Privacy Policy
The requirements of the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply throughout Europe. We would like to inform you about the processing of personal data carried out by our companies in accordance with this Regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy statement, you can always send them to the email address given in sections 2 and 3 respectively.
Table of contents:
I. Overview
- Scope
- Data Controller
- Data Protection Officer
- Data Security
II. Data Processing in Detail
- General information about data processing
- Processing activities as per scope 1 a)
- Processing activities as per scope 1 b
III. Rights of the Data Subject
- Right to object
- Right of access
- Right of rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data transferability
- Right to withdraw consent
- Right to appeal
IV. Glossary
I. Overview
In this section of the data protection declaration you will find information on the scope, the entity responsible for data processing (the “Data Controller” or simply the “Controller”), the Data Protection Officer and on Data Security.
1. Scope
a) External data processing carried out by our business entities may essentially be divided into the following categories:
Data processing by our business entities may essentially be divided into two categories:
- All data required for the performance of a contract with our business entities will be processed for the purpose of performing the contract. If external service providers are also involved in the performance of these contract, e.g. agencies or IT service providers, your data will be passed on to them to the extent necessary in each case.
- When you access the websites/applications of our business entities, various pieces of information are exchanged between your device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our websites.
This privacy policy applies to the following services:
- our online services are available at www.lsh-ag.de, www.otg.de and profiline.otg.de
- all other services (e.g. websites, subdomains, mobile applications, web services or links to third party sites) that refer to this privacy policy, regardless of how you access or use it.
All of these services are collectively referred to as "Services"
b) The internal data processing by our business entities can essentially be divided into the following categories:
- For the purpose of performing contracts in the employment relationship, all data required for performing the employment contract with the relevant legal entity is processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent necessary in each case.
- For other purposes, such as the public presentation of our businesses or the safety and protection of our businesses’ assets, data is collected on the basis of either our legitimate interest or your consent.
2. Data Controller
a) The controller for any data processing in respect of the scope per item 1 a) above
The controller – i.e. the person who or undertaking which decides on the purposes and means of processing personal data – in connection with the Services is
Ostfriesische Tee Gesellschaft GmbH & Co. KG
Bosteler Feld 6
21218 Seevetal
GERMANY
Phone.: +49 4105 504-0
Fax: +49 4105 624-0
E-mail: info@lsh-ag.de
b) The controller for any data processing in respect of the scope per item 1 a) above
Depending on the employment relationship, the responsible person is the respective legal entity.
| Laurens Spethmann Holding Aktiengesellschaft & Co. KG Bosteler Feld 6 21218 Seevetal GERMANY Phone: +49 4105 504-0 E-mail: info@lsh-ag.de | Ostfriesische Tee Gesellschaft GmbH & Co. KG Bosteler Feld 6 21218 Seevetal GERMANY Phone: +49 4105 504-0 E-mail: info@lsh-ag.de |
| OnnO Behrends GmbH & Co. KG Am Fridericussiel 5–7 26506 Norden GERMANY Phone: +49 4931 1895-0 E-mail: onnobehrends.tee@lsh-ag.de | Milford Tea GmbH & Co. KG Meilsener Straße 4 21244 Buchholz GERMANY Phone: +49 4181 213-0 E-mail: info@lsh-ag.de |
| KRÄUTERHAUS WILD GmbH & Co. KG Meßmerstraße 29 97508 Grettstadt GERMANY Phone: +49 9729 9110-0 E-mail: info@lsh-ag.de | |
| OTG Lager- und Frachtkontor GmbH & Co. KG Meilsener Straße 8b 21244 Buchholz GERMANY Phone: +49 4181 213-163 E-mail: olf-nord@lsh-ag.de | OTG Lager- und Frachtkontor GmbH & Co. KG Meßmerstraße 31 97508 Grettstadt GERMANY Phone: +49 9729 9110-90 E-mail: olf-sued@lsh-ag.de |
| OTG Zukunft durch Ausbildung GmbH Meilsener Straße 8b 21244 Buchholz GERMANY Phone: +49 4181 213-260 |
3. Data Protection Officer
You may contact our Data Protection Officer as follows:
Contact form: https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22589 Hamburg
GERMANY
4. Data Security
In order to develop the measures required in Art. 32 GDPR and achieve a level of protection appropriate to the risk, we have established an information security standard according to VdS 10000 in our companies.
The guidelines of the VdS 10000 – Cyber-Security für kleine und mittlere Unternehmen (KME) (VdS 10000 – Cyber Security guidelines for small and medium enterprises (SME)) of the VdS Schadenverhütung GmbH contain guidelines and assistance for the implementation of an information security management system as well as specific measures for the organizational and technical protection of IT infrastructures. They are designed to ensure an adequate level of protection.
II. Data processing in detail
In this section of the Privacy Policy, we will inform you in detail about the processing activities within the scope of our services. For better clarity, we structure this information according to certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can take effect one after the other or simultaneously.
1. Generel information about data processing
Unless otherwise indicated, all processing operations set out below are subject to the following conditions:
a. No obligation to provide personal data
There is no contractual or legal obligation to provide personal data. You are not obliged to provide data.
b. Consequences of non-provision
In the case of necessary data (data that are marked as mandatory data when entered), non-provision of this data means that the service in question cannot be provided. Otherwise the non-provision may result in our services not being provided in the same form and quality.
c. Consent
In various cases you have the opportunity to give us your consent to further processing in connection with the processing activities described below (even for only some of the data concerned). In this case, we will inform you separately about all modalities and the scope of the consent and about the purposes that we pursue with these processing activities in connection with you giving the respective declaration of consent.
d. Transfer of personal data to third countries
If we transmit data to third countries, i.e. countries outside the European Union, then the transmission takes place exclusively in compliance with the legally regulated conditions of permissibility.
The admissibility requirements are regulated by Art. 44-49 GDPR
e. Hosting with external service providers
Our data processing is carried out to a large extent by so-called hosting service providers, who provide us with storage space and processing capacities in their data centres and also process personal data on our behalf in accordance with our instructions. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection through the use of EU standard data protection clauses.
f. Transmission to public authorities
We transfer only personal data to government authorities (including law enforcement agencies) when such a trnsfer is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 c GDPR) or if it is necessary to assert, exercise or defend legal claims (legal basis: Art. 6 Para. 1 f GDPR).
g. Retention period
We do not store your personal data for a longer period than we need it for the respective processing purposes. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this could be:
- Compliance with commercial and tax retention obligations
- Obtaining evidence for legal disputes within the scope of the statutory limitation provisions
We may also continue to store your data if you have given your express consent.
h. Categories of recipients
In addition to the categories of recipients explicitly listed below, personal data is also transmitted to the following categories of recipients: postal or shipping providers, telephone and fax provider.
i. Data Categories
- Account data: Login/user ID and password
- Personal master data: Title, gender, first name, last name
- Nationality and status of work permit
- Address data: Street, building name or number, address supplements if applicable, postal code, city, country
- Contact details: Telephone number(s), fax number(s), e-mail address(es)
- Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration.
- Payment details: account details
- Access data: Date and time of the visit to our service; the page from which the accessing system accessed our site; pages accessed during use; session ID data; also the following information about the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
- Application data: Curriculum vitae, references and further evidence of previous employment, work samples, certificates, pictures
- Data according to Art. 9 GDPR: Data revealing racial or ethnic origin, religious or philosophical beliefs or trade union membership, as well as health data and information on disabilities.
- Pictures/Videos: Photos, video recordings
- Working hours: Attendances and absences, divided into duration and type (e.g. illness with/without continued pay, vacation, etc.)
- Tax and social insurance data: tax class, ELSTAM characteristics, social insurance number, tax identification number, etc.
2. Processing activities as per scope 1 a)
2.1 Accessing the web site/application
This section describes how we process your personal data when accessing our services. We would particularly like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functionality of transmitting information on the internet.
We use the following cookies on our websites:
| Cookie-name: | Websites | Purpose / function: | Retention period: |
|---|---|---|---|
| I18N_LANGUAGE | www.lsh-ag.de www.otg.de | Saves the language selected by the user. | This is a session cookie and is deleted by the browser immediately upon closing. |
| sticky | www.lsh-ag.de www.otg.de | With this cookie, the load balancer decides which server answers the request. | This cookie expires after 1 hour. |
| hide-dsgvo-banner | www.lsh-ag.de www.otg.de | With this cookie the website remembers that the data protection notice has been taken note of and the banner is no longer displayed. | This cookie expires 10 years after it was stored. |
| fe_typo3_user | www.lsh-ag.de www.otg.de | Saves the login status of a user on the backend of the TYPO3 editorial system. | Session |
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Access data | Establishing a connection, displaying the contents of the service, detecting attacks on our site based on unusual activities, fault diagnosis | Art. 6 para. 1 letter f GDPR | proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems | 7 days |
| Cookies | User-friendly website design and device recognition | Art. 6 para. 1 f GDPR | User-friendly website design and device recognition | See list under 2.1. |
b. Recipient of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Hosting service provider | Access data | Order processing (Art. 28 GDPR) | |
| IT security service provider | Access data | Order processing (Art. 28 GDPR) | |
| Agencies | Access data | Order processing (Art. 28 GDPR) |
YouTube:
To provide you with information in the form of videos, we have incorporated the YouTube video service of Google’s subsidiary YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. In order to be able to display the content in your browser, YouTube must receive your IP address; otherwise, YouTube will not be able to provide you with this embedded content.
Your consent serves as the legal basis for processing this data, according to Art. 6 para. 1 a) DSGVO. The system does not store this, and it only applies to the current session.
Only after your confirmation as the user will data such as the IP address be processed and content delivered.
Further information on Google’s data processing can be found in Google’s privacy policy at https://www.google.de/intl/de/policies/privacy/.
2.2. Contact form
Here we describe what happens to your personal data in connection with the use of our contact forms:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Contact details (mandatory mail field) | Inquiries from customers and interested parties | Art. 6 para. 1 letter f GDPR | Processing of aubmitted requests | 1 year |
| Personal master data | Personalization of request processing | Art. 6 para. 1 letter f GDPR | Personalization of request processing ; delivery option for e.g: replacement delivery, information material … | 1 year |
| address details | postal dispatch | Art. 6 para. 1 letter f GDPR | Delivery option for e.g: Replacement delivery, information material … | 1 year |
| Free text (required) | Specification of the request | Art. 6 para. 1 letter f GDPR | Processing of requests made | 1 year |
| Categorization Request (Mandatory field) | Assigning the request | Art. 6 para. 1 letter f GDPR | enables faster processing | 1 year |
2.3 Newsletter
A newsletter subscription is currently not available.
2.4. Job applications
We describe in this section what happens to your personal data in connection with job applications:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Address data, contact details | Identification, contacting, communication prior to concluding a contract | Art. 6 para. 1 b GDPR | 6 months | |
| Personal master data | Identification, contacting, age verification | Art. 6 para. 1 b GDPR | 6 months | |
| Application details | Applicant selection | Art. 6 para. 1 b GDPR | 6 months |
b. Empfänger der personenbezogenen Daten
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| HR consultants, temporary employment agencies | All data mentioned under a. | Application (Art. 6 para. 1f) | ./. |
| Application management Software | All data mentioned under a. | Art. 28 GDPR | ./. |
2.5 Tracking
Tracking tools are not used for our websites.
2.6 Communication with new and existing clients
In this section we describe how we process personal data when communicating with new and existing clients:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Address data, Contact details | Identification, establishing contact, communication | Art. 6 para. 1 b and 1 f GDPR | Acquisition of new clients | 10 years |
| Personal master data | Identification, establishing contact | Art. 6 para. 1 b and 1 f GDPR | Acquisition of new clients | 10 years |
| Payment details | Payment processing | Art. 6 para. 1 b GDPR | ./. | 10 years |
b. Recipients of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Only within the business | All data mentioned under a. | Art. 6 para. 1b GDPR | ./. |
2.7 Visitors‘ management / Contractors‘ management
Here we describe what happens to your personal data in connection with the management of our visitors and contractors:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Contact details | Identification, establishing contact, communication prior to entering into a contract | Art. 6 para. 1 b and 1 f GDPR | Seamless technical and organisational operation; Safeguarding access to our business premises | max. 14 days |
| Personal master data | Identification, establishing contact | Art. 6 para. 1 b and 1 f GDPR | Seamless technical and organisational operation; Safeguarding access to our business premises | max. 14 days |
b. Recipients of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Only within the business | All data mentioned under a. | Art. 6 para. 1f GDPR | Seamless technical and organisational operation; Safeguarding access to our business premises |
2.8 Quality assurance (Laboratory analyses / complaints)
How we process personal data for the purpose of quality assurance is described in this section:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Account data (only Laboratory analyses) | Logon via a portal | Art. 6 para. 1 b GDPR | ./. | 6 and 10 years respectively |
| Address data, Contact details | Complaints management | Art. 6 para. 1 b and 1 f GDPR | Quality assurance and customer service | 6 and 10 years respectively |
| Personal master data | Complaints management | Art. 6 para. 1 b and 1 f GDPR | Quality assurance and customer service | 6 and 10 years respectively |
b. Recipients of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Laboratories | Account data, Contact details, Personal master data | Art. 6 para. 1 b and 1 f GDPR | Quality assurance |
| Only within the business | Account data, Contact details, Personal master data | Art. 6 para. 1 b and 1 f GDPR | Quality assurance and customer service |
2.9 CCTV
In this section we describe how we process personal data when using CCTV:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Pictures / videos | Access control via video surveillance | Art. 6 para. 1 f GDPR | Safeguarding access to our business premises | 24 hours or longer when necessary to hold as evidence |
b. Recipients of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Security firm | Pictures / videos | Art. 6 para. 1 f GDPR | Safeguarding access to our business premises |
2.10 Management of goods
In this section we describe how we process personal data in connection with our managment of goods:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Contact details | Fulfilling orders | Art. 6 para. 1 b GDPR | ./. | max. 6 months after order placement; Contracts and invoices 10 years |
| Personal master data | Fulfilling orders | Art. 6 para. 1 b GDPR | ./. | max. 6 months after order placement; Contracts and invoices 10 years |
b. Recipients of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Only within the business | All data mentioned under a. | Art. 6 para. 1 b GDPR | ./. |
| Suppliers/logistics providers | All data mentioned under a. | Art. 6 para. 1 b GDPR | ./. |
2.11. YouTube
In order to provide you with information in the form of videos, we have integrated the video service YouTube of the Google subsidiary YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. In order to be able to display the content in your browser, YouTube must receive your IP address, because otherwise YouTube could not provide you with this embedded content. The legal basis for this data processing is your consent pursuant to Art. 6 (1) a) DSGVO. This is not stored by the system and only applies to the current session. Only after confirmation by you as the user will data such as: IP address processed and content delivered. For more information on data processing by Google, please refer to Google's privacy policy at www.google.de/intl/de/policies/privacy/.
The embedding of Youtube on this website takes place without the setting of cookies via the domain www.youtube-nocookie.com in the so-called "extended data protection mode". No cookies are then collected on user activity in order to personalize video playback. However, if you are logged in to Youtube or Google in the background and/or cookies from these services are already stored on your device, these cookies will be read in connection with the provision of the video and processed by the provider.
2.21 Participation in consumer surveys and product panels
Here we explain how we process personal data of participants in our product panels:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Personal master data, Contact details, taste likes and dislikes | Implementation of consumer surveys and product panels | Art. 6 para. 1 a GDPR | ./. | Until the withdrawal of consent |
| Health data (allergies) | Prevention of allergies or intolerances when conducting consumer surveys and product panels | Art. 6 para. 1 a GDPR in conjunction with Art. 9 GDPR | ./. | Until the withdrawal of consent |
b. Recipients of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Hosting Service Providers / Software Providers | All data mentioned under a. | Art. 28 GDPR | ./. |
2.11. YouTube
3. Processing activities as per scope 1 b
3.1 Performance of the employment relationship
Here we describe how we process your personal data within the comtext of employment. These include in particular payroll accounting, the payment of taxes and social security contributions, the management of a personnel file, the recording and administration of attendance and absence times (illness, vacation, etc.) and internal business processes.
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Personal master data | Performance of the employment relationship | Art. 6 para. 1 b GDPR | ./. | 10 years following the termination of the employment relationship |
| Nationality and status of work permit | Performance of the employment relationship | Art. 6 para. 1 b GDPR | ./. | 10 years following the termination of the employment relationship |
| address details | Performance of the employment relationship, postal availability | Art. 6 para. 1 b GDPR | ./. | 10 years following the termination of the employment relationship |
| contact details | Performance of the employment relationship, accessibility | Art. 6 para. 1 b GDPR | ./. | 10 years following the termination of the employment relationship |
| payment details | payroll accounting | Art. 6 para. 1 b, c GDPR | ./. | 10 years following the termination of the employment relationship |
| application details | Implementation of the employment relationship, part of the personal file | Art. 6 para. 1 b GDPR | ./. | 10 years following the termination of the employment relationship |
| Data according to Art.9 GDPR | Implementation of the employment relationship, registration procedure for social security and tax office / allowances / BGM | Art. 6 para. 1 b, c GDPR | ./. | 10 years following the termination of the employment relationship |
| working hours | Execution and accounting of the employment relationship, creation of reserves | Art. 6 para. 1 b, c GDPR | ./. | 10 years following the termination of the employment relationship |
| Tax and social security data | Taxes and levies /contribuations payable | Art. 6 para. 1 b GDPR | ./. | 10 years following the termination of the employment relationship |
b. Recipient of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Affiliated companies | All data from table 2 a | Art. 6 para. 1 b, f GDPR | Optimization and simplification of administration within the group of companies |
| Tax and legal advisors | Personal master data, address data, payment data, tax and social security data | Art. 6 para. 1 b GDPR | ./. |
| Authorities, social insurance carriers, accident insurance carriers | Personal master data, address data, citizenship, tax and social insurance data | Art. 6 para. 1 c GDPR | ./. |
| Company medical service | Personal master data | Art. 6 para. 1 c GDPR | ./. |
3.2 Publication on our homepage
What happens to your personal data in connection with a publication on the Internet is described here:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Pictures/videos | Presentation of the company to the public | Art. 6 para. 1 letter a GDPR | ./. | Duration of consent |
| Personal master data | Presentation of the company to the public | Art. 6 para. 1 letter a GDPR | ./. | Duration of consent |
b. Recipient of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Service provider for hosting | all data mentioned under a. (if not revoked/withdrawn in parts) | Order processing (Art. 28 GDPR) | ./. |
| Public | all data mentioned under a. (if not revoked/withdrawn in parts) | Art. 6 para. 1 letter a GDPR | ./. |
3.3 Publication in our Intranet or the training platform OnCademy
We describe here what happens to your personal data in connection with a publication on the intranet or the training platform:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Pictures/videos | Presentation for internal or group processes | Art. 6 para. 1 letter a GDPR | ./. | Duration of consent |
| Personal master data | Presentation for internal or group processes | Art. 6 para. 1 letter a GDPR | ./. | Duration of consent |
b. Recipient of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Service provider for hosting | all data mentioned under a. (if not revoked/withdrawn in parts) | Order processing (Art. 28 GDPR) | ./. |
| Service provider for the creation of images/videos | all data mentioned under a. (if not revoked/withdrawn in parts) | Art. 6 para. 1 letter a GDPR | ./. |
| Affiliated companies | all data mentioned under a. (if not revoked/withdrawn in parts) | Art. 6 para. 1 letter a GDPR | ./. |
| platform OnCademy Pink University GmbH | all data mentioned under a. (if not revoked/withdrawn in parts) | Order processing (Art. 28 GDPR) | ./. |
3.4 Publication in print media
We describe here what happens to your personal data in connection with a publication in print media:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Pictures/videos | Presentation for internal or group processes | Art. 6 para. 1 letter a GDPR | ./. | Duration of consent |
| Personal master data | Presentation for internal or group processes | Art. 6 para. 1 letter a GDPR | ./. | Duration of consent |
b. Recipient of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Service provider for hosting | all data mentioned under a. (if not revoked/withdrawn in parts) | Order processing (Art. 28 GDPR) | ./. |
| Affiliated companies | all data mentioned under a. (if not revoked/withdrawn in parts) | Art. 6 para. 1 letter a GDPR | ./. |
3.5 IT security
It is necessary to process data during the ongoing operation in order to safeguard IT security. You can find out how your personal data is processed here:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Account details | Determination of log-in usage | Art. 6 para. 1 f GDPR | Protection of data and verification possibility | 6 months |
| Access data | Access times, duration, what was accessed | Art. 6 para. 1 f GDPR | Protection of data and verification possibility | 6 months |
| Contact details | Possible use as user name | Art. 6 para. 1 f GDPR | Proof of personalised access | 6 months |
| Personal master data | username | Art. 6 para. 1 f GDPR | Proof of personalised access | 6 months |
3.6 User administration
You can find out here how your personal data is processed for user administration purposes:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Account details | Determination of log-in usage | Art. 6 para. 1 f GDPR | Protection of data and verification possibility | 6 months |
| Permissions | Manage users and access permissions | Art. 6 para. 1 b GDPR | ./. | Duration of the necessity of the authorization |
3.7 Internet usage
You can find out here how your personal data is processed for user administration purposes:
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Account details | Determination of log-in usage | Art. 6 para. 1 f GDPR | Protection of data and verification possibility | 6 months |
3.8 Processing in company pension scheme
We describe here what happens to your personal data in connection with the company pension scheme (“Betriebliche Altersversorgung” or “bAV”):
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Personal master data | Performance and settlement of the employment relationship | Art. 6 para. 1 b GDPR | ./. | 10 years following the minimum duration of employment max. ensuring correct taxation of company pension payments at a later date |
b. Recipient of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Insurance companies, insurance service providers | Personal master data | Art. 6 para. 1 b GDPR | ./. |
3.9 Insurances
a. Information on processing
| Data category | Intended purpose | Legal basis | Legitimate interest, if any | Retention period: |
|---|---|---|---|---|
| Address data | Risk protection | Art. 6 para. 1 b GDPR | ./. | 10 years after end of contract or end of discovery period |
| Working time | Risk protection | Art. 6 para. 1 b GDPR | ./. | 10 years after end of contract or end of discovery period |
| Sensitive information pursuant to Art. 9 GDPR | Risk protection | Art. 6 para. 1 b GDPR | ./. | 10 years after end of contract or end of discovery period |
| Contact details | Risk protection | Art. 6 para. 1 b GDPR | ./. | 10 years after end of contract or end of discovery period |
| Personal master data | Risk protection | Art. 6 para. 1 b GDPR | ./. | 10 years after end of contract or end of discovery period |
| Payment details | Risk protection | Art. 6 para. 1 b GDPR | ./. | 10 years after end of contract or end of discovery period |
b. Recipient of personal data
| Recipient category | Data concerned | Legal basis for the transmission | Legitimate interest, if any |
|---|---|---|---|
| Insurance brokers | All data mentioned under a. | Art. 6 para. 1 b GDPR | ./. |
III. Rights of the data subject
1. Right to objekt
If we process your personal data for the direct marketing purposes, you have the right to object, taking effect for the future, at any time to the processing of your personal data for the purpose of such marketing, insofar as it is connected with such direct marketing
You also have the right, on grounds relating to your particular situation, to object at any time and with future effect to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f) of the GDPR.
You can exercise your right to object free of charge.
You can reach us via the contact details mentioned under I.2
2. Right of access
You have the right to obtain from us confirmation as to whether or not we process personal data concerning you, which personal data this may be, and other information pursuant to Art. 15 GDPR
3. Right of rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning yourself (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed - including by means of providing a supplementary statement.
4. Right to erasure ("right to be forgotten")
You have the right to obtain from us the erasure of your personal data without undue delay if one of the grounds stated in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 GDPR.
5. Right to restriction of processing
You are entitled to obtain from us restriction of processing of your personal data if one of the conditions laid down in Art. 18 para. 1 letters a) to d) GDPR applies.
6. Right to data transferability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible person without hindrance from us or to obtain a direct transfer by us, if this is technically possible. This shall apply whenever the data processing is based on consent or a contract and the data are processed automatically. This therefore does not apply to data held only in paper form.
7. Right to withdraw consent
If the processing is based on your consent, you have the right to withdraw your consent at any time. This shall not affect the lawfulness of the processing carried out on the basis of consent until withdrawal.
8. Right to appeal
You have the right to appeal to a supervisory authority.
IV. Glossary
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)
Cookies: Iconnection with the World Wide Web, a cookie describes a small text file that is stored locally on the user's computer when a website is visited. This file stores data about the behaviour of the user. If the browser is called and the corresponding website is visited repeatedly, the cookie is used and provides the web server information about the surfing behaviour of the user using the stored data.
Cookies in this context are about information that a website stores locally on the visitor's computer in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read out again by the same web server from which they were created. Most browsers automatically accept cookies. You can manage cookies using the browser functions (usually under "Options" or "Settings"). This may deactivate the storage of cookies, make it dependent on your consent in individual cases or otherwise restrict it. You can also delete cookies at any time.
Third countries: country not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA).
Personal data: Any information relating to an identified or identifiable natural person. A natural person shall be regarded as identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pixel: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered. This allows the server operator to see if and when an e-mail was opened or a website visited. Usually this function is realized by calling a small program (Javascript). This allows certain types of information to be recognized and shared on your computer system, such as the content of cookies, the time and date the page was viewed, and a description of the page on which the tracking pixel is located.
Services: Our offers, to which this data protection declaration applies (see scope of application).
Tracking: The collection of data and its evaluation regarding the behaviour of visitors to our services.
Tracking Technologies: Tracking can be done both through the activity logs (log files) stored on our web servers and by collecting data from your device device via pixels, cookies and similar tracking technologies.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Last modified: 14.01.2025