Data Privacy Notice
Ernst KNOLL Feinmechanik GmbH takes the protection of personal data very seriously. We would like you to know when we store what data, and how we use this data. We are subject to the provisions of the European General Data Protection Regulation (GDPR) and the supplementary provisions of the Bundesdatenschutzgesetz (BDSG) [German Federal Data Protection Act (GFDPA)]. To ensure that the provisions concerning data protection are observed by us as well as by our external service providers, we have taken suitable technical and organizational measures.
This Data Privacy Notice applies to our online presences. These include websites, features and content as well as our external online presences, for example in social media. This general Data Privacy Notice likewise serves to inform you of any further processing of your personal data and our compliance with the duties to inform you.
The terminology used in this Data Privacy Notice, for example controller or personal data, are used as defined inGDPR. For reasons of readability, and therefore also for the purposes of comprehensible communication of information, we generally refrain from naming individual articles, paragraphs or the like.
As defined in the GDPR
The controller within the meaning of the GDPR and other national data protection laws of the Member States as well as other provisions of data protection law is:
Ernst KNOLL Feinmechanik GmbH
Im Stöckacker 2
Tel.: +49 7665 9809-0
Data protection officer
The controller has appointed a data protection officer.
His contact details are:
Bechtle IT-Systemhaus Freiburg GmbH
For questions, suggestions or comments relating to data protection, and for enforcing your rights set out below, please contact our data protection officer.
General Information on Data Processing
Legal bases of the processing of personal data
As a rule, processing of personal data is not permitted under the provisions of data protection law, unless there is a legally permissible reason for allowing this. We are obliged to inform you of the legal bases of the data processing.
Where we obtain your consent to processing operations concerning personal data, this consent shall serve as the legal basis.
Where the processing of personal data is necessary for the performance of a contract to which you are party, the performance of the contract shall serve as the legal basis. This shall also apply to processing operations necessary for taking steps prior to entering into a contract.
Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, this shall serve as the legal basis.
Where vital interests of the data subject or of another natural person make it necessary to process personal data, this shall serve as the legal basis.
Where the processing is necessary for the protection of a legitimate interest pursued by our company or by a third party, and these interests and your fundamental rights and freedoms do not override the first-mentioned interest, this shall serve as the legal basis for the processing.
Data transfer to third countries
The GDPR ensures the same high level of data protection within the European Union. When selecting our service providers and cooperation partners, we shall therefore, if your personal data is to be processed, focus on European partners where possible. Only in exceptional cases shall we have your data processed outside of the European Union in the course of using third party services.
We shall allow your data to be processed in a third country only if the particular prerequisites under the GDPR are met. This means that the processing of your data shall then only take place on the basis of special safeguards. These safeguards include ascertainment of a level of data protection equivalent to that of the EU as officially recognised by the EU Commission, observance of officially recognised special contractual obligations (the so-called “standard contractual clauses”), or other agreements between the EU and third countries.
Existence of automated decision making
We refrain from using automated decision making or profiling.
Recipients of the data / categories of recipients
Within our company, we shall ensure that your data is received only by the persons who need this data for compliance with the contractual and statutory duties.
For processing your data, we shall sometimes use carefully selected external service providers. Where data is passed on to service providers as part of such commissioned processing, this shall take place on the basis of the provisions of the GDPR. Our processors are carefully selected, are bound by our instructions and are monitored at regular intervals. We only appoint processors who offer adequate safeguards that suitable technical and organisational measures will be implemented in such a way that the processing meets the requirements of the GDPR and the GFDPA and ensures the protection of your rights.
Passing on of personal data to third parties
As a rule, we shall not pass on any personal data to third parties without your express consent. Where, in the course of the processing, we nevertheless disclose or transfer your data to third parties or otherwise grant third parties access to your data, this shall also take place exclusively on the basis of one of the aforementioned legal bases.
For example, we shall transfer data to payment service providers or suppliers if this is necessary for the performance of the contract. Where we are obliged by law or a court order to transfer your data, we shall transfer your data to the respective entities entitled to the information.
Nutzung unseres Online-Angebotes
Sie können unser Online-Angebot grundsätzlich ohne Offenlegung Ihrer Identität nutzen. In diesem Abschnitt erläutern wir Ihnen, wann und in welchem Zusammenhang wir bei der Nutzung unserer Online-Angebote Daten verarbeiten, welche Angebote von Dienstleistern wir implementiert haben, wie diese funktionieren und was mit Ihren Daten geschieht.
Generally, our service is aimed at adults. Persons under the age of 16 are not permitted to transfer personal data to us without the consent of their parents or legal guardians.
In order to optimally protect your data transmitted, we use so-called transport encryption. In order to ensure the security of your data during the transfer process, we use an SSL/TLS encryption method in accordance with the latest state of the art technology.
Collection of data during a visit to our websites
Where you use our websites only for information purposes, i.e. you do not register for a service, enter into a contract with us or otherwise disclose information to us, we shall only collect the personal data transmitted to our servers by your browser.
When our websites are accessed, we collect the following data that we technically need in order to be able to display our websites and to ensure stability and security:
- the visitor’s IP addres
- the date and time of the request
- the content of the request (specific page)
- access status/HTTP status code
- the respective volume of data transmitted
- the website from which the request came
- the visitor’s operating system
- the language and version of the browser software
This data is temporarily stored in our system’s log files for a period of 7 days.
Storage beyond this period is possible; in these cases, however, the IP addresses are truncated or masked to prevent any association with the accessing client. The log files shall not be stored together with other personal data concerning you in this context. The legal basis for these processing operations is our legitimate interest.
Since the collection of the data for displaying the websites and storing the data in log files is absolutely essential for the operation of our websites and the maintenance of IT security, you have no possibility of objecting in this respect.
Anfragen an uns
If you make an enquiry to us, for example by using the contact form, we shall, in order to answer your contact request, process your personal data.
When you use our websites and visit our Internet presences, cookies will be stored on your device in addition to the aforementioned data. Cookies are small text packages that may be sent by a website to the browser and be stored and sent back by the browser. Cookies can be used to store various details, which are read by the entity that has placed the cookie. They generally contain a characteristic string of characters (ID) that allows unique identification of the browser in the event of renewed access to the website or a change of page. They are primarily used to make our online presence more user-friendly and more effective overall. The user data collected in cookies is pseudonymised by means of technical precautions, which generally makes it no longer possible to associate the data with the accessing user. Where identifiability is possible, for instance in the case of a login cookie whose session ID is necessarily linked to the user’s account, we point this out at the appropriate point.
We use different types of cookies:
- So-called “session cookies” are cookies that are deleted after you leave our online presence and close the browser. In the case of such cookies, language settings or the content of a shopping basket are stored, for example.
- “Permanent cookies” remain stored even after the browser has been closed. For example, the login status or entered search terms can be saved. We use such cookies for, among other things, range measurement or marketing purposes. Persistent cookies are automatically deleted after a pre-specified period, which may vary depending upon the cookie. However, you can delete these cookies at any time using your browser, among other methods.
In addition to so-called “first-party cookies” placed by us as the controller responsible for the data processing, “third-party cookies” offered by other providers are also used.
- “First-party cookies” are placed by us as the controller.
The legal basis for the processing of your personal data in this respect is our legitimate interest.
- External service providers that, for example, perform web tracking or range measurements for us may likewise place cookies.
Information on Services Used
Cookie Management Tool
We use a so-called cookie management tool. This enables you to manage the cookies we use, to find out more information about data processing with the help of cookies, and to see the purpose and storage duration of the cookies used.
Information on data processing by third parties
Insofar as you have declared your consent, Google Analytics will be used on this website. This is a web analysis service from Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter called “Google”). This makes it possible to associate data, sessions and interactions across multiple devices with a pseudonymous user ID and thus analyse a user’s activities across devices.
- frequency of page views
- number of users
- bounce rate (page is closed again after a page view)
- session duration (average duration of all users)
- country from which the website was accessed
- use of website features
- which page is accessed, and how often
- the website from which the user came
- Bbooking conversion rate (how many of the website’s users book a service)
- what region the user is from
- the device and device category from which the user visits our website
Google will, on our behalf, use this information in order to evaluate your use of the website, put together reports on the activities on our website and provide us with other services relating to usage.
The legal basis for the use of Google Analytics is your consent given voluntarily.
Recipients / categories of recipients
Google is the recipient of the data collected.
Duration of data storage
The data that we send and that is linked to cookies, user identifiers (e.g. user IDs) or marketing IDs are automatically erased after 14 months. The erasure of data which retention period has expired takes place automatically once a month.
We use Google Maps to display our location. This is a service from Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter called “Google”). To display the map, it is absolutely essential that the IP address be processed by Google.
The cooperation with Google in terms of data protection law is based on a concluded agreement on joint responsibility, which can be accessed here.
In all other respects, you enter into a user relationship with Google directly as a result of using Google Maps.
Recipients / categories of recipients
Google is the recipient of the data collected.
To protect our Internet presence, we use the service reCAPTCHA from the company Google Inc. (Google) at points where you can enter data. The prompt serves to differentiate whether an entry was made by a person or maliciously by means of automated, machine-based processing. The prompt includes transmission, to Google, of the IP address and possibly additional data required by Google for the reCAPTCHA service. For this purpose, your entry will be transmitted to Google and be further used there. In Member States of the European Union or the European Economic Area, your IP address will however be truncated by Google beforehand. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and be truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. Your IP address transmitted by your browser within reCAPTCHA will not be combined with other Google data.
Online presences in social media
We offer online presences on various platforms in order to be able to provide information there and communicate with you.
We have no influence over the processing of personal data by the respective platform operator. When you access our presences there, cookies will usually be stored in your browser by the platform operator. Your usage behaviour or interests will be saved in these cookies for market research and advertising purposes.
The user profiles obtained in this way – usually across multiple devices – will be used by the platform operators to display personalised advertising to you. Persons not registered as users on the respective platform may also be data subjects of the data processing. Under certain circumstances, your data may be processed outside of the area of the European Union, which may make it difficult to enforce your rights. When selecting such platforms, however, we make sure that the operators are committed to compliance with the EU data protection standards.
The processing of your personal data collected when you access one of our social media presences will take place on the basis of our legitimate interests in the diverse public image of our company and the use of an effective source of information as well as in communication with you.
Detailed information on data processing in connection with the use of our presences on these platforms, opt-out options and the assertion of rights of access to personal data can be found in the data privacy statements of the corresponding platform operator.
We have integrated components from YouTube at various points. YouTube is an Internet video portal that enables video clips to be posted free of charge and allows other users to view, rate and comment on them free of charge.
YouTube is the offer of a third party not affiliated with us, namely Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as Google). The processing of the IP address by Google is absolutely necessary in order to play a video.
In the event that you follow a link on YouTube, we would like to point out that YouTube stores the data of its users in accordance with its own data usage guidelines and uses it for its own business purposes.
We embed the videos stored on YouTube immediately. With this integration, content of the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only accessed by clicking them separately. This technique is also called “framing”. If you call up a (sub) page of our website on which YouTube videos are integrated in this form, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.
The integration of YouTube content only takes place in the so-called “extended data protection mode”. YouTube provides this itself, thereby ensuring that YouTube does not initially store any cookies on your device. When you call up the relevant pages, however, the data previously mentioned under “Use of our online offer” is transmitted and in particular, which of our Internet pages you have visited is communicated. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google prior to calling up the page or are permanently logged in.
As soon as you start playing an integrated video by clicking on it, YouTube only saves cookies that do not contain any personally identifiable data, thanks to the extended data protection mode on your device, unless you are currently logged into a Google service. These cookies can be prevented by appropriate browser settings and extensions.
The legal basis for the use of YouTube is your voluntarily given consent.
Erasure of data, storage period
We shall erase or block your personal data as soon as the purpose for their storage ceases to exist. However, storage may extend beyond this period if this is necessary under legal provisions to which we are subject. This concerns, for example, data that is required to be stored for reasons relating to commercial or fiscal law, for example delivery notes or invoice data.
Your data shall be blocked or erased if a storage period prescribed by these provisions expires, unless it is necessary to continue storing the data for the purpose of entering into or performing a contract.
In the context of an application to us, the data that you provide – such as your contact details and qualifications – will be used exclusively for processing the application procedure.
Your data will be passed on internally to the divisional managers responsible. We shall process your personal data for the purpose of your application for a job to the extent that this is necessary for the decision on the establishment of an employment relationship with us.
Furthermore, we may process personal data about you to the extent that this is necessary to defend against legal claims asserted against us in connection with the application process.
As a rule, your data will be deleted 6 months after completion of the application process, unless otherwise agreed upon with the applicant (see also Inclusion in the applicant pool). If your application is followed by the conclusion of an employment contract, the data will then be included in the personnel files.
For how long will your data be stored?
We shall store your personal data for as long as necessary for making a decision on your application. If an employment relationship between you and us does not materialise, we may also continue to store data to the extent that this is necessary for defending against possible legal claims. In this respect, the application documents will be deleted two months after notification of the decision to reject your application, unless retention for a longer period is required in connection with legal disputes.
No automated decision-making
No automated individual decision making takes place; i.e. the decision on your application shall not be based solely on automated processing.
This Data Privacy Notice will be adapted from time to time. These adaptations are made if, for example, changes arise due to technical progress, legal requirements or other factors.
Stand: Februar 2021