Privacy policy - Leitz GmbH & Co. KG

as at 2020/08/01

1. Scope

1.1 The following privacy policy is valid for using the website ‘leitz.org’ and the services it offers. This website is offered by Leitz GmbH & Co. KG, Leitzstraße 2, 73447 Oberkochen/Germany, email leitz@leitz.org as the party responsible as defined by section of 4 of the EU General Data Protection Regulation (“GDPR”).

Leitz GmbH & Co. KG is, directly or indirectly, the parent company of several subsidiaries domestically and abroad, for whom changed data privacy statements and legal notices are valid e.g. owing to national laws. Therefore, please adhere to the respective data privacy statements and legal notices of all the Leitz websites that you visit, for which the respective subsidiary is responsible.

You can contact the data protection officer of Leitz GmbH & Co. KG via email datenschutz@leitz.org or via post with the addendum “To the Data Protection Officer”.

1.2 The protection of your personal data is important for us, mainly with reference to the protection of the personal right while processing and using this information. Hereinafter we provide information about the collection of personal data while using our website. Personal data includes all the data that is personally relatable to you such as name, address, email addresses, user behaviour, etc.


2. Automatic data collection and processing by the browser

2.1 Similar to every website, our server collects details automatically and temporarily in the server log files, which are transferred by the browser unless you have deactivated it. If you wish to view our website, we collect the following data that is technically necessary for us to show our website to you and to ensure stability and safety (legal basis, section 6 para. 1 lit f) GDPR):

  • IP address of the requesting computer

  • File request of the client

  • the http-response code

  • the website from which you visit us (referrer URL),

  • the time of the server request

  • Browser type and version

  • operating system used of the requesting computer

The server log files are not evaluated personally. This data cannot be assigned to specific people at any point in time for the provider. This data is not merged with other data sources.


2.2 Cookies 

In order to design our Internet presence such that it is user-friendly and optimally customised to your requirements, we use cookies in some sections. We thereby rely on our legitimate interest of operating an attractive website for you. "Cookies" are small files that we transfer to your computer’s hard disk with the help of your internet browser or other programmes. They are saved locally on your computer’s hard disk and kept available for subsequent access. You allow our system to identify your browser and provide specific services to you.

A few of the cookies we use are deleted again at the end of the browser session, i.e. after closing your browsers (so-called session cookies). Other cookies remain on your end device and allow us or our partner companies to recognise your browser during the next visit (persistent cookies).

You can set your browser such that you will be informed about the setting of cookies and decide individually on their acceptance or the acceptance of cookies for specific cases or general exclusion (refer to acceptance or refusal of cookies).
When you first visit our website, you will be given the opportunity to choose which cookies you want to allow. You can recall or adjust your selection at any time in the cookie settings in the website footer.
If you do not accept the use of cookies, it can limit the functionality of our website.
 

2.3 etracker

On this website we use the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

Further information on data protection with etracker can be found here.
 

2.4 reCAPTCHA

On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function primarily serves to differentiate whether an entry is made by a natural person or whether it is misused by mechanical and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in avoiding misuse and spam. As part of the use of Google reCAPTCHA, personal data can also be transmitted to the servers of Google LLC. in the US.

In case of the transfer of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

Further information on Google reCAPTCHA and Google's privacy policy can be viewed at: https://policies.google.com/privacy?hl=en

 

 

3. Social Media

The buttons for social media shown on our website are not plug-ins. The buttons contain a link that redirects you to the respective platform. We neither save cookies on your computer to this end nor do we transmit your data.

The data protection directives of the respective social media platform are applicable to other actions on these sites:

“Facebook” and "Instagram" (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
https://www.facebook.com/privacy/explanation

 

“Twitter” (Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA),
https://twitter.com/privacy?lang=en

 

“Xing” (XING AG, Dammtorstraße 30, 20354 Hamburg, Germany)
https://privacy.xing.com/en/privacy-policy

 

“LinkedIn” (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA),
www.linkedin.com/legal/privacy-policy

 

When you visit our websites that have a button of this sort, your browser does not establish any connection with the servers of the respective service unless you click the corresponding button. The information about the visit to our website is thus not forwarded to the respective service.

If you are also logged in to the respective service simultaneously via your personal user account while visiting our website (e.g. via another browser session) and you click the buttons, your visit to our website can be assigned to your account.

If you wish to stop such a data transfer, you must log out from your user account of the respective service before visiting our websites or not use the links. For the scope and purpose of the data collection by the respective service, as well as the local further processing and use of your data, please refer to the data privacy statements directly on the website of the service. You will also get additional information on your corresponding data protection rights and setting options for protecting your privacy.

 

4. Use of YouTube videos

We use embedded YouTube videos. YouTube is a service provided by Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

The IP address is transmitted while viewing the videos. It cannot be assigned unless you have logged in to or are permanently logged in to YouTube or another Google service before viewing the website.

As soon as you start playing an embedded video by clicking it, YouTube, to the best of our knowledge, saves only cookies on your computer, which do not contain any personally identifiable data. These cookies can be prevented using corresponding browser settings and extensions (source: YouTube “Activation of the extended data protection mode for embedded videos”).

For more information on embedding the YouTube videos, please visit the information page YouTube: https://support.google.com/youtube/answer/171780?hl=en.

 

5. Data security

We use the popular SSL protocol (Secure Socket Layer) together with the highest encryption level that is supported by your browser.  You can tell whether an individual page of our website is transmitted in encrypted form by the display of a closed symbol of a key or lock in the status bar of your browser.

 

6. Hyperlinks to external websites

Our website contains so-called hyperlinks to websites of other providers. While activating these hyperlinks, you are forwarded directly to the website of other providers from our website. You can detect this from the change in the URL among other things. We cannot assume any responsibility for confidential handling of your data on these third-party websites as we have no influence on whether these companies comply with the data protection regulations. You can visit these websites directly to find out about how these companies handle your personal data.


7. Data collection and processing of voluntarily shared data

If you share personal data with us via email or on our website (name, first name, contact details, etc.), this is generally done voluntarily. This data shall be used for processing your queries and issues. The data shall be encrypted and transferred (transport encryption) via email to the relevant recipient in the company.

It is not used for any other purpose, especially forwarding of the data to a third party for purposes of promotion, market or opinion research. We delete the data collected in this context, after it is no longer necessary to save it, or limit its processing in case of any statutory obligation to preserve records. The legal basis is section 6 Para. 1 lit. b) of GDPR or section 6 Para. 1 lit. f) of GDPR.
 

7.1. Newsletter

a. Legal basis for the data processing
The legal basis for processing your personal data for mailing the newsletter is section 6 Para. 1 lit. a of EU GDPR in case of consent.
Your data is not forwarded to third parties in connection with the mailing of the newsletter.
For mailing the newsletter, we use the so-called Double opt-in method, i.e. we shall send you the newsletter only if you previously confirm your application with a link contained in the confirmation email sent to you for this purpose. We would thus like to ensure that only you yourself can log in to the newsletter as the owner of the specified email address. Your confirmation in this respect must be provided shortly after receiving the confirmation email as otherwise your newsletter application will be automatically deleted from our database.

b. Purpose of data processing
The collection of your personal data (at least your email address) helps to mail you the newsletter. The purpose of processing your personal data for mailing the newsletter is to ensure that you are regularly informed of the relevant topics from the field of wood working and plastics processing, advanced materials as well as the corporate development.

c. Duration of the storage
Your personal data shall be deleted as soon as it is no longer required for achieving the purpose of its collection. Your personal data shall thus be saved as long as the newsletter subscription is active.

d. Option to object or delete
You can cancel the newsletter subscription at any time. Every newsletter contains a corresponding link for this purpose. Cancellation of the subscription also allows revocation of consent.

 

7.2. Contact form

a. Type and scope of the data processing
On our website, we give you an option to contact us using a form that is provided. If you make use of the contact form, your personal data given below shall be processed in addition to the content that you have entered in the contact field:

  • Email address

  • Name, first name

  • Contact details

The specification of your email address thereby serves the purpose of assigning your query and being able to respond to you. When using the contact form, your personal data is not forwarded to third parties.

Additional information about your company and its address as well as about your telephonic accessibility is voluntary and possible for clarification of your query about the corresponding fields.

b. Legal basis
The previously described data processing for purposes of establishing contact is based on section 6 Para. 1 lit. f of GDPR. The provision of an interface for communicating with you is in our legitimate interest that, as a rule, shall be aligned with your interest of being able to contact us quickly and easily.

c. Storage duration
As soon as the query posed by you is settled and the relevant issue is finally clarified, your personal data processed using the contact form shall be deleted. Continued storage is possible in an isolated case if it is legally stipulated.

 

7.3. Transfer of application documents

a. Type and scope of the data processing
If you are interested in one of the jobs advertised by us or if you wish to apply proactively, you can always email us your application documents on karriere@leitz.org.

We assure you that we shall process the personal data that you have specified only for purposes of executing the application process.

b. Legal basis
The legal basis for processing your personal data from your application documents is section 6 Para. 1 lit. b of GDPR.

c. Storage duration
We shall store your data for 6 months after the application process (acceptance or rejection).


8. Forwarding to a third party

If you have shared personal data with us, it will not be forwarded to a third party in principle. It will be forwarded only

  • if you have consented to it. While collecting the data, you shall be notified of the recipient or category of recipients.

  • for processing your queries, your orders and the use of our services to authorised subcontractors, who are transferred the required data only for executing the order and use it for a specific purpose.

  • for processing the order data in accordance with section 28 of GDPR to external service providers. These are carefully selected and authorised by us, are committed to our instructions as well as the provisions of the GDPR and are inspected regularly.

  • for fulfilling the legal obligations towards authorities entitled to receive information.

 

9. Data transfer to third countries

Data is transferred to third countries exclusively on the basis of a consent, the necessity for contract fulfilment or investigation of legal claims (section 49 of EU GDPR).

 

10. Duration of storage

Your data shall be used only insofar as it is required for the existing business relationship, unless you have already given us your consent or we have an legitimate interest in processing it further. In these cases, we shall process your data until you revoke your consent or until you object to our legitimate interests. Nevertheless, we are under an obligation to save your address, payment and order details for a duration of ten years owing to the commercial and tax specifications.


11. Your rights

11.1. You have the following rights against us with respect to your personal data:

  • Right of information and access to personal data,

  • Right to rectification or erasure,

  • Right to restriction of processing,

  • Right to object against processing,

  • Right to data portability.

Please direct your written query to: The Data Protection Officer, Leitz GmbH & Co. KG, Leitzstraße 2, 73447 Oberkochen, or to the following email address: datenschutz@leitz.org.

11.2. Moreover, you have the right to complain to an independent data protection supervisory authority about processing of your personal data by us.
 

The relevant supervisory authority for us is:


Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg
Königstraße 10 a
70173 Stuttgart


The supervisory authority to whom you have submitted the complaint, shall inform you of the status and results of the complaints including the possibility of a legal remedy in accordance with section 78 of EU GDPR.

Information duties according to Art. 12, 13 et seq. of the EU GDPR for business partners

Status 09/16/2019

Dear Madam,
Dear Sir,
Dear business partner,

Based on the legal provisions of the EU General Data Protection Regulation ("EU GDPR") we are obliged to provide you with comprehensive information relating to the processing of your personal data in the context of our contractual relationship, and we are pleased to do so.

Data protection and the handling of your personal data is very important to us, and we therefore always take care to ensure that we process your personal data in a correct manner.

Should you have any questions about your personal data and the processing of it, our Data Protection Officer will be happy to help you. He is not subject to any instructions, he undertakes his role independently, and he is legally obliged to maintain secrecy and confidentiality, so he is a trustworthy source of advice.

In relation to the processing of your personal data in the context of our contractual relationship, we wish to inform you of the following:


1.    Name and address of the controller

Your point of contact – the controller within the meaning of the EU General Data Protection Regulation ("EU GDPR") and other national data protection laws within the Member States and other data protection regulations – is:

Leitz GmbH & Co. KG
Leitzstraße 2
73447 Oberkochen

(hereinafter referred to as "we", "us" or "our")


2.    Name and address of the Data Protection Officer

Please send your written enquiry relating to the subject of data protection and data security in our company to: The Data Protection Officer, Leitz GmbH & Co. KG, Leitzstraße 2, 73447 Oberkochen, or to the following email address: datenschutz@leitz.org.

 

3.    General information about data processing

a.    Scope and purpose of the processing of personal data

In the context of our cooperation with business partners we process the personal data of contact partners, i.e. of customers, potential customers, distribution partners, suppliers and partners (each respectively referred to as a "business partner"):

  • contact information, e.g. first name(s) and surname, title and name prefixes/suffixes, business address, business telephone number, business mobile phone number, business fax number, and business email address,
  • payment data, such as information which is required for the processing of payment transactions,
  • further information the processing of which is required within the context of a project or the handling of a contractual relationship with us, or which is voluntarily provided by business partners,
  • personal data which is gathered from publicly available sources, information databases or credit agencies, and
  • insofar as it is required, information about relevant court proceedings and other legal disputes in which the business partners are involved.

We process the personal data for the following purposes:

  • communication with business partners in relation to products, services and projects, e.g. in order to handle enquiries from the business partner or to provide technical information about products,
  • the planning, maintaining and administration of the (contractual) business relationship between us and the business partner, e.g. in order to process the ordering of products and services or to collect payments, for bookkeeping and accounting purposes, and in order to make deliveries or to carry out maintenance activities or repairs,
  • the carrying out of customer surveys, marketing campaigns, market analyses, and the running of lotteries, competitions or similar promotions and events,
  • the carrying out of customer satisfaction surveys and direct marketing
  • the maintaining and ensuring of the safety of our products and services and of our webpages
  • compliance with legal requirements (e.g. with retention duties under taxation law and commercial law)
  • the resolving of legal disputes and the enforcing of existing contracts, and for making, exercising and defending legal claims.

b.    Legal basis for the processing of personal data
Insofar as we obtain the consent of the person concerned for personal data processing transactions, the legal basis for this is Art. 6 para. 1 (a) of the EU GDPR.

Art. 6 para. 1 (b) of the EU GDPR provides the legal basis for the processing of personal data which is required for the fulfilling of a contract between you and us. This also applies to processing transactions which are required for the carrying out of pre-contractual measures.

If any processing of personal data is required for the fulfilling of a legal obligation to which we are subject, 6 para. 1 (c) of the EU GDPR provides us with the legal basis for this.

If the vital interests of you or another natural person necessitate the processing of personal data, 6 para. 1 (d) of the EU GDPR provides us with the legal basis for this.

If the processing is necessary for the purposes of a legitimate interest held by us or a third party, and if your interests, basic rights and basic freedoms do not override the aforementioned interest, 6 para. 1 (f) of the EU GDPR provides us with the legal basis for the processing.

c.    Data deletion and storage period
Your personal data will be deleted or blocked once the purpose of its storage no longer applies. Storage may be continued for longer if provision for doing so has been made by European or national legislators in EU directives, laws or other regulations to which we are subject. The deletion or blocking of the data takes place even if a retention period specified by the stated standards expires, unless there is a need to continue storing the data in connection with the concluding of a contract or the performance of a contract.


4.    Direct marketing by post

a.    The legal basis for data processing
The legal basis for the processing of your personal data in connection with postal direct marketing is Art. 6 para. 1 (f) of the EU GDPR.

b.    Purpose of data processing
The purpose of the processing of your personal data in connection with postal direct marketing is to enhance the turnover derived from the sale of goods or services. This purpose constitutes our legitimate interest in the processing of the data in accordance with Art. 6 para. 1 (f) of the EU GDPR.

c.    Duration of storage
Your personal data will be deleted once it is no longer required for the achievement of the purpose for which it was gathered; this is the case in particular once an objection to its storage is received.

d.    Right of objection and removal
You may object at any time to the future processing of your personal data in connection with postal direct marketing.


5.    Newsletter

a.    The legal basis for data processing
The legal basis for the processing of your personal data in connection with the sending of the newsletter is Art. 6 para. 1 (a) of the EU GDPR if consent has been provided.

b.     Purpose of data processing
The gathering of your personal data is undertaken in order to enable the newsletter to be sent to you. The purpose of the processing of your personal data in connection with the sending of the newsletter is to provide business partners with current information regarding relevant issues relating to the machining of wood and plastics and advanced materials as well as the development of the company.

c.    Duration of storage
Your personal data will be deleted once it is no longer required for the achievement of the purpose for which it was gathered. Your personal data will accordingly be stored for as long as your subscription to the newsletter remains active.

d.    Right of objection and removal
You may cancel your subscription to the newsletter at any time. There is a corresponding link for this purpose in each newsletter. Cancelling the subscription also enables the consent to be revoked.


6.    Getting in touch via email

a.    The legal basis for data processing
The legal basis for the processing of your personal data which is transmitted in connection with the sending of an email is Art. 6 para. 1 (f) of the EU GDPR. If the aim of getting in touch via email is the concluding of a contract, Art. 6 para. 1 (b) of the EU GDPR constitutes the additional legal basis for the processing of your personal data.

b.    Purpose of the data processing
In the event of us getting in touch via email the processing of your personal data is undertaken exclusively for processing the establishing of contact.

c.    Duration of storage
Your personal data will be deleted once it is no longer required for the achievement of the purpose for which it was gathered. In relation to personal data which has been sent via email this is the case once the respective conversation with you has ended. The conversation has ended once the circumstances indicate that the matter concerned has been definitively clarified between you and us.

d.    Right of objection and removal
You may object at any time to the future processing of your personal data in connection with the establishing of contact via email. Once you do so, the conversation between you and us can no longer be continued. In this case all the personal data which has been stored in connection with the establishing of contact will be deleted.


7.    Legal defence and legal redress

a.    The legal basis for data processing
The legal basis for the processing of your personal data in connection with legal defence and legal redress is Art. 6 para. 1 (f) of the EU GDPR.

b.    Purpose of the data processing
The purpose of the processing of your personal data in connection with legal defence and legal redress is the filing of a defence against unjustified claims as well as the legal enforcement of claims and rights. This purpose constitutes our legitimate interest in the processing of the data in accordance with Art. 6 para. 1 (f) of the EU GDPR.

c.    Duration of storage
Your personal data will be deleted once it is no longer required for the achievement of the purpose for which it was gathered.

d.    Right of objection and removal
The processing of your personal data in connection with legal defence and legal redress is absolutely essential for legal defence and legal redress. You consequently have no right to object to it.


8.    Categories of recipient

Those bodies and departments within our company receive personal data which need it in order to fulfil the aforementioned purposes. In addition, we sometimes make use of a variety of service providers and send your personal data to other trustworthy recipients. Examples of these include:

-    banks
-    scanning services
-    printers
-    lettershops
-    IT service providers
-    customer relationship service providers
-    lawyers and courts


9.    Transmission of data to third countries

Data transfers to third countries take place exclusively on the basis of a consent being provided, of their necessity in order to fulfil the contract or to pursue legal claims (Art. 49 of the EU GDPR).

 

10.    Rights of the data subject

If your personal data is processed by us, you are the data subject within the meaning of the EU GDPR and you have the following rights in relation to us:

a.    Right to information
Upon request we will provide you with confirmation as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can demand information from us concerning the following specific points:

(1)    the purposes for which the personal data is processed;
(2)    the categories of personal data that are processed;
(3)    the recipients and/or categories of recipients to whom/which the personal data relating to you has been disclosed or is still being disclosed;
(4)    the planned period of storage of the personal data relating to you or, if it is not possible to provide definite information about this, the criteria used for setting the storage period;
(5)    the existence of a right of correction or deletion of the personal data relating to you, and of a right to restrict processing by us or to object to such processing;
(6)    the existence of a right to make a complaint to a supervisory authority;
(7)    all the available information about the origin of the data if the personal data is not collected from you;
(8)    the existence of an automated decision-making system including profiling in accordance with Article Art. 22 paras. 1 and 4 of the EU GDPR and – at least in such cases – meaningful information about the logic system used and the implications and intended effects of such processing as they relate to you.

You have the right to demand information about whether the personal data relating to you is transferred to a third country or to an international organisation. In this connection you may demand to be informed of the appropriate safeguards relating to the transfer according to Art. 46 of the EU GDPR.

b.    Right to correction
You have a right to obtain from us the correction and/or completion of the data if the processed personal data concerning you is incorrect or incomplete. We must carry out the correction without delay.

c.    Right to restrict processing
Subject to the following conditions, you may demand that the processing of the personal data relating to you be restricted:

(1)    if you question the correctness of the personal data relating to you for a period which enables us to check the correctness of the personal data;
(2)    if the processing is unlawful and you refuse the deletion of the personal data and instead demand that the use of the personal data be restricted;
(3)    if we no longer need the personal data for processing purposes, but you need it for making, exercising or defending legal claims, or
(4)    if you have objected to the processing in accordance with Art. 21 para. 1 of the EU GDPR and it is not yet clear whether our legitimate reasons override your reasons.

If the processing of the personal data relating to you has been restricted, such data may – apart from its storage – only be processed with your consent, or for the making, exercising or defending of legal claims or for the protection of the rights of another natural person or corporate body, or for the reasons of an important public interest of the European Union or of a member state.

If the restriction of processing has been applied according to the above conditions, you will be notified by us before the restriction is lifted.

d.    Right to deletion
d 1) Duty to delete
You may demand that the personal data relating to you be deleted without delay, and we are obliged to delete such personal data without delay if one of the following reasons applies:

(1)    The personal data relating to you is no longer needed for the purposes for which it has been collected or otherwise processed.
(2)    You revoke your consent on which the processing is based according to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) of the EU GDPR, and there is no other legal basis for its processing.
(3)    In accordance with Art. 21 para. 1 of the EU GDPR you revoke your consent to the processing and there are no overriding legitimate reasons for processing, or you object to the processing in accordance with Art. 21 para. 2 of the EU GDPR.
(4)    The personal data relating to you has been unlawfully processed.
(5)    The deletion of the personal data relating to you is required in order to fulfil a legal obligation to which we are subject under European Union law or under the law of the Member States.
(6)    The personal data relating to you has been collected in relation to the offer of information society services as set out in Art. 8 para. 1 of the EU GDPR.

d2) Information provided to third parties
If we have publicly disclosed the personal data relating to you and if we are obliged to delete it according to Art. 17 para. 1 of the EU GDPR, then – having due regard to the technology that is available and the implementation costs that are involved – we will take appropriate measures (including of a technical nature) to inform the data controllers who process the data that you as the data subject have demanded that they should delete any links to that personal data, or any copies or replicas of that personal data.

d3)    Exceptions
The right to deletion does not exist if the processing is required:

(1)    in order to exercise a right to the free expression of opinions and provision of information;
(2)    in order to fulfil a legal obligation which makes processing necessary according to the law of the European Union (or of the Member States) to which we are subject, or in order to carry out a task which is in the public interest or which is carried out through the exercising of official authority which has been transferred to us;
(3)    for public interest reasons in the public health field according to Art. 9 para. 2 (h) and (i) as well as Art. 9 para. 3 of the EU GDPR;
(4)    for public-interest archiving purposes or scientific or historic research purposes, or for statistical purposes according to Art. 89 para. 1 of the EU GDPR insofar as the right set out in Section a) may be expected to make the achievement of the aims of such processing impossible or to seriously jeopardise it, or
(5)    for the making, exercising or defending of legal claims.

e.    Right to be informed
If you have asserted the right to correction, deletion or the restriction of processing against us, we are obliged to inform all the recipients to whom/which the personal data relating to you has been disclosed of such correction or deletion of the data or restriction of its processing unless this proves to be impossible or involves disproportionate expense.

You have the right to be informed by us of who these recipients are.

f.    Right to data portability
You have the right to receive the personal data which relates to you, and which you have provided to us, in a structured, up-to-date and machine-readable format. In addition, you have the right to transfer such personal data that has been provided to us to another controller without us objecting to this, provided that

(1)    the processing is based on a consent according to Art. 6 para. 1 (a) of the EU GDPR or Art. 9 para. 2 (a) of the EU GDPR, or on a contract according to Art. 6 para. 1 (b) of the EU GDPR, and
(2)    the processing is carried out through the use of automated procedures.

When exercising this right you also have the right to have the personal data relating to you transferred directly from us to another controller insofar as this is technically feasible. The freedoms and rights of other persons may not impaired by this.

The right to data portability does not apply to the processing of personal data which is required for the carrying out of a task which is in the public interest or which is carried out through the exercising of official authority which has been transferred to us.

g.    Right to withdraw consent
You have the right at any time and for reasons which relate to your specific situation to withdraw your consent to the processing of the personal data relating to you which is undertaken in accordance with Art. 6 para. 1 (e) or (f) of the EU GDPR; this also applies to any profiling that is carried out based on these provisions.

We will no longer process the personal data relating to you unless we can prove that there are compelling, legitimate reasons for such processing which override your interests, rights and freedoms, or unless the processing is for the making, exercising or defending of legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to withdraw your consent at any time to the processing of the personal data relating to you for the purposes of such marketing; this also applies to profiling insofar as it is connected to such direct marketing.

If you withdraw your consent to processing for direct marketing purposes, the personal data relating to you will no longer be processed for such purposes.

In connection with the use of the services of the information society – irrespective of Directive 2002/58/EC – you may exercise your right of revocation through the use of automated procedures in relation to which technical specifications are used.

h.    Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing that has been carried out based on the consent prior to the revocation.

i.    Automated decision in an individual case, including profiling
You have the right not to be subject to a decision that is based exclusively on automated processing – including profiling – which is legally effective in relation to you or which exerts a significant adverse effect on you in a similar manner. This does not apply if the decision

(1)    is required for the concluding or performance of a contract between you and us,
(2)    is permitted based on legal regulations of the European Union or of its Member States to which we are subject, and if these legal regulations contain appropriate measures for safeguarding your rights and freedoms and your legitimate interests, or
(3)    is made with your explicit consent.

Nevertheless, these decisions must not be based on specific categories of personal data as set out in Art. 9 para. 1 of the EU GDPR unless Art. 9 para. 2 (a) or (g) of the EU GDPR applies and appropriate measures have been taken to safeguard those rights and freedoms and your legitimate interests.

In relation to the cases specified in (1) and (3) we take appropriate measures to safeguard the rights and freedoms and your legitimate interests; such measures include as a minimum the right to get us to secure the intervention of a person in the matter, the right to set out your own standpoint, and the right to contest the decision.

j.    Rights to make a complaint to a supervisory authority
Regardless of any other legal remedy under administrative or judicial law, you have the right to make a complaint to a supervisory authority – in particular in the Member State in which you reside or have your place of work or in which the alleged breach occurred – if in your opinion the processing of the personal data relating to you contravenes the EU GDPR.

The responsible supervisory authority for us is:

Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg
Königstraße 10 a
70173 Stuttgart


The supervisory authority to which you have submitted the complaint will inform you of the status and results of the complaint, including the possibility of pursuing a judicial remedy in accordance with Art. 78 of the EU GDPR.

If you have any queries, please feel free to contact our Data Protection Officer at any time.

Information duties for applicants according to Art. 12, 13 et seq. of the EU GDPR (m/f/x)

as at 04/2020

Based on the legal provisions that are specified in the EU General Data Protection Regulation ("EU GDPR") we are obliged to provide you with comprehensive information about the processing of your personal data in the context of your application, and we are pleased to do so.

Data protection and the handling of your personal data is very important to us, and we therefore always take care to ensure that we process your personal data in a correct manner.

In relation to the processing of your personal data in the context of your application, we wish to inform you of the following:

1.    Controller

Your point of contact as the controller within the meaning of the EU General Data Protection Regulation ("EU GDPR") and other national data protection laws within the member states as well as other data protection provisions is:

Leitz GmbH & Co. KG,
Leitzstraße 2, D-73447 Oberkochen
(hereinafter referred to as "we", "us" or "our")

 

2.    Data Protection Officer

Please contact our Data Protection Officer directly concerning any questions relating to data protection and data security in our company. Email: datenschutz@leitz.org


3.    Miscellaneous information about data processing

As a matter of principle we process your personal data only insofar as it is necessary to do so for setting up the employment relationship. Further processing of your personal data normally takes place only if we have obtained your consent to this beforehand. An exception applies in those cases in which it is not possible to obtain prior consent owing to factual reasons, or in cases in which the processing of your personal data is permitted by a statute.


4.    Data processing within the application procedure

a.    Legal basis for the processing of data

Personal data
If we obtain your consent to the processing of personal data, the legal basis for us doing so is Art. 6 para. 1 (a) of the EU GDPR and Art. 88 para. 1 of the EU GDPR in conjunction with § 26 para. 2 of the BDSG (Federal Data Protection Act).

The legal basis for the processing of personal data which is required for the setting up of an employment relationship is Art. 6 para. 1 (b) of the EU GDPR and Art. 88 para. 1 of the EU GDPR in conjunction with § 26 para. 1 of the BDSG and § 611a BGB (German Civil Code).

If any processing of personal data is required for the fulfilling of a legal obligation to which we are subject, 6 para. 1 (c) of the EU GDPR provides us with the legal basis for this.

If the vital interests of you or another natural person necessitate the processing of personal data, 6 para. 1 (d) of the EU GDPR provides us with the legal basis for this.

If the processing is necessary for the purposes of a legitimate interest held by us or a third party, and if your interests, basic rights and basic freedoms do not override the aforementioned interest, 6 para. 1 (f) of the EU GDPR provides us with the legal basis for the processing.

Special categories of personal data
If we obtain your consent for the processing of special categories of personal data (Art. 9 para. 1 EU GDPR), such as religious affiliation, nationality and health data, Art. 9 para. 2 (a) of the EU GDPR provides the legal basis for this.

If the processing of specific categories of personal data is necessary in order for us to be able to exercise the rights that are conferred on us by employment law and social security law, and in order for us to fulfil our duties in this respect, the legal basis for the processing is provided by Art. 9 para. 2 (b) of the EU GDPR and Art. 88 para. 1 of the EU GDPR in conjunction with § 26 para. 3 of the BDSG.

If the processing of specific categories of personal data is necessary in order for the protection of vital interests, the legal basis for the processing is provided by Art. 9 para. 2 (c) of the EU GDPR.

If the processing relates to specific categories of personal data which have evidently been made public by you, the legal basis for such processing is provided by Art. 9 para. 2 (e) of the EU GDPR.

If the processing of specific categories of personal data is necessary for healthcare or occupational medicine purposes, or for assessing working capacity, the legal basis for such processing is provided by Art. 9 para. 2 (h) of the EU GDPR.

b.    Purposes of data processing
The processing of your personal data is undertaken for the purposes of setting up the employment relationship, and in particular for the fulfilling of obligations under employment law and legal obligations – including colIective bargaining obligations if applicable as well as obligations under social insurance law.

c.    Storage period
Your personal data will be deleted or blocked once the purpose of its storage no longer applies. Storage may be continued for longer if provision for doing so has been made by European or national legislators in EU directives, laws or other regulations to which we are subject. The deletion or blocking of the data takes place even if a retention period specified by the stated standards expires, unless there is a need to continue storing the data in connection with the concluding of a contract or the performance of a contract.

Thereafter we will store your application documents and application details (among other data) for the following periods:

If you are appointed, the application documents become part of your personnel file.
If your application is rejected, the data is deleted 6 months after the corresponding information was provided.


d.    Right of objection and removal
The processing of your personal data in connection with the application procedure is absolutely essential for setting up the employment relationship. You have the right to object to further processing at any time.

If the processing of your personal data is carried out on the basis of a consent, you may revoke your consent at any time.


5.    Legal defence and legal redress

a.    Legal basis for the processing of data
The legal basis for the processing of your personal data in connection with legal defence and legal redress is Art. 6 para. 1 (f) of the EU GDPR and/or Art. 9 para. 2 (f) of the EU GDPR.

b.    Purpose of the data processing
The purpose of the processing of your personal data in connection with legal defence and legal redress is the filing of a defence against unjustified claims as well as the legal enforcement of claims and rights. This purpose constitutes our justified interest in the processing of the data in accordance with Art. 6 para. 1 (f) of the EU GDPR and/or Art. 9 para. 2 (f) of the EU GDPR.

c.    Duration of storage
Your personal data will be deleted once it is no longer required for the achievement of the purpose for which it was gathered.

d.    Right of objection and removal
The processing of your personal data in connection with legal defence and legal redress is absolutely essential for legal defence and legal redress. You consequently have no right to object to it.

 

6.    Categories of recipient

Those bodies and departments within our company receive personal data which need it in order to fulfil the aforementioned purposes. In order to do this we sometimes make use of a variety of service providers, and we send personal data to other recipients. Examples of these include:

 

  • The Human Resources department
  • Potential line managers of the applicant concerned
  • Specific departments
  • The financial accounting department
  • The Works Council
  • The representative body for disabled employees / the state integration agency
  • The Equal Opportunities Officer
  • The Federal Employment Agency
  • Banking institutions
  • Insurance companies


7.    Rights of the data subject

If your personal data is processed by us, you are the data subject within the meaning of the EU GDPR and you have the following rights in relation to us:

a.    Right to information
Upon request we will provide you with confirmation as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can demand information from us concerning the following specific points:

(1)    the purposes for which the personal data is processed;
(2)    the categories of personal data that are processed;
(3)    the recipients and/or categories of recipients to whom/which the personal data relating to you has been disclosed or is still being disclosed;
(4)    the planned period of storage of the personal data relating to you or, if it is not possible to provide definite information about this, the criteria used for setting the storage period;
(5)    the existence of a right of correction or deletion of the personal data relating to you, and of a right to restrict processing by us or to object to such processing;
(6)    the existence of a right to make a complaint to a supervisory authority;
(7)    all the available information about the origin of the data if the personal data is not collected from you;
(8)    the existence of an automated decision-making system including profiling in accordance with Article Art. 22 paras. 1 and 4 of the EU GDPR and – at least in such cases – meaningful information about the logic system used and the implications and intended effects of such processing as they relate to you.

You have the right to demand information about whether the personal data relating to you is transferred to a third country or to an international organisation. In this connection you may demand to be informed of the appropriate safeguards relating to the transfer according to Art. 46 of the EU GDPR.

b.    Right to correction
You have a right to obtain from us the correction and/or completion of the data if the processed personal data concerning you is incorrect or incomplete. We must carry out the correction without delay.

c.    Right to restrict processing
Subject to the following conditions, you may demand that the processing of the personal data relating to you be restricted:

(1)    if you question the correctness of the personal data relating to you for a period which enables us to check the correctness of the personal data;
(2)    if the processing is unlawful and you refuse the deletion of the personal data and instead demand that the use of the personal data be restricted;
(3)    if we no longer need the personal data for processing purposes, but you need it for making, exercising or defending legal claims, or
(4)    if you have objected to the processing in accordance with Art. 21 para. 1 of the EU GDPR and it is not yet clear whether our legitimate reasons override your reasons.

If the processing of the personal data relating to you has been restricted, such data may – apart from its storage – only be processed with your consent, or for the making, exercising or defending of legal claims or for the protection of the rights of another natural person or corporate body, or for the reasons of an important public interest of the European Union or of a member state.

If the restriction of processing has been applied according to the above conditions, you will be notified by us before the restriction is lifted.

d.    Right to deletion
d 1) Duty to delete
You may demand that we delete the personal data relating to you without delay, and we are obliged to delete such personal data without delay if one of the following reasons applies:

  1.     The personal data relating to you is no longer needed for the purposes for which it has been collected or otherwise processed.
    (2)    You revoke your consent on which the processing was based according to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) of the EU GDPR, and there is no other legal basis for its processing.
    (3)    In accordance with Art. 21 para. 1 of the EU GDPR you revoke your consent to the processing and there are no overriding legitimate reasons for processing, or you object to the processing in accordance with Art. 21 para. 2 of the EU GDPR.
    (4)    The personal data relating to you has been unlawfully processed.
    (5)    The deletion of the personal data relating to you is required in order to fulfil a legal obligation to which we are subject under European Union law or under the law of the Member States.
     (6)    The personal data relating to you has been collected in relation to the offer of information society services as set out in Art. 8 para. 1 of the EU GDPR.

d 2) Information provided to third parties
If we have disclosed the personal data relating to you and if we are obliged to delete it according to Art. 17 para. 1 of the EU GDPR, then – having due regard to the technology that is available and the implementation costs that are involved – we will take appropriate measures (including of a technical nature) to inform the data controllers who process the data that you as the data subject have demanded that they should delete any links to that personal data, or any copies or replicas of that personal data.

d 3) Exceptions
The right to deletion does not exist if the processing is required:

(1)    in order to exercise a right to the free expression of opinions and provision of information;
(2)    in order to fulfil a legal obligation which requires processing according to the law of the European Union, or of the Member States, to which we are subject, or in order to carry out a task which is in the public interest or which is carried out through the exercising of official authority which has been transferred to us;
(3)    for public-interest reasons in the public health field according to Art. 9 para. 2 (h) and (i) as well as Art. 9 para. 3 of the EU GDPR;
(4)    for public-interest archiving purposes or scientific or historic research purposes, or for statistical purposes according to Art. 89 para. 1 of the EU GDPR insofar as the right set out in Section a) may be expected to make the achievement of the aims of such processing impossible or to seriously jeopardise it, or
(5)    for the making, exercising or defending of legal claims.

e.    Right to be informed
If you have asserted the right to correction, deletion or the restriction of processing against us, we are obliged to inform all the recipients to whom/which the personal data relating to you has been disclosed of such correction or deletion of the data or restriction of its processing unless this proves to be impossible or involves disproportionate expense.

You have the right to be informed by us of who these recipients are.

f.    Right to data portability
You have the right to receive the personal data which relates to you, and which you have provided to us, in a structured, up-to-date and machine-readable format. In addition, you have the right to transfer such personal data that has been provided to us to another controller without being hindered from doing so by us, provided that

(1)    the processing is based on a consent according to Art. 6 para. 1 (a) of the EU GDPR or Art. 9 para. 2 (a) of the EU GDPR, or on a contract according to Art. 6 para. 1 (b) of the EU GDPR, and
(2)    the processing is carried out through the use of automated procedures.

When exercising this right you also have the right to have the personal data relating to you transferred directly from us to another controller insofar as this is technically feasible. The freedoms and rights of other persons may not impaired by this.

The right to data portability does not apply to the processing of personal data which is required for the carrying out of a task which is in the public interest or which is carried out through the exercising of official authority which has been transferred to us.

g.    Right to withdraw consent
You have the right at any time and for reasons which relate to your specific situation to withdraw your consent to the processing of the personal data relating to you which is undertaken in accordance with Art. 6 para. 1 (e) or (f) of the EU GDPR; this also applies to any profiling that is carried out based on these provisions.

We will no longer process the personal data relating to you unless we can prove that there are compelling, legitimate reasons for such processing which override your interests, rights and freedoms, or unless the processing is for the making, exercising or defending of legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to withdraw your consent at any time to the processing of the personal data relating to you for the purposes of such marketing; this also applies to profiling insofar as it is connected to such direct marketing.

If you withdraw your consent to processing for direct marketing purposes, the personal data relating to you will no longer be processed for such purposes.

In connection with the use of the services of the information society – irrespective of Directive 2002/58/EC – you may exercise your right of revocation through the use of automated procedures in relation to which technical specifications are used.

h.    Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing that has been carried out based on the consent prior to the revocation.

i.    Automated decision in an individual case, including profiling
You have the right not to be subject to a decision that is based exclusively on automated processing – including profiling – which is legally effective in relation to you or which exerts a significant adverse effect on you in a similar manner. This does not apply if the decision

(1)    is required for the performance of a contract that has been concluded between you and us,
(2)    is permitted based on legal regulations of the European Union or of its Member States to which we are subject, and if these legal regulations contain appropriate measures for safeguarding your rights and freedoms and your justified interests, or
(3)    is made with your explicit consent.

Nevertheless, these decisions must not be based on specific categories of personal data as set out in Art. 9 para. 1 of the EU GDPR unless Art. 9 para. 2 (a) or (g) of the EU GDPR applies and appropriate measures have been taken to safeguard those rights and freedoms and your legitimate interests.

In relation to the cases specified in (1) and (3) we take appropriate measures to safeguard the rights and freedoms and your legitimate interests; such measures include as a minimum the right to get us to secure the intervention of a person in the matter, the right to set out your own standpoint, and the right to contest the decision.

j.    Rights to make a complaint to a supervisory authority
Regardless of any other legal remedy under administrative or judicial law, you have the right to make a complaint to a supervisory authority – in particular in the Member State in which you reside or have your place of work or in which the alleged breach occurred – if in your opinion the processing of the personal data relating to you contravenes the EU GDPR.

The responsible supervisory authority for us is:

Der Landesbeauftragte für den Datenschutz und die
Informationsfreiheit Baden-Württemberg
Königstraße 10 a,
70173 Stuttgart

The supervisory authority to which you have submitted the complaint will inform you of the status and results of the complaint, including the possibility of pursuing a judicial remedy in accordance with Art. 78 of the EU GDPR.

If you have any queries, please feel free to contact our Data Protection Officer at any time.