DATA PRIVACY STATEMENT
1. Name and contact data of the person responsible for data processing and the company data protection officer
This Privacy Statement applies to data processing by:
Party responsible: Stern-Wywiol Gruppe GmbH &Co. KG, An der Alster 81, 20099 Hamburg, Germany e-mail: data@stern-wywiol-gruppe.de, telephone: +49 (0)40 – 284 039-0 fax: +49 (0)40 – 284 039-76
The company data protection officer of Stern-Wywiol Gruppe can be contacted at the above address, Attn. Mr Sven Naucke, or at data@stern-wywiol-gruppe.de
2. Acquisition and storage of personal data and the nature and purpose of their use
a) During visits to our website
When you access our website www.stern-wywiol-gruppe.de, information is automatically sent to the server of our website by the browser used on your terminal. This information is stored temporarily in a so-called logfile. The following information is collected without your assistance and stored until it is automatically erased:
- IP address of the enquiring computer;
- Date and time of access;
- Name and URL of the file requested;
- Website from which access has taken place (referrer URL);
- The browser used, and possibly the operating system of your computer and the name of your access provider.
We process the above data for the following purposes:
- To ensure that the connection to our website can be established smoothly;
- To ensure convenient use of our website;
- To assess the security and stability of the system;
- For further administrative purposes.
The legal basis for processing the data is provided by Art. 6 Subparagraph 1 S. 1 Point f GDPR. Our legitimate interest follows from the listed purposes of data acquisition. In no case do we use the data acquired in order to draw conclusions concerning your person.
In addition, we use cookies and analysis services when our website is visited. You will find more detailed information on this under Sections 4 and 5 of this Privacy Statement.
b) When you register for our newsletter
If you have given your express consent pursuant to Art. 6 Subparagraph 1 S. 1 Point a GDPR, we will use your email address in order to send you our newsletter regularly. To receive the newsletter it is sufficient to state an email address.
Your registration can be cancelled at any time, for example by using a link at the end of each newsletter. Alternatively, you can also express your wish to cancel your registration at any time by sending an email to data@stern-wywiol-gruppe.de.
c) When using our contact form
If you have questions of any kind, we offer you the option of contacting us with the form provided on the website. It is necessary to state a valid email address so that we know who the enquiry has come from and in order to answer it. Any further information given is voluntary.
Data processing for the purpose of establishing contact with us takes place according to Art. 6 Subparagraph 1 S. 1 Point a GDPR on the basis of your consent, which is given voluntarily.
The personal data collected by us for the purpose of using the contact form are erased automatically when your enquiry has been handled.
3. Circulation of data
Your personal data will not be passed on to third parties except for the purposes listed below.
We will only pass your personal data on to third parties if:
- You have given us your express consent pursuant to Art. 6 Subparagraph 1 S. 1 Point a GDPR ;
- Circulation is necessary pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in the protection and non-circulation of your data;
- Data have to be passed on in order to comply with a legal obligation pursuant to Art. 6 Subparagraph 1 S. 1 Point c GDPR;
- It is legally permissible and necessary for performance of a contract with you pursuant to Art. 6 Subparagraph 1 S. 1 Point b GDPR.
4. Cookies
We use cookies on our website. Cookies are small text files created automatically by your browser and stored on your terminal (laptop, tablet, smartphone etc.) when you visit our website. Cookies do no damage to your terminal; they contain no viruses, trojans or other malicious software.
The cookie stores information generated in connection with the particular terminal used. However, that does not mean we acquire a direct knowledge of your identity.
Firstly, we use cookies to make the information offered by us easier for you to use. For example, we use “session cookies” in order to see that you have already visited certain pages of our website. These cookies are erased automatically when you leave our website.
We also use temporary cookies to optimize the user friendliness of our site; these are stored on your terminal for a certain specified time. If you visit our site again in order to make use of our services they recognize automatically that you have visited us before and know what entries and settings you have used, so that you do not have to enter them again.
Secondly, we use cookies in order to record the use of our website statistically and optimize our offer to you (see Section 5). These cookies enable us to see automatically, when you visit our site again, that you have visited us before. They are erased after a certain defined time.
The data processed by cookies are necessary for the stated purpose of pursuing our legitimate interests and those of third parties pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR. In addition, cookies or comparable recognition technologies can also be used on the basis of consent granted in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR; consent can be revoked at any time.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies can be stored on your computer or so that a warning always appears before a new cookie is set up. However, if you deactivate cookies completely you may not be able to use all the functions on our website.
5. Cloudflare
We use the “Cloudflare” service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).
Cloudflare offers a globally distributed content delivery network with DNS. The information transfer between your browser and our website is technically routed via the Cloudflare network. This enables Cloudflare to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.
Cloudflare may be used on the basis of consent given in accordance with (Art. 6 para. 1 lit. a GDPR) or on the basis of a legitimate interest in the most error-free and secure provision of our website (Art. 6 para. 1 lit. f GDPR).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.cloudflare.com/privacypolicy/.
Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active
6. Analysis tools
a) Tracking tools
The following tracking tools used by us are applied on the basis of Art. 6 Subparagraph 1 S. 1 Point f GDPR or Art. 6 Subparagraph 1 S. 1 Point a GDPR. By using these tracking tools we hope to ensure that our website is designed in keeping with users’ needs and in order to optimize it continuously. Secondly, we use the tracking tools to record the use of our website statistically and optimize our offer to you. These interests are to be deemed legitimate in the meaning of the above provision.
The different purposes of data processing and data categories can be seen from the relevant tracking tools.
i) Google Analytics1
To permit design of the website in keeping with user needs and optimize it continuously, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this connection, pseudonymized user profiles are created and cookies used (see Section 4). The information generated by the cookie about your use of this website, such as
- browser type/version,
- operating system used,
- referrer URL (the site previously visited),
- host name of the accessing computer (IP address),
- time of the server enquiry,
is transferred to a Google server in the USA, where it is stored. The information is used to analyze use of the website, to compile reports on the website activities and to provide other services in connection with use of the website and the internet for the purposes of market research and suitable design of the internet sites. In some cases such information is communicated to third parties if this is required by law, or to the extent that third parties have been commissioned to process the data. On no account will your IP address be merged with other data collected by Google. The IP addresses are anonymized so that no assignment to specific persons is possible (IP masking).
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time.
You can prevent the installation of cookies by applying the relevant setting in your browser software. Please note, however, that in this case you may not be able to make full use of all the functions on this website.
Moreover, you can prevent Google from recording the data generated by the cookie on your use of the website (including your IP address), and also processing of these data by Google, by downloading and installing the browser add-on available under the following link: (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially with browsers on mobile terminals, you can also prevent recording by Google Analytics by clicking this link. This sets an opt-out cookie that prevents any future recording of your data when you visit this website. The opt-out cookie is only applicable to this browser and only to our website, and it is installed on your device. If you erase the cookies in this browser, you must set the opt-out cookie again.
You will find more information on data protection in connection with Google Analytics at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
ii) Google AdWords Conversion Tracking
In order to record use of our website statistically and evaluate the information for optimizing the website for you, we also use Google Conversion Tracking. To permit this, Google AdWords sets a cookie on your computer (see Section 4) if you have reached our website through a Google advertisement.
These cookies lose their validity after 30 days and do not serve to permit personal identification. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer can see that the user has clicked the advertisement and been directed to this page.
Each AdWords customer is issued with a different cookie. This means that cookies cannot be traced via the websites of AdWords customers. The information acquired with the aid of conversion cookies is used to draw up conversion statistics for AdWords customers who have decided to use conversion tracking. The AdWords customers are informed of the total number of users who have clicked the advertisement and been directed to a site with a conversion tracking tag. However, they do not receive any information with which users can be identified personally.
If you do not wish to take part in the tracking system, you can reject the cookie required for this too – for instance with the browser setting that deactivates the installation of cookies in general. You can also deactivate cookies for conversion tracking by configuring your browser in such a way that cookies from the domain www.googleadservices.com are blocked. You will find Google’s privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).
iii) Matomo
We use the open source software Matomo for analysis and statistical evaluation of use of the website. Cookies are used for this purpose (see Section 4). The information generated by the cookie on use of the website is transferred to our server and compiled in pseudonymous user profiles. The information is used for evaluating use of our website and enabling need-based design. The information is not passed on to third parties.
On no account will the IP address be merged with other data relating to the user. The IP addresses are anonymized so that no allocation to specific persons is possible (IP masking).
Your visit to this website is currently being recorded by Matomo Web Analytics. Click here (https://www.eff.org/issues/do-not-track) to prevent your visit from being recorded.
7. Social media plugins
On the basis of Art. 6 Subparagraph 1 S. 1 Point f GDPR our website makes use of social plugins for the social networks Facebook, LinkedIn, Xing and Instagram in order to make our company better known through these media. The commercial purpose behind this is to be deemed a legitimate interest in the meaning of the GDPR. Responsibility for operation in compliance with the data protection laws lies with the provider concerned. These plugins are incorporated by us using the “two-click method” in order to protect visitors to our website to the fullest possible extent.
a) Facebook
Our website uses social media plugins from Facebook in order to personalize its use. For this we use the “LIKE” or “SHARE” button. This is an offer provided by Facebook.
When you call up a page of our website that contains a plugin of this kind, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transferred directly from Facebook to your browser, and from there it is incorporated into the website.
Through incorporation of the plugin, Facebook receives the information that your browser has called up this page of our website, even if you do not have a Facebook account or are not logged in to Facebook at the moment. This information (including your IP address) is transferred from your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example if you activate the “LIKE” or “SHARE” button, the corresponding information is also communicated directly to a Facebook server and stored there. Moreover, the information is published on Facebook and shown to your Facebook friends.
Facebook can use this information for the purpose of advertising, market research and user-friendly design of the Facebook sites. To do so, Facebook draws up user, interest and relationship profiles, for example in order to evaluate your use of our website in respect of the advertisements displayed to you by Facebook, to inform other Facebook users about your activities on our website or to perform other services in connection with the use of Facebook.
If you do not want Facebook to assign the data collected through our website to your Facebook account, you must log out of Facebook before visiting our website.
You will find information on the purpose and extent of data acquisition and further processing and use of the data by Facebook, on your rights in this connection and on possibilities of configuring your browser to protect your privacy, in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).
b) Xing
Social plugins (“plugins”) from Xing are also operated on our website; the provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
The plugins are marked with a Xing logo, for example in the form of the letter “X” in green letters.
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Xing servers. The content of the plugin is transmitted by Xing directly to your browser and integrated into the page. Through this integration, Xing receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Xing profile or are not currently logged in to Xing.
This information (including your IP address) is transmitted directly from your browser to a Xing server and stored there. If you are logged in to Xing, Xing can directly associate your visit to our website with your Xing account. If you interact with the plugins, for example by clicking the “Xing” button, this information is also transmitted directly to a Xing server and stored there.
The information can also be published on your Xing account and displayed to your contacts there.
If you do not want Xing to assign the data collected via our website directly to your Xing account, you must log out of Xing before visiting our website.
Further information on this can be found in the privacy policy
(https://privacy.xing.com/de/datenschutzerklaerung) from Xing.
If you do not want social networks to receive data about you, you must not click on the corresponding buttons.
c) Instagram
Our website also uses so-called social plugins (“plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
The plugins are indicated by an Instagram logo, for example in the form of an “Instagram camera”.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. Instagram transfers the content of the plugin directly to your browser and incorporates it into the website. Through this incorporation of the plugin, Instagram receives the information that your browser has called up this page of our website, even if you do not have an Instagram profile or are not logged in to Instagram at the moment.
Your browser communicates this information (including your IP address) directly to an Instagram server in the USA, where it is stored. If you are logged in to Instagram, Instagram can assign your visit to our website directly to your Instagram account. If you interact with the plugins, for example by activating the “Instagram” button, this information is also communicated directly to an Instagram server and stored there.
The information is also published on your Instagram account and shown to your contacts there.
If you do not want Instagram to assign the data acquired through our website directly to your Instagram account, you must log out of Instagram before visiting our website.
You will find more information on this in Instagram’s privacy policy (https://help.instagram.com/155833707900388) .
d) LinkedIn
Social plugins (“plugins”) from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland are operated on our website.
These plugins are marked by a LinkedIn logo, for example in the form of the letters “IN” in white type.
When you access a page on our website that has such a plugin, your browser will connect directly to LinkedIn’s servers. The content of the plugin is sent by LinkedIn directly to your browser and incorporated into the page. This tells LinkedIn that your browser has accessed the respective page of our website, even if you don’t have a LinkedIn profile, or have one but are not logged in there.
This information (including your IP address) is sent by your browser directly to a LinkedIn server and stored there. If you’re logged onto LinkedIn, LinkedIn can associate your visit to our website directly with your LinkedIn account. When you interact with the plugins, for example by clicking the “LinkedIn” button, this information is likewise sent directly to a LinkedIn server and stored there.
The information is also published on your LinkedIn account and shown to your contacts there.
If you don’t want LinkedIn to associate data gathered by our website directly with your LinkedIn account, you’ll need to log off LinkedIn before visiting our website.
For more information, see the LinkedIn Privacy Policy (https://www.linkedin.com/legal/privacy-policy).
If you don’t want social networks to get information about you, don’t click on their buttons.
8. Rights of the data subject
You have the following rights:
- Pursuant to Art. 15 GDPR you have the right to obtain information on the data concerning your person which are processed by us. In particular you can request information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, the right to know the source of the personal data if these have not been collected by us and the existence of automated decision-making, including profiling and, where appropriate, meaningful information on the details thereof.
- Pursuant to Art. 16 GDPR you have the right to demand, without undue delay, the rectification of inaccurate personal data or completion of any incomplete personal data stored by us.
- Pursuant to Art. 17 GDPR you have the right to obtain erasure of your personal data stored by us unless their processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
- Pursuant to Art. 18 GDPR you have the right to obtain restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful and you oppose their erasure and we no longer need the data but you require them for the establishment, exercise or defence of legal claims and have objected to their processing pursuant to Art. 21 GDPR.
- Pursuant to Art. 20 GDPR you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to have those data transmitted to another controller.
- Pursuant to Art. 7 Subparagraph 3 GDPR you have the right to withdraw the consent given to us at any time. As a result, we shall in future no longer be permitted to continue processing the data for which this consent was originally given.
- Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, you can lodge the complaint with the supervisory authority of your habitual place of residence, your place of work or the seat of our law firm.
9. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to processing of your personal data on grounds relating to your particular situation or if the reason for the objection is processing of the data for direct marketing purposes. In the latter case you have a general right to object, which we shall respect without the assertion that a particular situation exists.
If you wish to exercise your right to withdraw consent or to object, it is sufficient to send an email to data@stern-wywiol-gruppe.de.
10. Data security
During your visit to the website we use the well-known SSL (Secure Socket Layer) system in conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we resort to 128-bit v3 technology instead. You can see whether an individual page of our website is encrypted from the closed image of the key or the lock symbol in the bottom status bar of your browser.
For the rest, also, we take suitable technical and organizational security measures in order to protect your data against chance or deliberate manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are improved continuously to keep pace with technical developments.
11. Links to third-party websites
Our website may contain links to websites of other platforms, partners and service providers that are not covered by this privacy policy. If you visit a website of these third parties, their data protection notices and terms of use apply accordingly. Liability for third-party websites is hereby excluded.
12. Data protection information in the application process
We process the applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. Applicant data is processed to fulfill our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).
The application process requires applicants to provide us with applicant data. If we offer an online form, the necessary applicant data is marked as such, otherwise it results from the job descriptions and generally includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.
By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this data protection notice.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin).
If provided, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We therefore cannot assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using the online form or sending by post. Instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.
In the event of a successful application, we may process the data provided by applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We therefore cannot assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using the online form or sending it by post.
13. Topicality and amendment of this Privacy Statement
This Privacy Statement is currently valid and has the status of May 2018.
The continued development of our website and the offers made, and also changes to legal or administrative regulations, may make it necessary to amend this Privacy Statement. You can access and print out the currently valid version of the Privacy Statement at any time from the website at www.stern-wywiol-gruppe.de.