Privacy policy

I. Controller

The controller responsible for collecting, processing and using your personal data through this internet platform is

CARAT Gesellschaft für Organisation und Softwareentwicklung mbH

Hans-Strothoff-Platz 1
D-63303 Dreieich

Phone: +49 06103 9308-0
E-Mail: info@carat.de

The controller responsible for processing personal data is the natural person or legal entity making decisions, alone or together with others, about the purposes and means of processing personal data.

The controller is simultaneously a service provider as defined by the German Telemedia Act (TMG).

You can reach our data protection officer

KANZLEI KRÜGER
Edith Krüger, Rechtsanwältin
Bahnhofstraße 44–46
65185 Wiesbaden

phone: +49 (0) 611 23 60 176 0
e-mail: kanzlei@legal-krueger.de

We take the protection of the privacy of visitors to this website and our other company websites very seriously. We collect, process and use personal data exclusively in accordance with the applicable legal regulations and this data privacy policy.

Please read this data privacy policy carefully. It is intended to inform you about the extent, type and purpose of collecting, using and processing personal data of persons using this website.

Personal data is any data which can be used to identify you personally. This information includes, for instance, your name or contact information such as your phone number, address and e-mail address.

With the exception of your IP address, we only collect personal data when you voluntarily provide this data to us, for instance when registering on our website or using our contact form. This personal data is used to identify you as a user through your e-mail address and to initiate contact with you.

II. What data do we collect on our website?

1. Access data and logfiles

If you use our website purely for informational purposes, i.e. if you do not register or transmit information to us in other contexts, we only collect the data transmitted to our server by your browser (referred to as "server logfiles"). When you access our website, we collect the following data, which is technically required to display the website:

IP address (if possible, this is saved in an anonymised form)
Domain name of the referrer website
Names of the accessed files
Transmitted data volume in bytes
Access date and time
Name of your internet service provider
and potentially the operating system and browser version of your device

This data is processed in accordance with point (f) of Art. 6(1) GDPR based on our legitimate interest in the improvement of our website's stability and functionality. We process this data but we do not store it permanently. This data is not disclosed to third parties or used for any other purpose. However, we reserve the right to inspect the server logfiles at a later point, if there is specific evidence of unlawful usage.

The data is exclusively evaluated for statistical purposes. We do not create personalised user profiles.

2. Cookies

This website uses cookies. We use cookies to personalize content and ads, provide social media features, and analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected in the course of your use of the Services.

Cookies are small text files used by websites to make the user experience more efficient.

By law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other cookie types, we need your permission.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

You can change or revoke your consent at any time from the cookie statement on our website.

Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.

Please provide your consent ID and date when contacting us regarding your consent.

Your consent applies to the following domains: www.carat.de

Essential

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

omCookieConsent
Saves the user's decision to the cookie banner, so that the cookie banner does not ask the user again and again on every page. The user's decision can be changed at any time on the privacy page.

fe_typo_user
This cookie is a standard session cookie of TYPO3. Stores access data in case of an existing login. Lifetime of the cookie valid for one session.

__cf_bm - fonts.net
This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports about the usage of their website.
1 day - HTTP cookie

_grecaptcha -Google
This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports about the usage of their website.
Persistent- HTML Local Storage

_GRECAPTCHA - Google
This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports about the usage of their website.
179 days - HTTP cookie

container - planer.carat.de
Used to maintain the proper functionality of the website's kitchen planner.
Persistent - HTML Local Storage

li_gc - LinkedIn
Stores the user's consent status for cookies on the current domain.
2 years - HTTP Cookie

PHPSESSID [x2] - cdn.macrocom.de - www.carat.de
Retains the user's states for all page requests.
Session - HTTP Cookie

rc::a - Google
This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports about the usage of their website.
Persistent - HTML Local Storage

rc::b - Google
This cookie is used to distinguish between humans and bots.
Session - HTML Local Storage

rc::c - Google
This cookie is used to distinguish between humans and bots.
Session - HTML Local Storage

resolution - www.carat.de
Specifies which device is used by the visitor - This allows the website to adjust to the optimal resolution for that device.
Session - HTTP Cookie

SRVID - cdn.macrocom.de
Registers which server cluster is serving the visitor. This is used in the context of load balancing to optimize the user experience.
Session - HTTP Cookie

Marketing

Marketing cookies are used to follow visitors on websites. The intention is to show ads that are relevant and appealing to the individual user and therefore more valuable to publishers and advertising third parties.

ads/ga-audiences - Google
Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.
Session - Pixel Tracker

bcookie - LinkedIn
Used by the social networking service LinkedIn for tracking the use of embedded services.
2 years - HTTP Cookie

lidc - LinkedIn
Used by the social networking service LinkedIn for tracking the use of embedded services.
1 day - HTTP cookie

mf_# - Mouseflow
Captures data of the user's navigation and interaction on the website to personalize the buying experience.
Session - HTTP Cookie

sc_anonymous_id - Matterport
Pending
Persistent - HTML Local Storage

3. Hosting the website

Within the framework of processing on our behalf, a third-party provider located in a country of the European Union provides us with the services for hosting and displaying our website and provides the infrastructural services, computing capacity, storage space and database services, maintenance services and security service for this purpose. We or our hosting provider process all data created by use of our website. This includes user data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our web presence.

Processing is based on our legitimate interest in efficient, secure provision of this web presence (point (f) of Art. 6(1) GDPR in conjunction with Art. 28 GDPR).

4. What data do we collect and use when you contact us?

We process user data (e.g. names, addresses and contact data) which you have provided to us when contacting us (e.g. using the contact form, e-mail or phone) in order to fulfil contractual obligations or to respond to your inquiries in accordance with point (b) of Art. 6(1) GDPR. What data is collected is apparent from the respective input forms. Information that is obligatory to process your request is marked as a mandatory field. When you send an inquiry through our website, we save the IP address and the time of the user action in question. This is based on our legitimate interests and the users' interest in the protection from misuse and unauthorised use of your data. You can withdraw consent to the above at any time (right to object). We do not disclose this data to third parties, unless this is required for asserting our claims or we are legally obligated to do so in accordance with point (c) of Art. 6(1) GDPR.

We will delete any data collected in this context once it is no longer necessary to retain it, or we will restrict processing, if legally mandated retention periods apply. We review the necessity of data storage every two years.

III. How long do we save your data?

We process, delete or restrict the processing of the data processed by us based on Art. 17 and Art. 18 GDPR. As a rule, we only save your personal data created while using our website for as long as this is required by the above-mentioned purposes. However, if legally mandated retention periods make it impossible to delete the data, data processing will merely be restricted, i.e. the data will be blocked from further use and cannot be processed for any other purpose.

In particular, the following obligations to provide proof and retain data are relevant: 6 years according to § 57, section 1 HGB - German Commercial Code (for account books, inventories, opening balance sheets, annual financial statements, business letters, posting documents, etc.), 10 years according to § 147 section 1 AO - German General Tax Code (accounts, records, posting documents, trade and business letters, documents relevant for taxation, etc.). Personal data may also sometimes be retained for the period in which claims against us can be asserted (legal limitation period of three or up to thirty years).

IV. Why do we process your data (purpose of processing) and on what legal basis?

We process the data created by your visit to our website or your use of offered contact options in line with the regulations of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Law (BDSG). Depending on the reason you are contacting us via our website, there may be different legal grounds for data processing. The specific legal basis for data processing depends on the context and purpose for which we have received your data. In general, the legal basis for data processing is derived from the following options:

Point (a) of Art. 6(1) GDPR is the legal basis for data processing when we have asked for consent to a specific processing purpose. After you have given consent, you may withdraw it at any time.

If processing personal data is required to fulfil a contract, a contract party of which is the data subject, which is, for instance, the case for the processing required for delivery of goods or performance of other services or return services, processing is based on point (b) of Art. 6(1) GDPR. The same applies to processing required for completing pre-contractual measures, for instance inquiries about our products or services.

If we are subject to a legal obligation requiring processing of personal data, for instance complying with tax obligations, this processing will be based on point (c) of Art. 6(1) GDPR.

Processing may also be based on point (f) of Art. 6(1) GDPR. This is the legal basis for processing that is not based on any of the aforementioned legal grounds, if processing is required to pursue a legitimate interest of our company or a third party, except where such interests are overridden by the data subject's interests or fundamental rights and freedoms.

V. Disclosure of your personal data to third parties?

When you visit a website, IP addresses are automatically transmitted to the server where the website is operated. These IP addresses are necessarily transmitted to third parties, whenever a third-party component (a script, an image, a font, any other digital resource) is embedded on the website. This data privacy policy lists which components are embedded on this website. The aforementioned information also shows the recipients of your IP address or the categories of recipients. Aside from the above, we only use your personal data for performance of contracts. We comply with the principles of purpose limitation and data minimisation.

Your personal data will not be transmitted to third parties for any purpose except those listed below. We will only transmit your personal data to third parties if:

you have given your explicit consent in accordance with point (a) of Art. 6(1) GDPR,
the transmission is necessary in accordance with point (f) of Art. 6(1) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding compelling interest in non-transmission of your data,
there is a legal obligation to disclose the data in accordance with point (c) of Art. 6(1) GDPR and
this is legally permissible and required for performance of a contract of which you are a party according to point (b) of Art. 6(1) GDPR.
you have requested a qualified consultation by a specialist retailer near you. If this was requested by you, this specialist will also send product information and make service offers. We would like to note explicitly that consultation services are not provided by the portal operator but by a specialist retailer near you.

VI. Am I obligated to provide data?

In the context of our business relationship, you are only obligated to provide the personal data required for establishing, performing and terminating a business relationship or which we are legally obligated to collect.
Without this data we will generally have to reject entering into a contract or processing the order or will no longer be able to perform an existing order and may have to terminate it.

VII. Which data protection rights do I have?

You have the right:

according to Art. 15 GDPR, to demand information about your personal data processed by us. In particular you have the right to demand information about the purposes of processing, the category of personal data, the category of recipients to which the data was or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to file a complaint, the origin of your data, if it was not collected by us, and the existence of any automated decision-making including profiling and, if applicable, meaningful information on the details thereof;
according to Art. 16 GDPR, to demand immediate rectification of incorrect personal data or completion of incomplete personal data stored by us;
according to Art. 17 GDPR, to demand the erasure of personal data stored by us, provided the processing thereof is not required to exercise the right to free speech and freedom of information, to fulfil a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
according to Art. 18 GDPR, to demand the restriction of processing of your personal data, provided you are contesting the correctness of the data, processing is unlawful but you do not want the data to be erased, or we no longer need your data, but you require the data to establish, exercise or defend legal claims or you have objected to processing according to Art. 21 GDPR;
according to Art. 20 GDPR, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
according to Art. 7(3) GDPR, to withdraw your consent given to us at any time. This means that we are no longer permitted to continue data processing based on this consent in the future and
according to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority without prejudice to any other administrative or judicial remedy. In general, you can contact the supervisory authority of your habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation of the EU (GDPR).

Right to object

If your personal data is processed based on legitimate interests in accordance with point (f) of Art. 6(1) GDPR, you have the right, according to Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons resulting from your special situation or your objection is related to direct marketing. In the latter case you have a general right to object, which we will abide by without indication of any special situation. If you would like to make use of your right to withdraw consent or object, simply send an e-mail to the e-mail address listed in the legal information section on our website.

Withdrawing consent

After you have given consent, you may withdraw it at any time. This also applies to declarations of consent given to us before the General Data Protection Regulation came into effect, i.e. before 25 May 2018.

Please note that withdrawing your consent only has an effect on future processing. It does not affect processing performed prior to withdrawing your consent.

VIII. What should I keep in mind with regard to links to other websites?

Our website/app may occasionally contain links to third-party websites or other websites published by us. If you follow a link to one of these websites, we would like to point out that these websites have their own data privacy policies and that we do not assume any responsibility or liability for these policies. Please read these data privacy policies before disclosing personal data to these websites.

IX. What data security measures do we take?

We use the TLS procedure (Transport Layer Security) in conjunction with the highest level of encryption supported by your browser. You can see whether an individual page of our web presence is encrypted by checking for the key or locked padlock symbol in the status bar of your browser.

We use suitable technical and organisational measures to protect our website and other IT systems against loss, destruction, unauthorised access, unauthorised modification or unauthorised distribution of your data. Nevertheless, complete protection against all danger is not feasible in all cases, despite taking the greatest possible care.

X. Changes to this data privacy policy

We reserve the right to change this data privacy policy, if the legal situation, this web presence or the manner of data collection change. However, this only applies to statements regarding data processing. If user consent is required or parts of the data privacy policy contain provisions governing the contractual relationship with users, the data privacy policy will only be changed after the user has given consent.

For this reason, please familiarise yourself with this data privacy policy, in particular if you are providing personal data.

Explanation of tools and resources used

Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The Google Tag Manager is a cookie-free domain and does not record personal data. However, the tool triggers other components, which may then collect data. Google Tag Manager does not access this data. If this tool was deactivated on the domain or cookie level, this deactivation will persist for all tracking tags implemented with Google Tag Manager. For further information on the Google Tag Manager, refer to the Google data privacy policy.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Google Analytics

We use the analysis service Google Analytics. This web analysis service is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

We use Google Analytics to evaluate your use of our website and to compile reports about user activities.

This analysis tool operates primarily on the basis of cookies. A cookie is a text file sent when visiting a website and saved temporarily on the website user's hard drive to permit analysis of your visit to the website. The information saved by the cookie is generally transmitted to a Google server in the USA and stored there.

As a result of IP anonymisation, Google will first truncate your IP address if you are in a EU member state or another signatory state to the European Economic Area treaty. Google uses the transmitted information to create a report about how our website is used on our behalf. We have entered into a processing contract with Google. If you wish to prevent the use of cookies, you can do so by changing the local settings in the web browser used on your computer (e.g. Safari, Internet Explorer, Opera, Firefox, etc.), i.e. the program used to open and display websites. Moreover you can prevent your data from being collected and processed by the Google cookie by downloading and installing the browser plugin offered by Google at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

You can prevent collection by Google Analytics by using the opt-in solution used on this website.

For further information on the terms of use of Google and Google Analytics and on the associated data privacy policy, visit https://www.google.com/analytics/terms/de.html and https://www.google.de/intl/en/policies

We would like to note that the "anonymizeIp" extension has been added to Google Analytics. It ensures anonymised collection of IP addresses.

Google Analytics Remarketing

We use the Remarketing function provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This function is intended to show website users interest-based advertisements within the context of the Google advertising network DoubleClick.

To do so, the website user's browser saves cookies, which allow the user to be recognised when the user accesses websites belonging to Google's advertising network.

These websites can then show the user advertisements referring to content accessed previously by the user on websites using the Google Remarketing function.

Should you wish to prevent use of the Remarketing function, you can deactivate it by making the corresponding settings.

You can also deactivate the cookies via the advertising network initiative, by following the instructions.

Google AdWords and Google Conversion Tracking

We use the advertising program Google AdWords with user evaluation provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

If you click on an advertisement displayed via the Google advertising program, a cookie is stored on your computer.

If you visit specific pages on our website and the cookie has not expired, Google and we can detect that you clicked the advertisement (including potentially on a different website) and were referred to this page.

The information collected with the aid of these cookies is used to create conversion statistics. This means we will learn the total number of users who have clicked on one of the Google AdWords advertisements we have published and were referred to a page with an embedded user evaluation function.

We do not receive any information that would allow personal identification of users. Processing is based on point (f) of Art. 6 (1) GDPR (legitimate interest regarding targeted advertising and analysis of effect and efficiency of our advertisements).

You have the right to object to this manner of processing your personal data at any time. To do so, you can prevent cookies from being saved by deactivating cookies in your browser. However, if you do so, you may not be able to use some functions of this website to their full extent.

Moreover, you can change the Google advertising settings to deactivate personalised advertisement. You can also deactivate third-party cookies.

For further information, refer to the Google data privacy policy.

Social Media

YouTube videos

We have embedded YouTube videos on our website, which are stored on the servers of the provider YouTube and can be played on our website due to the embed. The videos are embedded with the option for advanced data protection settings activated. If you play these videos, YouTube cookies and DoubleClick cookies will be saved on your computer and data may be transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), the operator of YouTube.

Vimeo videos

We have embedded Vimeo videos on our website, which are stored on the servers of the provider Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA ("Vimeo") and can be played on our website due to the embed. If you play these videos, cookies will be saved on your computer and data may be transmitted to Vimeo.

B When playing videos stored by Vimeo, at least the following data is currently transmitted to Vimeo LLC: IP address and cookie, the specific address of our site you have accessed, the system data and time of access, your browser identification.

This data is transmitted regardless of whether you have a Vimeo user account and are logged into it or whether you do not have an account. If you are logged into your account, Vimeo LLC may link this data directly to your account. If you do not want the data linked to your profile, you have to log out before activating the play button of the video on the Vimeo platform.

For further information on the purpose & extent of data collection and processing by Vimeo, visit this information page.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Vimeo, whose headquarters are in the USA, when this tool is embedded.

Twitter plugin

We use the functions of the Twitter service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). If you use the Twitter buttons, the websites you have visited will be linked to your Twitter account and disclosed to other users. Data will also be transmitted to Twitter. If you do not want Twitter to link your activities on our website to your account, please log out of your Twitter account before visiting our website or using the Twitter plugin.
For further information, please refer to the Twitter data privacy policy.
You can change your Twitter privacy settings in the account settings, if you have a Twitter account.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Twitter, whose headquarters are in the USA, when this tool is embedded.

Newsletter data

If you would like to receive the newsletter offered on the website, we require your e-mail address, title, name, and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use the newsletter service providers described below to process the newsletter.

Inxmail

This website uses Inxmail to send newsletters. The provider is Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg, Germany (hereinafter referred to as Inxmail).

Inxmail is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is processed on Inxmail's servers.

Data analysis by Inxmail

With the help of Inxmail, we can analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine which links were clicked on particularly often, among other things.

We can also recognise whether certain previously defined actions were conducted after opening/clicking (conversion rate). For example, we can recognise whether you have made a purchase after clicking on the newsletter.

Inxmail also enables us to categorise newsletter recipients according to various categories ("clustering"). Newsletter recipients can be categorised by age, gender or place of residence, for example. In this way, the newsletters can be better customised to the respective target groups. If you do not wish to be analysed by Inxmail, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

You can find the Inxmail data privacy policy at the following link: https://www.inxmail.de/datenschutz.

Anonymised tracking

We use anonymised tracking from Inxmail, which only allows us to identify you personally if you have expressly consented to this in advance.

Legal basis

Data processing is based on your consent (Art. 6 para. 1, point a GDPR). You can revoke this consent at any time for the future.

Storage period

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1, point f GDPR. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1, point f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Order processing

We have concluded an order processing contract (OPC) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Hosting

Other Tools

Google reCAPTCHA

To protect your communication via internet forms, we use the component reCAPTCHA provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). reCAPTCHA reduces misuse by automated machine processing. reCAPTCHA transmits your IP address and potentially other data required by Google for reCAPTCHA to Google. Your input in the reCAPTCHA component is transmitted to Google and processed there. By using reCAPTCHA you consent to your image recognition contributing to the digitalisation of old works. The IP address transmitted by your browser when you use reCAPTCHA will not be linked to any other data stored by Google. The differing Google data privacy policy applies to this data. For further information on Google's data privacy policy, click here: https://www.google.com/intl/en/policies/privacy/

Google fonts

This site uses specific fonts provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for its presentation. When you open a page, your browser loads these fonts. During this process, your IP address and the page (URL) you have visited is transmitted to a Google server. For further information on Google fonts, visit https://developers.google.com/fonts/faq and the Google data privacy policy at https://www.google.com/policies/privacy/

Our own services

Processing of job applicant data

We offer the option of applying for a job at our company (e.g. by e-mail, mail or via the online job application form). Below we would like to inform you about the extent, purpose and usage of personal data collected in the context of the application process. We would like to assure you that the collection, processing and usage of your data is in line with the applicable data protection laws and all other legal regulations and that your data will be treated strictly confidentially.

Extent and purpose of data collection

If you submit a job application to our company, we will process your associated personal data (e.g. contact and communication data, application documents, notes made during job interviews, etc.) insofar as this is required for making a decision regarding the establishment of an employment relationship. The legal basis for the above is § 26 new BDSG (German Federal Data Protection Law) according to German law (initiation of an employment relationship), point (b) of Art. 6(1) GDPR (general steps prior to entering a contract) and – provided you have given consent – point (a) of Art. 6(1) GDPR. You have the right to withdraw your consent at any time. Within our company, your personal data will only be disclosed to persons involved in processing your application.

If your application is successful, the submitted data will be stored in our data processing systems based on § 26 new BDSG and point (b) of Art. 6(1) GDPR for the purpose of establishing an employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data submitted to us for up to 6 months from the end of the application process (rejection or withdrawal of the application) based on our legitimate interest (point (f) of Art. 6(1) GDPR).

Afterwards the data will be deleted and any physical application documents will be destroyed. This retention is primarily for the purpose of providing proof in the event of a legal dispute. If it becomes apparent that the data will be required after the end of the 6-month period (e.g. due to an imminent or active legal dispute), the data will only be deleted once the purpose for continued storage no longer applies.

A longer retention period may also apply, if you have given your consent (point (a) of Art. 6(1) GDPR) or if mandatory retention periods prevent erasure.

Acceptance into the applicant pool

If we are unable to make you a job offer, we may still accept you into our applicant pool. Should you be accepted, all documents and information from the application will be included in the applicant pool, so that we can contact you if we have any suitable vacancies.

Any acceptance into the applicant pool will be based exclusively on your explicit consent (point (a) of Art. 6(1) GDPR). Giving your consent to the above is voluntary and in no way related to the ongoing application process. The data subject can withdraw consent at any time. In this case the data will be irrevocably deleted from the applicant pool, provided no legal grounds for retention apply.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

ds232v5

Data privacy policy