DATA PROTECTION NOTICE
If you would like to change your cookie settings, you can do so here.
We, DECO-GLAS GmbH, take the protection of your personal data seriously and would like to inform you here about data protection in our company. With this declaration, we inform you (among other things) about the way in which your personal data is processed by us.
Following the example of Art. 4 of the GDPR, this privacy notice is based on the following definitions:
- “Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (hereinafter also “user” or “data subject”). A person is identifiable if he or she can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, an online identifier, location data or with the aid of information about his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information does not matter (even photographs, video or audio recordings may contain personal data).
- “Processing” (Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by means of automated (i.e. technology-based) processes. This includes, in particular, the collection (i.e., acquisition), recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of an objective or purpose on which a data processing was originally based.
- “Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject or user, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or processor; this also includes other legal entities belonging to the Group.
- “Processor” (Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In particular, a processor is not a third party in the sense of data protection law.
- “Consent” (Art. 4 No. 11 GDPR) of the data subject or user means any freely given, informed and unambiguous expression of will in the form of a statement or other unambiguous affirmative act by which the data subject indicates his or her agreement to the processing of personal data relating to him or her.
2. Scope of data processing
As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users is only carried out if the processing of the data is permitted by legal regulations or after the consent of the user.
3. Legal basis for data processing
Insofar as we obtain the consent of the user for processing operations of personal data on our website, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the user is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of a quasi-contractual obligation or pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the user concerned do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the data processing (so-called balancing of interests). In addition, there are other legal bases for the processing of personal data, which we list below – where relevant.
4. Data deletion and storage period
The personal data of the users will be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject. In addition, storage may take place in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory regulations to which we are subject as the responsible party (e.g. § 257 German Commercial Code, § 147 German Fiscal Code). Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless further storage by us is necessary and there is a legal basis for this.
Your data will only be stored on our servers in Germany.
5. Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TSL encryption for our website) taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
6. Disclosure of personal data
If we pass on personal data, these are service companies that assist us in fulfilling the aforementioned purposes. These companies may only use your personal data as so-called order processors to fulfil their tasks on our behalf and are obliged to comply with the relevant data protection provisions. The processors we use are in particular:
Sycor Yes GmbH, Schweinfurter Straße 9, 97080 Würzburg, Germany
Host Europe GmbH, Welserstr. 14, 51149 Cologne, Germany
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Other processors or other recipients who may have access to your personal data are:
- (Other) service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data centre services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as it does not involve order processors;
- State agencies/authorities, insofar as this is necessary to fulfil a legal obligation. The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. c GDPR;
- Persons hired to conduct our business operations (e.g. auditors, banks, insurance companies, legal counsel, regulators, parties involved in business acquisitions or the formation of joint ventures). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.
For the guarantees of an adequate level of data protection in the event of a transfer of the data to so-called third countries (countries outside the European Economic Area), see under I., 7.
In all other respects, however, personal data will not be passed on to third parties unless you have given your express consent to the transfer in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
7. Conditions for the transfer of personal data to third countries
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These can also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfilment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.
The European Commission certifies data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. Please contact our data protection officer (see under X.) if you would like more information on this.
For more information on the processing of data in the context of the use of Google services, please refer to section IV.
8. No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. For you as a customer or user there is basically no legal or contractual obligation to provide us with your personal data; however, it may be that we are only able to provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products offered by us, you will be informed separately.
9. Legal obligation to transmit certain data
We may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies (Art. 6 para. 1 sentence 1 lit. c GDPR).
II. Processing of personal data
1. Provision of the website and creation of log files
a) Description of the data processing
Each time you visit our website (https://deco-glas.de/), our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
- Browser type and version
- Operating system used
- IP address of the user
- Referrer URL
- Host name of the accessing computer
- Time of the server query
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
b) Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.
c) Purpose of the data processing
The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
d) Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of storage of data in log files, this is the case after 7 days at the latest. Storage beyond this is possible. In this case, the users’ IP addresses are deleted or anonymised, so that an assignment of the calling client is no longer possible.
e) Possibility of objection and elimination
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
2. Contact form / Email contact
a) Description of the data processing
Contact forms are available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask (mandatory and optional fields) will be transmitted to us and stored.
These data are in particular:
- Name, address and company of the user
- Email address
- Your message to us
Alternatively, it is possible to contact us via the e-mail address provided by us. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.
b) Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract or a contractual obligation, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
c) Purpose of the data processing
The processing of personal data serves us solely to process the contact. In the case of contact, this also constitutes the necessary legitimate interest in processing the data.
d) Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
e) Possibility of objection and elimination
If the user contacts us by email or via the contact form, he can object to the storage of his personal data at any time. The objection can be directed by message to the contact information at the end of our privacy notice. In the event of an objection, the conversation with the user cannot be continued and we will delete all personal data stored in the course of contacting the user.
1. Description of the data processing
In order to make the visit to our website attractive and to enable the use of certain functions, we use “cookies”. This is small text information or text files that are stored in the browser or by the browser on the end device. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again. In some cases, however, cookies only contain information about certain settings that cannot be related to a specific person.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In terms of their function, cookies are again distinguished between:
- Essential cookies: These are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which websites you have visited;
- Statistical cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect any information that could identify you – all information collected is anonymous and is only used to improve our website and find out what interests our users;
- Marketing Cookies, Targeting Cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months;
- Cookies for external media: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.
2. Note on changing the browser setting
Most browsers are set to accept cookies automatically. However, the user can prevent cookies from being stored on his or her computer by making the appropriate browser settings, although this may limit the functionality of our website.
3. Legal basis for data processing
Incidentally, the legal basis for the processing of personal data using essential cookies (or technically necessary cookies) is Art. 6 para 1 lit. f GDPR.
4. Cookie dialog box
For more information about which cookies we use and the ability to manage your cookie settings and opt out of certain types of tracking, please see our cookie dialog box.
5. Purpose of data processing
6. Duration of storage, possibility of objection and elimination
IV. Use of Google services and other services/tools
1. General information about Google services
We use various services on our website provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Through the integration of Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country. Google has committed to comply with the so-called EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework on the collection, use and storage of personal data from the member states of the EU and Switzerland, respectively. Google, including Google LLC and its wholly owned subsidiaries in the U.S., has declared by certification that it complies with the Privacy Shield Principles. We ourselves cannot influence which data Google actually collects and processes. However, Google states that, among other things, the following information (including personal data) may be processed:
- Log data (especially the IP address)
- Location-related information
- Unique application numbers
- Cookies and similar technologies
You can find information on Google’s privacy settings.
You have the right to object. The objection can be made by sending a message to the contact information at the end of our privacy notice. Further objection options are described in the individual Google services, if applicable.
2. Use of Google Analytics
3. Use of YouTube
We occasionally use videos from YouTube on our website. YouTube is a service of YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use embedded YouTube videos in the so-called extended data protection mode, i.e. YouTube does not store any information about users of our website unless the users watch the video. If the YouTube video is clicked, this may trigger further data processing operations (such as the storage of cookies by YouTube) over which we have no control. By integrating YouTube, we pursue the purpose of being able to present various videos to you on our website so that you can watch them directly on our website. The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. f) GDPR. Our necessary legitimate interest lies in the great benefit that YouTube offers. By integrating external videos, we relieve our servers and can use corresponding resources elsewhere. Among other things, this can increase the stability of our servers. YouTube and Google have a legitimate interest in the collected (personal) data in order to improve their own services. For more information, please refer to the privacy notices of YouTube and Google.
4. Using the “MyFonts” font service
5. Google Tag Manager
This website uses the Google Tag Manager. Through this service, website tags can be managed through one interface. The Google Tool Manager only implements tags. That means: No cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with Google Tag Manager.
V. Your rights
If your personal data is processed you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
1. Right to information
You have the right to request information about whether personal data concerning you is being processed; if this is the case, you have the right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
2. Right to rectification
You have the right to request without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
3. Right to deletion
You have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued and the statutory retention provisions do not prevent deletion.
4. Right to restriction of processing
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the examination whether the objection can be met.
5. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format in order to be able to transmit it either yourself or – if technically feasible – through us to a third party.
6. Right to object
You have the right to object to the processing of personal data relating to you at any time on grounds relating to your particular situation within the framework of the requirements of Art. 21 GDPR.
7. Right to revoke the declaration of consent under data protection law
You have the right to revoke a declaration of consent given to us under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Rights in the case of automated decisions
If we exceptionally use automated individual case decisions – including profiling – we are required by law to take precautions so that you can influence the decision (Art. 22 GDPR).
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law. The contact details of the supervisory authority responsible for our company can be found at the end of the data protection notice.
We draw your attention to the fact that the above data subject rights may be limited by EU law or applicable national law. To exercise the above rights, please contact us (see contact information at the end of the Privacy Notice). Inquiries submitted to us electronically will generally be answered electronically unless you have specified otherwise in your inquiry.
VI. Data protection information for applicants of DECO GLAS GmbH
1. About your personal data processed
We treat all the information you send us as applicant data. In addition to your CV, this may also include your photo, any details about your state of health or other private information. We process your personal data that you provide to us as part of your application. This applies both to your application documents and to the information you provide in person during the application process, e.g. in telephone interviews, personal interviews or during a visit to a trade fair. For a comprehensive assessment of your application, we will always need your CV as well as references or corresponding evidence. Additional information, including a photo, is optional.
2. Scope of data processing and purposes of use
We process the data provided as part of your application for the purpose of reviewing your application and suitability for the advertised position. We may use specialised service providers to review your application, if necessary. In the event that these service providers are located outside the European Economic Area, we assure you that appropriate security measures are in place. Suitable applications for a position are forwarded by the Human Resources department to the relevant specialist department or national company for closer examination.
We delete your application data 6 months after completion of the application process, i.e. after the position has been filled. This data processing is based on Art. 6 para. 1 sentence 1 letter b GDPR. Your application data will only be stored in the applicant pool if you give your consent to this. We will store your application data for a period of 3 years unless you extend the period. If you consent, we will consider in connection with the application process whether you are eligible for another position within the company that matches your qualifications. This data processing is based on Art. 6 para. 1 sentence 1 letter a GDPR.
If you are under 18 years of age, we require the consent of your legal guardian when entering into a contract with you. Even a longer storage of your application data (e.g. for a later study internship) will only take place with your consent and the consent of your parents.
3. Your rights during the application process
As an applicant, you are entitled to various rights. To exercise the rights to which you are entitled, please contact our data protection officer. You can reach our data protection officer at the contact details listed under X. Each data subject is entitled to the following rights (compare in detail already above under V.):
- Right to information (Art. 15 GDPR)
- Right to rectification of inaccurate data (Art. 16 GDPR)
- Right to deletion (Art. 17 GDPR)
- Right to restrict the processing of personal data (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
In addition, every data subject has a general right to object (compare Art. 21 para. 1 GDPR). In this case, the objection to data processing must be justified. If the data processing is based on consent, your consent can be revoked at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please note that if you object to the data processing, we will no longer be able to consider you in the current application process and in the future filling of positions that may be suitable for you.
VII. External links
Our website may contain links that refer to third-party sites. Insofar as this is not obviously recognisable, we point out that it is an external link. We have no influence on the content and design of the pages of external providers. This data protection notice does not apply there.
VIII. Amendment of this data protection notice
The constant further development of the Internet and the changes in the applicable legal standards frequently associated with this make it necessary to adapt our data protection information from time to time. We will inform you about corresponding innovations at this point. This privacy notice is current as of august 2021.
IX. Person responsible for the processing of your personal data
The responsible party in the sense of the GDPR and other national data protection laws of the EU member states as well as other data protection regulations is:
DECO GLAS GmbH
Am Alten Galgen 4-6
Phone: +49 (0)2602 1566-0
Fax: +49 (0)2602 1566-50
For further information on DECO GLAS GmbH, please refer to our imprint details.
X. Contact details of the data protection officer
The LAN-Security Gesellschaft für Netzwerktechnik und -sicherheit mbH is available at any time to answer any questions you may have and to act as your contact for data protection at our company. The contact details are:
LAN-Security Gesellschaft für Netzwerktechnik und -sicherheit mbH
Phone: +49 (0) 2664 9971911
XI. Contact details of the supervisory authority
The contact details of the supervisory authority responsible for our company’s registered office are:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
PO Box 30 40
Phone: +49 (0) 6131 8920-0
Fax: +49 (0) 6131 8920-299