1. Responsible body
This website and the range of services are operated by:
Schlüter & Maack GmbH
Stadthausbrücke 12
20355 Hamburg – Germany
Telefon: +49 (0) 40 – 32 81 10-0
Telefax: +49 (0) 40 – 32 81 10-44
E-Mail: info(at)schlueter-maack.de
2. General
We designed the website to collect as little data as possible from you. Basically, it is possible to visit our website without providing personal data. The processing of personal data is only required when you decide to use certain services. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or with the consent you have given. We adhere to the provisions of the General Data Protection Regulation (GDPR), which has been in force since May 25, 2018, and the applicable national regulations, such as the Federal Data Protection Act, the Telemedia Act or other more specific laws on data protection.
3. Purpose and legal basis for processing personal data
We always process your personal data for a specific purpose.
In summary, we process your personal data for the following purposes:
1. In order to be able to process your request with you in the event of contact inquiries (e.g. email address, first name, last name);
2. For the technical implementation of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)
3. To receive and process an application from you for one of our vacancies.
The specific purposes are described for the processing shown here.
With regard to the legal basis for the processing of your personal data, the following counts:
We process personal data that are required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 Paragraph 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent according to Art. 6 Para. 1 lit. a GDPR forms the legal basis for the data processing. Data processing is also permitted if we process your data to safeguard our legitimate interests and do not outweigh your interests or fundamental rights and freedoms with regard to the processing of personal data. Insofar as we use external service providers in the context of order data processing, the processing takes place on the legal basis of Art. 28 GDPR.
4. Personal data collected and processed
As part of our website, we collect and process certain personal data from you. We will inform you about the processed data for the processing operations described here.
We will only collect and process your data for the purposes stated in this data protection declaration. Any use beyond the stated purpose requires your express consent. The same applies to the transfer and transfer of your data to third parties.
5. Collection of personal data when you visit our website
If you only use the website for informational purposes, i.e. if you do not provide us with any other information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit.f GDPR ):
– IP address
– the date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– content of the request (specific page)
– Access status / HTTP status code
– Amount of data transferred in each case
– Website from which the request came
– browser
– Operating system and its interface
– Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. You can find more information on this under “Cookies” in this data protection declaration.
6. Integration of services from other providers
Our website uses content, services and performances from other providers. These are, for example, services for integrating special fonts. In order for this data to be called up and displayed in the user’s browser, the transmission of the user’s IP address to this third-party provider is essential.
Even if we endeavor to only use third-party providers who only need the IP address in order to be able to deliver content or even work with anonymized IP addresses, we have no influence on whether the IP address is possibly saved. Information on the third-party providers used can be found below in this data protection declaration.
7. Cookies
Information is collected and stored on our website through the use of so-called browser cookies.
Cookies are small text files that are stored on your data carrier and that save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier.
As long as you visit our website, a session cookie (“PHPSESSID”) is created by our domain, which usually does not save any personal characteristics, but rather assigns a session ID with which a user can be assigned to several sessions. Session cookies are automatically deleted after you close the browser or lose their validity as soon as your session has automatically expired.
If you do not want browser cookies to be used, you can set your browser to “storage of cookies is not accepted”. Please note that in this case you may only be able to use our website to a limited extent or not at all.
8. Contacting us
You can contact us by email. In this case, we will save the personal data you have transmitted in order to process your request and to contact you to process your request.
The legal basis for inquiries that you make yourself as part of a pre-contractual measure is Art. 6 Para. 1 lit.b DSGVO, for inquiries of any other kind Art. 6 Para 1 Sentence 1 lit f. DSGVO. The legitimate interest arises from the purposes mentioned under item 3 a.). If personal data is requested that we do not need to fulfill a contract or to safeguard legitimate interests, it will be transmitted to us on the basis of your consent in accordance with Article 6 (1) (a) GDPR.
9. Application process
We publish job offers that you can apply for by email. If you decide to apply for an open position, we will process the personal data you have provided and transmitted to us exclusively for the purpose of carrying out the application process.
In the event of a rejection, we will delete your data as soon as the by labor law required retention period of 6 months has expired. The period begins with the sending of the rejection. If you have agreed explicitly to the further use of your data for a later contact with regard to positions that may be of interest to you, we will continue to store your data in accordance with this agreement. We do not pass on your personal data to third parties outside the specific application process without your expressed consent or without a legal basis.
In order to assess an application, we do not need any information on the so-called “special categories of personal data” in the application process. This is data from which racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership emerge, as well as genetic data, biometric data for the unambiguous identification of a natural person, health data or data on the sex life or sexual orientation of a natural person. We urgently recommend that you do not provide any information about the aforementioned data in your stored data. If the data you transmit contains such information, we can only process your application if you give us your explicit agreement to store these special categories of personal data. We would have to obtain this consent separately from you; this would lead to a delay in the application process.
Please note that applications that you send to us by email will be transmitted unencrypted. In this respect, there is a risk that unauthorized persons can intercept and use this data. We recommend sending the information in encrypted attachments. In this case you can send us passwords by telephone, for example, while maintaining media discontinuity.
The legal basis for processing your personal data as part of the application process is § 26 Para 1 in conjunction with Para 2 BDSG.
10. Information requirements for applicants according to Art. 13 and Art. 14 GDPR
1. Who is responsible for the data processing?
Responsible body for all incoming applications within the company:
Schlüter & Maack GmbH
Stadthausbrücke 12
20355 Hamburg
Telefon: +49 (0) 40 – 32 81 10-0
Telefax: +49 (0) 40 – 32 81 10-44
E-Mail: info(at)schlueter-maack.de
2. Where do we get the collected data from?
We only collect and process the personal data you provide to us as part of the application process (type of data).
personalities Name, adresse and other contact details, place of birth, birthday, nationality
Bank details e.g. for the purpose of possibly any travel expense reimbursements
Legitimation data e.g. ID data
Authentification data e.g. Signature sample
Health data e.g. Information on disabilities or severe disabilities
Qualification papers e.g. Certificates, assessments or similar evidence of training
3. For what purpose is the collected data processed (legal basis)?
The processing occur under consideration and in accordance with the applicable General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act-new (BDSG-new), area-specific data protection standards in the course of the application process such as the Social Security Code, Telecommunications Act and Works Constitution Act
3.1 Processing within the scope of the weighing of interests
If necessary, we process your data to safeguard our legitimate interests or the legitimate interests of third parties. For example, the assertion of legal claims and defense in legal disputes, measures for business management and further development come into question.
3.2 Processing based on the agreement given
With your agreement to the processing of personal data, for example to pass it on to other companies who come into question, the legality of the collection and processing of your personal data is based on your agreement given to us. This can be revoked at any time. The revocation will take effect in the future and cannot be given retrospectively. If the processing of the collected personal data is revoked, the purpose for which it was collected can no longer be fulfilled or implemented.
4. To whom will the collected personal data be forwarded?
The collected data will be forwarded within our company to the responsible bodies that have been entrusted with processing the application process and that need them to fulfill legal obligations. The processors who are working with this company can also receive your data for the stated purposes. This also applies to companies in the IT services sector. At this point it should be mentioned that we observe and take into account the data protection regulations, even if the data is passed on to third parties in the circumstances described above.
Your data will only be forwarded on the basis of legal regulations, your agreement given to us or if we are authorized to provide information about this. These are data recipients such as affiliated companies (application process for other advertised positions) for which you have given us your consent to transfer the data.
5. How long will the data collected in the application process be stored?
Your personal data will be processed and stored, if necessary, for the duration of the application process. After the purpose has been fulfilled, but at the latest after 6 months, we will delete them. If the storage of the data is no longer necessary to carry out the application process and there is no statutory retention period for this or if we have not received your consent, which justifies a longer retention period, the data will be deleted immediately.
6. Will there be a transfer to third countries?
A data transfer to a third country, i.e. countries outside the European Economic Area-EEA does not take place.
7. What rights can I assert?
Within the framework of the legal requirements from the GDPR and the BDSG-new, every affected person has the right of information about the processing of their personal data, the right of correction, deletion and restriction of this as well as the right to object against processing and the right to data portability. In case of asserting the right of information and deletion, the restrictions of Sections 33, 34 BDSG-new must be taken into account. Furthermore, there is a right of appeal to the competent supervisory authority in accordance with Art. 77 GDPR in conjunction with Section 19 BDSG-new.
8. Is it mandatory to provide data?
You only have to provide the data required in the application process. There is no obligation to provide us with certain data. However, if you do not provide the required data, it is usually not possible to implement an appropriate application process.
9. Is there automatic decision-making in individual cases?
No automated decision-making is used in our application process.
10. Does the recorded data lead to a profile (scoring)?
We do not use any data to create a profile for the establishment and implementation of the application process.
11. Rights of the data subject
You have the right:
• to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
• in accordance with Article 16 GDPR to request the correction of incorrect or incomplete personal data stored by us – immediately;
• to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless the processing to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required;
• to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
• in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible (data portability);
• to revoke your agreement given to us at any time in accordance with Article 7 (3) GDPR. As a result, we are no longer allowed to continue the data processing based on this agreement in the future and
• To complain to a supervisory authority in accordance with Article 77 GDPR. Usually, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
• Right of objection
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR, you have the right of objection to the processing of your personal data in accordance with Art. 21 GDPR which arise from your particular situation or the objection is directed against direct mail. In the later case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to exercise your right of revocation or objection, an email to Datenschutz@schlueter-maack.de is sufficient.
12. Passing on your personal data
Your personal data will be passed on as described below.
The website is hosted by an external service provider in the EU. We ensure that data processing only takes place in the EU. This is necessary for the operation of the website, as well as for the establishment, implementation and processing of the existing user contract and is also possible without your agreement.
A transfer also takes place if we are entitled or obliged to transfer data due to legal provisions and / or official or judicial orders. In particular, this may involve the exchange of information for the purposes of criminal prosecution, averting of danger or to enforce intellectual property rights.
Insofar as your data is passed on to service providers in necessary extent, they only have access to your personal data as it is necessary to carry out their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR.
Beyond the aforementioned circumstances, we generally do not transmit your data to third parties without your agreement. In particular, we do not pass on any personal data to a body in a third country or an international organization.
13. Data security
Unfortunately, the transmission of information over the Internet is never 100% secure, therefor we cannot guarantee the security of the data transmitted over the Internet to our website.
However, we use technical and organizational measures to secure our website against loss, destruction, access, modification or dissemination of your data by unauthorized persons.
In particular, your personal data will be transmitted in encrypted form. We use the coding system SSL / TLS (Secure Sockets Layer / Transport Layer Security). Our security measures are continuously improved in line with technological developments.
14. Storage period for personal data
With regard to the storage period, we will delete personal data as soon as their storage is no longer necessary for the fulfillment of the original purpose and there are no longer any statutory retention periods. The statutory retention periods ultimately form the criterion for the final duration of the storage of personal data. After the deadline, the relevant data will be routinely deleted. If there are retention periods, processing is restricted in the form of blocking the data.
15. References and links
When calling up Internet pages that are referred to our website, information such as name, address, e-mail address, browser properties, etc. can be asked again. This data protection declaration does not regulate the collection, transfer or handling of personal data by third parties.
Third-party service providers may have different and their own provisions when dealing with the collection, processing and use of personal data. It is therefore advisable to find out about their practice in handling personal data on the websites of third parties before entering personal data.
16. Third Party Providers
Google Fonts
1 type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offer. To obtain these fonts, you will be connected to the servers of Google Ireland Limited and your IP address will be transmitted.
2 Purpose and Legal Basis
The use of Google Fonts takes place on the basis of our legitimate interests, i.e. interest in a uniform supply as well as the optimization of our online offer in accordance with Art. 6 Para. 1 lit.f. GDPR.
3 storage period
The specific storage duration of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the data protection declaration for Google Fonts: https://policies.google.com/privacy.
Fast fonts
1 type and scope of processing
We use Fast Fonts from Monotype Imaging Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA, as a service to provide fonts for our online offer. To obtain these fonts, you will be connected to the Monotype Imaging Inc. servers and your IP address will be transmitted.
2 Purpose and Legal Basis
The use of Fast Fonts is based on our legitimate interests, i.e. interest in a uniform supply and the optimization of our online offer in accordance with Art. 6 Para. 1 lit.f. GDPR.
3 storage period
The specific storage duration of the processed data cannot be influenced by us, but is determined by Monotype Imaging Inc. Further information can be found in the data protection declaration for Fast Fonts: https://www.monotype.com/legal/privacy-policy.
Microsoft AJAX CDN
1 type and scope of processing
We use Microsoft AJAX CDN to properly provide the content of our website. Microsoft AJAX CDN is a service provided by Microsoft Corporation, which acts as a content delivery network (CDN) on our website.
A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States, whereby your IP address and possibly browser data such as your user agent are transmitted. These data are processed exclusively for the purposes mentioned above and to maintain the security and functionality of Microsoft AJAX CDN.
2 Purpose and Legal Basis
The content delivery network is used on the basis of our legitimate interests, i.e. interest in secure and efficient provision and the optimization of our online offer in accordance with Art. 6 Paragraph 1 lit.f GDPR
3 storage period
The specific storage duration of the processed data cannot be influenced by us, but is determined by Microsoft Corporation. Further information can be found in the data protection declaration for Microsoft AJAX CDN: https://privacy.microsoft.com/en-us/privacystatement.
17. Change to the data protection declaration
We are constantly developing our website in order to be able to provide you with an ever better service. We will keep this data protection declaration up to date and adapt it accordingly if and to the extent that this should become necessary.
Of course we will inform you about any changes to this data protection declaration just in time. We will do this, for example, by sending an email to the email address you gave us. If further consent is required from you for our handling of your data, we will naturelly obtain it from you before the corresponding changes take effect.
You can call up the current version of our data protection regulations at any time on the Internet at https://www.schlueter-maack.com/dataprotection/ .
18. Data protection officer
We have appointed a data protection officer:
Philipp Herold
www.mein-datenschutzbeauftragter.de
Hafenstraße 1a
23568 Lübeck – Germany
E-Mail: Datenschutz@schlueter-maack.de
Date: 11/2021
