Privacy Statement and Information Obligation pursuant to GDPR

Information obligation pursuant to Article 13 GDPR
Data processing controller according to Article 13(1)(a)

Company name according to Section 17(1) HGB (Handelsgesetzbuch - German Commercial Code), including contact details of the controller (management board)

pro-beam GmbH & Co. KGaA
Zeppelinstraße 26
82205 Gilching
Germany
Tel: +49 (0) 89 / 899 233-0
www.pro-beam.com
Munich District Court, HRB 122635

Managing partners:
Dipl.-Wirt.-Ing. Nicolas Frhr. v. Wolff (CEO)
Dr. Thorsten Löwer (CTO)
 

Contact details of the data protection officer according to Article 13(1)(b) GDPR
Helbig Datenschutz GmbH
Michaela Helbig
Bergstraße 11
91207 Lauf an der Pegnitz
Germany
Tel: +49 9123 70275-10
michaela.helbig(at)helbig-datenschutz.de
 

Purposes and legal basis for processing according to Article 13(1)(c) GDPR
The personal data are processed for the purpose of performing contracts or to take steps prior to entering into a contract. This includes the customer master data with contact persons, as well as the contact history, quotations, orders, invoices, and other statutory obligations of the controller.
The legal bases are set out in Article 6 of the GDPR. Other key legal bases are set out in the Commercial Code (HGB), tax legislation, the Act on Limited Liability Companies (GmbHG), and other statutory provisions relevant to pro-beam GmbH & Co. KGaA. These also include contractual provisions. Newsletters are processed on the basis of consent given by the data subject.
 

Processing is to safeguard the legitimate interests pursued by the controller or a third party according to Article 13(1)(d) GDPR
If necessary, we continue to process your data beyond performance of the contract, in order to safeguard our or a third party’s legitimate interests. This additional processing may include:
- Sales management and sales controlling
- Guaranteeing IT security and IT operations
- Building and plant security measures (e.g. access control) and measures to ensure compliance with on-site regulations
- Business management and development measures
- Enforcement of legal claims and defense in the event of legal disputes
 

Categories of recipients of personal data (data transmission) according to Article 13(1)(e) GDPR
Within Germany, the European Union, and the European Economic Area
Germany:
Tax authorities, social insurance agencies, trade associations, Federal Employment Agency, auditors, bailiffs, and other creditors, as well as other government agencies, to meet legal obligations and for requested certificates. Institutions for company pensions and payments to employees' savings schemes. Logistics companies, customers, suppliers, and other agencies.
 

Third countries, including adequacy decision, according to Article 13(1)(f) GDPR
In the context of international business relationships, data is transferred for the performance of contacts or for pre-contractual measures according to Article 6(1) (b). No adequacy decision is required for this purpose.
 

Period of storage according to Article 13(2)(a)
The applicable purposes arise from the legal requirements and relevant industry-specific regulations. Personal data is erased when the purpose for which it was used has been fulfilled.
 

Rights of the data subject according to Article 13(2)(b)
You may exercise your rights at any time by contacting us using the details above. If we process your personal data, you are a data subject under the GDPR and have the following rights with regard to the controller:
 

Information on the rights of the data subject
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information specified in Article 15 GDPR. The data subject has the right to demand from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, if applicable, to have incomplete personal data completed (Article 16 GDPR). The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds applies in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes for which it was collected (right to erasure). The data subject has the right to obtain from the controller restriction of processing where one of the grounds set out in Article 18 of the GDPR applies, e.g. if the data subject objects to processing, pending verification by the controller. The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will no longer process the personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims (Article 21 of the GDPR).
 

Rights of the data subject according to Article 13(2)(c) GDPR
If you have granted us permission to process your personal data for specific purposes (e.g. editing images of the data subject), the legality of this processing is based on the consent you have provided. You may withdraw your consent at any time. This also applies to declarations of consent granted to us prior to entry into force of the GDPR, i.e. before May 25, 2018. Please note that the withdrawal of consent only applies to the future. Data processing prior to a withdrawal of consent is not affected.
 

Right to lodge a complaint with a supervisory authority according to Article 13(2)(d) GDPR
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Article 77 GDPR). The data subject can lodge this complaint with a supervisory authority in the Member State of his or her habitual residence, place of work, or where the infringement is alleged to have taken place.

The supervisory authority responsible for Bavaria:
Bayerisches Landesamt für Datenschutzaufsicht (Bavarian Data Protection Authority)
Office address
Promenade 27 (Schloss)
91522 Ansbach
Germany
Postal address
PO Box 606
91511 Ansbach
Germany
Contact details
Telephone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle(at)lda.bayern.de

Provision of personal data according to Article 13(2)(e) GDPR
In the context of our business relationship, you only need to provide the personal data that is required to commence, establish, and terminate the employment relationship, or that we are legally required to collect. Without this data, we cannot normally maintain an employment relationship.
 

Amendment of the privacy statement

Change of purpose
We reserve the right to amend this Privacy Statement in compliance with data protection legislation. The most recent version can be found under “Data privacy” on our intranet page and in the relevant HR department. If we intend to process your data for purposes other than those for which it was collected, we will inform you of this in compliance with legal regulations. Last updated 2018-05-03
 

Data protection

General information

The following information gives a simple overview of what happens to your personal data when you visit our website. Personal information is any data that can be used to personally identify you. The Privacy Statement below contains detailed information on data protection.
 

Data collection on our website

Who is responsible for the data collection performed on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the legal notice for this website.
 

How do we collect your data?
Some of your data is collected when you provide this to us. This may be data that you enter into a contact form, for example.

Other data are collected automatically by our IT systems during your visit to our website. This mainly involves technical data (such as your internet browser, operating system or when you accessed the page). These data are collected automatically once you visit our website.
 

What do we use your data for?
Some data are collected to ensure this website operates faultlessly. Other data may be used to analyze your surfing behavior.
 

What rights do you have regarding your data?
Your rights are explained in the mandatory information provided above.  
 

Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily by using cookies and analytics tools. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following Privacy Statement.

You can object to the performance of this analysis. We will tell you below in this Privacy Statement about the methods you can use to object.
 

General information and mandatory information

Data protection
The operator of this website takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with statutory data protection regulations and this Privacy Statement.

Various personal data are collected when you use this website. Personal information is data that can be used to personally identify you.  This Privacy Statement explains what information we collect and what we use it for. It also explains how and for what purpose this takes place.

Please note that the transmission of data on the internet (e.g. when communicating by email) may not be secure. It is not possible to protect data completely against access by third parties.
 

Withdrawal of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may, at any time, withdraw the consent you have previously given us. You only need to send us an email telling us that your consent no longer applies. This does not affect the lawfulness of the data processing we performed before you withdrew consent.

Right to object to the collection of data in special cases, and right to object to direct advertising (Article 21 GDPR)

If data are processed on the basis of Article 6(1)(e) or (f) GDPR, you have the right, at any time, to object to the processing of your personal data on grounds relating to your particular situation. This likewise applies to any profiling based on these provisions. This Privacy Statement sets out the legal basis on which data processing is based. If you object, we will no longer process your relevant personal data, unless we are able to present compelling legitimate grounds for processing your data, which override your interests, rights and freedoms, or if the data is being processed in order to establish, exercise or defend against legal claims (right to object according to Article 21(1) GDPR).

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing;

this includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, the personal data will no longer be processed for such purposes (right to object according to Article 21(2) GDPR).
 

SSL or TLS encryption
This site uses SSL or TLS encryption for security and for the protection of the transmission of confidential content, including any purchase orders or inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
 

Information, blocking, erasure
You have the right at any time and free of charge to access your stored personal data and to be informed of its origin, recipients of the data, and the purpose for which it is processed. You also have the right for this data to be rectified, blocked, or erased. You can contact us at the address given in our legal notice at any time if you have any questions on this issue or on personal data in general.
 

Objection to promotional mailings
We hereby prohibit the use of contact data in our mandatory legal notice for the purpose of sending marketing and information materials not expressly requested by us. The operators of this website reserve the right to take legal action in the event they receive unsolicited marketing information, e.g. spam emails.

 

Data collection on our website

Cookies
This website uses cookies in some instances. Cookies do not harm your computer and do not contain any viruses. They are used to make our website more user-friendly, effective, and secure. Cookies are small text files that are created on your computer and saved by your browser.

Most cookies we use are ‘session cookies’, which are automatically deleted when you leave our website. Other cookies remain saved on your device until you delete them. These cookies allow us to recognize you the next time you visit our website.

You can configure your browser to inform you when a cookie is set and only allow cookies on a one-off basis, to accept cookies in specific cases, to generally prevent cookies being created, or to enable automatic deletion of cookies when you close your browser. However, if you disable cookies you may not be able to use all the features of this website.

Cookies required to perform electronic communication processes or to provide specific functions that you wish to use (e.g. shopping basket function) are saved on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in saving cookies to ensure that its services are provided in a technically fault-free and optimal manner. If other cookies (e.g. cookies to analyze your surfing behavior) are saved, these are dealt with separately in this Privacy Statement.

Server log files
The website provider automatically collects and stores information in server log files, which are transmitted to us automatically by your browser. This information includes:

Browser type/version

Operating system you are using

Referrer URL

Host name of the computer accessing the website

Date and time of server request

IP address

This data is not combined with any other data sources.

The collection of such data is performed on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in having its website displayed in a technically flawless and optimized manner, and this requires saving server log files.

Contact form
If you send us queries via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your query and any follow-up questions. We will not share this information without your permission.

The processing of data entered in the contact form is therefore solely performed on the basis of your consent (Article 6(1)(a) GDPR). You may withdraw this consent at any time. You only need to send us an email telling us that your consent no longer applies. This does not affect the legality of the data processing we performed prior to your withdrawal of consent.

We will retain the data you have entered in our contact form, until you demand it be erased, or you withdraw your consent for us to retain such data, or once the purpose for retaining such data no longer applies (e.g. once we have fully processed your inquiry). This does not affect any mandatory statutory provisions - especially those regarding mandatory data retention periods.

Email, telephone and fax inquiries
When you contact us by email, telephone or fax, we will store and process your inquiry, including all relevant personal data (name, inquiry), for the purpose of attending to your request. We will not share this information without your permission.

These data are processed on the basis of Article 6(1)(b) GDPR where your inquiry is connected with performing a contract, or for taking steps prior to entering into a contract. In all other cases, the processing will be based on your consent (Article 6(1)(a) GDPR) and/or our legitimate interests (Article 6(1)(f) GDPR), because we have a legitimate interest in effectively processing the inquiries made to us.

We will retain the data you provide in our contact form, until you demand that it be erased, or you withdraw your consent for us to retain such data, or once the purpose for retaining such data no longer applies (e.g. once we have fully processed your request). This does not affect any mandatory statutory provisions - especially those stipulating statutory data retention periods.

 

Analysis tools and advertising

Google Analytics
This website uses features provided by Google Analytics, a web analytics service. The operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies, which are text files placed on your computer, to enable it to analyze how you use the website. The information generated by the cookie about your use of the website is generally sent to and stored on Google servers in the United States.

Google Analytics cookies are stored and these analysis tools are used on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior, and in optimizing its online services and its advertising.

 

IP anonymization
We have activated the IP anonymization tool on this website. With this tool your IP address is truncated by Google within member states of the European Union or in other states which are party to the agreement on the European Economic Area prior to transfer to the USA. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. On behalf of this website operator, Google uses this information to analyze your use of the website in order to compile reports about users’ website activities and to provide the operator with other services connected with use of the website use and online activities. Google does not merge the IP address sent from your browser by Google Analytics with other data.

 

Browser plugin
You can prevent cookies being saved by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use all the features of this website. You can also prevent Google collecting and using the data (including your IP address) generated by the cookie by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout.

 

Objecting to the collection of data
You can object to Google Analytics collecting your data by clicking the following link. This creates an opt-out cookie on your computer, which prevents your data from being collected in the future when you visit this website. Disabling Google Analytics.

More information on how Google Analytics uses personal data can be found in the Google privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

Commissioned data processing
We have concluded an agreement with Google for the processing of data on our behalf and we fully implement the strict requirements stipulated by the German data protection authorities when using Google Analytics.

 

Google Analytics demographics
This website uses the “Demographics” feature of Google Analytics. Demographics can be used to create reports with information on the age, gender, and interests of website visitors. The data comes from Google’s personalized advertising and from visitor data provided by third-party providers. This data cannot be associated with a specific person. You can disable this feature at any time by going to the display settings in your Google account or you can generally prevent your data being collected by Google Analytics by following the steps described under “Objecting to the collection of data”.

 

Data retention period
The data Google stores at user-level and event-level, and which is associated with cookies, user-identifiers (e.g. User-ID) and advertising identifiers (e.g. DoubleClick cookies or Android’s Advertising ID) will be anonymized or deleted after 14 months. For details, click on the following link:  https://support.google.com/analytics/answer/7667196?hl=en

 

Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. The operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (e.g. tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give to or withdraw from Google (Article 6(1)(a) GDPR). For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

More information and the data privacy provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads.

 

Plugins and tools

YouTube
This website uses plugins from YouTube, which is operated by Google. The operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

If you visit one of our pages that contains a YouTube plugin, a connection is made to YouTube’s servers. This will tell the YouTube server which of our pages you have visited.

YouTube can also store various cookies on your end device. These cookies provide YouTube with information about visitors to our website. This information is used, among other purposes, to collect statistics on videos, improve user-friendliness and prevent fraud. These cookies will remain saved on your device until you delete them.

If you are logged in to your YouTube account, this will allow YouTube to associate your browsing activity with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our online services visually appealing. This constitutes a justified interest pursuant to Article 6(1)(f) GDPR.

Further information about how YouTube handles user data can be found in YouTube’s privacy policy at:  https://policies.google.com/privacy .

Google Web Fonts
To ensure the uniform display of fonts, this website uses web fonts provided by Google. Google Fonts are locally installed. No connection is established with Google’s servers.
 

In-house services

Job applications
You can submit job applications to us (e.g. via email, by standard mail or by submitting our online job application form). In the following, we will tell you about the scope, purpose and use of the personal data we collect from you within the job application process. We assure you that your data will be collected, processed and used in compliance with the applicable data privacy regulations and all other statutory provisions, and that your data will be treated as strictly confidential.

Scope and purpose of the collection of data
If you submit a job application to us, we will process any associated personal data (e.g. contact and communications data, application documents, notes made during job interviews, etc.), insofar as we need this information to make a decision on whether to offer you an employment position. The legal basis for this is Section 26 BDSG-neu (Bundesdatenschutzgesetz-neu - new German Federal Data Protection Act) (Initiation of an employment relationship), Article 6(1)(b) GDPR (general steps prior to entering into a contract), and Article 6(1)(a) GDPR if you have given your consent. You may withdraw your consent at any time. Your personal data will only be shared within our company among those individuals who are involved in processing your job application.

If your application is successful, the data you have provided will be stored in our data processing systems on the basis of Section 26 BDSG-neu and Article 6(1)(b) GDPR for the purpose of performing the contract.

Data retention period
If we are unable to make you a job offer, if you decline a job offer, or withdraw your application, or withdraw your consent to the processing of your personal data, or you demand that we erase your data, we will store/retain the data you provided, including any remaining hard copies of your application documents, for no more than six months following conclusion of the job application process (data retention period), to enable us to trace the details of the application process in the event that any discrepancies arise (Article 6(1)(f) GDPR).

YOU MAY OBJECT TO SUCH STORAGE/RETENTION, IF YOU HAVE LEGITIMATE INTERESTS THAT OUTWEIGH OUR INTERESTS.

After the data retention period has elapsed, we will erase the data unless we are subject to any other data retention obligation, or there is another legal basis for continuing to retain the data. If it is foreseeable that it will be necessary to continue to retain the data following the data retention period, (because of an imminent or pending legal dispute, for example), the data will only be erased once it is no longer needed for that purpose. This does not affect other statutory data retention periods.

 

Source: E-Recht 24

TOP