Privacy Statement

Exclusion of liability

We do not guarantee that the information provided on our web pages is complete, correct and up-to-date in all cases, even if it has been prepared and updated to the best of our knowledge and belief. This also applies to all links to which this website directly or indirectly refers. We are not responsible for the content of a site that is accessed through such a link. We reserve the right to make changes or supplements to the provided information without prior announcement.

Privacy Statement

We are delighted that you are interested in our company. The protection of your data is very important to us. In principle, it is possible to use the website without entering any personal data. However, if any persons wish to use our company’s services via our website, it may be necessary to process personal data. If processing of personal data is necessary and if there is no legal basis for such processing, we generally obtain the consent of the person concerned.

We always process personal data, for example the name, address, e-mail address or telephone number of a person, in accordance with the General Data Protection Regulation and in compliance with the country-specific data privacy provisions that apply to our company. Our company issues this Privacy Statement to inform the public of the type, scope and purpose of the personal data that we collect, use and process. In addition, this Privacy Statement informs people concerned of their rights.

To meet our responsibility as a holder of personal data, our company has implemented numerous technical and organisational measures in order to ensure that the personal information processed via this website is protected as comprehensively as possible. However, online data transfers may always be exposed to gaps in security, meaning that absolute protection cannot be guaranteed. For this reason, each data subject is welcome to provide us with personal data by other means, for example via telephone.

1. Definitions

Our Privacy Statement is based on the terms that were used by the European regulator for issuing directives and regulations when executing the General Data Protection Regulation (GDPR). Our Privacy Statement is intended to be easy to read and understand for the public, our customers and business partners alike. To guarantee this, we would like to explain the terms used in advance.

In this Privacy Statement we will use the following terms, among others:

a) Personal data

Personal data is all information that refers to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

Processing is any procedure carried out with or without the help of automated processes or such series of processes in connection with personal data such as the collection, recording, organisation, ordering, storage, adjustment or modification, reading, querying, use, publication via transmission, distribution or another form of provision, reconciliation or combination, restriction, erasure or destruction.

d) Restriction of processing

“Restriction of processing” is the marking of stored personal data with the goal of restricting its further processing.

e) Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

f) Controller or data controller

A “controller” or “data controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

g) Data processor

A data processor is a natural or legal person, authority, facility or another body that processes personal data on behalf of the controller.

h) Recipient

“Recipient” means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

i) Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

j) Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the data controller

The controller in accordance with the General Data Protection Regulation, other data protection laws applicable in Member States of the European Union and other provisions with a data protection nature:

BOWA-electronic GmbH & Co. KG
Heinrich-Hertz-Strasse 4-10
72810 Gomaringen
Germany
Tel.: +49 (0) 7072 6002 0
E-mail: info@bowa.de
Website: www.bowa.de

3. Name and address of the data protection officer

The data protection officer of the data controller is:

Sascha Dionisius
DIOMIKO UG (haftungsbeschränkt)
Frankenbacher Str. 32
74336 Brackenheim, Germany
Tel.: +49 (0) 151-50590736
E-mail: info@diomiko.com

Every data subject can contact our data protection officer directly at any time for any questions and concerns about data protection.

4. Cookies

Our websites use cookies. Cookies are text files that are placed and stored on a computer system by a web browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited internet pages and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

By using cookies, we can provide users of this website with more user-friendly services, which would not be possible without the use of cookies.

By means of a cookie, the information and contents on our website can be optimised for the benefit of the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of a website that uses cookies will not have to enter their access data each time they visit the website, because this is done by the website and the cookie stored on the user’s computer system. Another example is the cart cookie in the online shop. The online shop uses a cookie to remember the items that a customer has placed in the virtual cart.

The data subject can stop our website from placing cookies at any time by adjusting the settings in the internet browser used and in doing so permanently prevent the placement of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all modern internet browsers. If the data subject deactivates the placement of cookies in the web browser they use, it is possible that not all functions of our website can be used to their full potential.

a) Use of Facebook/LinkedIn social plugins

Our website uses social plugins (“plugins”) of the social networks facebook.com and linkedin.com, which are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA (“LinkedIn”). These are in particular the “Like” button provided by Facebook, as well as the “Share” button provided by LinkedIn.

When you visit a page of our website that includes such a plugin, your internet browser establishes a direct connection to the Facebook servers. Facebook delivers the content of the plugin directly to your browser, which then integrates it into the website.

Embedding the plugin means that Facebook and LinkedIn are notified about your visit on the corresponding page of our website. If you are logged in to your user account with Facebook or LinkedIn while you visit our website, Facebook or LinkedIn will be able to attribute the visit to your Facebook or LinkedIn account. Should you interact with plugins, for example by clicking on the “Like” button or by writing a comment, the corresponding information is communicated directly to Facebook or LinkedIn via your browser and saved there.

For more information about the purpose and scope of data collection and further data processing by Facebook or LinkedIn and your respective rights and data protection options, please see the Facebook or LinkedIn privacy policies:
https://www.facebook.com/policy.php
https://www.linkedin.com/legal/privacy-policy

If you do not want Facebook or LinkedIn to assign data collected through our website to your user account, you must log out of Facebook or LinkedIn before visiting our website.

b) Facebook Pixel

Our website uses the “visitor action pixel” of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). This makes it possible to track the behaviour of users after they have been redirected to the provider’s website by clicking on a Facebook ad. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The data collected remains anonymous to us, meaning that we are unable to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile can still be made and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data policy (https://www.facebook.com/about/privacy). You may allow Facebook and its partners to place ads on and outside of Facebook. A cookie may also be stored on your computer for these purposes. Please click here if you wish to withdraw your consent: www.facebook.com/ads/website_custom_audiences/

We use Facebook Pixel to design our website according to your needs and to advertise it (legitimate interest according to point (f) of Article 6(1) GDPR).

c) LinkedIn Insight Tag

Our website uses the “LinkedIn Insight Tag” conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views). This data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days. LinkedIn does not share any personal data with us, but offers anonymised reports on website audience and ad performance. In addition, LinkedIn offers the possibility of retargeting using the Insight Tag. We can use this data to display targeted advertising outside our website without identifying you as a website visitor. You can find more information on data protection at LinkedIn in the LinkedIn privacy policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

d) Use of etracker

On this website, data is collected and stored for marketing and optimisation purposes using technology provided by etracker GmbH (www.etracker.com). This data can be used to create pseudonymised user profiles. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor’s internet browser. Cookies allow the web browser to be recognised. The data collected with etracker technology is not used to identify visitors to this website personally and is not kept alongside personal data of the bearer of the pseudonym without the express consent of the data subject. You can object to data collection and storage at any time with future effect.

e) Cloudflare Turnstile

The contact forms on our website make use of Cloudflare Turnstile. This service helps us distinguish if entries on our website are made by a real person or by automated processing such as bots. By implementing Cloudflare Turnstile, we can secure our website and also make sure that the user experience is not affected by undesirable, automated interventions. The information collected in this process (such as your IP address) is sent to Cloudflare servers, which may be located in the USA. However, the contents of the form are not transmitted to Cloudflare. Cloudflare complies with the German General Data Protection Regulation (GDPR) and implements comprehensive measures for protection of your personal data, including technical and organisational steps for securing data integrity. For more information about Cloudflare's data protection initiatives and their compliance with the GDPR, including specific security measures and your data protection rights, please consult the following links: https://www.cloudflare.com/cloudflare-customer-dpa and https://www.cloudflare.com/trust-hub/gdpr.

5. BOWA ACADEMY

We use the software-based tool “AcademyMaker”, which is provided by the e-learning provider X-CELL AG (Kaistraße 2, 40221 Düsseldorf, Germany), to carry out further training measures. In order to design the “AcademyMaker” in line with requirements and to enable problem-free use of the platform, X-CELL collects the following data:

  • Registration data and login attempts
  • Training results: Course units assigned, started and completed; page views and time; exams started, passed and failed, as well as the number of exam attempts incl. dates
  • Master data: name, first name, e-mail address, language
  • IP address, end device and browser used

This data may be stored for the purpose of support or service optimisation and may be viewed by X-CELL’s administrator at any time if required. There is an agreement with X-CELL AG on commissioned processing pursuant to Article 28 GDPR, which regulates the processing of your personal data by the contractor. This agreement ensures that X-CELL processes your personal data exclusively on our instructions and also stores it there only for the duration that we specify to the provider. The legal basis for the processing by X-CELL AG is furthermore point (b) of Article 6(1) GDPR (i.e. Fulfilment of contractual obligations entered into with us). X-CELL does not commission any other subcontractors to process your data. If you would also like to exercise your rights as a data subject with regard to the data processed by X-CELL, please address your request solely to us at info@bowa.de.
Further information on data protection at X-CELL AG can be found here.

6. Use of Google Analytics

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.
Google Analytics is a web analytics service operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the data processed.
During your visit to the website, the following data, among other things, is recorded:

  • Pages accessed
  • The achievement of “website goals” (e.g. contact requests and newsletter sign-ups)
  • Your behaviour on the pages (for example, clicks, scrolling behaviour and dwell time)
  • Your approximate location (country and city)
  • Your IP address (in shortened form, so that no clear allocation is possible)
  • Technical information such as browser, internet provider, end device and screen resolution
  • Origin of your visit (i.e. the website or advertising medium through which you came to our website)

This data is transferred to a Google server in the USA. Google complies with the data protection provisions of the “EU-US Privacy Shield” agreement.
We use this service in our online offer on the basis of a legitimate interest – in the analysis, optimisation and economic operation of our online offer. The legal basis is point (f) of Article 6(1) GDPR.
Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID which can be used to recognise you on future visits to the website.
The data recorded is stored together with the randomly generated user ID, which enables pseudonymised user profiles to be evaluated. This user-related data is automatically deleted after 24 months. Other data shall continue to be stored in aggregated form indefinitely.
If you do not agree to the collection of data, you can install thebrowser add-on for deactivating Google Analytics in order to prevent this collection.

7. Google Maps

This website uses Google Maps to display interactive maps and to create directions. Google Maps is a mapping service provided by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. When you access a web page that contains Google Maps through our website, your browser establishes a direct connection with Google’s servers. Google delivers the map content directly to your browser, which then integrates it into the website. Therefore, we have no influence on the scope of the data collected by Google in this way. According to our knowledge, the following data is collected at the very least:

  • Date and time of the visit to the website in question,
  • Internet address or URL of the website accessed,
  • IP address and (start) address entered as part of route planning.
We use this service in our online offer on the basis of a legitimate interest – in the analysis, optimisation and economic operation of our online offer. The legal basis is point (f) of Article 6(1) GDPR.
If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use the map display.
For more information about the purpose and scope of data collection and further data processing by Google and your respective rights and data protection options, please see the Google privacy policies(https://policies.google.com/privacy?hl=de). By using our website, you consent to the processing of your data by Google Maps Route Planner in the manner and for the purposes set out above.

8. Vimeo

Where applicable, we have included videos from the provider Vimeo LLC, headquartered at 555 West 18th Street, New York, New York 10011, USA.
Some of our web pages contain videos from Vimeo. When you access such a web page on our website, a connection to the Vimeo servers is established. This informs the Vimeo server which of our web pages you have visited. If you are logged in as a Vimeo member, Vimeo will assign this information to your personal user account. Information regarding whether you have clicked on a start button on a video can also be assigned to existing user accounts. You can prevent this by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
We use this service in our online offer on the basis of a legitimate interest – in the analysis, optimisation and economic operation of our online offer. The legal basis is point (f) of Article 6(1) GDPR.
Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy.
In addition, Vimeo accesses the Google Analytics tracker via an iFrame in which the video is retrieved. This is Vimeo’s own form of tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools offered by Google in some internet browsers. Users can also prevent the collection of data generated by Google Analytics and related to their use of the website (incl. their IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

9. Recording of general data and information

Every time our website is accessed by a data subject or an automated system, it collects a series of general data and information. This general data and information is stored in server log files. The information recorded can include: the type and version of the browser used, the operating system used by the accessing system, the website that the accessing system reached our website from (known as the “referrer”), the sub-sites that directed an accessing system to our website, the date and time of access to the website, an internet protocol address (IP address), the internet service provider of the accessing system and other similar data and information that is used to defend against danger in the event of attacks on our IT systems.

When using this general data and information, we will not draw any conclusions about the data subject. This information is actually required to correctly provide the content of our website, to optimise the content of our website and advertising for it, to guarantee the consistent functionality of our IT systems and the technology of our website as well as to provide the law enforcement authorities with the information required for criminal proceedings in the event of a cyber attack. This data and information, which is collected anonymously, is therefore evaluated by us statistically as well as for the goal of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

10. Contact options via the website

In line with legal regulations, the website contains information, including a general e-mail address, that allows users to quickly contact our company electronically and to communicate with us directly. Where a data subject makes contact with the data controller via e-mail or a contact form, the personal data sent by the data subject is stored automatically. Such personal data provided to the data controller voluntarily by a data subject will be stored for the purposes of processing or contacting the data subject. None of this personal data is forwarded to third parties.

11. Routine deletion and blocking of personal data

The data controller only processes and stores personal data of the data subject for the period that is required to achieve the purpose of storage or insofar as provided for by the European regulator and legislator or another legislator in laws or regulations to which the data controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European regulator and legislator or another competent legislator expires, the personal data will be blocked or deleted routinely and in line with statutory regulations.

12. Rights of the data subject

a) Right to confirmation

Each data subject shall have the right granted by the European regulator and legislator to request confirmation from the controller as to whether or not personal data concerning them is being processed.
If a data subject would like to take advantage of this right to confirmation, they can contact our data protection officer or another employee of the data controller to do so at any time.

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to obtain free-of-charge information from the controller regarding the personal data stored about them and a copy of this information. In addition, the European regulator or legislator has granted the data subject access to the following information:

  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • information to be provided where personal data has not been obtained from the data subject: any available information as to the source of the data
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the
    envisaged consequences of such processing for the data subject.

In addition, the data subject has the right to be informed whether personal data has been transmitted to a third country or an international organisation. If this is the case, the data subject shall also have the right to obtain information about suitable guarantees in connection with the transmission.

If a data subject would like to take advantage of this right to information, they can contact our data protection officer or another employee of the data controller to do so at any time.

b) Right to correction

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to request the immediate correction of inaccurate personal data concerning them. In addition, taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject would like to take advantage of this right to correction, they can contact our data protection officer or another employee of the data controller to do so at any time.

c) Right to erasure (“right to be forgotten”)

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to request that the controller immediately deletes the personal data concerning them, where one of the following grounds applies and processing is not necessary:

  • The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2)
    GDPR.
  • The personal data has been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the reasons stated below applies and a data subject would like to arrange the deletion of personal data that we have stored, they can contact our data protection officer or another employee of the data controller to do so at any time. Our data protection officer will organise the deletion to take place immediately.

d) Right to restriction of processing

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to request from the controller restriction of processing concerning the data subject where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has lodged an objection to the processing of the data in accordance with Article 21(1) GDPR and it has not yet been determined whether the legitimate interests of the controller outweigh those of the data subject.

If one of the above-mentioned requirements has been met and a data subject would like to arrange the restriction of personal data stored by our company, they can contact our data protection officer to do so at any time. The data protection officer will arrange the restriction of processing.

e) Right to data portability

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to obtain from the controller the personal data concerning them, which has been made available to a data controller by the data subject, in a structured, accessible and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, provided that the processing is based on consent in accordance with point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract in accordance with point (b) of Article 6(1) GDPR and
processing is carried out by automated means, provided that processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible, and provided that this does not impede the rights and freedoms of another person.

To assert the right to data portability, the data subject can contact the data protection officer or another employee at any time.

f) Right to object

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

In the event of revocation, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject
or such processing is necessary for the establishment, exercise or defence of legal claims.

Where we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing. This also applies to
profiling that is connected with such direct marketing. Where the data subject objects to processing by our company for direct marketing purposes, we will no longer process the personal data for such
purposes.

In addition, where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to such processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject can contact the data protection officer at any time. Furthermore, in the context of the use of information society services
and notwithstanding Directive 2002/58/EC, the data subject may also exercise their right to object by automated means using technical specifications.

g) Automated individual decision-making, including profiling

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, insofar as the decision is not required to enter into or fulfil a contract between the data subject and the controller, or is permitted in line with Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or which takes place with the explicit consent of the data subject.

If the decision is required for the initiation or fulfilment of a contract between the data subject and the controller or is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If a data subject would like to exercise rights in relation to automated decisions, they can contact our data protection officer to do so at any time.

h) Right to revoke data protection-related consent

Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to revoke their consent to the processing of personal data at any time.

If the data subject would like to exercise their right to revoke consent, they can contact our data protection officer or another employee of the data controller to do so at any time.

13. Data protection during applications and in application procedures

The data controller collects and processes the personal data of applicants for the purpose of carrying out the application process. Processing may take place electronically. This applies in particular to when an applicant sends relevant application documents electronically, for example via e-mail or via a web form located on the website, to the data controller. If the data controller signs an employment contract with an applicant, the data transmitted will be stored for the purpose of executing the employment relationship, in line with legal regulations. If the
data controller does not sign an employment contract with the applicant, the application documents will be deleted automatically three (3) months after notification of the rejection decision, provided that deletion does not oppose any other legitimate interests of the data controller. Other legitimate interests in this sense include a burden of proof in proceeding in accordance with the General Equal Treatment Act (AGG).

14. Legal basis of processing

Point (a) of Article 6(1) GDPR shall serve as the legal basis for processing procedures at our company, through which we obtain consent for a certain processing purpose. If the processing of personal data is required to execute a contract for which the data subject is a contractual party, such as is the case during processing procedures, which is necessary for the delivery of goods or the provision of another service or considerations, the processing is based on point (b) of Article 6(1) GDPR. The same applies for such processing procedures that are required to execute precontractual measures, such as in the case of requests for our products or services.
If our company is subject to a legal obligation that makes the processing of personal data necessary, such as to satisfy tax obligations, the processing shall be based on point (c) of Article 6(1) GDPR. In rare cases, processing may be necessary in order to protect the vital interests of the data subject or of another natural person. For example, this would be the case were a visitor to our company to be injured and, as a result, their name, age, health insurance data or other vital information needs to be sent to a doctor, a hospital or other third parties. The
processing would then be based on point (d) of Article 6(1) GDPR. Ultimately, processing procedures may be based on point (f) of Article 6(1) GDPR. Processing procedures that are not covered by any of the legal bases specified above are based on this legal basis, if the processing is required to grant a justified interest out our company or a third party, insofar as this does not outweigh the interests, fundamental rights and freedoms of the data subject. We are therefore permitted to carry out such processing procedures in particular, as they have been highlighted by the European legislator. This covers in particular the fact that a legitimate interest may be assumed in the case of the data subject being a client of the data controller (recital 47(2) GDPR).

15. Legitimate interests in the processing, pursued by the controller or by a third party

If the processing of personal data is based on point (f) of Article 6(1) GDPR, our legitimate interest to carry out our business activity is for the benefit of the wellbeing of all our employees and our shareholders.

16. Duration of data storage

The criterion for the storage of personal data is the relevant statutory storage deadline. After this period has expired, the relevant data will routinely be deleted, provided that it is no longer necessary for fulfilling or initiating contracts.

17. Statutory or contractual requirements to provide personal data; necessity to initiate the contract; obligation of the data subject to provide personal data; possible consequences of failure to provide such data

We draw your attention to the fact that the provision of personal data is often prescribed by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual partner). Inter alia, it may be necessary when initiating a contract for a data subject to provide us with personal data that we must subsequently process. The data subject may for example be obliged to provide us with personal data if our company enters into a contract with them. Not providing personal data would result in the contract not being able to be entered into with the subject. Before the data subject provides personal data, the data subject must contact our data protection officer. On a case-by-case basis, our data protection officer shall explain to the subject whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.