore, we may collect data from the "Likes" and commentators of our channel if the mere display can be defined as processing. However, we do not store this data on our own systems, nor is it systematically further processed through occasional disclosure.
For these processing steps, our information regarding the data controller, the data protection officer and the declaration of your rights as a data subject applies.
We would like to point out that the Twitter Privacy Policy (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) is applicable to any further processing on or via our Twitter channel. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland is probably responsible.
We have no control over the nature and extent of the data processed by Twitter, the way the data is processed and used, or the disclosure of such data to third parties. We do not have effective control over this.
Standard contractual clauses serve as a guarantee for the transfer of personal data to third countries. Further information on the processing of personal data can be found here:
https://help.twitter.com/en/safety-and-security/twitter-privacy-settings
https://help.twitter.com/en/search?q=privacy+policy
https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data# (possibility to view your data)
https://twitter.com/personalization (personalization options and opt-out)
https://help.twitter.com/forms/privacy (data processing information)
https://help.twitter.com/en/managing-your-account/how-to-download-your-twitter-archive#
We draw your attention to the fact that the assertion of data subject rights and requests for information are best directed against Twitter Inc. itself.
Only Twitter has access to your data and can take immediate measures to delete, restrict, etc. the data, or to provide information. Of course, we will support you in asserting your rights if necessary.
YouTube
We operate one or more company websites on the social media network Youtube, in particular for self-presentation, but also for recruiting.
According to the judgement of the European Court of Justice (ECJ) of 05.06.2018, Az. C-210/16, the operator of social media pages is at least jointly responsible for the data processing of Facebook fanpages within the meaning of Art. 26 GDPR.
We suspect an analogous applicability of this decision to other social networks, including YouTube. So far, we are not aware that YouTube offers an agreement that meets the requirements of Art. 26.
Please note that you use the Youtube channel offered here and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, likening, disclicting, commenting).
We only process your data if you contact us via the YouTube platform. In this case YouTube collects your data and makes it available to us.
Under certain circumstances, we may also store and further process your data. The processing of your personal data will then be governed by one of our other data protection declarations, depending on the group to which you belong.
Furthermore, we may collect data from visitors to our company website, provided that the advertisement can be defined as a visitor as processing. However, we do not store these data on our own systems, nor are they systematically further processed by occasional inspection.
The legal basis for the processing of personal data is, depending on the case constellation, the processing to initiate and execute a contract with you in accordance with Art. 6 para. 1 lit. b GDPR (e.g. for questions on products or services).
or on the basis of our justified interest in communication with users and our external presentation for the purpose of advertising pursuant to Art. 6 para. 1 S. 1 lit. f GDPR.
If you have given the provider of the social network your consent to the above data processing with effect for us, the legal basis is Art. 6 para. 1 lit. a GDPR.
For these processing steps, our information regarding the responsible office, the data protection officer and the declaration of your rights as a data subject applies. We would like to point out that the data protection declaration of Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 or, alternatively, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is applicable to any other processing on our YouTube channel.
We have no lasting knowledge of, and have no influence over, the nature or extent of the data processed by Google, the manner in which such data is processed and used, or the disclosure of such data to third parties. We do not have effective control over this.
Further information on the processing of personal data by YouTube can be found here:
User conditions: http://www.google.com/analytics/terms/de.html
On data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy policy: http://www.google.de/intl/de/policies/privacy
Standard contractual clauses apply in cases where personal data is transferred to the USA.
XING
We operate a company website on the professional social media network XING, in particular for self-presentation, but also for recruiting.
According to the judgment of the European Court of Justice (ECJ) of 05.06.2018, Az. C-210/16, is the operator of social media sites - at least on Facebook fan pages - partly responsible within the meaning of Art. 26 GDPR. We suspect an analogous applicability of this decision to other social networks, including XING. So far, we are not aware that XING offers an agreement that meets the requirements of Art. 26.
We process your data only if you contact our Human Resources department via the XING platform or apply for an advertised position via XING. In this case, XING will collect your data and make it available to us.
Under certain circumstances, a storage and further processing by us can take place. The processing of your personal data in the case of an application is based on our application privacy policy.
The legal basis for the processing of the personal data is depending on the case: The processing for the initiation and execution of a contract with you in accordance with Art. 6 (1) b GDPR or based on our legitimate interest in communicating with users and our external presentation for the purposes of advertising in accordance with Art. 6 (1) f GDPR. If you have given consent to the above-mentioned data processing with effect for us to the provider of the social network, the legal basis Art. 6 (1) a GDPR.
If you have given consent to the above-mentioned data processing with effect for us to the provider of the social network, the legal basis Art. 6 (1) a GDPR.
Under certain circumstances, a storage and further processing by us takes place. The processing of your personal data in the case of an application is based on our application privacy policy.
We may also collect data from visitors to our corporate site if the ad as a visitor can be defined as processing. However, we do not store these data on our own systems, nor are they systematically processed through an occasional notice.
For these processing steps, our information regarding the responsible entity, the data protection officer and the declaration of your rights as the data subject apply.
We would like to point out that the data protection declaration of XING SE, Dammtorstr. 30, DE-20354 Hamburg, Germany, Tel .: +49 40 419 131-0, Fax: +49 40 419 131 applies for any further processing on our XING company website -11, E-Mail: info@xing.com, (hereinafter: XING).
Further information on the processing of personal data by XING can be found here: https://privacy.xing.com/en/your-privacy.
LinkedIn
Our company operates a social media channel on the platform LinkedIn. According to the judgment of the European Court of Justice (ECJ) of 05.06.2018, Az. C-210/16, is the operator of social media sites - at least on Facebook fan pages - partly responsible within the meaning of Art. 26 GDPR. So far, we do not know that LinkedIn offers an agreement that meets the requirements of Art. 26.
We only process your data when you contact our Human Resources department via the LinkedIn platform or when you contact us on LinkedIn for an advertised job. In that case, LinkedIn collects your information and makes it available to us.
The legal basis for the processing of the personal data is depending on the case: The processing for the initiation and execution of a contract with you in accordance with Art. 6 (1) b GDPR or based on our legitimate interest in communicating with users and our external presentation for the purposes of advertising in accordance with Art. 6 (1) f GDPR. If you have given consent to the above-mentioned data processing with effect for us to the provider of the social network, the legal basis Art. 6 (1) a GDPR.
Under certain circumstances, a storage and further processing by us can take place. The processing of your personal data in the case of an application is based on our application privacy policy.
We may also collect data from visitors to our corporate site if the ad as a visitor can be defined as processing. However, we do not store these data on our own systems, nor are they systematically processed through an occasional notice.
For these processing steps, our information regarding the responsible entity, the data protection officer and the declaration of your rights as the data subject apply.
For any processing beyond that, we point out that the LinkedIn Ireland Unlimited Company privacy policy, Wilton Place, Dublin 2, Ireland (LinkedIn), applies to our LinkedIn Company page.
For more information on LinkedIn's processing of personal information, visit https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.