1. Information regarding the collection of personal data
1.1. In the following we inform about the collection of personal data when using our website. Personal data are all data that refer to you personally e.g. name, address, email addresses, user behaviour.
1.2. The party responsible pursuant to Article 4 para. 7 of the EU General Data Protection Regulation (GDPR) is Delticom AG, Brühlstr 11, D-30169 Hanover, Germany, Telephone: 49(0)511-87989280, Email: firstname.lastname@example.org, Website: www.delti.com (see our imprint details). Our Data protection officer can be reached at email@example.com or at our postal address with the addition “FAO Data protection officer”.
1.3. The use of our website functions is fundamentally possible without the processing of personal data. Please refer to the corresponding remarks below concerning the (personal) data transmitted technically to us by you. If we use contracted service providers for the individual functions of our offer or if we wish to use your data for advertising purposes, we shall inform you in detail below regarding the respective procedures. Finally, we also name the criteria of storage duration established.
1.4. If you would like to apply to us, please note our information below.
1.5. If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
2. Your rights
2.1. You have the following rights regarding us with respect to the personal data concerning you:
- Right to information
- Right to rectification or deletion
- Right to restriction of processing
- Right to object to the processing
- Right to data portability
Your rights are regulated in Chapter 3 of the GDPR.
2.2. You also have the right to complain to us about the processing of your personal data by means of a data protection supervisory authority. The responsible data protection supervisory authority is the State Commissioner for Data Protection of Lower Saxony (Landesbeauftragte für den Datenschutz Niedersachsen), Prinzenstr. 5, 30159 Hanover, https://www.lfd.niedersachsen.de.
3. Purposes and legal basis of the processing
3.1. Unless otherwise stated or specified, the purpose of our data processing activities is the pursuit of our own business purposes.
3.2. We use different legal bases for the data processing.
3.3. If you give us consent for certain processing operations of personal data, the legal basis is Article 6 I lit. a of the GDPR hereinafter also referred to as “consent”).
3.4. If the processing of personal data is necessary for the initiation or performance of a contract whose (potential) contracting party is the data subject, e.g. if you inquire about products and/or order goods with us and the data processing is necessary for the delivery of the goods, Article 6 I lit. b of the GDPR is the legal basis (hereinafter also referred to as “contract performance”).
3.5. If the processing of personal data is required to fulfil a legal obligation, e.g. for the fulfilment of tax filing obligations, Article 6 I lit. c of the GDPR is the legal basis.
3.6. If the processing of personal data is necessary for the protection of vital interests of the data subject or of another natural person, e.g. if a visitor to one of our warehouses were injured and his/her data had to be forwarded to a doctor and/or hospital, Article 6 I lit. d of the GDPR is the legal basis.
3.7. The processing of personal data may, according to Article 6 I lit. f of the GDPR, be permitted under data protection law if it is necessary for the protection of a legitimate interest of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the person concerned do not predominate (hereinafter also referred to as ” legitimate interests”). We consider the performance of our business in the interest of safeguarding the jobs of our employees and of the well being of shareholders as our fundamental legitimate interest. This is also covered by the legitimate interests of companies expressly described by the European legislator. Therefore, a legitimate interest can be assumed if the data subject and the company are in a customer relationship (Recital 47 sentence 2 of the GDPR) or personal data are processed for direct marketing purposes.
3.8. If we send e-mail advertising without consent to existing customers who have provided us with their e-mail address when ordering for the advertising of their own similar products and if we have pointed out this possibility of use and the right during data collection that this use of data can be revoked at any time without incurring costs other than the transmission costs according to the basic tariffs, we refer to § 7 Paragraph 3 of the (German) Act against Unfair Competition (UWG).
4. Recipients and categories of recipients of your personal data
4.3. Service providers outside the EU/EEA: We can not rule out that our subcontractors use other service providers in third countries. Pursuant to Article 28 para. 4 of the GDPR we obligate all service providers to adhere to adequate and appropriate guarantees in accordance with Article 44 ff. of the GDPR (transfer to third countries).
5. Deletion of data and their storage period
We delete or restrain the use of personal data as soon as the purpose of their storage ceases or no legal archiving obligations take effect and therefore the necessity of their storage ceases. For example, there are obligations under tax or commercial law to retain data for up to 10 years in accordance with § 257 (German) Commercial Law Act (HGB) or § 147 (German) Tax Code (AO). We store personal data of applicants that we do not employ for 6 months. We do this to protect our interests in any legal dispute. We refer as legal basis for the storage to art. 6 para. 1 sentence 1 f GDPR (weighing of interests). Thus, our duty of proof in any proceedings under the General Equal Treatment Act (AGG) represents a legitimate interest. If we answer other questions without a current contractual relationship, we store this communication for three years in accordance with the statutory limitation periods, unless the above-mentioned commercial and tax storage periods must be observed. The storage of three years takes place in our legitimate interest for possible legal defense against asserted claims on the basis of our information. The legal basis for this is Art. 6 I lit. f GDPR (legitimate interests).
6. Existence of automated decision making
o automated decision-making or profiling takes place on this website. In our individual online shops, automated decision making can take place depending on the chosen payment method. We would then point this out separately there.
7. Collection of personal data when visiting our website
In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following information that is technically necessary for us to display our website and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- The amount of data transmitted
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
No further storage of this data takes place.
8. Data collection and processing during the application process
8.1. We are delighted that you would like to apply to work for us. Please send your application by email to firstname.lastname@example.org. We recommend that you do not send us your sensitive data unencrypted. If you send us an encrypted email, please make sure that we receive the password (for example, to open the email or PDF) over a secure communication channel (for example by telephone). Please note that for reasons of IT security we cannot open compressed data (e.g., winrar, zip, 7z). If you send us an unencrypted email, we shall assume that we can also answer you via unencrypted email to the email address that you have used or specified.
8.2. Please note that false statements or submissions in the context of an application process may constitute grounds for rejection or subsequent termination. Please check carefully the accuracy and completeness of your information.
8.3. The most suitable (best) applicants will be selected, regardless of race, ethnic origin, gender, religion or belief, disability, age or sexual identity. For your application process, we do not require information that is not usable under the General Equal Treatment Act (Allgemeinen Gleichbehandlungsgesetz, AGG), nor do we require confidential information or trade secrets from your current or previous employer.
8.4. he legal basis for the data processing for the purpose of carrying out the application procedure is § 26 para. 1 together with para. 8 S.2 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), insofar as this is necessary for the establishment of an employment relationship with us. The legal basis for storage in order to defend claims under the AGG is Art. 6 para. 1 sent. 1 lit. f) GDPR (legitimate interests). Personal data of applicants who we do not hire is stored for 6 months. Thus, our burden of proof in any legal proceedings under the General Equal Treatment Act (AGG) constitutes a legitimate interest. The legal basis for storage is Art. 6 para. 1 sent. 1 lit. f) GDPR (legitimate interests).
8.5. If an employment relationship (job, training, internship) is established between you and us, pursuant to § 26 Abs. 1 BDSG we may process the personal data you provided during the application procedure for employment purposes, if this is necessary for the implementation or termination of the employment relationship, or for the fulfilment or exercise of the legal, collective, or collective bargaining rights and obligations of employee interest groups.
9. Data collection and processing for corporate and ad-hoc announcements
9.1. We use e-mail distribution lists for the purpose of publishing company and ad-hoc announcements and for maintaining contacts with investors, shareholders, analysts and journalists (Investor Relations). For example, we provide information once a year on the annual report and on business transactions on specific occasions. In doing so, we process the names and e-mail addresses of those persons whom we have on the respective e-mail distribution lists. We add people as addressees to our mailing lists if they wish so or in their presumed interest (e.g. because of their work in a medium or department suitable for our business). We publish ad hoc announcements because we are required to do so by law (e.g. § 37b German Securities Trading Act, WpHG) and to avoid legal liability risks.
9.2. We delete people from our mailing lists if this is requested by the addressees or if we have reason to believe that there is no longer any suspected interest (e.g. in the event of a change of department that has come to our attention).
9.3. Informing the financial community and interested parties about annual reports, events or notifiable information is a legitimate interest for us as a listed company. Since we only include addressees interested in the subject or personally, we do not assume any conflicting interests on the part of the addressees. We even assume a fundamental presumed interest. The legal basis for data processing is Art. 6 para. 1 f) GDPR (“legitimate interest”).
Revision: June 2018