Notes on data protection

Last update: May 2018

1. Definitions, Data Controller and Data Protection Officer

In May 2018 the data protection law changed. We would like to take this opportunity to inform you how we, 2SBM, Drechslerstrasse 14, 68535 Edingen-Neckarhausen, (also “Company", "we", "us") process your personal data. 

"Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or special characteristics.

"Processing” means any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This data protection information applies to the processing of personal data and provides, among other things, an overview of what type of data is processed for what purpose. 2SBM is the controller under the law for this data processing as defined in the General Data Protection Regulation ("GDPR").

From time to time it may be necessary to update this information to protect your personal data and to adapt it to current standards and practices. Should there be any significant changes in the processing of your personal data in the future, we will keep you informed at all times.

2. Categories of personal data

We process specific categories of personal data. These includes in particular the following data: 

a. Contact details such as name, address, telephone number and email address

b. Data on your online behaviour and preferences, e.g. browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of server request

This is solely information that does not allow any conclusions to be drawn about your person. This information is produced automatically during internet use and is required for technical reasons so that the requested web content can be correctly displayed. Anonymous information of this kind is statistically evaluated by us in order to improve our website and its underlying technology.

We only collect special categories of personal data, known as "sensitive data", e.g. information about your religious affiliation, when absolutely necessary.

3. Purposes and legal basis of the processing 

If you contact us by email or contact form, the information you provide will be processed exclusively for the purpose of dealing with your contact request and for possible follow-up questions.

As part of a balance of interests to safeguard the legitimate interests of the controller or a third party under Art. 6(1)(f) GDPR, we process your data for the purpose of dealing with your enquiry.

On the basis of your consent under Art. 6(1)(a) GDPR, the lawfulness is given on the basis of the consent given to us in each case for the purposes stated in the consent. Consent given to us can be withdrawn at any time with effect for the future.

If we process personal data about you for the purpose of your application for employment, this will only be done where necessary for the decision on the establishment of an employment relationship. The legal basis is Section 26(1) BDSG (German Data Protection Act).

Furthermore, we may process personal data about you where necessary to defend ourselves against legal claims asserted against us in the application process. The legal basis is Art. 6(1)(f) GDPR; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).

Where an employment relationship is established between you and us, under Section 26(1) BDSG we may further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the representation of the interests of the employees resulting from a law or a collective wage agreement, a company agreement or a service agreement (collective agreement).

We process data related to your application. This may include general information about you (such as your name, address and contact details), information about your professional qualifications and schooling or information about professional development or other information you provide to us in connection with your application. In addition, we may process job-related information made publicly available by you, such as a profile on professional social media networks.

We do not use any mechanisms of automated decision-making including profiling as laid down in Art. 22 GDPR.  Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

4. Newsletter

When you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Newsletter subscribers may also be informed by email of circumstances relevant to the service or registration (for example, changes to the newsletter provision or technical matters). For correct registration we need a valid email address. In order to verify that the person registering is actually the owner of the email address provided, we use the "double opt-in" procedure. This involves logging the newsletter order, sending a confirmation email and receiving the requested answer. No additional data is collected. The data will be used exclusively for sending the newsletter and will not be passed on to third parties.

You can withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time. In each newsletter you will find a link allowing you to unsubscribe. You can also unsubscribe directly from this website at any time or inform us of your request using the contact details given at the beginning or end of this data privacy statement.

 

5. Data processing on this website / Use of Google Analytics

The company automatically collects and stores in its server log files information that your browser transmits to us. This is: Browser type/version, operating system used, referrer URL (previously visited page), host name of accessing computer (IP address), time of server request. This data cannot be assigned by us to specific persons. This data will not be merged with other data sources and the data will be deleted.

Contract data processing

We have entered into a contract with Google Analytics, a web analysis service of Google Inc. ("Google"), for data processing and implement the strict requirements of German data protection when using the services of Google Analytics. 

Use of cookies

The website uses so-called cookies in several places. They are intended to enable an analysis of how you use the website and to make our services more user-friendly, more effective and safer. However, personal data is not stored in cookies. Cookies are small text files which are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after you leave our website. Cookies do not cause any damage to your computer and do not contain viruses. The information generated by cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

IP anonymisation

We have activated the IP anonymisation function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports regarding website activity, and provide other services for the website operator related to website usage and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be associated with other data by Google.

Browser plugin

You can prevent the use of cookies by selecting the corresponding settings on your browser; however, we would like to point out that if you do this, you may not be able to fully utilise all functions provided on this website. In addition, you can prevent Google from collecting the data (including your IP address) created by the cookie and related to your use of the website, as well as the processing of such data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. For more information please visit http://tools.google.com/dlpage/gaoptout?hl=en or http://www.google.com/intl/de/analytics/privacyoverview.html (General information on Google Analytics and data protection. Our website uses Google Analytics with an extension to the code "gat._anonymizeIp();", which achieves an anonymous collection of IP addresses ("IP masking").

In addition or as an alternative to the browser plugin, you can prevent tracking by Google Analytics on our pages by clicking on this link . An opt-out cookie will be installed on your device. This will prevent Google Analytics from collecting cookies for this website and for this browser in the future as long as the cookie remains installed in your browser.

Google Maps plugin

We use a plugin from the web service Google Maps on our website. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”). When you use Google Maps on our website, information about the use of this website and your IP address is transmitted to a Google server in the USA and also stored on this server. We have no knowledge of the exact content of the data transmitted, nor of its use by Google. In this context, the company denies that it associates the data with information from other Google services and the collection of personal data. However, Google may transfer the information to third parties. If you deactivate JavaScript in your browser, you prevent Google Maps from running. However, you will not be able to use any of the maps displayed on our website. By using our website, you consent to the collection and processing of information by Google Inc. as described above. To learn more about the Google Maps Privacy Policy and Terms of Use, please visit https://www.google.com/intl/en/help/terms_maps.html If you do not consent to the use of Google Maps, you have an opt-out option on the following link https://adssettings.google.com/authenticated.

Google Fonts

This website uses the external fonts Google Fonts. Google Fonts is a service of Google Inc. ("Google"). Google Fonts is integrated by accessing a Google server in the USA. This will tell the server which of our web pages you have visited. The IP address of the browser of the terminal device of the visitor to these web pages is also stored by Google. For more information, please refer to Google's privacy policy, which can be found here: https://www.google.com/policies/privacy/. If you do not consent to the use of Google Fonts, you can opt out on the following link: https://adssettings.google.com/authenticated.

SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognise an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the padlock icon in your browser line. If SSL encryption is activated, the data which you transfer to us cannot be read by third parties.

 

6. Recipients and categories of recipients and transfer of data to countries outside the EU

When fulfilling orders, we also use external service providers. In this context, we transmit personal data to third parties. We also use technical service providers who process personal data on our behalf, e.g. IT service providers. As contract processors, these service providers process the corresponding personal data exclusively in accordance with our instructions. The legal basis for such data processing is Art. 6  (1 / 1 lit. b)  and Art. 28 DSGVO. 

Your personal data will not be transferred to third parties for purposes other than those listed. Furthermore, the data disclosed may only be used by the third party for the aforementioned purposes.

There is no active transfer of personal data to a third country outside the European Union or to an international organisation.

 

7. Criteria for determining the storage period

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or to fulfil our contractual or statutory obligations. After the relevant purpose has ceased or these obligations have expired, the corresponding data will be routinely blocked or erased in accordance with the statutory provisions. 

Any further storage of data will only take place to the extent that we are obliged to store the data for a longer period of time, e.g. due to obligations under social security law, tax law and commercial law regarding storage and documentation (from SGB, HGB or AO legislation), or where you have consented to storage going beyond this. If we no longer need your data for the purposes described above, it will only be stored for the relevant legal retention period and not processed for other purposes.

We store the personal data you provide for the purpose of your application for as long as is necessary to make a decision about your application. If an employment relationship between you and us is not established, we may also further store data to the extent necessary to defend against possible legal claims. The application documents are deleted two months after notification of the rejection decision, unless longer storage is necessary due to legal disputes.

 

8. Data protection measures

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from the risks of data transmission and from third parties gaining knowledge. These will be adapted to the current state of the art.

9. Rights relating to data processing

With regard to the personal data processed by us, you have the following rights:

a. You may at any time withdraw your consent to specific data processing in whole or in part. The consequence of this is that we may no longer continue the data processing based on this consent in the future. However, their withdrawal does not affect the processing of personal data which takes place on a statutory or other basis; continuing the processing is then still allowed.

b. You can request information from us about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been, is or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if not collected by us, and the existence of automated decision-making.

c. You can immediately request the rectification or completion of your personal data stored with us.

d. Where the relevant statutory requirements are met, you may request the erasure or restriction of the processing of your personal data and, if applicable, you may receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or request transmission to another controller.

e. If your personal data is processed on the basis of legitimate interests under Art. 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data under Art. 21 GDPR if there are reasons for doing so relating to your particular situation.

f. If you are of the opinion that the processing of your personal data by us violates the applicable data protection law, you can contact the supervisory authority competent for data protection.

10. Contact

You can contact us at the address 2SBM, Drechslerstrasse 14, 68535 Edingen-Neckarhausen, Germany or via info@2sbm.de or by phone on +49 (0) 06203 / 95425-290 or fax on +49 (0) 06203 / 95425-299. 

For all questions regarding data protection and the assertion of your rights under Section 8, you can also contact the management directly 

Contact details are as follows: 

2SBM, Ms Daniela Silva, Drechslerstrasse 14, 68535 Edingen-Neckarhausen, Germany +49 (0) 06203 / 95425-292

d.silva@2sbm.de