Data Policy
General Part – Introduction
Through the digitalisation of the work processes, protecting your personal data has become a high priority for our Company and Management. We are fully aware of our responsibility to handle your data diligently.
It is generally possible to use the Internet pages of Christian Pohl GmbH without disclosing any personal data. If you as data subject wish to use expanded functions or services of our company through our Internet site, it may become necessary to process personal data. If processing personal data is required and if these data are processed without legal grounds, we generally obtain the consent of the data subject. Personal data such as names, address, e-mail address or phone number of a data subjects are always processed in compliance with the General Data Protection Regulation and in compliance with the data protection provisions applicable to Christian Pohl GmbH. The purpose of this Privacy Policy is to inform the public about the type, scope and purpose of the personal data we collected, used and processed. In addition, data subjects are informed about their rights through this Privacy Policy.
As the controller, Christian Pohl GmbH has implemented numerous technical and organisational measures to ensure as comprehensive a protection as possible of the personal data processed through this Internet site. Still, data transmissions via Internet can have security holes. Therefore, absolute protection cannot be guaranteed. For this reason, each data subject may choose to transmit to us personal data by alternative means such as by phone. The Privacy Policy of Christian Pohl GmbH is based on the terms used in the General Data Protection Regulation (GDPR). Our Privacy Policy should be both easy to read and easy to understand. We would like to guarantee this. Therefore, we appended an explanation of the terms at the end of the Privacy Policy.
1. Name and address of controller responsible for processing:
Controller in accordance with the General Data Protection Regulation and any other potential provisions in accordance with the data protection is:
Pohltec metalfoam GmbH
Robert-Bosch-Str. 6
50769 Cologne
Germany
Tel.: +49 221 70911-323
E-mail: metalfoam@metalfoam.de
Website: www.metalfoam.de
2. Name and address of the Data Protection Officer
The Data Protection Officer of the controller responsible for processing is:
René Floitgraf
CompliPro GmbH
Frankenstrasse 34
52223 Stolberg
Germany
Tel.: +49 2402 9245980
E-mail: dsb@complipro.de
Website: www.complipro.de
Each data subject may contact our Data Protection Officer directly at any time for any questions and suggestions about data protection he or she may have.
3. Lawfulness of processing
Art. 6 I lit. a GDPR: these legal grounds apply to the processing steps, during which we obtain consent in order to enable one specific processing purpose. Art. 6 I lit. b GDPR: this legal provision applies to processing necessary for the initiation or execution of a contract. This may be necessary for example so that a product can be delivered or any other service can be provided. Art. 6 I lit. c GDPR: this legal provision regulates processing of data based on a legal obligation. Art. 6 I lit. d GDPR: this applies to processing of data necessary to protect the vital interests of the data subject. This case may occur, if the data subject sustains an injury in our rooms or a physician or hospital requires the respective information. Art. 6 I lit. f GDPR: if none of the above-referenced legal bases apply to processing of data, processing may be necessary to protect a legitimate interest on our part or on the part of a third party. This processing is only permissible, if the interests, the fundamental rights and basic freedoms of the data subject are not overridden. In accordance with Recital 47 to the GDPR, a legitimate interest can be assumed, if the data subject is in a reasonable relationship with us.
4. Legitimate interests
If personal data is processed based on Article 6 I lit. f GDPR, our legitimate interest is the execution of our business activity to the benefit of the wellbeing of our employees and our shareholders. In accordance with Recital 47 to the GDPR, the data can be used for advertising for us directly and for our products, provided the data subject did not object to the use of the data for advertising purposes.
5. Data retention duration
We observe the applicable legal retention period when storing personal data. After that period, the expired data are erased, provided they are no longer required for the fulfilment of the contract or for contract initiation.
6. Provision of personal data
Provision of personal data may be mandated due to a legal provision. This obligation may arise for example under the tax code. In addition, it may be necessary to provide data for the purpose of the conclusion of a contract because the non-provision would prevent the effective conclusion of a contract. To clarify whether personal data are required due to legal provisions or due to the conclusion of a contract, the data subject may contact our Data Protection Officer. The Data Protection Officer may also clarify any potential consequences of non-provision of data.
7. Automated single-case decision and profiling
In principal, we forgo the use of automated single-case decisions and we do not perform profiling.
8. Protection of data in applications and during the application process
Controller collects and processes personal data of applicants for the purpose of processing the application process. In addition to the processing data via mail, they can also be processed by electronic means. This is particularly the case, if an applicant sends to us his or her application documents by e-mail or through a web form of our website. In the event of a subsequent employment contract, the transmitted data are stored for the purpose of the employment relationship. If the applicant receives a rejection from us, the transmitted documents are erased two months after the rejection notice, provided we do not have any further legitimate interests. A legitimate interest on our part may be the potential obligation to provide evidence during proceedings in accordance with the AGG (Allgemeines Gleichbehandlungsgesetz (General Equal Treatment Act).
Operation of the Website and Mailing of Newsletters
1. Cookies
We use cookies on our websites. Cookies are test files, which are stored and saved on a computer system via Internet browser. Many web services and servers use cookies to file a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters, which allows web services and serves allocating them to the actual Internet browser, where the cookie was saved. This also Therefore, a specific Internet browser can be recognized and identified by the unique cookie ID. The use of cookies, allows us providing the users of this Internet site with user-friendly services, which would not be possible without setting the cookie. Cookies can be used to optimize the information and offers on our Internet site to the benefit of the user. Cookies enable us to recognize users of our Internet site. The purpose of this recognition is to make it easier for users to utilize our Internet site. For example, the user of an Internet site using cookies does not need to provide his or her access data during each visit of the Internet site because this identification is made possible through the cookie set on the computer system of the user. Another example for it is the cookie of a shopping cart in an online shop. The online shop remembers the product, which the customer has placed in the virtual shopping cart, through the use of a cookie. You as the data subject may opt-out of the use of cookies by our Internet site at any time through the appropriate setting on the Internet browser and by that you can permanently object to the setting of cookies. In addition, you can use the Internet browser to delete cookies already set. Any standard Internet browser has this capacity. If you deactivate storing of cookies in the Internet browser you use, then you may not be able to use all of the functions of our Internet site.
Collection of general data and information
Each time one of the content provided on our website is retrieved, our website collects a series of general data and information. These are saved in the log files of the server. These may include
a. browser type used and version,
b. operating system used,
c. the Internet site, by which the person got to our Internet site (so-called referrer),
d. the sub-pages retrieved,
e. date and time the Internet site was accessed,
f. the Internet Protocol address (IP address) of the visitor,
g. the Internet service provider of the visitor and
h. other similar data and information, which help avert danger in the event our information technology systems are attacked.
When using this information, we do not draw conclusions as to the data subject. The information is needed to
a. ensure accurate delivery of the content of our Internet site,
b. optimise the content of our Internet site along with advertising it,
c. ensure the function of our servers and the technology of our Internet site and
d. provide law enforcement offices the information needed for the investigation in the event our web pages and servers are hacked.
We analyse data and information collected anonymously statistically and with the goal to increase data protection and the security of our IT systems in our company. The results ensure an optimum level of protection for the personal data we process. The data of server log files are stored separately from the personal data provided by the data subject and they are not linked.
Trademark Rights:
pohltec metalfoam GmbH is the owner of all trademarks and logos published on their own websites. This is not valid for trademarks and logos of other firms which are shown in context with outside firms for the purpose of information. The owners of these trademarks and logos are the respective firms. The use of trademarks and logos of pohltec metalfoam GmbH as well as the other firms by third parties, in any way whatsoever, is not allowed.
3. Contact possibility via website
We are obliged to provide information, which enable you to contact us as swiftly as possible by electronic means, which also includes the general e-mail address. If a data subject contacts us by e-mail or by contact form, we save automatically the personal data the data subject provided and transmitted. The data subject provides these data voluntarily. The personal data, which were transmitted, are saved for the purpose of processing or contacting the data subject. Personal data are not passed on to third parties.
4. Registration on our website
If the data subject is able to register on our Internet site and he or she wishes to use this option, then personal data are collected from the data subject. For the data that are collected, consult the respective form mask. The data entered are solely used for internal use and they are not passed on to third parties, unless these are contract processors, which also process the data strictly for the above-referenced purpose. During the registration on the website of the controller, the IP address assigned to data subject by the Internet provider is additionally saved along with the date and time of registration. Data are not passed on to third parties, unless there is a legal requirement to disclose the data or the data is needed for criminal investigation. The purpose of the data subject's registration is to offer content or services, which can only be provided to registered users. Registered persons are free to change the data voluntarily provided during registration at any time or to have the data erased. The rights of the data subject remain preserved.
Incorporation of Social Media (direct incorporation of the social networks)
1. Data protection provisions on the use and utilization of photos provided by Getty Images
The controller responsible for processing has integrated on this website components of Getty Images. Getty Images is an American stock photo agency. A stock photo agency is a company that offers images and other image material on the market. Image agency generally market photographers, illustrations and film material. Various customers, particularly Internet site operators, editorial offices of print and TV media and advertising agencies license images they use through an image agency. Getty-Images components are operated by Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines, Dublin 18, Ireland. Getty Images permits embedding (sometimes for free) of stock photos. Embedding means the insertion or integration of a specific third part content such as text, video or image data, provided by a third party Internet site and then, they appear on the own Internet site. A so-called embed code is used for embedding. An embed code is an HTML code, which an Internet site operator integrates in an Internet site. If a website operator integrated an embed code, external content of the other website are shown directly as soon as a website is visited. To display external content, the external content is directly loaded from the other website. Under the link http://www.gettyimages.de/resources/embed, Getty Image provides additional information about the embedding of content. The IP address of the Internet connection, which the data subject uses to access our Internet site, is transmitted to Getty Images through the technical implementation of the embed code, which enables the display of photos from Getty Images. Furthermore, Getty Images records our Internet site, the browser type used, the browser language, the time and length of access. In addition, Getty Images can record navigation information, which is information about, which sub-pages the data subject visits and which links he or she clicked on as well as other interactions, the data subject executed while visiting our Internet site. Getty Images can store and analyse these data. For further information and the applicable privacy policy of Getty Images go to http://www.gettyimages.de/enterprise/privacy-policy.
2. Data protection regulations on the use and utilisation of Google Analytics (with anonymization function)
The controller responsible for processing has integrated on this website the component of Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection, gathering and analysis of data about the behaviour of users of Internet sites. A web analytics service collects among other things data, through which Internet site a data subject has come to an Internet site (so-called referrer), which sub-pages of the Internet site he or she accessed or how often and for how long he or she viewed a sub-page. Web analysis is primarily used for the optimisation of an Internet site and for the cost-benefit analysis of Internet advertising. Google Analytics components is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S. The controller responsible for processing uses for the web analysis via Google Analytics the add-on "_gat._anonymizeIp". Google uses this add-on to abbreviate and anonymize the IP address of the Internet connection of the data subject each time, he or she accesses our Internet sites from a Member State of the European Union or from any other State that is a signatory to the EEA [European Economic Area] treaty. Google Analytics is used to analyse the traffic to our website. Google uses the gathered data and information among other things to analyse the use of our Internet site, to provide us with online reports, showing the activities on our Internet sites, and to provide us with services in connection with the use of our Internet site. Google Analytics sets a cookie on the IT system of the affected person. The meaning of cookies has already been described above. By setting the cookie, Google is enabled to analyse the use of our Internet site. Each time, one of the individual pages of this Internet site, operated by the controller responsible for processing, is retrieved, and which has a Google Analytics component integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective component of Google Analytics to transmit data to Google for the purpose of online analysis. During this technical process, Google receives personal data such as the IP address of the data subject, which serves Google among other things to track the origin of the visitor and the clicks and as a consequence, it enables Google to bill commissions. Cookies are used to store personal information such as time of access, place, from which the site was accessed and how often the data subject visited our Internet site. Each time someone visits our Internet sites, personal data including the IP address of the data subject are transmitted to Google in the United States. Google stores these personal data in the United States. Google may pass on personal data collected through this technical process to third parties. As described above, the data subject may opt-out of setting of cookies by our Internet site at any time by using the appropriate setting on the Internet browser and therefore, the data subject can permanently object to the setting of cookies. With such setting of the Internet browser used, Google can also be prevented from setting a cookie on the information technology system of the data subject. In addition, it is possible to erase at any time through the Internet browser or other software programs a cookie already set by Google Analytics. Furthermore, the data subject can object and prevent any gathering of data generated by Google Analytics concerning the use of this Internet site and any processing of these data by Google. For this purpose, the data subject must download and install a browser add-on under link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics in JavaScript that no data and information on the Internet sites visited may be transmitted to Google Analytics. Google assesses browser add-ons as objection. If the information technology system of the data subject is erased, formatted or re-installed at a later point in time, data subject must re-install the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another authorized person, the browser add-on can be re-installed or re-activated. For further information and the applicable privacy policy of Google, go to https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is described in detail under this link https://www.google.com/intl/de_de/analytics.
3. Data protection regulations on the use and utilisation of Google+
The controller responsible for processing has integrated on this website the component of the user interface of Google+. Google+ is a so-called social network. A social network is a social meeting point operated on the Internet, an online community, which generally enables the users to communicate with one another and to interact in a virtual space. A social network may serve the purpose of a platform for the exchange of opinions and experiences or it allows the Internet community to provide personal and company-related information. Google+ enables users of the social network among other things to create personal profiles, to upload images and to interconnect via friend requests. Google+ is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S. Each time, one of the individual pages of this Internet site, operated by the controller responsible for processing, is retrieved, and which has a Google+ button integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google+ button to download from Google an illustration of the respective Google+ button. During this technical process, Google receives information about the sub-page of our Internet site, the data subject visits. More detailed information about Google+ is retrievable under https://developers.google.com/+/. If the data subjects is parallel logged into Google+, Google recognizes each time our Internet site is retrieved by data subject and during the entire length data subject stays on our Internet site. which precise sub-page of our Internet site, data subject visits. Google+ button collects this information and Google allocates it to the respective Google+ account of the data subject. If the data subject activates one of the Google+ buttons integrated on our Internet site and thereby it provides a Google+1 recommendation, Google allocates this information to data subject's personal Google+ user account and it stores these personal data. Google stores the Google+1 recommendation of the data subject and it makes it publically accessible in agreement with the terms and conditions accepted by data subject. Any Google+1 recommendation data subject provided on this Internet site is store and processed together with other personal data such as the name of the Google+1 account data subject used and the photo stored at other Google services such as search engine results of the Google search engine, the Google account of the data subject or to any other bodies such as on Internet sites or in connection with ads. Furthermore, Google can link the visit to this Internet site to other personal data stored at Google. Moreover, Google records this personal information for the purpose of improving or optimising various services provided by Google. Through the Google+ button, Google receives always information that the data subject visited our Internet site, whenever the data subject was logged in at Google+ at the same time he or she visited our Internet site; this takes place regardless, whether data subject clicks on the Google+ button or not. If data subject does not wish to have his or her personal data transmitted to Google, data subject can prevent such transmission by signing out of his or her Google+ account before visiting our Internet site. For further information and the applicable privacy policy of Google, go to https://www.google.de/intl/de/policies/privacy/. For further information Google provides on the Google+1 button, consult https://developers.google.com/+/web/buttons-policy.
4. Data protection regulations on the use and utilisation of Google AdWords
The controller responsible for processing has integrated on this website Google AdWords. Google AdWords is a services for Internet advertising, which permits advertisers to place ads in search engine results of Google and within the Google advertising network. Google AdWords enables advertisers to define keywords beforehand. Based on these keywords an ad can be shown in the search engine results of Google, if the users retrieves a keyword-relevant search result. The Google advertising network distributes ads on topic-relevant Internet sites via automatic algorithm and in consideration of the advance defined keywords. Google AdWords is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S. The purpose of Google AdWords is the promotion of our Internet site by inserting interest-relevant advertising on the Internet sites of third party companies and in search engine results of the Google search engine and an insertion of third party advertising on our Internet site. If data subject lands on our Internet site through a Google ad, Google places a so-called conversion cookie on the information technology system of the data subject. The meaning of cookies has already been described above. A conversion cookie loses its validity after thirty days and it does not serve the identification of data subject. Unless the cookie is not yet expired, the conversion cookie is used to track, whether specific sub-pages such as the shopping cart from an online shop system were retrieved from our Internet site. Through the conversion cookie, we and Google can track, whether a data subject, who visited our Internet site through an AdWords ad, generated sales, i.e. purchased products or cancelled the purchase. Google uses the data and information collected through the use of conversion cookies to create traffic statistics for our Internet site. We, then, use these traffic statistics to determine the total number of users, which came to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads in the future. Our company and other advertising customers of Google AdWords do not receive information from Google, which could be used to identify the data subject. Conversion cookies are used to store personal information such as the Internet sites, data subject visited. Each time someone visits our Internet site, personal data including the IP address of the Internet connection the data subject used are transmitted to Google in the United States of America. Google stores these personal data in the United States. Google may pass on personal data collected through this technical process to third parties. As described above, the data subject may opt-out of setting of cookies by our Internet site at any time by using the appropriate setting on the Internet browser and therefore, the data subject can permanently object to the setting of cookies. Such setting of the Internet browser used would prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, it is possible to erase at any time through the Internet browser or other software programs a cookie already set by Google AdWords. Furthermore, data subject can object to interest-related advertising by Google. For this purpose, data subject must retrieve from each of the Internet browsers he or she uses the link www.google.de/settings/ads and he or she must undertake there the desired settings. For further information and the applicable privacy policy of Google, go to https://www.google.de/intl/de/policies/privacy/.
Definition of Terms
The following terms are used in the Privacy Policy:
1) personal data
Personal data means any information relating to an identified or one identifiable natural person ("affected person", "data subject"). A person is identifiable if the person can be identified directly or indirectly. This identification is possible using the name, an identifier, access data or special characteristics. Health, cultural or social parameters can also be used to identify a natural person.
2) Data subject
A data subject is an identified or identifiable natural person, whose (personal) data are collected, stored or processed by the data controller within the framework of processing.
3) Data controller
The person responsible for processing ("data controller") means the natural person or legal entity (in the public area also a public authority or institution) or any other body, where the purpose and the means of processing personal data are decided alone or jointly with others.
4) Consent
Consent of the data subject means any freely given indication of the data subject's wishes by which he or she, in form of a statement or clear action signifies his or her agreement to the processing of his or her personal data for one specific purpose. Consent requires an informed indication of the data subject and it must be an unambiguous indication.
5) Processing
Processing means any operation by automated or manual means, during which personal data are collected, recorded, stored or altered. Processing in accordance with data protection means also the organisation, read-out, retrieval, use or disclosure by transmission. In addition, processing of data considers also another form of provision, comparison or linking of data and the restriction, erasure or destruction of data.
6) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
7) Profiling and automated single-case decisions
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person. In particular, these can be aspects concerning the work performance, the financial situation, personal preferences, interests, behaviour or health. This information is used to analyse natural data subject or to predict the behaviour of the person. If automated decisions are made based on available information, which is not checked further, then these are called automated single-case decisions.
8) Pseudonymisation
Pseudonymisation means the processing of personal data in a manner that the personal data can no longer be attributed to a specific data subject without additional information and provided this additional information is kept separately and is subject to technical and organisational measures to ensure that the data cannot be attributed.
9) Processor
Processing data by a processor means a natural person or legal entity, public authority, institution or other body processes personal data on behalf of the controller.
10) Recipient
Recipients are natural persons or legal entities, public authorities, institutions or other bodies, to which personal data are disclosed during processing. In this context, it is irrelevant, whether or not the recipient is a third party in accordance with the Data Protection Act. However, public authorities, which may receive personal data within the framework of a particular inquiry in accordance with law of the Union or that of the Member States, shall not be regarded as recipients.
11) Third party
Third party means a natural person or legal entity, public authority, institution or other body other than the data subject, controller or processor and persons who, under the direct authority of the controller or processor are authorized to process personal data.