Privacy Policy

NVL B.V. & Co. KG Privacy Policy

General

We take the protection of your personal data very seriously. Your private sphere is an important concern to us.

The following provisions serve to inform you about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR), in particular, taking into account the obligations to provide information pursuant to Articles 12 to 14 of the GDPR as well as to inform about the data subject rights existing under the GDPR pursuant to Articles 15 to 22 and Article 34 of the GDPR.

This concerns the data-processing procedures associated with visiting this website.


Information about the controller:

The controller for processing your personal data is

NVL B.V. & Co. KG
Zum Alten Speicher 11
28759 Bremen
Germany

Tel.: +49 421 6604 10
Mail: info@nvl.de
www.nvl.de

Represented by
General partner: NVL Verwaltungs B.V. & Co. KG (local court Bremen HRA 29159 HB)
Represented by
General partner: NVL Shipbuilding B.V., Groningen (Kamer von Kophandel, CCI 82055327)
Managing directors:
Dr Klaus Borgschulte
Tim Wagner
Dirk Malgowski
Lena Ströbele

The external company data protection officer of NVL B.V. & Co. KG can be can be reached with the following contact information:

ReviSEC – Information Security Management
Dipl.-Volksw. Bernd Kamlah
Nahblöcken 3
27299 Langwedel
Germany

Tel.: +49 4232 9450 644
Email: info@revisec.de
www.revisec.de


Privacy policy for specific groups of data subjects

1. Privacy policy for website users
 

Scope of application
This part of the privacy policy applies to all pages of our online network that link to this policy.

Purpose of data collection
We process your personal data in accordance with the applicable legal data protection requirements for the purposes set out below for each group of data subjects:

  • Optimisation of the website
  • Error analysis
  • Individual customisation to your needs
  • Offer to contact
  • Where applicable, the sale of goods and services
  • Optimised representation of the company and services


General information on data processing

We fundamentally only collect and use the personal data of our users to the extent that this is necessary for the provision of a functional website as well as our contents and services or to the extent that you as a user make these data available to us through voluntary input. The collection and use of your personal data are regularly only carried out after consent or for the justification and implementation of a legal transaction. An exception applies in those cases where obtaining prior consent is not possible or disproportionate for factual reasons and the processing of the data is permitted by another legal provision.

Legal bases for the processing of your data:

  • Insofar as we obtain the consent of the data subject for processing involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
  • When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing that is necessary for the performance of pre-contractual measures.
  • If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Legitimate interests could be in particular:

  • Responding to enquiries
  • The implementation of direct marketing measures
  • Provision of services and/or information intended for you
  • Processing and transfer of personal data for internal or administrative purposes
  • Operation and administration of our website
  • Technical support for users
  • Prevention and detection of fraud and crime
  • Protection against payment defaults when obtaining creditworthiness information for requests for deliveries and services
  • Ensuring network and data security, insofar as these interests are in each case consistent with the applicable law and with the rights and freedom of the user
  • Achieving efficiency gains by bundling services in the corporate division (especially marketing, IT, procurement)

Categories of recipients:

  • Website optimisation service providers, online marketing service providers and tools, information and communication technology service providers, software and equipment maintenance companies
  • Social networks and communities as described in more detail in the specific privacy policies below
  • Internal recipients according to the ‘need to know’ principle


Usage data/server log files
Each time our website is accessed, our systems automatically record data and information from the computer system of the accessing computer.

The following types of data are collected:

  • Browser type
  • Version used
  • User’s operating system
  • Host name
  • Internet service provider
  • User’s IP address
  • Date and time of retrieval
  • Websites from which the user’s system has accessed our website or to which the user accesses from our website

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR with the above-mentioned legitimate interests.

It is necessary for the system to temporarily store the IP address to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

There is storage in log files to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context. Our legitimate interest in data processing also lies within these purposes.

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the respective sessions have ended if data are collected for the provision of the website. We also reserve the right to check the files if there is a justified suspicion of illegal use or a specific attack on the pages based on specific indications. In that case, our legitimate interest is the processing for the purpose of investigation and prosecution of such attacks and unlawful uses.


Use of cookies
We use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system.

This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data are stored and transmitted in the cookies: language settings, items in a shopping cart, log-in information and the like.

The purpose of using technically necessary or functional cookies is to enable the website to function at all (necessary) or to simplify the use of websites for users (functional). Some functions of our website cannot be offered without the use of cookies.

For these, it is necessary that the browser is recognised even after a page change. We need cookies to provide the shopping basket function, to adopt language settings, to remember search terms and so on. The processing is therefore based on Art. 6 (1) (b) or (f) GDPR.

We also use cookies on some of our websites that enable an analysis of the user’s surfing behaviour. In this way, search terms entered, frequency of page views and use of website functions, amongst others, are transmitted. The user data collected in this way is anonymised by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data are not stored together with other personal data of the users.

Using the cookie setting options implemented on our site, you can implement a simple selection of the cookies you allow.

Legal basis for data processing by means of cookies:

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR if the user has consented to this, otherwise it is Art. 6 (1) (f) GDPR in conjunction with Recital 47 (overriding legitimate interests).


Content of external providers
On our website, we use active JavaScript content and fonts, which may also come from external providers such as Google. By calling up our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plugin NoScript or by deactivating JavaScript in your browser. However, this can lead to functional restrictions.

We include third-party content or additional services from other websites. This always requires the transmission of your IP address to the providers of this content. We cannot make any statement about the use of your data by these providers and also have no influence on the further processing of the service operators. In particular, we cannot make statements about whether the data are used for other purposes, such as profiling. Please refer to the relevant privacy notices of the respective third-party providers below in our privacy policy.

Tracking pixels/Web beacons are invisible graphics with the size of a pixel. These are used in particular for the purpose of tracking a user across various web pages to create a profile for use in advertising tailored to the user (targeting). No tracking pixels/web beacons are used on our websites.

Unless you consent to the use of cookies and tracking tools via the cookie banner, only tools that are technically necessary for operation are used. In addition, you can disable acceptance for third-party cookies in your browser settings. This may lead to restrictions in the functionality of the websites.


Transmission of data via the Internet
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line.

Data transmission via the Internet is always associated with certain risks. No special, more extensive encryption of the data is carried out; in particular, messages from the comment field of the contact form on our website are transmitted without further encryption.

Please bear this in mind when transmitting data.

If you wish to communicate with us via encrypted email, this is possible via SMIME encryption. Please inform us of the request for encryption, as we regularly send unencrypted emails due to the current low market penetration of email encryption methods and the lack of uniform application standards.


Passing on data
If you provide us with personal data, these will only be passed on to third parties if it is necessary to process the contractual relationship or if another legal reason legitimises this transfer. However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data (for example, by concluding separate contractual agreements for processing in accordance with Art. 28 GDPR or on the basis of special legal regulations that oblige confidentiality).


Processing by third-party providers

Matomo
We use the open-source software Matomo to analyse and statistically evaluate how our website is used. Cookies are used for this purpose (see section on cookies). The information generated by the cookie relating to how you use the website is sent to our servers and compiled into pseudonymised usage profiles. The information is used to evaluate how you use the website and to ensure that our website is user-friendly. The information is not shared with third parties. Under no circumstances will your IP address be associated with other data concerning you. Your IP address will be anonymised so that it cannot be associated with any other data (this is known as IP masking).

Your visit to this website is currently being logged by Matomo. Click here (https://matomo.org/docs/privacy/) to prevent your visit from being logged.


Social media plugins
Our pages do NOT use plugins from social media (e.g. Facebook, Instagram, Twitter, LinkedIn, XING and YouTube) that support an automatic connection to the servers of the respective providers.

We only use the established social media logos in the form that we link to the respective login pages of the social media platforms via the logos. By clicking the corresponding button, you will be redirected to the server of the selected provider and can log in there with your individual account data.

If you are logged into your respective social media accounts (e.g. Facebook) at the same time, the respective providers can assign the visit to our pages to your user account.

Activating the link constitutes consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke this consent at any time with effect for the future.


Storage periods for data on our systems
The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned laws expires, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.

Some technically necessary cookies only store your data for the duration of a visit to our websites.

However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.


2. Privacy policy for social media presences
 

XING
We
operate one or more commercial websites on the professional social media network XING, especially to promote ourselves but also for recruiting.

We only process your data if you contact our HR department via the XING platform or apply for an advertised position via XING. In this case, XING collects your data and makes it available to us. This may also involve storage and further processing by us. The processing of your personal data in the event of an application is governed by our applicant privacy policy.  

The legal basis for the processing of personal data is, depending on the case, processing for the initiation and execution of a contract with you pursuant to Art. 6 (1) (b) GDPR or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) (f) GDPR.

If you have given your consent to the social network provider for the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) (a) GDPR.

This may also involve storage and further processing by us. The processing of your personal data in the event of an application is governed by our applicant privacy policy.

Furthermore, we may collect data from visitors to our commercial site, insofar as the display as visitor can be defined as processing in the sense of use. We do not store these data on our own systems, nor are they systematically processed via incidental information.

For these processing stages, our information regarding the responsible body, the data protection officer and the declaration of your rights as a data subject apply.

We would like to point out that for any processing going beyond this on our XING company page, the privacy policy of New Work SE, Dammtorstraße 30, DE-20354 Hamburg, Germany, Tel: +49 40 419 131 0, Fax: +49 40 419 131 11, Mail: info@xing.com (hereinafter: XING) is applicable.

Further information on the processing of personal data by XING can be found here: https://privacy.xing.com/de/datenschutzerklaerung


LinkedIn
Our company operates a social media channel on the LinkedIn platform.

We only process your data if you contact our HR department via the LinkedIn platform or apply for an advertised position via LinkedIn for these very purposes. In this case, LinkedIn collects your data and makes it available to us. 

The legal basis for the processing of personal data is, depending on the case, processing for the initiation and execution of a contract with you pursuant to Art. 6 (1) (b) GDPR or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) (f) GDPR.

If you have given your consent to the social network provider for the aforementioned data processing with effect for us, the legal basis is Art. 6 (1) (a) GDPR.

This may also involve storage and further processing by us. The processing of your personal data in the event of an application is governed by our applicant privacy policy.

Furthermore, we may collect data from visitors to our commercial site, insofar as the display as visitor can be defined as processing in the sense of use. We do not store these data on our own systems, nor are they systematically processed via incidental information.

For these processing stages, our information regarding the responsible body, the data protection officer and the declaration of your rights as a data subject apply.

For any processing beyond this, please note that the privacy policy of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is applicable on our LinkedIn company page.

Further information on the processing of personal data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

 

3. Privacy policy for customers, interested parties and other data subjects
 

Information on data processing
As a customer and as an interested party or other data subject, we process your personal data primarily to establish and fulfil a contractual relationship concluded with you or on the basis of a legitimate interest. Your data will be processed by us to the extent necessary to initiate and implement a contractual relationship, to provide the contractually agreed service, to provide information, to carry out direct marketing activities or to support other processes of our business operations. Failure to provide data may result in it not being possible to conclude the contract. Beyond that, we only process your data if you have consented to the processing or if another legal permission exists.


Purposes of the data processing
We process your personal data to achieve the following purposes in connection with the initiation and implementation of a contractual relationship or other activities in the interest of the company:

  • Identification
  • Contract processing (including shipping, aftersales service, complaints management)
  • Communicating with business partners on products, services and projects, as well as responding to enquiries, customer service
  • The advertising of existing customers, use as a selection criterion for direct marketing, in order to be able to offer you a service that is tailored to you
  • The management of our customer and supplier relationships, customer care
  • Quality management
  • The improvement and development of our services
  • Customer analysis for market research and optimisation of our offers and external presentation (website presence, social media presence)
  • The handling of our logistics/materials management
  • Reporting on our company
  • Compliance with legal or contractual requirements
  • The settlement of disputes, the enforcement of contracts, the assertion, defence and exercise of legal claims, the detection and prosecution of fraudulent and other unlawful acts
     

Beyond that, we only process your data with your express declaration of consent.

Types of data that we process
The following personal data will be processed in particular:

  • Contact details: name, address, telephone number
  • Identification/payment data: account number, VAT number
  • Order data: quantity, turnover, intervals
  • Geodata: addresses, delivery terms and conditions
  • Image data: photos and video recordings of events as part of corporate events, trade fairs or image films
  • Other data: other required information relating to the business relationship, information provided voluntarily as well as information from publicly available sources, if applicable


Credit information
Furthermore, we reserve the right, in the case of (initiating and implementing) orders or commissions as well as in the case of persistent payment arrears, to pass on personal data to third parties for the purpose of providing creditworthiness information, insofar as this is necessary to protect our legitimate interests. Only the data required to calculate creditworthiness by means of a mathematical-statistical procedure by the credit agency are transmitted. We require creditworthiness information in order to be able to decide on the establishment and implementation of a contractual relationship while safeguarding our legitimate interests.


Categories of recipients
The personal data will be transmitted to affiliated companies, supervisory authorities and legal service providers/auditors as far as this is necessary in the context of the processing.

If we are under a legal obligation to do so, we will release your data to the relevant authorities upon request.

To optimise our processing procedures, we also make use of external service providers based in the European Economic Area (e.g. IT services with maintenance access, service providers). These service providers have been carefully selected by us, commissioned in writing, and are bound by our instructions within the framework of processing agreements pursuant to Art. 28 GDPR.

We make regular inspections of our service providers. The service providers will not pass these data on to third parties but will erase them after the contract has been fulfilled and the legal storage periods have expired, unless you have consented to further storage. 

These service providers are, for example:

  • Banking, payment and financing service providers
  • Credit agencies (Bremer Inkasso, Creditreform)
  • Logistics companies
  • Specialist companies
  • IT service providers
  • Marketing service providers
     

Legal bases for the processing
Legal bases for the processing of your data are in particular:

  • Art. 6 (1)(a) on the basis of your consent
  • Art. 6 (1)(b) for the establishment, implementation and termination of a contractual relationship
  • Art. 6 (1)(c) for the fulfilment of a legal obligation
  • Art. 6 (1)(f) for the protection of a legitimate interest

 

Our legitimate interests lie in the achievement of the above-mentioned purposes and, in addition, for example, in:

  • The protection of our business interests, including direct marketing
  • The use of efficiency and effectiveness potentials, also in cooperation with partners and, if applicable, affiliated companies
  • Ensuring compliance with safety regulations, requirements, industry standards and contractual obligations
  • The assertion, exercise or defence of legal claims
  • The avoidance of damage to and/or liability of the company through appropriate measures
  • The implementation of information and communication measures, including those of an advertising nature
  • The reporting of corporate information


Customer analysis
In the case of customer analysis, your data will be processed either anonymously or, if anonymous processing is not possible or reasonable for objective reasons, in pseudonymised form. Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We only transmit or receive personal data from these service providers on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, there is a transfer to a third country. Data protection agreements in accordance with the legal requirements are contractually stipulated with these service providers to establish that an appropriate level of data protection and corresponding guarantees are agreed.


Data collected by third parties
Where applicable, data are made available to us by third parties, for example in the context of recommendations. In this case, it is usually contact data in connection with data on specific product or service needs. We may collect data from credit agencies. To the extent required by law, we will inform you of this appropriately within the specified deadlines (Art. 14 GDPR).


Duration of storage
After the respective purposes have been achieved, your data will be erased in compliance with the statutory retention periods.
For all transactions with accounting relevance, the retention periods under commercial and tax law of generally ten years apply.


4. Privacy policy applicants
 

If, for example, you apply for a job at our company via the job vacancies section of our website, we process and store your personal data. We take your privacy very seriously and would therefore like to inform you here about how we handle your applicant data.
 

Purpose of data collection
Before you join our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the extent required.


Types of data that we process
The following types of personal data will generally be processed:

  • Applicant data: name, date of birth, CV, nationality/work permit (or the like for selection, recruitment, entry and exit management)
  • Private contact details: address, telephone number, email (for the purpose of contact)
  • Data within the scope of personnel screening (e.g. police clearance certificate, insofar as we request it from you in individual cases)
  • Data that may be subject to professional secrecy (e.g. data on health eligibility and any restrictions)
  • Other data in personnel administration: severe disability (if relevant), driving licence, special qualifications

We do not require any information from you that is not usable under the General Equal Treatment Act (allgemeine Gleichbehandlungsgesetz, AGG) (such as ethnic origin, gender, pregnancy, details of physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity, or sex life).

We ask that such data not be transmitted to us. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, personal rights, press law, or general rights of third parties).

Legal bases for the processing:

  • For the establishment, implementation and termination of a contractual relationship pursuant to Art. 6 (1)(b) GDPR in conjunction with Section 26 BDSG (German federal law on data protection)
  • For the fulfilment of a legal obligation according to Art. 6 (1) (c) GDPR
  • In the case of processing for the protection of a legitimate interest pursuant to Art. 6 (1)(f) GDPR
  • On the basis of consent from you by voluntarily providing data that are not necessary for the purpose or conclusion of a contract or the continuation of an existing contract (such as hobbies in your curriculum vitae) in accordance with Art. 6 (1) (a) GDPR


Our legitimate interests in this regard lie, for example, in:

  • The optimisation of the application processes
  • Achieving efficiency gains by bundling services in individual corporate divisions (especially HR, IT)
  • Ensuring compliance with safety regulations, requirements, industry standards and contractual obligations
  • The assertion, exercise or defence of legal claims
  • The avoidance of damage to and/or liability of the company through appropriate measures

Categories of recipients:

  • Internal recipients according to the ‘need to know’ principle
  • Contact persons identified in the job description
  • Companies affiliated under company law


Erasure deadlines
After the respective purposes have been achieved, your data will be erased. However, data will be retained for as long as necessary to defend legal claims. The storage period in the course of an application is usually six months.

If your profile was transmitted to us by an HR service provider and this service provider has commission claims, the storage period may extend until their fulfilment or expiry.

If processing relevant to accounting has been carried out, such as the reimbursement of travel expenses, the data required for this will be erased in compliance with the statutory retention periods, usually six or ten years.

If the application is successful and we conclude a contract with you, we transfer the data collected during the application process to our personnel file.

Please refer to our privacy policy regarding the transmission of your personal data by email.


5. Privacy policy for our employees
 

We would hereby like to inform our employees about our handling of their personal data in the context of the employment relationship in general and in relation to the processing of their data on our website.


Purpose of data collection
During the period of your employment, your personal data will be processed mainly for the performance and/or termination of the contractual relationship including the tasks related to the respective activities. Other purposes may include processing for the purposes of compliance with legal requirements (including third-party claims for information) or corporate development or communication measures.

The naming of contact persons with their names and official contact details is done for the purpose of targeted and quick communication with the users of our website.

Types of data that we process
We process the following personal data as part of your employment:

  • Applicant data: name, date of birth, CV, nationality/work permit (and the like for selection, recruitment, entry and exit management)
  • Private contact details: address, telephone number, email
  • Official contact details: telephone numbers, email, place of work, job title
  • Image data: photo for identification and photos within the scope of company events
  • Identification/payment data: identity card data or work permit for identification and determination of the legitimacy of employment, place of birth, marital status, tax identification number, health insurance membership, income tax class, allowances, denomination for church tax, account number, any wage garnishments (for the purpose of payroll accounting and fulfilment of social security, tax and other legal obligations)
  • Health data: for example in the context of payroll accounting, for settlement with health insurance funds or employers’ liability insurance associations, or in the context of legal obligations as an employer, such as company integration management or the fulfilment of obligations in the protection of severely disabled persons or in the context of company self-monitoring such as occupational health and safety or company medical examinations
  • Time recording, access and usage data: holiday times, work time accounts, shift schedules if applicable, closing times, access logs, time logs relating to the activities carried out, also electronic logs within the framework of the use of our IT infrastructure, and so on
  • Data within the scope of personnel screening (e.g. police clearance certificate)
  • Suitability and performance/behaviour monitoring data: training and development information, data for the purpose of measuring target achievement (e.g. for variable remuneration component)
  • Other data in personnel administration: secondary employment, data within the scope of occupational health care and occupational health management, occupational health and safety, any degree of severe disability, driving licence possession, any employee surveys


Categories of recipients
We send your personal data to the following recipients, for example in order to comply with legal obligations or obligations arising from the employment relationship:

  • Bank service providers, financial service providers, service providers for the calculation of pension provisions, if applicable
  • Service providers for payroll accounting (tax consultants), auditors, service companies for information and communication technology, companies for software and equipment maintenance, service providers in the HR sector
  • Health, social, pension and accident insurance institutions as well as other insurance companies and providers of capital-forming benefits
  • Authorities such as tax authorities, social security funds, employment agencies, if applicable, safety, health, road traffic or related fine offices, customs authorities or monitoring offices for undeclared work and minimum wage, other authorities
  • Occupational health service
  • Companies associated under company law as joint controllers: the essential contents of the regulation of the tasks with regard to the rights of data subjects can be requested at the contact address given, but according to Art. 26 (3) GDPR, these rights can be claimed by data subjects from all companies involved
  • Third-party debtor in case of wage garnishment, insolvency administrator in case of private insolvency
  • Business partners and customers (official contact details), temporary employment agencies


Legal bases for the processing
When processing your personal data, we of course comply with the applicable law. Processing therefore only takes place on a legal basis. The following legal bases come into consideration in particular in the employment relationship:

  1. Section 26 BDSG (version as of 25.05.2018) insofar as necessary for the performance of the employment relationship or to clarify a specific suspicion of criminal offences
  2. Art. 6 (1) (a) on the basis of your consent, whereby fundamentally none is required for the conclusion of a contract or the continuation of an existing contract
  3. Art. 6 (1)(b) for the establishment, implementation and termination of a contractual relationship
  4. Art. 6 (1)(c) for the fulfilment of a legal obligation
  5. Art. 6 (1)(f) for the protection of a legitimate interest
  6. Art. 88 GDPR on the basis of collective agreements (works agreements)

If we process your data within the framework of our legitimate interests, these are, for example, in:

  • The implementation of electronic access controls
  • The optimisation of the HR planning
  • Achieving efficiency gains by bundling services in individual affiliated companies (especially HR, IT, procurement)
  • Ensuring compliance with safety regulations, requirements, industry standards and contractual obligations
  • The assertion, exercise or defence of legal claims, incl. data to document performance flows
  • The avoidance of damage to and/or liability of the company through appropriate measures
  • The implementation of in-house information and communication measures
  • The reporting of corporate information

You have the right to object to the processing of personal data in the context of a legitimate interest on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds that override your rights and freedoms or unless the processing serves to assert, exercise or defend legal claims.

We do not use the personal data you provide to make automated decisions about you.


Duration of storage
After the respective purposes have been achieved, your data will be erased in compliance with the statutory retention periods, usually six or ten years, or 30 years or longer in the case of various data categories such as occupational pension provision.


Processing of your personal data on our website
Your name and official contact details such as telephone number and email address may be published on our websites.

The purpose of this publication is to enable quick and targeted communication with our customers or interested parties.

The legal basis results from your activity for our company within the framework of employment contract regulations and thus in the course of the fulfilment of the contract pursuant to Art. 6 (1) (b) GDPR. In addition, there is a legitimate interest on the part of our company in efficient communication with our customers. Since only your official contact details are processed for this purpose, we consider this to be an overriding interest pursuant to Art. 6 (1) (f) GDPR.

Insofar as you are identifiable as an employee of our company or as a data subject in the course of the provision of image films via our website and the YouTube channel linked to this, we have informed you about the rights of use in advance and obtained your consent in accordance with Art. 6 (1) (a) GDPR beforehand.

For information on the processing of your personal data on the social platforms linked to our websites, please refer to the respective privacy policies.


6. Additional general information
 

Use of service providers
Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We only transmit or receive personal data from these service providers on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, there is a transfer to a third country. Data protection agreements in accordance with the legal requirements are contractually stipulated with these service providers to establish that an appropriate level of data protection and corresponding guarantees are agreed.

The use of an external specialised service by an autonomous body is always given if the service provider does not act as a processor bound by instructions due to a special legal regulation but provides the services as its own  responsibility. This is the case, for example, with tax advisors and lawyers and also with companies that provide pure transport services such as postal services or telephone services. Credit institutions are also subject to their own supervisory authority and, within the scope of their activities, act in accordance with special legal requirements which, in individual cases, may take precedence over the general provisions of the GDPR.

 

Information about your rights
You have the right to:

  • Request confirmation from us as to whether personal data relating to you are being processed by us;
    if this is the case, you have a right of access to this personal data and to the information listed in detail in Art. 15 of the GDPR.
  • Request the issuance of the data concerning you in the restrictions of Art. 20 GDPR in a common electronic, machine-readable data format. This also includes issuance (as far as possible) to another controller directly designated by you.
  • Request us to rectify your data if they are incorrect, inaccurate and/or incomplete. Correction also includes completion through statements or communication.
  • Demand that we erase personal data relating to you without delay
    if one of the reasons listed in Article 17 of the GDPR applies. We may not erase data that are subject to a statutory retention period, however. If you do not want us to contact you again, we will store your contact details on a blocking list.
  • Revoke any consent you have given with effect for the future without any disadvantage to you.
  • Demand that we restrict processing if one of the conditions listed in Art. 18 GDPR applies.
  • Object at any time to the processing of personal data concerning you on grounds relating to your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms or that the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
  • Complain, without prejudice, to any other administrative or judicial remedy if you consider that the processing of personal data relating to you is in breach of the GDPR. In such cases, please file a complaint:
    • With our data protection officer: Bernd Kamlah (info@revisec.de)
    • Via post (see legal notice)
    • With a supervisory authority in the member state of your residence, place of work or the place of the alleged infringement


Data security
We use the SSL (Secure Sockets Layer) procedure in connection with the highest encryption level supported by your browser when visiting the website. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.


Currency and amendment of this privacy policy
This privacy policy was last updated in August 2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can access and print out the current privacy policy on the website at any time.