Data Privacy Statement

We would like to adapt both the information on this website and our service offers to better fit your needs. For this purpose we use cookies. Please decide for yourself which types of cookies should be enabled when using our website. The types of cookies that we use are described in "Cookie settings". You can change / revoke your consent at any later time by clicking on the "Cookie Settings" button in the lower right corner of this website.

You can find more information about the cookies used on this website in our Cookie Consent Tool.

Legal basis

The legal basis for the use of cookies is your consent according to Article 6(1)(1)(a) GDPR.

Personal data is collected by us when you provide it to us voluntarily, for example, when you contact us. We will, of course, use the personal data provided to us in this way solely for the purpose for which you provided it when contacting us.

Any communication of this information is on a voluntary basis, and in these cases is initiated by you. Insofar as this involves information regarding communication channels (e.g. e-mail address, telephone number), we will use these channels to contact you in accordance with your request.

Purposes of data processing
The purpose of processing your data is to handle and respond to your request.

Legitimate interests
The legitimate interest in the processing lies in the purposes described.

Legal basis
The legal basis for the processing of the data that you provide in the process of contacting us, is Article 6(1)(1)(f) GDPR.

Duration of data storage
We will delete your data that we have received in the course of contacting you as soon as they are no longer required to fulfill the purpose for which they were collected, i.e. your request has been fully processed and no further communication with you is required or requested.

Right to object
You can contact our data protection officer at any time about deleting the data relating to your request. However, we may then not be able to process your request in full.

As a matter of principle, your data will not be transferred to third parties unless we are legally obliged to do so. Insofar as external service providers come into contact with your personal data, we have ensured that they comply with the provisions of data protection laws through legal, technical and organizational measures as well as regular checks. Furthermore, these service providers may only use your data in accordance with our order.

We place great importance on processing your data within the EU/EEA. However it may be the case that we use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient prior to the transfer of your personal data. This can be achieved, for example, by means of EU standard contracts or Binding Corporate Rules or special agreements to whose regulations the company may be subject.

We are happy to provide you with information as to whether personal data relating to you is being processed; if this is the case, you have a right to information about this personal data and to the data protection measures specified and listed in detail in Article 15 GDPR. In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to have your data deleted (Article 17 GDPR) and the right to data portability (Article 20 GDPR) under the respective legal provisions.

What right do you have in case of data processing based on your legitimate or public interest?

According to Article 21(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1) (1)(e) GDPR (data processing in the public interest) or on the basis of Article 6(1) (1)(f) GDPR (data processing for the protection of a legitimate interest).

You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).

Personal data is processed when you contact us via social media channels. This information is provided on a voluntary basis and is initiated by you.

This can be done by:

1. Use of the comment, message, and chat function
   You can contact us directly via the comment, message, or chat function on our social media channels. We will use the information you provide in this context exclusively to respond to your contact, preferably within the social media channels.

Purpose of the processing:
The purpose of processing your data is to process and respond to your request.

Legal basis:
The legal basis for the processing of the data transmitted to us while contacting us is Art. 6 para. 1 sentence 1 lit. b) GDPR and Art. 6 para. 1 sentence 1 lit. f) GDPR.

Duration of data storage:
If we use contact data outside the social media channels, we will delete it as soon as it is no longer required to achieve the purpose, i.e., your request has been fully processed and no further communication with you is required or requested by you.

2. Use of the “Like” button
   By clicking the “Like” button, the respective user sends information to the platform provider, which in turn transmits aggregated information from the user profiles to us about the average age structure, place of residence, gender, choice of language and activities of the users who have clicked the “Like” button in connection with our social media channels. At no time do we receive information relating to a specific person. Further information about the data collected by the platform provider in this context can be found in the privacy policies of the platform providers.

Please note that if you use our social media channels, your personal data will also be processed by the platform providers. You can find information about this in the privacy policy of the provider in question.

Instagram

LinkedIn

Vimeo

We process your personal data to the extent necessary to carry out the application process. This includes the following categories of data:

Standard details

• Applicant master data (first name, last name, address, job position),
• Qualification data (cover letter, resume, previous activities, professional qualifications),
• (Work) references and certificates (performance data, assessment data, etc.),

Specific information that may be required due to the nature of the position being filled,

• Police record (only when an employment contract is to be concluded).

Other information

• Voluntary information, such as an application photo, details of severely disabled status or other information that you voluntarily provide us in your application.

As a rule, we only use the personal data that we receive from you in connection with the actual application process.

In some case we may receive personal information from the following sources

• Service providers for applicant recruitment

We process your personal data in specific compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as all other applicable laws.

Implementation of pre-contractual measures (Article 6(1)(b) GDPR) and data processing for the purposes of the application relationship (Section 26(1) BDSG)

Applicant personal data may be processed for purposes that are part of the application process, if this is necessary in order to decide on the commencement of an employment relationship with us.

The necessity for and the scope of data collection are assessed, among other criteria, on the basis of the position to be filled. If your desired position involves the performance of highly confidential tasks or increased responsibility for personnel and/or financial matters, more comprehensive data collection may be necessary. This is why we ask our applicants to provide us with their police record. To protect personal privacy, this sort of data processing takes place either after the applicant selection process has been completed, immediately before you are hired, or only after your actual hiring.

Data processing based on your consent (Article 6(1)(1)(a) GDPR, and Article 26(2) BDSG)

We process your personal data based on your consent in the following cases:

• Inclusion in the applicant pool, i.e. we store the application documents after the current application process is over for consideration in future application processes.

Based on the legitimate interest of the responsible body (Article 6(1)(1)(f) GDPR)

In certain cases we process your data to protect a legitimate interest of our own or of third parties:

• To defend legal claims in proceedings under the German General Equal Treatment Act (AGG). In the event of a legal dispute, we have a legitimate interest in processing the data for purposes of evidence.

 Your data will be processed by the following parties:

Internal departments, depending on the job advertised

• Personnel department, specialist areas

External service providers

• IT service providers (e.g. maintenance, hosting and website hosting service providers)
• Service providers for the destruction of files and data

We place great importance on processing your data within the EU/EEA. However it may be the case that we use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient prior to the transfer of your personal data. This can be achieved, for example, by means of EU standard contracts or Binding Corporate Rules or special agreements to whose regulations the company may be subject.

We store your personal data as long as it is necessary for the decision on your application to be made. If an employment relationship between you and us does not come about, your data will be automatically deleted within 6 months after the end of the application process, provided no other legitimate interests prevent deletion. Other legitimate interests in this sense might be, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

If an employment relationship does not come about, but you have given us your consent for the continued storage of your data, we will store your data until you revoke your consent, however, for no longer than one year at most. If there is a specific reason, we may also store your data for a longer period of time for the purpose of defending against possible legal claims.

We process the data you provide us as a customer or supplier (hereafter referred to as "business partner") for the purposes of carrying out pre-contractual measures and concluding a contract. Furthermore, we process your personal data for other purposes including the fulfillment of legal requirements, the protection of a legitimate interest, or based on a consent provided by you. We process only the personal data that we receive from you.

Depending on the legal basis and the contractual relationship, this relates to the following categories of data:

• Contact details as customarily found on business cards (e.g. name, company, telephone, e-mail address)
• Account information, in particular registration and log-in details (e.g. customer portal)

Based on your consent provided to us (Article 6(1)(1)(a) GDPR)
If you have given us your voluntary consent to the processing of certain personal data, then this consent forms the legal basis for the processing of this data.

We process your personal data based on your consent in the following cases:

• Sending of information on our products, news, events,
• rapid Corona tests for on-site appointments.

For the fulfillment of a contract (Article 6(1)(1)(b) GDPR)
We use your personal data for the implementation of the contract as well as for pre-contractual communication.

For the fulfillment of legal obligations (Article 6(1)(1)(c) GDPR)
As a company we are subject to a variety of legal obligations. Processing of personal data may be necessary for the fulfillment of the following obligations:

• Prevention of/defense against criminal acts (only related to specific incidents),
• Retention and storage obligations (Article 257 HGB (German Commercial Code); Article 147 AO (German Tax Code)),
• Obligations regarding the processing of customer data (e.g. due to legal taxation requirements).

Due to a legitimate interest (Article 6(1)(1)(f) GDPR)
In certain cases we process your data to protect a legitimate interest of our own:

• Communication with contacts as business partners,
• Ensuring IT security and IT operations,
• Customer satisfaction surveys,
• Event-specific comparison of first and last names of business contacts with the EU anti-terrorism regulation lists (Regulation (EC) No 881/2002, Regulation (EC) No 2580/2001, known as Anti-Terror Lists) due to a ban on service provision under the EU Anti-Terrorism Regulation,
• To ensure compliance with house rules; video surveillance, visitor registration.

In order to fulfill our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies, as well as external service providers:

• IT service providers (e.g. maintenance, hosting and website hosting service providers)
• Service providers for the destruction of files and data
• auditors, tax advisors, lawyers, credit agencies/credit insurers,
• companies and owners of the Speira Group.

We place great importance on processing your data within the EU/EEA. However it may be the case that we use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient prior to the transfer of your personal data. This can be achieved, for example, by means of EU standard contracts or Binding Corporate Rules or special agreements to whose regulations the company may be subject.

We store your personal data as long as necessary for the fulfillment of our legal and contractual obligations, including:

• compliance with commercial and taxation storage requirements. To name a few: Record retention periods laid down by the German Commercial Code (HGB) or the German Tax Code (AO). These retention periods are up to ten years.
• For the fulfillment of a customer request (product liability-related obligations to provide evidence)

We are happy to provide you with information as to whether personal data relating to you is being processed; if this is the case, you have a right to information about this personal data and to the data protection measures specified and listed in detail in Article 15 GDPR. In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to have your data deleted (Article 17 GDPR) and the right to data portability (Article 20 GDPR) under the respective legal provisions.

What right do you have in case of data processing based on your legitimate or public interest?

According to Article 21(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1) (1)(e) GDPR (data processing in the public interest) or on the basis of Article 6(1) (1)(f) GDPR (data processing for the protection of a legitimate interest).

You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).