data protection
§ 1
Information on the collection of personal data
1. In the following we provide information on the collection of personal data during the use of our website. Personal data are all data that refer to you personally, e.g. name, address, email addresses, user behaviour.
2. Pursuant to Art. 4 No. 7 EU-General Data Protection Regulation (GDPR) the controller is Richard Geiss GmbH, Lüßhof 100, 89362 Offingen, (see our imprint). Our data protection officer, Ms Ulrike Bloesch, can be reached under the following contact data: postal address: c/o Richard Geiss GmbH, Lüßhof 100, 89362 Offingen; Telephone: +49/8224/807-40; per Telefax: +49/8224/807-37; per email: Ulrike.Bloesch@geiss-gmbh.de
3. At the time of your contact initiation with us per email or via a contact form, the data provided by you (your email address, possibly name and telephone number) are stored by us in order to respond to your questions. We erase the data collected in this association after storage is no longer necessary or restrict the processing if statutory retention obligations exist.
4. If we engage service providers for individual functions of our offer or wish to make use of your data for commercial purposes, we inform you below in detail on the respective procedures. At that time we shall also specify the established criteria for the duration of storage.
5. If you send us a job application by regular mail or by email for a position announced on our website, we collect the personal data contained within the framework of your application (e.g. name, address, contact data, date of birth, CV). We use this data to review your suitability for the announced position. After conclusion of the application process, we return your personal data in the event the application was made by regular mail. To this extent no data is stored. In the event of an application by email, we erase your personal data after conclusion of the application process.
§ 2
Your rights
1. You have the following rights against us regarding your personal data:
Rright to Information
Right to rectification or erasure
Right to restrict processing
Right to object to processing
Right to data portability
2. In addition, you have the right to lodge a complaint with data protection supervisory authorities regarding the processing of your personal data by us.
§ 3
Collection of personal data upon visiting our website
1. In the event of simple informational use of our website, and if you do not register or provide us with other information, we collect only the personal data that your browser transfers to our server. If you wish to view our website, we collect the following data which are technically necessary in order for us to present you our website and to assure stability and security (the legal basis is Art. 6 (1) sentence 1 letter f) GDPR):
IP address
Date and time of the enquiry
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific site)
Access status/HTTP status code
Respectively transferred data volume
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software
2. In addition to the above referenced data, cookies are stored on your computer during your use of our website. Cookies are small text files that are stored on your hard drive by the browser used by you and through which certain information flows to the office which places the cookie (here through us). Cookies cannot run programmes or transmit viruses to your computer. They serve the general purpose of making our internet offer user- friendlier and more effective.
3. Use of cookies:
a) This website uses the following types of cookies, whose scope and functionality are clarified in the following:
– Transient cookies (see following letter b)
– Persistent cookies (see following letter c)
b) Transient cookies are automatically erased when you close your browser. In particular, this includes session cookies. They store a so-called “Session ID”, with which various enquiries of your browser in the common session can be assigned. Thereby your computer can be recognised if you return to our website. Session cookies are erased when you log out or close the browser.
c) Persistent cookies are erased automatically after a pre-defined period which can be different depending on the cookie. At any time you can erase the cookies in the security settings of your browser.
d) You can configure your browser settings in accordance with your wishes and e.g. refuse acceptance of third-party cookies or all cookies. We point out that you may not be able to use all functions of this website.
e) We use HTML5 storage objects which can be stored on your terminal device. These objects store the required data independent of your browser and have no automatic expiration date. If you do not wish any processing of the flash cookies, you have to install a corresponding add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects in that you engage the private modus in your browser. In addition, we recommend that you manually erase your cookies and browser history at regular intervals.
§ 4
Additional functions and offers on our website
1. Along with the purely informational use of our website, we offer various services which you can use if interested. As a rule, you must provide additional personal data in order to use these services which we then use to perform the respective service and to which the above referenced principles of data processing apply.
2.If our service provider or partner has its domicile in a country outside of the European Economic Area (EEA), we inform you of the consequences of this fact in the description of the offer.
§ 5
Objection to or revocation of the processing of your data
1. If you have issued your consent to the processing of your data, you can revoke your consent at any time. A revocation influences the permissibility of the processing of your personal data after you have expressed it to us.
2. If we base the processing of your personal data on a balancing of interests, you can lodge an objection to the processing. In particular, this is the case if the processing is not required for the performance of a contract with you, which shall be presented by us in the following description of functions. Upon exercising such a revocation, we request an explanation of the grounds why we may not process your personal data. In the event of your justified objection, we examine the circumstances and shall either terminate or adjust the data processing or point out our compelling legitimate reasons on the basis of which we continue the processing.
3. Naturally you can object to the processing of your personal data for the purpose of marketing and data analysis at any time. You can inform us under the following contact data of your marketing objection: Richard Geiss GmbH, Lüßhof 100, 89362 Offingen; per telephone: +49/8224/807-0; Telefax: +49/8224/807-37; per email: info@geiss-gmbh.de
§ 6
Use of social media plug-ins
1. We currently use the following social media plug-ins: Facebook, Xing, Vimeo, LinkedIn, Youtube, Instagram. Therein we use the so-called Two-Click solution. This means that when you visit our site, initially no personal data are disclosed to the provider of the plug-ins. You can recognise the provider of the plug-in through the marking in the box over its initials or through the logo. We provide you with the option to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data referenced under § 3 of this Declaration are transmitted. In the case of Facebook and Xing, the IP address is immediately anonymised after collecting the data, according to information of the respective provider in Germany. Through activation of the plug-in, your personal data are also transmitted to the respective plug-in provider and stored there (in the case of American providers, the data is stored in the USA). Because the plug-in provider collects data especially through cookies, we recommend that you erase all cookies via the security settings of your browser prior to clicking on the greyed box.
2. We have neither influence on the data collected and the data processing procedures, nor do we have knowledge of the full scope of the data collection, the purposes of the processing and of the storage period. In addition, we have no information on the erasure of the collected data by the plug-in provider.
3. The plug-in provider stores the data collected on you as a usage profile and uses it for purposes of marketing, market research and/or needs-based design of its website. Such an analysis occurs, in particular (also for users not logged in) for presentation of needs-based advertising and in order to inform other users of the social network on your activities on our website. You have an objection right to the formation of this user profile, however, in order to exercise this right you must address the respective plug-in provider. Via plug-ins we offer you the opportunity to interact with social networks and other users so that we can improve our offer and structure it in a more interesting way for you as the user. The legal basis for the use of plug-ins is Art. 6 (1) sentence 1 letter f) GDPR.
4. Data transfer occurs independent of whether you have an account with the plug-in provider and are logged in. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your account with the plug-in-provider. If you press the activated button and, for example, link the sites, the plug-in provider also stores this information in your user account and publically shares your contacts. We recommend that you regularly log out after the use of a social network, in particular, however, prior to activation of the button, because in this manner you can avoid an assignment of your profile to the plug-in provider.
5. Further information on the purpose and scope of data collection and its processing by the plug-in provider is found in the individually issued data protection declarations of the provider. There you can receive additional information on your rights and settings options for the protection of your privacy.
6. Address of the respective plug-in provider and URL with their data protection notifications:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework
b) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
c) Vimeo Inc. 555 West 18th Street New York 10011, https://vimeo.com/privacy.
d) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; www.linkedin.com/legal/privacy-policy;
e) Youtube is one of the Google products provided by Google Ireland Limited. Therefore, the terms of use for YouTube represent an agreement between the user and Google Ireland Limited:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
f) Instagram service is one of the Facebook products provided by Facebook Ireland Limited. Therefore, the terms of use for Instagram represent an agreement between the user and Facebook Ireland Limited:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; https://help.instagram.com/581066165581870; weitere Informationen zur Datenerhebung: https://help.instagram.com/519522125107875
§ 7
Use of Matomo Analytics
This website uses the open source web analytics service Matomo.
With the help of Matomo, we are able to collect and analyse data about how visitors use our website. This allows us to find out, among other things, when which pages were viewed and from which region they came. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
IP anonymisation
We use IP anonymisation for analysis with Matomo. This means that your IP address is truncated before analysis so that it can no longer be clearly assigned to you.
Cookie-free analysis
We have configured Matomo so that it does not store any cookies in your browser.
We are hosting Matomo at the following third party provider:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Telefon: +49-5772-293-100
Telefax: +49-5772-293-333
HRA: 6640, AG Bad Oeynhausen
USt. ID-Nr: DE814773217
7. Information on the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data Protection Declaration: http://www.google.de/intl/de/policies/privacy.
8. This website uses Google Analytics for a cross-device analysis of visitor flows, which is implemented via a user ID. You can deactivate the cross-device analysis in your customer account under “My data”, “Personal data”.
§ 8
Transfer of personal data to third countries outside the EU
This website uses services such as Facebook, Vimeo, LinkedIn, YouTube, Instagram or Google Analytics. In this context, personal data may need to be transferred to third countries outside the EU, in particular to the U.S.
An adequacy decision of the European Commission within the meaning of Art. 45 (1) and (3) GDPR may not exist for these third countries. This means that these countries may not be able to guarantee a level of data protection that is equivalent to that of the EU. Despite applying alternative appropriate safeguards (e.g. encryption or anonymisation) or entering into standard contractual clauses with the service providers based in the third countries, a level of data protection that is comparable to that of the EU may not be guaranteed. This particularly applies to the U.S., given that what is called the EU-US Privacy Shield was invalidated by the Court of Justice of the European Union in its judgement of 16 July 2020 (referred to as Schrems II judgement).
In this context, the following risks arise, which can currently not be ruled out:
Your personal data may be passed on to other third parties that use them for purposes other than the originally intended purpose;
You may not be able to assert or enforce your rights of access against the third party or service provider based outside the EU on a sustained basis;
There may be a higher probability of incorrect data processing, because the technical and organisational measures for the protection of personal data taken by the service provider based outside the EU may not fully comply with the requirements of the GDPR in terms of quantity and quality.
If you have consented to the use of the above-listed services and, consequently, to the transfer of personal data to third countries outside the EU, the transfer of data is based on point (a) of Art. 49 (1) GDPR. You may withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
$9 Personio
Die im Rahmen Ihrer Bewerbung übermittelten Daten auf der Subdomain jobs.geiss-gmbh.de werden per TLS-Verschlüsselung übertragen und in einer Datenbank gespeichert. Diese Datenbank wird von der Personio GmbH, welche eine Personalverwaltungs- und Bewerbermanagement-Software anbietet (https://www.personio.de/impressum/), betrieben. Personio ist in diesem Zusammenhang unser Auftragsverarbeiter nach Art. 28 DS-GVO. Die Grundlage für die Verarbeitung ist hierbei ein Vertrag zur Auftragsverarbeitung zwischen uns als verantwortliche Stelle und Personio.
