Information about data acquisition pursuant Art. 12-14 DS-GVO [German General Data Protection Regulation] Information about the controller and the data protection officer The following provides information about our processing of your personal data when you use our website “https://www.somack.de”. Personal data are the data relating to an identified, or identifiable, natural person (the so-called “data subject”). These data may include, for example, your name, IP address, the software used by you (operating system, browser), or date and time of your accessing the website. Hence, below you will find the relevant contact (controller), the types of data that are processed individually for specific purposes, and the rights of data subjects in regards of the processing of personal data.
- Name and contact information of the controller and the company’s data protection officer
The Controller responsible as defined in the EU General Data Protection Regulation (GDPR) is Somack GmbH Gottesrain 11 35325 Mücke, Germany Tel.: +49 6401 22968-0 Fax: +49 6401 22968-100 E-mail: email@example.com The controller is legally represented by Nadine Koc and Dipl. Ing. Sinan Koc. Data protection officer: We have not appointed a data protection officer and are not obliged to do so, according to the statutory provisions. However, you may direct, at any time, your questions or concerns to the aforementioned contact.
- Collection of personal data while visiting our website
For the purely informational use of the website (https://www.somack.de), we collect only the personal data transmitted by your browser to our host server. If you intent to view our website, we register these data:
- IP address
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (actual page)
- Access status/HTTP status code
- The data volume transmitted
- Originating website
- Operating system and GUI
- Language and version of browser software
These data are required for technical reasons, in order to display our website and to ensure stability and security of the website. The legal basis is Art. 6 Para. 1 S. 1 lit. f) GDPR. We have a justifiable interest in the technically fault-free representation and optimisation of our website, as well as the protection of our IT systems. Please note that the Internet portal can be used only limitedly or not at all, if you don’t transmit the above data. The data processed in this context are automatically deleted after 30 days, if their retention for the protection of IT systems or other security reasons (e.g., investigation of abusive or fraudulent activities) or evidence is no longer required. In these cases, we will delete the data only after a final resolution of each event. These data are never merged with other sources of data.
- Web analysis services
- Collecting personal data upon interaction with us
When you approach us via e-mail or a contact form, the information you provide (your e-mail address, name and, possibly, telephone number, as well as date and time of your approach) will be processed to respond to your request. Any other personal data processed during the send event (your IP address, in particular) are used to prevent an abuse of the contact form and to ensure the security of our IT systems. The legal basis for processing personal data during initial interaction is Art. 6 Para. 1 S. 1 lit. a), lit. b) and lit. f) GDPR. Data processing for communicating and protecting the security of our IT system establish a justifiable interest. Data obtained in this context will be deleted after retaining them for processing your request or the protection of our IT systems is no longer required; where legal obligations for retention apply, we will limit further processing. If data required for processing are not provided, we may not be able to respond to your request.
- Collecting personal data upon submission of job applications
If you provide your job application documents in electronic format or via regular mail, we process your personal data within the framework of the selection process. In addition to your master data (e.g., name, address, contact and date of birth), this includes special categories of personal information (e.g., a photo identifying your ethnic origin, disability, etc.). Please note that your data will be transmitted in encrypted form to our website. More information can be found under: “Data security”. These data are processed for corresponding with you and for completing the selection process. Any data processed by us in respect to a job application, are protected by technical and organisational security measures against manipulation and unauthorised access. Specifically, only employees of our Human Resources department and future supervisors will be able to access these data. Data processing is executed subsequent to your submission of a job application and is required for a correct execution of the application process according to Art. 6 Para. 1 S. 1 lit. a), b), Art. 9 Para. 1 S. 1 lit. a), b), Art. 88 GDPR in conjunction with § 26 BDSG General Data Protection Regulation (GDPR). Upon a rejection of your application, your personal information and application documents will be automatically deleted after 6 months, if you have not permitted extended storage pursuant to Art. 6 Para. 1 S. 1 lit. a) Art. 9 Para. 2 lit. a) GDPR, or if other justified interests oppose deletion and, thus, allow a processing pursuant to Art. 6 Para. 1 S. 1 lit. f), Art. 9 Para. 1 lit. f) GDPR. Such interest applies, in particular, to burden of proof when claims are asserted pursuant to the German Equal Treatment Act (AGG).
- Recipients of personal data
Inasmuch as we have not specifically indicated in the above that your personal data are not transmitted to other persons or companies, your personal data are gathered directly on our host server and, subsequently, processed solely by us. Besides, we transmit your personal data only when:
- You have provided your explicit authorisation pursuant to Art. 6 Para. 1 S. 1 lit. a) GDPR,
- A transmission pursuant to Art. 6 Abs. 1 S. 1 lit. f) GDPR is required for asserting, executing or defending legal claims, and if there is no cause to assume that you would have a prevailing interest worthy of protection in the non-disclosure of your data,
- A legal obligation for transmission pursuant to Art. 6 Para. 1 S. 1 lit. c) GDPR exists, and
- is legally permissible and, pursuant to Art. 6 Para. 1 S. 1 lit. b) GDPR, required for the processing of contractual relationships with you.
The tasking of third-parties with data processing on the basis of a so-called “data processing contract”is based on Art. 28 GDPR.
- Rights of data subjects
8.1. General rights You have the following rights versus the controller responsible for the processing of data in respect of your personal data: – Right of disclosure pursuant to Art. 15 GDPR, – Right of correction or deletion pursuant to Art. 16 GDPR and Art. 17 GDPR, – Right of limitation of processing pursuant to Art. 18 GDPR, – Right of objection against processing pursuant to Art. 21 GDPR, – Right of data transferability pursuant to Art. 20 GDPR. 8.1. Right to complain In addition and pursuant to Art. 77 GDPR, you have the right to complain to a privacy protection authority about the processing of your personal data by the controller responsible for the processing of data. Generally, you may contact the supervisory authority covering your permanent residence or workplace, or the head office of the controller responsible for the processing of data (in the state of Hesse: Der Hessische Landesdatenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany). 8.2. Right to object Inasmuch as your personal data are processed on the basis of justifiable interest as defined in Art. 6 Para. 1 S. 1 lit. f) GDPR you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, if you have reasons arising from your special situation or if the objection is raised against direct advertising. In the latter, you have a general right to object which must be implemented by the controller responsible for the processing of data without the existence of a specific situation. A letter, e-mail or fax message to the above contact information is sufficient if you want to use your right to object or revoke. 8.3. Right to revoke If you have once given your approval for the processing of your personal data, you are entitled to revoke this approval at any time according to Art. 7 GDPR. Simply advise the controller responsible for the processing of data via letter, e-mail or fax. This ensures that the controller responsible for the processing of data on the basis of this approval must no longer continue data processing. However, they retain the right to continue with the processing of personal data if a legal rule permits this. Past processing of personal data is not affected by your revocation.
- Data sources
Processed personal data originate directly from you, if not explicitly mentioned differently in the above, and they are provided by you through the hardware and software you are using.
- Data security
During your website visit, we use the standardised SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level that is supported by your browser. This is, usually, a 256 bit encryption. If your browser does not support 256 bit encryption, we will use the 128 bit v3 technology. A specific page of our website that is transmitted with encryption is identified by the closed key or padlock symbol in the lower status bar of your browser. In addition, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss or damage, or against an unauthorised access by third parties. Our security activities are continuously improved along technological developments.
- Actuality and modifications of this data protection statement
This data protection statement is valid at this point and was issued in March 2020. Due to the continued further development of our website and our offering shown therein, or due to changing statutory or regulatory specifications, it may become necessary to modify this data protection statement. You may open and print the currently-valid data protection statement at any time on our website under www.somack.de/datenschutz.