Privacy Policy
1. Privacy policy overview
General information
The following information provides a simple overview of what happens to your personal data when visiting this website. Personal data is all data with which you can be identified personally. Detailed information on the subject of data protection can be found in our privacy policy listed below.
Data processing on this website
Who is responsible for the data processing on this website?
The data processing on this website is carried out by the website operator. You can see the contact details of the website operator in the section ‘information on the responsible body’ in this privacy policy.
How do we collect your data?
On the one hand, data is collected when you provide it to us. This can be data which you fill in in a contact form for example.
Other data is collected automatically or upon your consent when visiting the website by our IT-systems. This is mainly technical data (e.g. internet browser, operating system or the time of the visit). The collection of this data is made automatically as soon as you visit this website.
For what purpose is your data used?
Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information about the origin, the receiver and the purpose of your stored personal data free of charge and at any time. You also have the right to demand to correct or delete this data. If you agree to the use of your data, you can withdraw this consent for the future at any time. Moreover, you have the right to demand the limitation of the use of your personal data under certain circumstances. You have also the right to lodge a complaint with the responsible authorities.
For this as well as for further questions on the subject of data protection you can contact us at any time.
Analysis tools and third-party tools
When visiting this website your surf behaviour can be statistically used. This is mainly done by the use of so-called analysers.
You can find detailed information on these analysers in the following privacy policy.
2. Hosting and Content Delivery Networks (CDN)
We host the content of our website with the following providers:
Amazon Web Services (AWS)
Provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxemburg (called AWS in the following).
If you visit our website, your personal data is processed by the servers of AWS. Here, personal data can also be transferred to the mother company of AWS in the USA. The data transmission to the USA is based on the EU-standard contract clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
Further information can be found in the privacy policy of AWS: https://aws.amazon.com/de/privacy/?nc1=f_pr.
The use of AWS is based on article 6 paragraph 6 letter f GDPR. We have a legitimate interest in the display of our website as reliable as possible. If we ask for your consent, the processing is based solely on article 6 paragraph 1 letter a GDPR and § 25 paragraph 1 TDDDG as far as the consent includes the storage of cookies or the access to information on the user’s end device (e.g. device fingerprinting) in terms of the TDDDG. The consent can be withdrawn at any time.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which should guarantee the compliance of European privacy policy standards when data is processed in the USA. Each company which is certified according to the DPF is obliged to comply with these privacy policy standards. Further information can be found following this link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TOWQAA4&status=Active
Order process
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that the personal data of visitors of our website is only processed in accordance with our instructions and in compliance with the GDPR.
Shopify CDN
We use the Content Delivery Network Shopify CDN. Provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (called „Shopify“ in the following).
Shopify offers a worldwide distributed Content Delivery Network. For this technical information is transferred between your browser and our website through the network of Google. Thus, we can increase the worldwide availability and performance of our website.
The use of Shopify CDN is based on our legitimate interest in providing our web service in a secure and error-free way as far as possible (article 6 paragraph 1 letter f GDPR).
The data transmission to the USA is based on the standard contract clauses of the EU-Commission. You can find further information on Shopify CDN here: https://www.shopify.de/legal/datenschutz.
Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that the personal data of visitors of our website is only processed in accordance with our instructions and in compliance with the GDPR.
3. General information and obligatory information
Privacy policy
The provider of this website takes the protection of your personal data seriously. We treat your personal date as strictly confidential and according to the legal data protection regulations as well as your privacy statement.
If you use this website, various personal data is collected. Personal data is data with which you can be identified personally. This privacy policy explains which data we collect and how we use this data. It also explains how and to what purpose this happens.
Please be aware that internet data transmission (e.g. communication per email) may have security risks. The complete protection of your data against access by third parties is not possible.
Information about the responsible body
The responsible body for the data processing on this website is:
HILTL HOSEN-MANUFAKTUR GMBH
Dieselstraße 9 92237
Sulzbach-Rosenberg
(Germany)
Phone: +49 (0)9661 / 57 100
Email: service@hiltl.de
The responsible body is the natural or legal person that decides alone or together with others about the purpose and means for the processing of personal data (e.g. name, email-address etc.).
Storage period
If there is no specific storage period noted in the privacy policy statement, your personal data is stored until the purpose of the data processing does not apply anymore.
If you have a justified request to delete your data or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or legal storage periods); in the latter case the deletion is made after these reasons are no longer applicable.
General information about the legal basis of the data processing on this website
If you have consented to your data processing, we use your personal data according to article 6 paragraph 1 letter a GDPR or article 9 paragraph 2 letter a GDPR if specific data categories according to article 9 paragraph 1 GDPR are processed. If there is an explicit consent to the transmission of personal data to third countries, the data processing is executed according to article 49 paragraph 1 letter a GDPR. If you have consented to the storage of cookies or the access to information on your end device (e.g. via device fingerprinting), the data processing is also made according to § 25 paragraph 1 TDDDG. This consent can be withdrawn at any time. If your data is necessary for the fulfillment of the contract or for the processing of pre-contractual actions, we use your data according to article 6 paragraph 1 letter b GDPR. Furthermore, we use your data if it is necessary to fulfill a legal obligation according to article 6 paragraph 1 letter c GDPR. Also, the data processing can be done on the basis of a legitimate interest according to article 6 paragraph 1 letter f GDPR. The following paragraphs of this privacy policy informs about the specific legal basis of each case.
Data protection officer
We have appointed a data protection officer.
Datenschutz-Agentur.de
Frauentorstraße 9
86152 Augsburg
(Germany)
Phone: +49 (0)821 - 90786450
Email: epost@datenschutz-agentur.de
Receiver of personal data
As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transfer personal data to these external bodies. We only transfer personal data if we are legally obliged (e.g. transfer of data to tax authorities), if we have a legitimate interest according to article 6 paragraph 1 letter f GDPR or if some other legal basis permits the transfer of data. When using order processing services, we only transfer personal data of our customers on the basis of a valid contract about order processing. In the case of a mutual processing a contract about a mutual processing is concluded.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can withdraw your consent at any time. The legality of the data processing executed until the withdrawal is not affected.
Right of objection to the collection of data in special cases as well as to direct advertising (art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 PARAGRAPH 1 LETTER E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION;
THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER USE YOUR PERSONAL DATA, UNLESS WE CAN GIVE COMPELLING LEGITIMATE REASONS FOR THE USE WHICH OUTWEIGHS YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE USE SERVES THE PURPOSE TO PROVE, EXECUTE OR DEFEND LEGAL CLAIMS (REJECTION ACCORDING TO ARTICLE 21 PARAGRAPH 1 GDPR).
IF YOUR PERSONAL DATA IS USED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THIS USE AT ANY TIME. THIS IS ALSO VALID FOR THE PROFILING IF IT RELATES TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA IS NO LONGER USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION ACCORDING TO ART. 21 PARAGRAPH 2 GDPR).
Right to lodge a complaint with the responsible authorities
In the case of a violation of the GDPR the person concerned has the right to lodge a complaint with a supervisory authority, especially in the member state of your habitual residence, your workplace or the place of the presumed violation.
The right to complain exists without prejudice to other administrative or judicial remedies.
Right to transfer data
You have the right to demand the data which we process automatically on the basis of your consent or the fulfillment of the contract to be handed over to you or a third party in a normal, machine-readable format. If you demand to have your data directly transferred to another responsible party, this is only possible if technically feasible.
Information, correction and deletion
Within the framework of the applicable legal provisions, you have the right for information about your stored personal data, its origin and receiver and the purpose of the data processing and, if necessary, a right to correction or deletion of this data at any time and free of charge. For this or for further questions on the subject of personal data you can contact us at any time.
Right to limit the use of data
You have the right to demand the limitation of the use of your personal data. For this you can contact us at any time. The right to limit the use of your data is applicable in the following cases:
If you dispute the accuracy of your stored personal data, we usually need time to check this. During this time, you have the right to demand to limit the use of your personal data.
If the use of your personal data is/was done unlawfully, you can demand to limit the use of your personal data instead of the deletion.
If we do not need your personal data any longer but you need your personal data to execute, defend or prove a legal claim, you have the right to demand to limit the use of your personal data instead of the deletion.
If you have lodged an objection according to article 21 paragraph 1 GDPR, a balance must be found between your interests and ours. As long as it is not determined which interests outweigh, you have the right to demand to limit the use of your personal data.
If you have limited the use of your personal data, this data can only be used – apart from its storage – with your consent or to prove, execute or defend legal claims or to protect the rights of another natural or legal person or because of an important public interest of the European Union or of one of its member states.
SSL- or TLS-encryptionDue to security concerns and to protect the transfer of confidential content (e.g. orders or inquiries which you send to us as website provider) this website uses an SSL- or TLS-encryption. You can recognize an encrypted connection when the address bar switches from http:// to https:// and when you can see the lock icon in your browser bar. If the SSL- or TLS-encryption is activated, the data which you transfer to us cannot be read by third parties.
Encrypted payment on this websiteIf there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract, this data is required for payment processing.Payment transactions via the usual payment methods (Visa/MasterCard, direct debit) is only made with an encrypted SSL- or TLS-connection. You can recognize an encrypted connection when the address bar switches from http:// to https:// and when you can see the lock icon in your browser bar.Your payment data which you transfer to us cannot be read by third parties if the communication is encrypted.
Objection to advertising emails We hereby object to the use of contact data published in the context of the imprint obligation to send unsolicited advertising and information material. The provider of the website expressly reserves the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.
4. Data collection on this website Cookies
Our website uses so-called “cookies”. Cookies are small data files and do not cause any damage on your end device. They are stored either temporarily for the time of a session (session cookie) or permanently (permanent cookies) on your end device. Session cookies are deleted automatically after the end of your visit. Permanent cookies are stored on your end device until they delete themselves automatically or until an automatic deletion by your web browser is carried out. Cookies can be generated by us (first party cookies) or by third parties (so-called third-party cookies). Third party cookies permit the inclusion of certain services of third companies within websites (e.g. cookies for the processing of payment services). Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to analyse the user behaviour or for advertising purposes. Cookies which are necessary (necessary cookies) for the processing of electronic communications, for the provision of certain functions you wish (e.g. for the shopping basket function) or for the optimization of the website (e.g. cookies for the analysis of the visitors) are stored based on article 6 paragraph 1 letter f GDPR if no other legal basis is noted. The website provider has a legitimate interest in the storage of necessary cookies for the technically smooth and optimal provision of its services. If the consent to the storage of cookies and comparable recognition technologies is requested, the processing is based solely on this consent (article 6 paragraph 1 letter a GDPR and § 25 paragraph 1 TDDDG); this consent can be withdrawn at any time. You can set up your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website can be limited. Which cookies and services we use on this website can be found in the following privacy policy. Hier bitte die CMP mit allen Cookies und Diensten verlinken.
Consent with Cookiebot
Our website uses the consent technology of Cookiebot to get your consent for the storage of certain cookies on your end device or to use certain technologies and to document these in compliance with our privacy policy. Provider of this technology is Cybot A/S, Havnegade 39, 1058 Kopenhagen, Denmark (called “Cookiebot” in the following).If you visit our website, a connection to the servers of Cookiebot is initiated to request your consent and other information for the use of cookies. Afterwards Cookiebot stores a cookie in your browser so that the consent or withdrawal can be assigned to you. This data is stored until you request the deletion, Cookiebot deletes the cookie itself or the purpose of the data storage is no longer applicable. This does not affect compelling legal obligations of data storage. We use Cookiebot to request the legally obliged consent for the use of cookies. Legal basis is article 6 paragraph 1 letter c GDPR.
Order processing
We have concluded a contract about the order processing for the use of the above-mentioned service. This is a contract requested by privacy policy law which guarantees that the personal data of our website visitors is only processed according to the GDPR and our instructions.
Server log files
The provider of the sites collects and stores information automatically in so-called server log files which your browser transfers automatically to us. These are:
Type and version of browser
Used operating system
Referrer URL
Host name of the operating system
Time of the server request
IP-address
This data is not connected to other data sources. The collection of this data is based on article 6 paragraph 1 letter f GDPR. The provider of the website has a legitimate interest in the technically smooth display and the optimisation of its website – for this the server log files must be collected.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, is stored by us for the purpose of processing the inquiry and in the event of follow-up questions. This data is not forwarded to other parties without your consent. The processing of this data is based on article 6 paragraph 1 letter b GDPR unless your request is in connection with the fulfillment of a contract or for the process of pre-contractual actions if necessary. In all other cases the processing is based on our legitimate interest in the effective processing of the request send to us (article 6 paragraph 1 letter f GDPR) or on your consent (article 6 paragraph 1 letter a GDPR) if requested by us; this consent can be withdrawn at any time. The data you provide on the contact form is kept until you request its deletion, withdraw your consent for its storage, or the purpose for its storage no longer pertains (e.g. after your request has been processed). Compelling legal regulations – especially retention periods – remain unaffected.
Request per email, phone or fax
If you contact us per email, phone or fax, your request incl. all personal data (name, request) is stored und processed for the purposes of the processing of your request. This data is not transferred to others without your consent. The processing of this data is based on article 6 paragraph 1 letter b GDPR if your request is in connection with the fulfillment of a contract or if it is necessary for the processing of pre-contractual actions. In all other cases the processing is based on our legitimate interest in the effective processing of requests send to us (article 6 paragraph 1 letter f GDPR) or on your consent (article 6 paragraph 1 letter a GDPR) if requested; this consent can be withdrawn at any time. The data you send to us via contact requests remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Compelling legal regulations – especially retention periods – remain unaffected.
Registration on this website
You can register on this website to use additional functions on the website. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, the registration is rejected. In the event of important changes, for example to the scope of the offer or technically necessary changes, we use the email-address provided during registration to inform you. The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (article 6 paragraph 1 letter b GDPR). The data collected during registration is stored by us for as long as you are registered on this website and is afterwards deleted. Legal retention periods are unaffected.
5. Analysis tools and marketing
A detailed overview of the cookies and services used can be found on the following page:
https://www.hiltl.de/cookiedeclaration
6. Newsletters and advertising per mail Newsletter data
If you wish to receive our newsletter, we need an email-address from you as well as information which allows us to check if you are the owner of the email-address and agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use the newsletter service providers described below to process the newsletters.
Mailchimp
This website uses the services of Mailchimp for sending out newsletters. Provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.Mailchimp is a service that can be used to organize and analyse the sending of newsletters, among other things. If you enter data to receive our newsletter (e.g. email-address), this data is stored on the servers of Mailchimp in the USA. With the help of Mailchimp we can analyse our newsletter campaigns. If you open an email sent with Mailchimp, a file (so-called web-beacon) included in the email is connected to the servers of Mailchimp in the USA. Thus, it can be determined if a newsletter was opened and on which links may have been clicked. Additionally, technical information is registered (e.g. time, IP-address, type of browser and operating system). This information cannot be connected to the respective receiver of the newsletter. It only serves the statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters better to the interests of the receivers. If you don’t wish that your data is analysed by Mailchimp, you have to unsubscribe to the newsletter. For this you can find a link in each newsletter. The data processing is based on your consent (article 6 paragraph 1 letter a GDPR). You can withdraw this consent at any time by unsubscribing to our newsletter. The legality of the data processing operations already carried out remains unaffected by your withdrawal. The data which we use for sending out our newsletters is stored by us or by our newsletter service providers until you unsubscribe. Then the data is deleted. Data which is stored for other purposes remain unaffected from this. The data transfer to the USA is based on the standard contract clauses of the EU-Commission. You can find details here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.After unsubscribing from our newsletter service your email-address may be stored by us or by the newsletter service providers in a blacklist if this is necessary to prevent sending out future newsletters. The data from this blacklist is only used for these purposes and is not connected to other data. This serves your interests as well as our interests to compel with the legal regulations for sending out newsletters (legitimate interests according to article 6 paragraph 1 letter f GDPR). The storage of your data in this blacklist is not limited. You can object to the storage of your data if your interests outweigh our legitimate interests. For further information, please follow this link for the privacy policy of Mailchimp: https://mailchimp.com/legal/terms/.The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which should guarantee the compliance with European data protection standards for data processing in the USA. Each company certified according to the DPF is obliged to comply with these data protection standards. You can get further information from the provider following this link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TXVKAA4&status=ActiveOrder processingWe have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Newsletters to customers
If you order goods or services from us and enter your email-address, this email-address may be used by us to send you newsletters, provided we inform you of this in advance. In such a case the newsletter includes only direct advertising for our own similar goods or services. You can unsubscribe to this newsletter at any time. For this purpose, you can find a link in each newsletter. Legal basis for sending out newsletters in this case is article 6 paragraph 1 letter f GDPR in connection with § 7 paragraph 3 UWG. After unsubscribing from our newsletter service your email-address may be stored by us or by the newsletter service providers in a blacklist if this is necessary to prevent sending out future newsletters. The data from this blacklist is only used for these purposes and is not connected to other data. This serves your interests as well as our interests to compel with the legal regulations for sending out newsletters (legitimate interests according to article 6 paragraph 1 letter f GDPR). The storage of your data in this blacklist is not limited. You can object to the storage of your data if your interests outweigh our legitimate interests.
Mail advertising
We use your address in compliance with all legal provisions for sending postal advertising (mail advertising). Legal basis for this is our legitimate interest in direct advertising according to article 6 paragraph 1 letter f in connection with recital 47 GDPR. If your consent is requested, the processing is only made based on article 6 paragraph 1 letter a GDPR; your consent can be withdrawn at any time. More specific regulations may be communicated to you as part of the data collection process and take precedence over these regulations. Your address remains with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or withdraw your consent to postal advertising, your data is deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law storage periods); in the latter case the deletion is applied after these reasons no longer apply. We use the following providers for sending postal advertising: Name und vollständige Anschrift des Dienstleisters
7. eCommerce and payment provider
Use of customer and contract data
We collect, process and use your personal data and contractual data for establishing, structuring the content of and amending our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable or charge the user for the use of the service. Legal basis for this is article 6 paragraph 1 letter b GDPR. The collected customer data is deleted upon conclusion of the contract or the termination of the business relationship and after the expiry of any statutory retention periods. Legal retention periods are unaffected.
Data transmission upon conclusion of contract for online shops, retailers and shipping of goods
If you order goods from us, we forward your personal data to the appointed forwarder for your delivery as well as to the payment provider appointed for the payment processing. Only data is forwarded which is necessary for the respective service providers to fulfill their obligations. Legal basis for this is article 6 paragraph 1 letter b GDPR which permits the use of data for the fulfillment of a contract or for pre-contractual actions. If you have given your consent in accordance with Art. 6 paragraph 1 letter a GDPR, we forward your email-address to the transport company entrusted with the delivery so that it can inform you by e-mail about the shipping status of your order; you can withdraw your consent at any time.
Payment services
We use payment services from third companies on our website. If you purchase goods from us, the payment service providers use your payment data for the processing of the payment (e.g. name, amount, account details, credit card number). For this transaction the contract and privacy policy regulations of the provider are applied. The use of the payment service providers is based on article 6 paragraph 1 letter f GDPR (fulfillment of the contract) as well as in the interest of a smooth, comfortable and safe payment processing (article 6 paragraph 1 letter f GDPR). If your consent is requested for certain actions, article 6 paragraph 1 letter a GDPR is the legal basis for the data processing; this consent can be withdrawn at any time. We use the following payment services / payment service providers on this website:
PayPal
Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg (called „PayPal“ in the following). The data transmission to the USA is based on the standard contract clauses of the EU-Commission. You can find details here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.Please follow this link for the privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Klarna
Provider of this payment service is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (called „Klarna“ in the following). Klarna offers various payment options (e.g. installments). If you choose to pay with Klarna (Klarna checkout solution), Klarna collects various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Please follow this link for details on the use of Klarna cookies: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.Please follow this link for the privacy policy of Klarna: https://www.klarna.com/de/datenschutz/.
American Express
Provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (called „American Express“ in the following).American Express can transfer data to its mother company in the USA. The data transmission is based on the Binding Corporate Rules. You can find details here: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.For further information on the privacy policy of American Express, please follow this link: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.
Mastercard
Provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (called „Mastercard“ in the following).Mastercard can transfer data to its mother company in the USA. The data transfer to the USA is based on the Binding Corporate Rules of Mastercard. Please follow this link for details: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
VISA
Provider of this payment service is Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, Great Britain (called „VISA“ in the following).Great Britain is seen as a safe third country in terms of privacy policy. This means that Great Britain has a level of privacy policy that conforms to the level of privacy policy of the European Union. VISA can transfer data to its mother company in the USA. Data transmission to the USA is based on the standard contract clauses of the EU-Commission. You can find details here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.For further information on the privacy policy of VISA, please follow this link: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
8. Own services Use of applicant’s data
We offer you the opportunity to apply to us (e.g. by email, post or online application form). Below we inform you about the extent, purpose and use of your personal data collected as part of the application process. We assure you that your data is collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data is treated in a strictly confidential manner.
Extent and purpose of data use
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. Legal basis for this is § 26 BDSG German law (initiation of an employment relationship), article 6 paragraph 1 letter b GDPR (general initiation of a contract) and – by your consent – article 6 paragraph 1 letter a GDPR. Your consent can be withdrawn at any time. Your personal data is only forwarded within our company to people who process your application. If the application is successful, your submitted data is stored in our data operating system based on § 26 BDSG and article 6 paragraph 1 letter b GDPR for the purpose of an employment relationship.
Storage period of data
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data is then deleted, and the physical application documents are destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data is required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion only takes place when the purpose for further storage no longer applies. Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the applicant pool
If we do not make you a job offer, you may have the opportunity to join our applicant pool. If you are accepted, all documents and details from your application are transferred to the applicant pool so that you can be contacted in the event of suitable vacancies. Inclusion in the applicant pool takes place exclusively based on your express consent (Art. 6 para. 1 lit. a GDPR). The submission of consent is voluntary and is not related to the current application process. The data subject can withdraw this consent at any time. In this case, the data is irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.The data from the applicant pool is irrevocably deleted no later than two years after consent has been granted.
