Data protection declaration according to the GDPR
Analytik Jena GmbH+Co. KG takes the protection of personal data very seriously and observes the rules of data protection. Personal data is only collected on these Internet pages to the extent necessary. Under no circumstances will the collected data be passed on to third parties without your knowledge or without a legal reason. The following declaration gives you an overview of the data Analytik Jena GmbH+Co. KG collects during your visit to its Internet pages and the use of electronic and software applications, for which purpose and how this data is used, and which technical and organisational protective measures have been taken.
I. Name and address of the controller
Analytik Jena GmbH+Co. KG
Konrad-Zuse-Strasse 1
07745 Jena
Phone: +49 3641 77 70
E-mail: info@analytik-jena.com
is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. Name and address of the data protection officer
The data protection officer of the controller is:
AGOR AG
Ms. Justyna Rulewicz, lawyer
Niddastraße 74
60329 Frankfurt am Main Germany
Tel.: +49 (0) 69 - 9494 32 410
E-mail: info@agor-ag.com
Website: www.agor-ag.com
III. General information on data processing
1. Scope of the processing of personal data
We collect and use personal data of the users of our homepage only to the extent that it is necessary for the provision of a functional website, our contents, and services.
The collection and use of our users' personal data takes place only with their consent. An exception to this principle applies in cases where the processing of data is permitted by legal regulations or where obtaining prior consent is not possible for actual reasons.
2. Legal basis for the processing of personal data
The legal basis for the processing of personal data results in principle from:
Art. 6 para. 1 p. 1 lit. a GDPR when obtaining the consent of the data subject.
Art. 6 para. 1 sentence 1 lit. b GDPR in the case of processing to fulfil a contract to which the data subject is a party. Included here are processing operations that are necessary for the implementation of pre-contractual measures.
Art. 6 para. 1 sentence 1 lit. c GDPR for processing operations that are necessary for the fulfilment of a legal obligation.
Art. 6 para. 1 sentence 1 lit. d GDPR if vital interests of the data subject or another natural person make processing of personal data necessary.
Art. 6 para. 1 sentence 1 lit. f GDPR, if the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest. To be able to base the processing of personal data on a legitimate interest, an assessment is carried out in each case in consultation with the Data Protection Officer for each relevant process, whereby the following three conditions must be met:
1) The controller or a third party has a legitimate interest in the processing of personal data.
2) The processing is necessary to safeguard the legitimate interest.
3) The interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail.
3. Data deletion and storage period
The user's personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage beyond this rule may take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Use of our website, general information
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user's computer. The following information is collected:
Pseudonymised IP address, browser used, time and date of the page visit, system used by a page visitor.
The data described is stored in the log files of our system. The data is not stored together with other personal data of the user.
2. Purpose and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR.
The collection of their personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, the user does not have the option to object.
3. Duration of storage
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended. Backups are kept for 14 days in encrypted form.
V. General information on the use of cookies
We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When you visit a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.
German Telecommunications and Telemedia Data Protection Act (TTDSG):
The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the German Telecommunications and Telemedia Data Protection Act (TTDSG).
Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR (Art. 6 para. 1 sentence 1 GDPR). The relevant legal basis for the processing of personal data in a specific case can be found below the respective cookie or the respective processing itself.
The primary legal basis for the storage of information in the end user's terminal equipment - thus in particular for the storage of cookies - is your consent, Section 25 para. 1 sentence 1 TTDSG. Consent is given when visiting our website - although this does not have to be given, of course - and can be revoked at any time in the cookie settings.
According to Section 25 para. 2 no. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or the access to information already stored in the end user's terminal equipment is absolutely necessary in order for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are classified as absolutely necessary (often also referred to as "technically necessary cookies") and therefore fall under the exemption of Section 25 para. 2 TTDSG and thus does not require consent.
GDPR:
The legal basis for the processing of personal data using technically necessary cookies results from Art. 6 para. 1 sentene 1 lit. f GDPR. The purpose of the use of technically necessary cookies is to simplify the use of our website.
We would like to point out that some functions of our website can only be offered with the use of cookies.
Cookies are stored on the user's computer and transmitted to our site by the user. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. You can also delete stored cookies there. Please note that you may no longer be able to use all the functions of our website if you deactivate cookies.
The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has consented to this.
Cookie consent
On our website, we use a technical solution to manage the consent you have given or the revocation of this consent. When you enter our website, a cookie is stored in your browser in which the consents you have given, or the revocation of these consents are stored.
Cookies overview
Cookie name | Provider | Expiration | Purpose | Category |
---|---|---|---|---|
ajGeoIp | Mellowmessage GmbH | Session | Language layer cookie, to recognise the origin of the user (in order to suggest localised variants to him/her). | Necessary |
ipandlanguageredirect_hidemessage | Mellowmessage GmbH | 1 month | Documents that the language layer has been clicked | Necessary |
ajNewsletter | Mellowmessage GmbH | Depending on registration: unrestricted or 4 weeks | Used for newsletter registration | Necessary |
ajCookieConsent | Mellowmessage GmbH | 365 days | Documents the user's click in the cookie banner | Necessary |
_pk_id.* | Analytik Jena / Matomo | 1 month | Used to record visitors' behaviour on the website, collect statistics on website usage. The cookie does not contain any personal data and is used solely for website analysis. | Necessary |
_pk_ses.* | Analytik Jena / Matomo | 30 minutes | Used to record visitors' behaviour on the website, collect statistics on website usage. The cookie does not contain any personal data and is used solely for website analysis. | Necessary |
_ga | 2 years | Used to record visitors' behaviour on the website, collect statistics on website usage. The cookie does not contain any personal data and is used solely for website analysis. | Statistics | |
_ga_* | 1 year | Used to record visitors' behaviour on the website, collect statistics on website usage. The cookie does not contain any personal data and is used solely for website analysis. | Statistics | |
_gid | 24 hours | Used to record visitors' behaviour on the website, collect statistics on website usage. The cookie does not contain any personal data and is used solely for website analysis. | Statistics | |
_gat | 1 minute | Used to throttle the demand rate | Statistics | |
__Secure-3PSID | Google (YouTube) | 2 years | Profiles the interests of website visitors to display relevant and personalised advertising through retargeting | Marketing |
__Secure-3PSIDCC | Google (YouTube) | 2 years | These cookies are used to deliver ads that are more relevant to you and your interests. They contain an encrypted unique ID to identify the user. | Marketing |
__Secure-3PAPISID | Google (YouTube) | 2 years | Profiles the interests of website visitors to display relevant and personalised advertising through retargeting | Marketing |
YSC | Google (YouTube) | Session
| This cookie is set by YouTube to track views of embedded videos. It contains an encrypted unique ID to identify the user. | Marketing |
VISITOR_INFO1_LIVE | Google (YouTube) | 3 months | This cookie is set by YouTube to track views of embedded videos. It contains an encrypted unique ID to identify the user. | Marketing |
pardot | Salesforce Pardot | 1 Jahr | Used by Pardot to record visitors' behavior on the website, collect statistics about website usage. | Marketing |
visitor_idXYZ | Salesforce Pardot | 1 Jahr | Used by Pardot to record visitors' behavior on the website, collect statistics about website usage. It contains a unique ID to identify the user. | Marketing |
visitor_idXYZ-hash | Salesforce Pardot | 1 Jahr | Used by Pardot to record visitors' behavior on the website, collect statistics about website usage. It contains an encrypted unique ID to identify the user. | Marketing |
_gcl_au | 3 months | Contains a randomly generated user ID. | Marketing | |
_gcl_aw | 3 months | Set when a user clicks on a Google ad to access our website. It contains information about which ad was clicked, so that achieved goals, such as orders or contact requests, can be assigned to the ad. | Marketing | |
_fbp | 3 months | Used to distinguish users. | Marketing | |
_fbc | Set when a user clicks on a Facebook ad to access our website. It contains information about which ad was clicked, so that achieved goals, such as orders or contact requests, can be assigned to the ad. | Marketing | ||
c_user | 1 year | Contains the ID of the currently logged in Facebook user | Marketing | |
fr | 3 months | Allows Facebook to serve personalized ads and enables the measurement and optimization of Facebook ads. | Marketing | |
sb | 2 years | Contains details about the user's browser. Used to display ads. | Marketing | |
xs | 3 months | Contains a unique session ID. | Marketing | |
DSID | Google Doubleclick | 2 weeks | Used to identify a logged in user on non-Google sites and to store user preferences regarding ad personalization. | Marketing |
IDE | Google Doubleclick | EU, CH, UK: 13 months | Used to display ads on non-Google sites | Marketing |
AnalyticsSyncHistory | 1 month | Used to store information about the time a sync took place with the lms_analytics cookie | Marketing | |
UserMatchHistory | 1 month | Used for id sync process. It stores the last sync time to avoid repeating the syncing process in a frequent manner | Marketing | |
_guid | 3 months | Used to identify a LinkedIn Member for advertising through Google ads | Marketing | |
bcookie | 1 year | Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform | Marketing | |
lang | Session | Used to remember a user's language setting to ensure LinkedIn.com displays in the language selected by the user in their settings. | Marketing | |
li_gc | 6 months | Used to store consent of guests regarding the use of cookies for non-essential purposes | Marketing | |
li_mc | 6 months | Used as a temporary cache to avoid database lookups for a member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side | Marketing | |
ln_or | LinkedIn / Oribi | 1 day | Used to determine if Oribi analytics can be carried out on a specific domain | Marketing |
liap | 3 months | Used by non-www.domains to denote the logged in status of a member | Marketing | |
lidc | 1 day | To facilitate data center selection | Marketing | |
lms_ads | 1 month | Used to identify LinkedIn Members off LinkedIn for advertising | Marketing | |
lms_analytics | 1 month | Used to identify LinkedIn Members off LinkedIn for analytics | Marketing |
The collected data will be stored until you request us to delete it or until you delete the consent cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
Cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
VI. Your rights / rights of the data subject
According to the EU General Data Protection Regulation, you have the following rights as a data subject:
1. Right to information
You have the right to receive information from us as the controller as to whether and which personal data concerning you are being processed by us, as well as further information in accordance with the legal requirements under Art. 13, 14 GDPR.
You can make use of your right to information at: datenschutz.team@analytik-jena.com
2. Right to rectification
If the personal data processed by us and concerning you is incorrect or incomplete, you have a right to rectification and/or completion. We will make the correction without delay.
3. Right to restriction
You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Art. 18 GDPR).
4. Right to deletion
If the reasons set out in Art. 17 GDPR apply, you may request that the personal data relating to you be deleted without delay.
Please note that the right to deletion does not apply if the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3 GDPR.
5. Right to information
If you have asserted the right to rectification, deletion, or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
6. Right to data portability
Under the GDPR, you also have the right to receive the personal data concerning you that has been provided to us in a structured, commonly used, and machine-readable format or to request that it be transmitted to another controller.
7. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. We would like to point out that the revocation of consent does not affect the lawfulness of the processing carried out on basis of the consent until the revocation.
8. Right of objection
Furthermore, you have the right to object at any time, for reasons arising from your individual situation to the processing of personal data relating to you which is carried out based on Article 6 para. 1 sentence 1 lit. e or f GDPR.
9. Automated decision-making in individual cases including profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
10. Right to complain to a supervisory authority
Finally, if you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the Member State of your residence, workplace, or the place of the alleged infringement.
VII. Data transfer outside the EU
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. We process data outside the European Union by third-party services only in exceptional cases. We allow your data to be processed in a third country only if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then take place only on basis of special guarantees, such as the officially adequacy decision by the European Commission (determination of a level of data protection corresponding to the EU) or the observance of officially recognised special contractual obligations, the so-called "standard data protection clauses".
EU-US Trans-Atlantic Data Privacy Framework
Within the framework of the so-called "Data Privacy Framework" (DPF), the EU Com-mission has also recognized the level of data protection for certain companies from the U.S. as safe within the framework of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/s/participant-search.
VIII. Newsletter
1. In general
You can subscribe to a free newsletter on our homepage, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. The data you enter in the input mask during registration will be transmitted to us.
We collect the following data based on the consent obtained from you during the registration process:
Form of address
Academic title
First name
Surname
Company* Name
POSTCODE
City
Country*
E-mail*
*Mandatory data
Furthermore, the following data is stored at the moment of transmission:
IP address of the computer, date, and time of registration.
Your data will not be passed on in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
2. Double opt-in and logging
Registration for our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses.
The registrations for the newsletter are logged to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address.
3. Legal basis
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent. The collection of the user's email address serves to deliver the newsletter.
4. Deletion, revocation, and objection
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your e-mail address will therefore be stored if the subscription to the newsletter is active. You can cancel your subscription to the newsletter at any time by revoking your consent. For this purpose, you will find a corresponding link in each newsletter.
Furthermore, you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 GDPR at any time. The objection can be made against the processing for purposes of direct advertising.
5. Service providers and analysis byPardot
Please note that we may analyse your user behaviour when sending the newsletter.
The newsletter is sent using Pardot, a service from Salesforce. This allows us to combine your data with your other customer data stored with us as well as with information from third-party providers in order to address you individually, i.e. based on your interests and usage. Details about Pardot and the provider Salesforce can be found under section XIV.3 of this privacy policy.
We would like to point out that after sending the newsletter, your user behavior with regard to our newsletter will be evaluated by us. For this evaluation, the e-mails sent contain so-called web beacons, also called tracking/counting pixels, as well as correspondingly coded links. Web beacons are single-pixel image files that link to our website and, together with coded links, enable us to evaluate your user behavior with regard to our newsletter (so-called open or click tracking). This is done by collecting technical information, e.g. on your browser, your system, your IP address and the time of the retrieval of the e-mail or the retrieval of the link by means of web beacons and coded links, which are assigned to your e-mail address and linked to a separate ID.
The legal basis for the evaluation of user behavior is the consent you have given, Art. 6 para. 1 p.1 lit. a GDPR. A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled, or it must be contradicted. In this case, the stored profile information will be deleted. You can unsubscribe from the newsletter and thus also object to the tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel.
IX. Electronic contact
If you wish to contact us, a contact form is available on our homepage which you can use for electronic contact. The data entered in the input mask will be transmitted to us and stored. These data are:
Subject*
Form of address
Title
First name
Name
E-mail address*
Telephone
Company / Institute*
Location*
Your message / comments
*Mandatory data
The following data is also stored at the time the message is sent:
The user's IP address, date, and time of the sending process.
Furthermore, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the communication.
The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 sentence 1 lit. b GDPR.
If further personal data is processed during the sending process, this is only used to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
X. Dispatch of information material
On our website, it is possible to request information material about our company's products and services (e.g., information packages about products, brochures, manuals, flyers, application notes, publications) free of charge, arranged according to topics and/or on special request, and to receive it by e-mail. When registering to receive information material, the data from the input form is transmitted to us and stored.
No data will be passed on to third parties in connection with the data processing for the dispatch of the information material. The data will be used exclusively for sending the information material.
The legal basis for the processing of the data after registration to receive the information material by the user is Art. 6 para. 1 p. 1 lit. b GDPR.
The collection of the user's data serves to deliver the information material in accordance with the request.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the address used (e-mail or postal address) and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
You can object to the storage of your personal data at any time. In this case, all personal data stored while sending information material will be deleted. You can send your objection informally in writing or verbally to us or our data protection officer. You will find the contact details for this under points I and II of this data protection declaration. In the event of an objection, the delivery of information material cannot be continued.
XI. Implementation of web seminars
A web seminar can be compared to a face-to-face seminar. The difference is that it takes place computer/software-supported via the Internet.
If you wish to register for one of the webinars offered on our website, this is done via the registration form provided by us. We collect the following data from you:
Form of address
Academic title
First name
Surname
Company*
e-mail*
Country*
*Mandatory information
GoToWebinar
To be able to conduct web seminars via the Internet, we use the software solution "GoToWebinar" of LogMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA. LogMeIn, Inc. is the data controller for the provision of this service and the associated data processing.
The privacy policy of LogMeIn, Inc. can be found at: https://www.logmeininc.com/de/legal/privacy.
For the order-related implementation of the webinar, we transmit your registration data to LogMeIn, Inc.
The legal basis for the processing of your personal data in the context of your "GoToMeeting" participation is Art. 6 para. 1 sentence 1 lit. b GDPR.
During and after the webinar, statistical data is transmitted to us.
An encrypted connection is established between you and the organiser of the webinar. The audio or visual information transmitted during this session will not be recorded by us. By clicking "Join", you confirm that you will not record, or screen capture this session either.
You can end the session at any time by simply closing the browser window or exiting the programme or app. If the instructor ends the session, your participation in the session will automatically end as well."
XII. Customer support through remote maintenance / remote services
We offer you the possibility on our website to receive support in the form of remote maintenance, so-called remote services. For this purpose, we establish a connection to your device with the help of desktop sharing software and access your system in real time. This offers the advantage that we can help you as quickly as possible.
The use of remote services is recorded at company level, and the name of the contact person is also stored.
The data is only recorded for billing purposes. The personal data will be deleted as soon as the purpose of the storage ceases to apply.
We do not link your data with any other data and do not use it for any other purposes. Insofar as external service providers are used by us within the scope of the provision of services, their access to the data is also exclusively for the purpose of the provision of services.
Through technical and organisational measures, we ensure compliance with data protection regulations and transfer the obligation to our external service providers to do so. Furthermore, we do not pass on data to third parties without your express consent. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so based on statutory provisions and/or official or court orders. This may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
We always try to ensure that we implement all possible security standards during transmission to protect the transmitted data. However, it can never be ruled out with absolute certainty that third parties may be able to view and/or access the transmitted data without authorisation. We therefore recommend that you take this aspect into account when deciding whether to use remote services.
The legal basis for the processing of your personal data in the context of remote maintenance is Art. 6 para. 1 sentence 1 lit. b GDPR.
TeamViewer
To be able to carry out remote maintenance via the Internet, we use the "TeamViewer" software solution from TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany.
The use of remote services is only possible if you have installed the software on your computer in accordance with the technical explanations on our website. When using TeamViewer, you are free to choose your access data, including the username that is displayed to us to establish the connection. It is not necessary to provide personal data in this context.
We have entered into a data processing agreement with TeamViewer GmbH, according to which all personal data is collected, processed, and used exclusively under our responsibility and in accordance with our instructions.
When providing remote services, an encrypted connection is established between you and our service employee. We do not record the audio or video information transmitted during this session.
In your own interest, you should close all programmes and displays that are not related to the remote services. It is contractually required that you ensure that we do not receive personal data from your environment when providing the remote services.
You can end the session at any time by simply closing the programme or app.
TeamViewer's privacy policy can be found at:
XIII. Offers in cooperation with specialist retailers
On our website, we provide the opportunity to request offers via our online form. These offers are processed via the respective specialist retailer in your area.
Therefore, personal data is forwarded to the respective specialist retailer to process the offers. This data includes surname, first name, address, as well as e-mail and telephone number.
The data is only collected for the purpose of realizing the contact between the specialist retailer and you as the customer. If you accept the offer, the data will be stored for the purpose of maintaining the business relationship. The personal data will be deleted as soon as the purpose of storage no longer applies. In doing so, we must comply with statutory retention periods.
The legal basis for the processing of your personal data in the context of realizing the offer is Art. 6 para. 1 sentence 1 lit. b and lit. f GDPR. There is no automated decision-making, including profiling.
We take technical and organizational measures to ensure compliance with data protection regulations and oblige our external service providers to do the same. Furthermore, we do not pass on data to third parties without your express consent. Your personal data will only be passed on if you have consented to the data being passed on or if we are entitled or obliged to do so based on statutory provisions and/or official or court orders. This may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.
We always try to ensure that we implement all possible security standards during transmission to protect the transmitted data. However, it can never be ruled out with absolute certainty that third parties can view and/or access the transmitted data without authorization.
XIV. Google Tag Manager
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) does not use cookies and only collects your IP address out of technical necessity. The tool triggers other tags, which in turn may set cookies and collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
The legal basis for the use is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
Further information can be found in the provider's terms of use at: https://www.google.com/intl/de/tagmanager/use-policy.html.
XV. Web Analytics
1a. Google Analytics (Universal Analytics)
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is immediately excluded, and the personal data is deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Information of the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User terms and conditions: http://www.google.com/analytics/terms/de.html,
Privacy policy overview: http://www.google.com/intl/de/analytics/learn/privacy.html,
and the privacy policy: http://www.google.de/intl/de/policies/privacy.
1b. Google Analytics 4
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. Google Analytics 4 is a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We operate Google Analytics 4 using the following technologies:
- Tracking Code
- Cookies
This stores and retrieves information on your computer that enables us to analyze your use of the website. The information thus generated about your use of this website is generally transferred to a Google server in the USA and stored there. Your IP address is anonymized by default before being transmitted to us and Google. The full IP address is transferred to a Google server in the USA but is immediately shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%))
- clicks on external links
- internal search queries
- interaction with videos
- file downloads
- seen / clicked ads
- language settings
In addition, the following may be collected:
- Your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
Recipients of the data may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR).
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
We store your data for a period of 2 months.
Third-party provider information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User Terms: https://marketingplatform.google.com/about/analytics/terms/de/,
Privacy policy overview: https://policies.google.com/?hl=de, and privacy policy: http://www.google.de/intl/de/policies/privacy.
2. Matomo
This website uses the web analytics service Matomo to analyse and regularly improve the use of our website. Matomo collects your anonymised IP address, your pseudo-anonymised location (based on the anonymised IP address), date and time, title of the page accessed, URL of the page accessed, URL of the previous page (if this is permitted), screen resolution, external links, duration of the page load, main language of the browser and the user agent of the browser.
Matomo also creates heatmaps and session recordings, which record your interactions with forms (but not their content), files that have been clicked on and downloaded, the movement of the mouse pointer, and click and scroll behaviour.
The statistics obtained in this way enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is our legitimate interest according to Art. 6 para. 1 sentence 1 lit. f GDPR.
Cookies are stored on your computer for the evaluation. The information collected in this way is stored by the controller exclusively on its server in Germany. You can prevent the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, please note that you may not be able to use this website to its full extent. Preventing the storage of cookies is possible through the settings in your browser. Preventing the use of Matomo is possible by removing the following tick and thus activating the opt-out plug-in:
Opt out of analysis by Matomo
We use Matomo with the extension "AnonymizeIP". This means that IP addresses are processed in a shortened form, which means that they cannot be directly linked to a person. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
Information from the third-party provider on data protection can be found at https://matomo.org/privacy-policy/.
3. Pardot
We use on our website the analysis tool Pardot of salesforce.com inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, Main: 1-800-NO-SOFTWARE, Fax: 415-901-7040, Sales: 1-800-NO-SOFTWARE. Pardot is a software module for collecting and analyzing the use of a website by website visitors.
Pardot is a marketing automation tool linked to our Salesforce CRM system that we use to manage various aspects of our online marketing. In doing so, we pursue the following purposes, among others:
- oo evaluate and optimize the use of our websites,
- to provide you with personalized content and product recommendations based on your individual interests,
- to measure the success of marketing campaigns
- to make advertisements more interesting and to address you on other channels,
- run e-mail/newsletter campaigns (see XI. Newsletter)
- offer you suitable content ("gated content").
A maximum of two cookies are set by Pardot. These are a "Visitor Cookie" and a "Pardot App Session Cookie". The "Visitor Cookie" generates an identification number that is used to recognize the browser of the website visitor. The identification number is a generated numerical code that has no meaning outside of Pardot Services. The "Pardot App Session Cookie" is only set when a customer logs into the Pardot App as a user. The Pardot cookies record your click path and use it to create an individual usage profile using a pseudonym. This allows us to analyze the use of our website and improve it regularly.
The cookies are stored for a maximum of 360 days and the usage data for a maximum of 5 years.
The legal basis for the use of Pardot is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR.
Insofar as Pardot processes personal data, the processing is carried out exclusively on our behalf and according to our instructions. For this purpose, we have concluded an order processing agreement with Salesforce.com, inc to ensure compliance with the GDPR.
When using Pardot, a data transfer to the USA cannot be ruled out. Salesforce.com inc has had Binding Corporate Rules approved by the European Data Protection Board since 2015, which ensures a level of data protection that complies with the GDPR. See here:
Salesforce’s Processor Binding Corporate Rules for the Processing of Personal Data
and
Binding corporate rules of the European Data Protection Board
Furthermore, standard data protection clauses have been concluded in addition to the data processing agreement.
For further information on data processing, please refer to the privacy policy of Salesforce.com inc. at:
Salesforce Privacy Information
You can revoke your consent at any time with effect for the future within the cookie settings. In addition, you can prevent the storage of cookies by setting your browser accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
XVI. Google Ads Conversion (Formerly Google AdWords Conversion)
We use the offer of Google Ads, with the help of advertising materials (Google Ads) on external websites to attract attention to our attractive offers. We can determine how successful the individual advertising measures are in relation to the data from advertising campaigns. We are interested in showing you advertisements that are of interest to you to make our website more interesting to you and to achieve a fair calculation of advertising costs.
These advertising materials are supplied by Google via so-called "ad servers.” To do this, we use ad server cookies, which measure certain performance metrics such as ads or user clicks. If you reach our website via a Google ad, Google Ads will save a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. This cookie will typically store the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant to post-view conversions), and opt-out information (a flag that the user does not want to be addressed any more).
These cookies allow Google to recognize your Internet browser. If a user visits certain pages on an Ads customer's website and the cookie stored on their computer has not expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to that page. Each Ads customer is assigned a different cookie. Cookies cannot be tracked via the Ads customer websites. We ourselves do not collect and process any personal data using the aforementioned advertising measures. We receive only statistical evaluations provided by Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from using advertising material, and we cannot identify users based on this information.
Your browser automatically establishes a direct connection to the Google server based on the marketing tools used. We have no control over the extent and the later use of the data that Google collects using this tool and we will therefore inform you according to our level of knowledge. By integrating Ads Conversion, Google receives the information that you have accessed the relevant part of our website or have clicked on an ad from us. If you are registered with a service provided by Google, then Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find and store your IP address.
The legal basis for processing your data is your consent, as defined in Art. 6 para. 1 s. 1 lit. a GDPR.
You can prevent participation in this tracking process several different ways:
a) by setting your browser software accordingly; suppressing third-party cookies will prevent you from receiving any third-party advertisements
b) by disabling interest-based ads on Google through the http://www.google.com/ads/preferences link, which will be deleted if you delete your cookies;
c) by disabling interest-based ads from the providers that are part of the About Ads self-regulatory campaign by clicking on the http://www.aboutads.info/choices , which will be deleted when you delete your cookies
d) through permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to fully utilize all the features of this offer.
You can find additional information on Google’s data privacy policies at: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Another option is to visit the Network Advertising Initiative (NAI) at: http://www.networkadvertising.org.
XVII. Facebook Retargeting
The site also uses Facebook's "Custom Audiences" remarketing feature ("Facebook"). This allows website users to be shown interest-based advertisements ("Facebook Ads") as part of their visit to the social network Facebook or other websites that also use this process. We are interested in showing you advertisements that may be of interest to you to make our website more interesting to you.
Your browser automatically establishes a direct connection to the Facebook server based on the marketing tools used. We have no control over the extent and the later use of the data that is collected due to Facebook’s use of this this tool and we will therefore inform you according to our level of knowledge. By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our website or have clicked on an ad from us. If you are registered with a service provided by Facebook, then Facebook may associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a chance that the provider will find and store your IP address and other identifying characteristics.
For users who are logged in, it possible to opt out of this by going to: https://www.facebook.com/settings/?tab=ads#_.
The legal basis for processing your data is Art. 6 Section 1 p. 1 lit. a GDPR.
For more information about data processing through Facebook, please visit https://www.facebook.com/about/privacy.
XVIII. Social Media
We currently use the following social media platforms:
a) Facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads
and http://www.youronlinechoices.com
b) Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy/Opt-Out: http://instagram.com/about/legal/privacy/.
c) Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/settings/account/personalization
d) YouTube (Google)
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated
e) LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,
f) Xing
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
1. Social media presence
We maintain fan pages within various social networks and platforms with the aim of communicating with customers, interested parties and users active there and informing them about our services there.
We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g., when enforcing your rights under European / German law).
User data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of the users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 sentence 1 lit. f. GDPR. If users are asked by the respective providers for consent to data processing (i.e., declare their consent e.g., by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a. GDPR.
Further information on the processing of your personal data as well as your objection options can be found under the links of the respective provider listed below. The assertion of information and other rights of the data subjects can also be made towards the providers, because they have the only direct access to the data of the users and the corresponding information. Of course, we are available to answer any questions and to support you if you need help.
2. Integration of YouTube videos
We have integrated YouTube videos into our online offer, which are stored on http://www.youtube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e., no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in section 2 be transmitted. We have no influence on this data transmission.
By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
Insofar as we obtain your consent, the legal basis for the use of the plug-in is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can find out how the respective social media providers process your personal data in the respective privacy policy. We are not the controller in the sense of the GDPR for the data processing of the social media providers.
For more information on the purpose and scope of data collection and processing by YouTube, please see the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
Opt-out: https://support.google.com/ads/answer/10261289?hl=de&ref_topic=7048998.
XIX. Online advertising
1. Google DoubleClick
This website continues to use the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser's website with the same browser and makes purchases. According to Google, DoubleClick cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google by this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address.
You can prevent participation in this tracking procedure in various ways:
a) by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in you not receiving ads from third-party providers;
b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies;
c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies;
d) by permanently deactivating them in your Firefox, Internet Explorer, or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy
and
https://services.google.com/sitestats/de.html
Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at
http://www.networkadvertising.org.
2. LinkedIn Insight Tag
Furthermore, the website uses the LinkedIn Insight Tag function, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: "LinkedIn").
This allows us to track conversions, retarget website visitors, and gain additional information about members viewing advertisements. Our interest in doing this is to show you advertisements that are of interest to you in order to make our website more interesting for you.
The LinkedIn Insight tag enables the collection of data about visits to this website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. This data is encrypted, IP addresses are shortened, and LinkedIn members' direct IDs are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 90 days.
LinkedIn does not share any personal data with us, but only provides aggregate reports on website audience and ad performance. LinkedIn also provides retargeting for website visitors so that we can use this data to display targeted ads outside of its website without identifying the member.
The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a DSGVO.
Deactivation of the "LinkedIn Insight Tag" function is possible at any time in the individual cookie settings and for logged-in users at https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.
Further information on data processing by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.
XX. Information obligations when collecting personal data in the application process
Analytik Jena attaches great importance to the protection of your personal data. In the following, we inform you about the collection, processing, and use of your data within the scope of the application procedure.
1. Legal basis and purpose of data processing
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-neu) and all other relevant German laws (e.g., BetrVG, ArbZG, etc.).
Primarily, the collection and processing of data serves the purpose of handling the application procedure. The primary legal basis for this is Article 88 GDPR in conjunction with Section 26 para. 1 BDSG-neu.
Where necessary, we also process your data based on Art. 6 para. 1 sentence 1 lit. f GDPR to protect legitimate interests of us or of third parties (e.g., authorities). This applies to the investigation of criminal offences (legal basis Section 26 para. 1 sentence 2 BDSG) or within the group for purposes of group management, internal communication, and other administrative purposes.
If we consider processing your personal data for a purpose not mentioned above, we will inform you in advance.
2. What categories of data do we use and where do they come from?
The categories of personal data processed include in particular
Your master data (such as first name, last name, name affixes, nationality),
Contact details (e.g., your private address, e-mail address, (mobile) phone number),
your professional curriculum vitae, training, school education.
This may also include special categories of personal data such as health data if you include them in your CV. Your personal data is usually collected directly from you as part of the application process. In certain constellations, your personal data may also be collected from other bodies (in particular public authorities) due to legal requirements. In addition, we may have received data from third parties (e.g., job placement agencies).
If we do not collect your personal data directly from you in individual cases, we will inform you of this beforehand.
3. Data access
Within our company, only those persons and departments (e.g., personnel department, works council, representatives of the severely handicapped, head of department) receive your personal data who are responsible for processing the application procedure and who make the decision on the outcome of the application.
4. Data subject rights
You can request information about the data stored about you at the above address. In addition, under certain conditions, you can demand the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used, and machine-readable format.
In such a case, please contact Ms Justyna Rulewicz: jrulewicz@agor-ag.com.
Deletion leads to termination of the application procedure and subsequently no more information can be provided on the procedure. Once an employment relationship has been established, the right to erasure or restriction of processing is reduced.
To exercise their rights, data subjects can contact the above-mentioned persons responsible in the company, the data protection officer or the supervisory authority.
5. Storage of your data
We will delete your personal data as soon as it is no longer required for the above-mentioned purposes. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German Federal General Equal Treatment Act (AGG).
If, based on your application, we believe that your application may be of interest for job offers in the future, we will store your application information for twelve months if you explicitly consent to further use. In this case too, your data will not be passed on to third parties at any time.
6. Data transfer
No data will be transferred outside the European Economic Area (EEA).
7. Obligation to provide data
As part of the application process, you must provide the personal data that is required to establish the employment relationship or that we are legally obliged to collect. Without this data, we will not be able to execute the employment contract with you.
8. Further information for our online application platform
Within our group of companies, we jointly use an online applicant platform operated by Endress+Hauser Consult AG, Kägenstrasse 2, CH-4153 Reinach BL, Switzerland. If you apply to us online, the following additional information applies:
a) Scope and purpose of the processing of personal data
In general, we collect and use your personal data only insofar as this is necessary for registration for the e-recruiting system, for carrying out the applicant process and for the job search - or for deciding whether to establish an employment relationship. The collection and use of your personal data is generally only carried out with your consent. An exception applies in cases where the processing of data is permitted by legal regulations.
Within the framework of the use of the system, the following processing of your data is possible:
a.a. Registration for external candidates
To use the recruiting system, it is first necessary that you provide us with certain personal data (so-called "basic data") for registration. These are your first name, last name, e-mail address, country of residence and profile visibility information. It is not initially necessary to provide any further information. All fields marked with an * in the input mask are "mandatory fields", without which you will not be able to register for the recruiting system and use the system. All other fields in the input mask are "optional fields". The registration process is completed when you enter a personal password. You can use this password and your access data to log in to the system and use it at any time later. Before completing the registration process, you will be asked whether you wish to agree to this Data Protection Declaration E-Recruiting System and the Data Protection Declaration for the use of our websites. Without your consent, registration cannot be completed.
With your successful registration, you create a candidate profile. You can delete your candidate profile at any time, which also deletes all data that you have provided to Endress+Hauser via the recruiting system, with effect for the future at Endress+Hauser.
b.b. Registration for internal candidates
No registration is required for internal candidates. A candidate profile is automatically created from the employee profile available in the system. This already contains basic data on the employee.
c.c. Activation of candidate profile for national or global candidate pool
By activating your candidate profile for our national or global candidate pool, you make your personal data available to the Endress+Hauser Group employees responsible for recruiting, nationally or globally, for the purpose of the job search. Section 9 remains unaffected.
Consent: By actively joining our national or global candidate pool, you consent to Endress+Hauser contacting you about relevant job vacancies using the contact details you have provided. You can revoke your consent at any time by subsequently blocking your candidate profile or adjusting your settings.
d.d. Application for a specific job
In addition to the above-mentioned information, you must provide further relevant data when applying for specific jobs, which in this case will be specifically requested via an input form. Furthermore, during the recruiting process you will be asked to answer various questions about the respective job. Some of these questions must be answered for the application, others are optional. By agreeing to this privacy policy, you confirm that you are providing the data provided to us truthfully, completely and to the best of your knowledge. We reserve the right to request the submission of originals (e.g., certificates) in the subsequent procedure. The Endress+Hauser employees responsible for recruiting and for the individual job advertisement will not see your data until you "submit" your application. You can use your login to check the status of your applications, withdraw applications that have already been sent or delete applications that have not yet been sent. You can still access withdrawn applications via your login.
The e-recruiting system creates an individual application profile based on your candidate profile and the additional personal data, your details, and uploaded documents as part of the application process. The application profile is assigned to the specific position. In the case of multiple applications, a separate application profile will be created for each application.
Please note that you may be asked to provide additional/different data when applying for positions outside the European Union. This information is permitted or even obligatory according to the laws applicable in the respective country. By registering, you give your consent to the storage and further processing of your data, to the forwarding of your data to employees of the Endress+Hauser unit concerned abroad who are responsible for recruiting and for the individual job advertisement.
The data will only be forwarded to the persons in charge of recruiting in the respective countries and responsible for the individual job advertisement in accordance with the provisions set out in section 9. In addition, the main administrators have access to your data to maintain the system and ensure data security.
b) Legal basis for data processing
Your personal data is processed based on the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
Insofar as you have given us consent to process personal data for specific purposes, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis for the processing of personal data. Consent given can be revoked by you at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
The processing of personal data in the context of the performance of contracts to which you are a party, or for the implementation of pre-contractual measures that are carried out at your request, is based on Art. 6 para. 1 sentence 1 lit. b GDPR. The purposes of the data processing depend on the respective contractual documents and the subject matter of the contract. This means that your personal data is processed for the purpose of deciding on the establishment (e.g., as part of the application process), implementation or termination of your employment relationship with Endress+Hauser based on Section 26 BDSG. This processing may also take place based on a collective agreement.
If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of Endress+Hauser or a third party (e.g., to assert legal claims and defend against legal disputes; to ensure IT security; to prevent criminal offences and improve the recruiting process) and if the interests, fundamental rights, and freedoms of you as the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
If we ask you for your gender in the form of the desired form of address within the scope of the application process, this is exclusively because we would like to write to you or address you in the correct manner.
If we ask for your age or date of birth, this is because a minimum age is required by law for some of our activities. If you are a non-EU national, you will need a work permit for the EU. Therefore, we will also ask you for your nationality during the application process.
c) Categories of data processed
We process the following data or categories of data provided by you:
Login data (username, password)
Master data (surname, first name, title, address)
Personal data (e.g., your date of birth)
Contact data (e.g., your telephone number, e-mail)
Data on education
Work experience
Qualifications and knowledge
Application documents (e.g., cover letter, CV, certificates, passport photo)
In the case of applications, data on the content of former/current employment relationships, e.g., work tasks, performance data, positions held. (This data may be derived from your cover letter/resume/attached job references).
In addition, we collect and process various other (voluntary) details in applications, such as earliest entry date, regional mobility, driving licence, desired number of hours and duration of employment, previous employment, references, or information on how you became aware of the position.
Data that you voluntarily provide to us in the application process by uploading it or otherwise sending it to us, such as in your cover letter, resume
d) Talent Pool
If your application is rejected, you may receive an invitation to join the Endress+Hauser Talent Pool.
Consent: If you give us your consent in response to our request, we will include your personal data (candidate profile and application profile) in our Talent Pool after the application process has been completed. You consent to us using your personal data to search for a suitable position in the Endress+Hauser Group. Accordingly, your data will be recorded in Endress+Hauser's Talent Pool and used in the search for suitable candidates. Your data may be accessed by all Endress+Hauser Group HR departments worldwide and by the staff of the specialist department involved in the application process to check your profile regarding vacancies. You can revoke your consent at any time by subsequently blocking your candidate profile or adjusting your settings.
e) Change and deletion requests
You can open and update your candidate profile and your personal information within the scope of your application, including your personal data and attached documents, at any time via the e-recruiting system. To do this, you will need your user ID and personal password.
It is also possible to withdraw a specific application for a position. If you want us to delete your candidate profile and/or some or all your applications with immediate effect, you can do this yourself via the e-recruiting system: Please note that if the candidate profile is deleted, all application profiles linked to it will also be deleted automatically. In this case, we will inform the Endress+Hauser companies that have received your personal data in accordance with the settings you have selected and request them to delete your personal data immediately. Section 7 remains unaffected.
f) Automatic data deletion and storage period
We process and store your personal data for as long as it is required to fulfil the respective purpose. If the data is no longer required, your data will be deleted on a regular basis, unless this deletion conflicts with statutory retention obligations.
In detail:
a.a. Candidate profile: The candidate profile and all data provided (e.g., attachments), will be automatically deleted 12 months after registration, provided that no login to the candidate profile takes place during this period.
b.b. Application profile: Data provided or uploaded for an application will be automatically deleted 6 months after the vacancy has been filled. Otherwise, the general conditions as described under section 8.1 apply.
c.c. Talent profile: The talent profile (talent pool) consists of the candidate profile and the application profile. The talent profile will only be stored if you have given us your express consent to do so upon request after completion of the application process. The talent profile is automatically deleted 36 months after it has been created if you do not log on to the system during this period.
You will be notified of the deletion of your data by e-mail. Section 7 remains unaffected.
In the case of internal employees, complete deletion of the candidate profile is not possible. Self-entered data can be deleted or corrected by the employee at any time. However, the existing candidate profile will be retained. Applications will be deleted 6 months after the position has been filled.
g) Access to personal data within the Endress+Hauser Group and by third parties
Within the Endress+Hauser Group, access to your data is granted to those offices that require it within the framework of the "need-to-know" principle (knowledge of data only when necessary).
Regarding the transfer of data to recipients, we may only pass on your data if this is necessary, if a legal provision requires this, if you have given your consent, or if order processors commissioned by us have contractually undertaken to comply with the provisions of the GDPR and the BDSG. Your profile data will only be passed on to third parties (e.g., service providers) in a confidential and protected manner if they are involved in the local job recruitment process. The service providers are carefully selected. The confidential and secure handling of your data is ensured by appropriate contracts and regular audits of the providers.
Within our group of companies, your data will be transferred to certain companies if you have expressly consented to this. The following options are available to you for this purpose:
If you select "Only recruiters who handle jobs I apply for", your application documents will be shared with the recruiters of the relevant Endress+Hauser company to which you apply for a specific job. Your data will only be used to fill the position for which you have specifically applied. If this position is offered by an affiliated company of Endress+Hauser, your data will be transferred to this company. Your data will not be passed on to other companies within Endress+Hauser.
If you select "All recruiters in my country", your application profile will be visible to recruiters within the country in which the advertised vacancy is located or which you have indicated as your country of preference in a speculative application. Your data will be passed on to fill vacancies in Endress+Hauser companies within your country of residence.
If you select "All recruiters worldwide", your profile will also be visible to recruiting staff in other countries. This means that all responsible employees of all Endress+Hauser companies worldwide who use this e-recruiting system for job postings, including, if applicable, employees of their respective contract processors, have access to your application or profile, visibly. Your data will be made available to all Endress+Hauser Group companies worldwide for the purpose of filling vacancies.
Consent: In the settings, you can actively choose whether your data can only be viewed by those responsible for filling vacancies at the Endress+Hauser company to which you are applying ("Only recruiters who handle vacancies for which I am applying"), by all Endress+Hauser companies in your country of residence (national) ("All recruiters in my country") or globally ("All recruiters worldwide"). With your active activation, you agree that other Endress+Hauser companies can view your personal data and application documents in addition to the Endress+Hauser company advertising the vacancy in accordance with your settings. You can revoke or adjust your consent at any time. If you do not consent or revoke this consent, this will result in your application not being considered for other positions.
h) Transfer of personal data to a third country or to an international organisation
Data will only be transferred to countries outside the EU/EEA (so-called third countries) if this is necessary or required by law if you have given us your consent or as part of commissioned processing. If service providers in third countries are used, in addition to written instructions, they are obliged to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses.
i) IT security
The Endress+Hauser Group uses technical and organisational security measures to protect the data we have under our control against accidental or intentional destruction, manipulation, loss or against access by unauthorised persons. These security measures are constantly being further developed in accordance with the respective new technical possibilities.
j) Obligation to provide personal data
Use of the e-recruiting system is voluntary. However, to use the system, you must provide the data marked as mandatory during the registration process ("basic data").
As part of your application, you must provide the personal data that is required for the decision on the establishment, implementation and termination of the employment relationship and the fulfilment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will not be able to perform the employment contract with you. Any further data may only be processed by us within the framework of the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, within the limits of a consent granted to us and within the framework of existing legal provisions.
For the filling of some positions, the prior performance of a company medical and/or psychological aptitude test is required.
XXI. Security
We use technical and organisational security measures to protect any personal data we receive or collect from you, against accidental or intentional manipulation, loss, destruction or against attack by unauthorised persons.
Our website is SSL-encrypted (https).
Our security measures are continuously improved in line with technological developments. However, we cannot guarantee the security of data transmission on the Internet. Messages sent by e-mail are not encrypted. Personal data within the scope of e-mail communication is usually transmitted from your computer via an unsecured connection over the Internet. Information that you send unencrypted by e-mail can be read, stored, and misused by third parties en route. It is therefore not possible to rule out the possibility of third parties gaining knowledge of the information. It is therefore recommended that confidential information be sent exclusively by post.
XXII. Setting of hyperlinks
If you find hyperlinks on our Internet pages which forward you directly to the website of other providers (e.g., recognisable by the URL change), we do not assume any responsibility for the confidential handling of your data. This is because we have no influence on whether these companies comply with data protection regulations. Please inform yourself directly about the handling of your personal data by these companies on their websites.