The controller in the sense of the General Data Protection Regulation and other national data protection laws in the member states as well as other data protection law provisions is:
Rhenus SE & Co. KG
Rhenus-Platz 1
59439 Holzwickede
Germany
Phone: +49 (0)2301 29-0
Email: [email protected]
Website: www.rhenus.group
Data Protection Officer
Rhenus-Platz 1
59439 Holzwickede
Germany
Email: [email protected]
Website: www.rhenus.group
We would like to provide you with the following notes and information regarding the way that we carefully protect your private details and the extensive level of confidentiality when handling your data:
1. Anonymous data collection
In principle, you can use our websites without informing us who you are. We only learn about technical data like the name of your Internet service provider, the website from which you come and the corporate websites that you visit. This information is assessed with the date and time details for internal statistical purposes related to advertising, website analysis and for designing our websites to meet needs. You remain completely anonymous as a user in this process. No pseudonymised user profiles are generated.
2. The purpose and legal basis of data processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be sent to the user’s computer. The user’s IP address must be stored for the duration of the session. The legal basis for temporarily storing the data is found in Article 6 Para. 1 f) of the GDPR.
3. The length of time that data is stored
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was gathered. When gathering data to make available the website, deletion occurs once the session in question has ended.
4. Opportunity to object and to have the data removed
The logging of data for making available the website and storing data in log files is absolutely necessary to operate the Internet site. There is therefore no opportunity for the user to object to this.
1. Description and scope of the data processing
We make use of cookies to improve the quality of establishing the link with and the content of our website and to provide user-oriented navigation that is as smooth as possible. We make use of so-called session cookies that are restricted to the time of your visit to the website. They are used to determine which content is viewed from your PC while you continue to surf and they also play a role in increasing your security when surfing. Once you leave our website or do not click on it for a certain time, these short-term cookies are deleted again.
Cookies cannot do any damage to your PC. They do not cause any security risk in the sense of viruses or spying on your PC. You control how cookies are handled yourself. Please use the help function in your browser to allow, reject, view and delete them.
We make use of cookies in order to make our website more user-friendly. Some elements on our website require us to identify the browser making the request after you move from one site to another. The following data is therefore stored and transmitted in the cookies:
We also use cookies that enable an analysis of the surfing behaviour of users. The following data can be transmitted in this way:
2. The purpose and legal basis of data processing
The purpose of using absolutely necessary cookies (technically necessary cookies) is to enable the use of websites for the users. The legal basis for the processing of personal data using absolutely necessary cookies is Article 6 Para. 1 f) of the GDPR.
Some functions of our website are not available without using cookies. It is essential for them that the browser is recognised again after a change of site. We need cookies for the following applications:
The user data collected through the cookies required for technical purposes is not used to draw up any user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies enable us to see how the website is being used and we are then able to continually optimise our services. The following analysis cookies are used:
The legal basis for the processing of personal data using non-technically necessary cookies (performance cookies) is Article 6 Para. 1 a) of the GDPR (consent).
3. The length of time that data is stored and the opportunity to object and to have the data removed
Cookies are stored on the user’s computer and are transmitted to our site by the latter. As a user, you therefore have full control over the use of cookies. By making changes to the settings in your Internet browser, you can deactivate or restrict the sending of cookies. Any cookies already stored can be deleted at any time. This can take place automatically too. If cookies are deactivated for our website, it may not be possible for you to make full use of all the functions available on the website.
1. Description and scope of the data processing
Newsletters are sent on the basis of the user’s registration on the website:
It is possible to subscribe to a free newsletter on our website. The data entered on the input form is sent to us once you register for the newsletter. The following data is processed in this case:
The following data is also gathered when you register:
Your consent is obtained to process the data as part of the registration process and reference is made to this data protection declaration.
The newsletter is sent on the basis of the sale of goods or services:
If you purchase goods or services from our website and leave your email address there, we may use this subsequently to send out a newsletter. In this case, the newsletter is exclusively used to directly advertise our own similar goods or services.
No data is forwarded to third parties in conjunction with processing data to send out newsletters. The data is exclusively used for sending out the newsletter.
The job newsletter mailing is based on the offer of vacant job positions for the Rhenus Group. With your selection of certain job criteria (career level, field of activity, company, country) we will inform you weekly about new job offers in the form of a Job Newsletter.
2. The purpose and legal basis data processing
Newsletters are sent on the basis of the user’s registration on the website. The user’s email address is gathered for the purpose of delivering the newsletter. The gathering of other personal data as part of the registration process is used to prevent any misuse of the services or the email address that is used.
The legal basis for processing the data, once the user has registered for the newsletter, is Article 6 Para. 1 a) of the GDPR, provided that the user has given consent for this.
The newsletter is sent out due to the sale of goods or services: Legal basis for the dispatch of the newsletter as a result of the sale of goods or services is § 7 Para. 3 UWG (german law) or Article 6 Para. 1 f) of the GDPR.
3. The length of time that data is stored
The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.
The personal data collected during the registration process is usually deleted after a period of seven days.
4. Opportunities to object and to have the data removed
The user concerned can terminate the subscription to the newsletter at any time. There is an appropriate link in each newsletter for this purpose. There is also an opportunity to cancel any consent to store the personal data that is gathered during the registration process.
On our website you have several options for jumping to different tools of the Rhenus Group. Some of these require logins / registrations. The respective data protection regulations can be found on the start pages of the tools.
1. Description and scope of managing the data
There is a contact form on our website and it can be used to make contact electronically. If a user makes use of this facility, the data entered on the input form is sent to us and stored. This data involves:
Alternatively, it is possible to make contact via the email address that is made available. In this case, the user’s personal data that is sent with the email is stored.
2. The purpose and legal basis of data processing
Within the scope of your contacting us, we process your personal data on the basis of the following legal principles for the following purposes:
The processing of the personal data from the contact form or your email serves us solely to process the contact and in case of follow-up questions. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Article 6 Para. 1 f) of the GDPR and, if applicable, Article 6 Para. 1 b) of the GDPR, if your request is aimed at the conclusion of a contract.
The other personal data processed when the email is sent is used to prevent any misuse of the contact form and guarantee the security of our IT systems. The legal basis for the processing of personal data is Article 6 Para. 1 f) of the GDPR.
3. The length of time that data is stored
The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. This is the case for any personal data from the input form in the contact form and the data that is sent by email when the relevant conversation with the user has been concluded. The conversation has been ended when the circumstances suggest that the facts of the case in question have been finally resolved.
The personal data, which is also gathered during the sending procedure, is deleted after a period of seven days, at the very latest.
4. Recipients of the data
In our contact form you can select the topic on which you would like to make an inquiry. Inquiries on the topic "General" are handled by the central specialist department. If necessary, we will forward your inquiry to the responsible Rhenus company for internal processing. This company will process the data you have provided in order to contact you regarding your inquiry.
Enquiries on all other topics are automatically forwarded for internal processing to the stored contact mail of the relevant Rhenus company and processed there. This company will process the data you have provided in order to contact you regarding your inquiry.
5. Opportunity to object and to have the data removed
In the case of Article 6 Para. 1 f) GDPR, you can object to the processing of your personal data at any time. Please note that in this case your request cannot be processed further. You can declare your objection by sending an email to our email address given above.
Google reCAPTCHA, Google Maps API). If you give your consent through our cookie banner, we will transfer the necessary data to the respective provider (e.g. your IP address).
If you consent to the activation of these services through our cookie banner, it cannot be ruled out that personal data will be transmitted to providers in countries outside the European Economic Area (EEA) which, from the point of view of the European Union ("EU"), do not ensure an "appropriate level of protection" for the processing of personal data in accordance with EU standards. Possible risks that cannot currently be ruled out are in particular:
- Your personal data could possibly be passed on to other third parties beyond the actual purpose (for example: use your data for advertising purposes.)
- You may not be able to sustainably assert or enforce your right to information toward the third-party provider.
- There is possibly a higher probability that incorrect data processing can occur, as the technical and organizational measures taken by third-party providers to protect personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.
- The risk of data transmission to the USA is basically the relatively easy access to data by US authorities, as well as the fact that EU citizens do not have effective legal remedies against the extensive access rights of US authorities to personal data.
Please take this fact into account before you give your consent and thus allow your data to be transmitted.
For more information, please refer to our cookie banner.
The same applies to the social media profiles we operate when you visit our pages at the respective social media provider (Facebook, Instagram, LinkedIn).
This website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.
The following visitor data, which is not assigned to a person, can be collected:
We use Google Analytics 4 for the following purposes: tracking user behaviour in order to derive optimisation potential (ROI maximisation), reporting website performance, monitoring the success of campaigns. The legal basis is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and § 25 para. 1 p.1 TDDDG.
In addition, Google Analytics 4 is integrated via server-side tag management, i.e. the visitor data is not transferred directly to Google Analytics 4. The data is first transmitted to a so-called tagging server (via Google Cloud) in Germany and from there transferred to Google Analytics 4 in a controlled manner (i.e. no personal/demographic data).
Recipients of the data may be
For the USA, the European Commission adopted a news adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.
The data sent by us and linked to cookies are automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.
You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by not giving your consent to the setting of the cookie or downloading and installing the browser add-on to deactivate Google Analytics HERE.
For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.
We use Hotjar on our website. This is a web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta, Europe, Tel: +1(855)464-6788 We use Hotjar to better understand the needs of our users and to improve our services and user experience on this website. Hotjar is technology services that help us better understand our users' experiences. For example, it is possible to see how much time users spend on which of our pages, which links users click on, what they like and what they don't like. This allows us to tailor our offerings to the feedback we receive from our users. The data processing is carried out on the basis of your consent (Article 6 Para. 1 a) GDPR). You can withdraw this consent at any time.
Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. We have concluded a data processing agreement with Hotjar. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
You can prevent Hotjar from collecting the data. Please note that this setting will be deleted if you delete your cookies.
On our website we use a link to our Facebook fan page. The joint data controller for the operation of our Facebook fan pages is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter "Meta"). The data protection officer can be contacted via the contact form or by post at the above address. Meta Platforms, Inc. is the American parent company of Meta Platforms Ireland Limited.
1. purpose and legal basis for data processing
You can regularly access our social media fan pages on the internet at any time, regardless of whether you have created a user account on the corresponding platform yourself or not. If you are logged into your Facebook account, Meta can assign this to your Facebook account. In both cases, however, your data will be processed by the internet platforms of the social network. Every time you call up the social media platform, your IP address is recorded and stored. Furthermore, a cookie is usually set on your page, which stores your visit and other data about your visit to the social media platform. Please note that Rhenus has no influence on the collection of data and its further use by the social networks. Thus, there is no knowledge about the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. When calling up our Facebook fan pages, your data will be forwarded to the USA.
a) Analysis
There is a joint responsibility between Rhenus and Meta to process this personal data into events for page insights ("Insights Data"), as well as data such as comments, likes and the like. The joint responsibility includes the creation of these events and their aggregation into Page Insights, which are then made available to us.
We use "Facebook Insights" to obtain a presentation of statistically processed data without personal reference. The statistical processing is generated and provided by Meta. As the fan page operator, Rhenus has no influence on the generation and provision of this data. The data processing carried out by us is limited in scope. This enables us to determine the behaviour of our users and use it to optimise our posts. Through the "Insights" we can learn, for example, about the following static data: the views of the fan page, activity of its visitors, the reach of posts, views, as well as average duration of video playbacks, data on which country and which city our visitors come from, as well as statistics on the gender ratios of our visitors. The personal data processing associated with this takes place exclusively at Meta. In addition, personal data may be processed when visiting our fan pages.
The legal basis for the storage of insights data on our part is the balancing of interests pursuant to Art. 6 Para. 1 lit. f DSGVO, so that the fan page is optimised and designed attractively for visitors.
b) Contact requests and visitor activity
If you contact us through Facebook Messenger to find out about our services or to share your feedback, we process your personal data based on our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO and, where applicable, Art. 6 (1) lit. b DSGVO if your request is aimed at concluding a contract.
As a rule, we receive the following data from you:
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal obligations to retain it. For personal data from messages, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
2. data subject rights
Within the scope of joint responsibility with Meta, you can exercise your data subject rights pursuant to Art. 15, 16, 17, 18, 20, 21 DSGVO both with Meta and with us. Meta assumes the fulfilment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of data subject rights. If you wish to make use of your data subject rights, please contact Meta directly. If you do not want Meta to be able to assign your visit to our pages to your Facebook user account, please log out of your user account.
For further information on the scope and processing of your personal data, please refer to Facebook's privacy policy and terms of use.
We use Meta Pixel (formerly Facebook Pixel) on our website. The joint controller (Art. 26 GDPR) for this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter "Meta"). Meta's data protection officer can be contacted via the contact form or by post at the above address. The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing.
We use the meta pixel to measure the effectiveness of the advertising measures we place on the Facebook platform. This allows us to analyze the behavior of site visitors after they have been redirected to our website by clicking on our Facebook ad. This allows future advertising measures to be optimized.
The following data may be processed Usage data (e.g. websites visited, interactions with content, access times), meta/communication data (e.g. device information, browser data, IP addresses), location data (data indicating the location of an end user's end device). The data collected is deleted after 90 days. If you are registered/logged in to a Facebook service, Facebook can assign the visit to your account.
The use of meta pixels is based on your consent in accordance with Art. 6 para. 1 a) GDPR and § 25 para. 1 TDDDG (german law). You can withdraw your consent at any time with effect for the future by accessing the cookie settings under "Cookie preferences" and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
Meta Platforms, Inc. is the American holding company of Meta Platforms Ireland Limited. The data transfer to the USA is based on the adequacy decision of the EU Commission (announced in July 2023). The adequacy decision states that the USA (compared to the EU) ensures an adequate level of data protection for personal data transferred from the EU to companies in the USA that are certified under the DPF. Meta Platforms, Inc. is certified under the EU-US Privacy Framework. You can find more information here.
Within the scope of joint responsibility with Meta, you can exercise your data subject rights pursuant to Art. 15, 16, 17, 18, 20, 21 GDPR both with Meta and with us. Meta assumes the fulfilment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of data subject rights. If you wish to make use of your data subject rights, please contact Meta directly. If you do not want Meta to be able to assign your visit to our pages to your Facebook user account, please log out of your user account.
For further information on the scope and processing of your personal data, please refer to Facebook's privacy policy and terms of use.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company (hereinafter "LinkedIn"), Wilton Plaza, Wilton Place, Dublin 2, Ireland. We are jointly responsible for the processing of data with LinkedIn. The agreement pursuant to Art. 26 DSGVO can be found here: https://legal.linkedin.com/pages-joint-controller-addendum. The data protection officer of LinkedIn can be contacted via the following link: https://www.linkedin.com/help/linkedin/ask/ppq. The contact details of our data protection officer can be found in point II of this privacy policy.
Personal data is processed and stored on LinkedIn platform if you do not have a LinkedIn account yourself. Even if you are only a temporary visitor, personal data such as the IP address, the browser type, the operating system, information on previously accessed websites, the location, the mobile phone provider, the end device used, the search terms used and cookie information are processed. In addition, LinkedIn transmits data to third countries, in particular the USA. This data transfer is secured by standard contractual clauses of the EU Commission.
1. company profile on LinkedIn
We have a LinkedIn company profile. You can regularly access our company profile on the internet at any time, regardless of whether or not you have created a user account on the corresponding platform yourself. If you are logged into your LinkedIn account, LinkedIn can assign this to your user account. In both cases, however, your data will be processed by LinkedIn. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. If you post your data publicly on our LinkedIn profile or comment on it, it can be viewed worldwide by other registered and non-registered visitors to our LinkedIn profile.
On our LinkedIn company profile, you also have the possibility to react to our posts, write comments, create a post on our page yourself or send us private messages. Any data you provide in this context will be processed by us. We process your personal data based on our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO and, if applicable, Art. 6 (1) lit. b DSGVO if your request is aimed at concluding a contract.
As a rule, we receive the following data from you:
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal retention obligations to the contrary. For personal data from messages, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
2. LinkedIn Insight Tag
The LinkedIn Insight Tag is a small JavaScript code snippet that we deploy on our website. The LinkedIn Insight Tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamps and page views. LinkedIn does not share any personal data with us. We are only provided with aggregated data as page insights, which does not allow us to draw conclusions about individuals or members. We may receive the following information such as industry, job title, company size, career level and location of the website visitors.
The processing of the data via the page insights is carried out by LinkedIn and us as joint controllers within the meaning of the DSGVO. The purpose of this data processing is solely to evaluate and analyse the actions and activities on our LinkedIn company profile and to make improvements based on this data. The legal basis for the processing of personal data is Art. 6 (1) lit. a DSGVO.
This data is encrypted, anonymised within 7 days and the anonymised data is deleted within 90 days.
3. LinkedIn Ads
We have integrated LinkedIn Ads on our website. LinkedIn Ads uses cookies and other browser technologies to analyse user behaviour and thus display targeted advertisements on LinkedIn. LinkedIn Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of the advertising. Furthermore, LinkedIn Ads delivers targeted advertising based on behavioural profiling and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider. In this case, your data is transferred to LinkedIn, possibly also to the USA. The use of LinkedIn Ads is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no statutory retention obligations to the contrary. The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn.
4. objection options and data subject rights
LinkedIn members can also control the use of their personal data for advertising purposes in their account settings. If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website and link it to your membership data stored on LinkedIn, you can log out of LinkedIn before visiting our website.
In addition, you can deactivate the cookies independently of a LinkedIn membership here: Opt-Out.
In the context of joint responsibility with LinkedIn, you can exercise your data subject rights pursuant to Art. 15, 16, 17, 18, 20, 21 DSGVO with both LinkedIn and us. LinkedIn assumes the fulfilment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of data subject rights. If you wish to make use of your data protection rights, please contact LinkedIn directly.
You can find more information on this in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy
We embed YouTube videos on some of our websites. The operator is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about website visitors before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.
As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. Cookies remain on your device until you delete them. If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no influence.
YouTube uses Google Fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the uniform display of fonts. When you call up a page, your browser loads the required Google Fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. Google Fonts are used in the interest of a uniform and appealing presentation of YouTube. These processing operations are only carried out after you have given your express consent in accordance with Art. 6 (1) lit. a DSGVO when you activate the YouTube video on our website. You can revoke your consent in the cookie settings at any time.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq.
For more information on the handling of user data, please visit https://www.google.de/intl/de/policies/privacy. Information on how to change your privacy settings at Google can be found at https://privacy.google.com/take-control.html?categories_activeEl=sign-in.
We are present in the social network Twitter. These functions are offered by the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
When you interact with our Twitter profile, we receive the following categories of personal information:
You can prevent this by logging out of your Twitter account. The purpose for processing your personal data is our legitimate interest in exchanging information with our fans (Article 6 Para. 1 f) GDPR).
By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter in the process. We would like to point out that we, as the provider of the sites, have no knowledge of the content of the transmitted data or its use by Twitter. For further information, please refer to the Twitter privacy policy at: https://twitter.com/privacy.
On our website, we use a link to our Instagram fan page. The joint data controller for the operation of our Instagram fanpages is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter "Meta"). The data protection officer can be contacted via the contact form or by post at the above address. Meta Platforms, Inc. is the American parent company of Meta Platforms Ireland Limited.
1. Purpose and legal basis for data processing
You can regularly access our social media fanpages on the internet at any time, regardless of whether you have created a user account on the corresponding platform yourself or not. If you are logged into your Instagram account, then Meta can assign this to your Instagram account. In both cases, however, your data will be processed by the internet platforms of the social network.
Every time you call up the social media platform, your IP address is recorded and stored. Furthermore, a cookie is usually set on your page that stores your visit and other data about your visit to the social media platform. Please note that Rhenus has no influence on the collection of data and its further use by the social networks. Thus, there is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. When calling up our Instagram fan pages, your data will be forwarded to the USA.
a) Analysis
There is a joint responsibility under Article 26 of the GDPR between us and Meta to be responsible for the processing of personal data in events for page insights ("Insights Data"), as well as for data such as comments, likes and the like. The joint responsibility includes the creation of these events and their aggregation into page insights, which are then made available to us. According to the requirement of Art. 26 DSGVO, an agreement for joint responsibility has been concluded. The agreement can be found here: m.facebook.com/legal/terms/Privacy.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal obligations to retain it. For personal data from messages, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
2. data subject rights
Within the scope of joint responsibility with Meta, you can exercise your data subject rights pursuant to Art. 15, 16, 17, 18, 20, 21 DSGVO both with Meta and with us. Meta assumes the fulfilment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of data subject rights. If you wish to make use of your data subject rights, please contact Meta directly. If you do not want Meta to be able to assign your visit to our pages to your Instagram user account, please log out of your user account.
For more information on the scope and processing of your personal data, please refer to Instagram's data policy and terms of use.
a) Xing
Rhenus maintains a profile on the social network XING, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. We have no knowledge of the content of the transmitted data or its use by XING.
We may learn the following categories of data when you interact with our site:
To prevent XING from collecting the above-mentioned data, please log out of XING. We process your personal data on the basis of our legitimate interest in responding to your request in accordance with Article 6 Para. 1 f) GDPR and, if applicable, Article 6 Para. 1 b) GDPR, provided that your request is aimed at concluding a contract.
For the purpose and scope of data collection and the further processing and use of data by XING, as well as your rights in this regard and setting options for protecting your privacy, please refer to the XING data protection information https://www.xing.com/privacy.
b) Kununu
We run a profile at kununu. kununu is an application of the XING service. This site is managed by Kununu (kununu GmbH represented by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany). The current data protection information for XING and its application kununu can be found at https://www.kununu.com/de/info/datenschutz.
Our website uses Google Maps to visually display geographical information. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). By integrating Google Maps, a direct connection is established between Google’s servers and your browser. This enables Google Maps to be displayed. By integrating and using Google Maps, your IP address as well as information on the use of the maps is transmitted to Google. In addition, Google processes the search terms you enter on the Google Maps map as well as your current location, provided you have granted your express consent via the Google Maps application. Moreover, Google Maps embeds Google Fonts. These are fonts from Google. To display Google Fonts on the Google Maps map, a connection is also established from your browser to the Google server. Your IP address is transmitted to Google in this process.
The legal basis for processing of the personal data is your consent according to Article 6 para. 1 lit. a) GDPR. You can revoke your consent for the future at any time by deselecting the corresponding category in the cookie banner. You can find the “Cookie settings” at the bottom of the footer on this website.
For detailed information on data processing by Google refer to Google’s privacy policy: http://www.google.com/privacypolicy.html. The additional Terms of Use for Google Maps/Google Earth also apply.
1. Description and scope of managing the data
Our pages use features of Cloudflare. Provider is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. CloudFlare offers a worldwide distributed content delivery network with DNS. We have concluded a corresponding agreement with Cloudflare based on the GDPR for order processing as well as EU standard contract clauses.
A Content Delivery Network (CDN), as provided by Cloudflare, is nothing more than a network of servers connected via the Internet. Cloudflare has distributed such servers around the world to bring web pages to your screen faster. Cloudflare makes copies of our website and places them on their own servers. When you visit our website, you will automatically be connected to Cloudflare's nearby servers which deliver the data. This way the loading time is significantly reduced.
We process your data when you access or use our domains, networks, websites, application programming interfaces and applications, or if you are authorized Cloudflare users for teams, such as our employees, agents or contractors. The information processed may include, but is not limited to, IP addresses, system configuration information and other information about traffic to and from our websites, devices, applications and/or networks (collectively, "Log Information").
In addition, Cloudflare stores server and network activity data, as well as observations and analysis collected by Cloudflare in the course of providing the Services (collectively, "Operational Metrics"). Examples of Operational Metrics include service availability and service availability metrics, request volumes, failure rates, cache rates, and IP threat assessments. Cloudflare uses and processes end-user log data to fulfill its obligations under our agreement.
2. The purpose and legal basis of data processing
We use Cloudflare to increase the speed of our website while reducing latency and thus improving/optimizing the user experience. The data processing is based on our legitimate interest (Article 6 Para. 1 f) of the GDPR).
3. The length of time that data is stored
In general, Cloudflare stores user-level data for domains in the Free, Pro and Business versions for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data can be stored for up to 7 days. However, if IP addresses trigger security alerts during Cloudflare, exceptions to the above retention period may occur.
For more details on Cloudflare's privacy policy, please see the following link: https://www.cloudflare.com/de-de/privacypolicy/
Functions of the Sprout Social service are integrated within our website. These functions are offered by Sprout Social, Inc, 131 S. Dearborn St., Ste. 700, Chicago, IL 60603, USA. This is a tool for evaluating social media activities, which displays messages and posts from our social media pages for the benefit of clarity, effectiveness and response. Accordingly, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Only data is collected that you send to our social media site through your messages or posts and are also directly visible to us on our social media site, as well as data that is collected by the operator of the social media platform. You can find out what these are from the respective operator's data protection information.
The Rhenus Group takes the protection of your personal data very seriously. We would, therefore, like to let you know about the details of our Privacy Policy which we always adhere to during an application process.
What information is stored?
When you send us your online application, it is automatically read and filed in our application management system. All documents sent with your application (cover letter, CV, diplomas and other certificates) and all the information contained in these documents are also stored in this system.
If you hand in your application in person or send it to us by post, it is first digitized and then also filed in our application management system. The original documents are returned to you immediately.
You can update and amend your documents whenever you wish. To do this, simply send an email to [email protected] and attach your new documents or let us know what changes you wish to be made.
What are the collected personal data used for?
The processing of your personal data may only be carried out lawfully, in accordance with Art. 6 DSGVO. We process your data in accordance with Art. 6 (1) lit. (a) DSGVO. You have given your consent of the data obtained for you for one or more specific purposes.
The processing is necessary to protect the legitimate interests of the controller or a third party, pursuant to Art. 6 (1) lit. (f), unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, override, in particular if the data subject, is a child.
Your application documents and the personal data contained therein will be used exclusively for the respective application process and the associated company of the Rhenus Group, according to your selection (to be indicated in the application form below), for decision-making in the application process.
All persons directly involved in the application process (HR departments, specialist departments, works councils) have access to your documents.
How do we ensure your data is secure?
Our application management system is operated by a contractor in accordance with the rules and regulations of the Rhenus Group and hosted on a server in Germany. Your data is automatically sent to the Rhenus Group in encrypted form (SSL encryption). The latest technology is always used to keep your data secure.
How long do we store your data?
After completion of the application process, your documents will be archived for another 90 days and then automatically and completely deleted. You will receive a corresponding confirmation of this by e-mail.
If you wish to have your data deleted earlier, please send us a short note by e-mail to: [email protected].
What does inclusion in the applicant pool mean?
Inclusion in the Rhenus Group applicant pool is voluntary and, if applicable, is by separate invitation. If you decide to join our applicant pool, your personal data may be viewed by decision-makers at the Rhenus Group for the purpose of possible job placements. Your data will not be passed on to third parties outside the Rhenus Group.
The retention period in the applicant pool is initially 180 days. After that, you will receive an e-mail from us with an extension option. If you do not confirm this within 14 days, your data will be duly deleted.
If you wish to be deleted from the applicant pool prematurely, please send us a short note by e-mail to: [email protected]. We will then delete your data immediately.
What happens in the case of parallel application procedures within the Rhenus Group?
If you have applied for several positions within the Rhenus Group at the same time, the departments for which you are participating in an application process will become aware of this.
The same applies if you apply for another vacancy within the Rhenus Group after a rejection within the retention period of your documents of 90 days.
Updating the data protection declaration
We are entitled to update or change this data protection declaration at any time and without prior notice. The existing level of data protection will, of course, be maintained. In the event of a change to the data protection provisions, we will inform you of this immediately by e-mail.
If you have any questions or suggestions regarding data protection in our applicant management system, please contact:
Rhenus Assets & Services GmbH & Co. KG
Service Center Personnel
Rhenus Platz 1
59439 Holzwickede
Mail: [email protected]
Phone: +49 (0)2301 29 0
Name and address of the data protection officer
Oliver Köhler
Rhenus Platz 1
59439 Holzwickede
Germany
E-mail: [email protected]
Website: www.rhenus.com
Status: 08.09.2021
1. Name and address of the responsible person:
The responsible entity with regards to compliance to the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Rhenus Assets & Services GmbH & Co. KG
Service Center Human Resources
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0)2301 29-0
E-mail: [email protected]
2. Purpose and legal basis of data processing:
This job advertisement offers the option of using the messenger WhatsApp for application purposes, in order to facilitate the establishment of contact. When using the WhatsApp application functionality ("service"), communication takes place via online chat. We process all data that you provide to us within this chat. The use of the service is voluntary. Alternatively, you can also submit your application in the traditional way (by post or e-mail) or via our online job board https://www.rhenus.group/career/.
How is the communication carried out in detail:
Only when you agree to the applicable terms of use for the service as well as to our privacy policy by responding with "Yes", you can start the online chat and submit data to us. You then start entering personal data. Up to this point, no data will be exchanged via WhatsApp, apart from technical data. If you do not agree or do not continue the communication, the contact details or your mobile number will be deleted within 24 hours after the last message. You can also end the communication independently at any time; even then, the data will be deleted within the before mentioned period.
Insofar as you use the service, the legal basis for the communication and the associated processing of your data is your consent, which can be revoked at any time with effect for the future (Art. 6 Para. 1 a GDPR in conjunction with Section 26 BDSG for the application process). By this the lawfulness of the data processing is not affected until the revocation. Please address the revocation to the contact specified in our privacy policy.
Recipients of the data:
The service called PitchYou is provided to us by an IT service provider (SBB Software und Beratung GmbH), which processes your data for us as a data processor. You can find more information here: https://www.pitchyou.de/datenschutz. WhatsApp's data protection information, for example on their processing or on exercising your data protection rights against WhatsApp, can be found here: https://www.whatsapp.com/legal/privacy-policy-eea?lang=en.
We would also like to point out that data processing by WhatsApp is associated with security risks; WhatsApp may access your private contacts. The USA is currently assessed as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you being informed about this data processing and without you having the possibility to appeal against this data processing by the US authorities.
For all further information, please refer to our Privacy Policy.
3. Storage period:
After completion of the WhatsApp application process, applicant data is transferred via an interface to the third-party system concludis and deleted from PitchYou immediately after the transfer. Further processing and deletion takes place exclusively in the third-party system and the following deletion periods apply: All application documents will be archived for additional 90 days and then automatically deleted completely. Once the data has been deleted, the applicant will receive confirmation of this via e-mail. Exception: Applications which are being included in the applicant pool. After 180 days, they will receive an e-mail asking whether their documents may be kept for a further 180 days. If the applicants do not actively agree, their documents will also be automatically and completely deleted.
4. The rights of data subject:
For your rights as data subject, please refer to our privacy policy under point "The rights of data subject".
5. Right to complain to the supervisory authority:
Regardless of any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the EU member state of your residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data related to yourself infringes the GDPR.
We use "Flipsnack" on our website. This is a service to graphically embed PDF files. The processing company is Flipsnack LLC, 2701Troy Center Dr Suite 255, Troy, Michigan, 48084. The data processing purpose of Flipsnack is to display PDF brochures. Data is collected through technologies such as cookies and iFrame. These are placed in the browser. The following (personal) data is collected by or through the use of this service: Log data (browser, operating system, device type, IP address, chat activity, date, time & duration of access, referrer URL, page views, search terms, location, clicks). The legal basis for the processing of personal data is Art. 6 para. 1 p. 1 lit. a GDPR. The data is stored until it is no longer needed for processing. Details on the handling of personal data by Flipsnack can be found at:
https://www.flipsnack.com/legal-information/privacy-policy.html
This website uses functions of the service "Google Ads" (formerly Google AdWords), a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called "AdServers". For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC.
These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies allow Google to recognize your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers' websites. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is the possibility that Google learns your IP address and stores it.
The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR. If you do not want Google Ads to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.
In the context of processing by Google Ads, data may be transmitted to the USA. The following recipients may be, among others, Google LLC. and Alphabet Inc. The security of the transmission is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR.
For more information about data processing by Google, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en.
This website uses functions of the service "Google Tag Manager" of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. The Google Tag Manager is an organizational tool that allows us to integrate and manage website tags centrally and via a user interface. We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and itself processes personal data only for technically necessary purposes. The Google Tag Manager does not store any data itself. This takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data. Please note that American authorities, such as intelligence agencies, could possibly gain access to personal data due to American laws. You can find more information about the Google Tag Manager in the Privacy policy of Google: https://policies.google.com/privacy?hl=en&gl=de
This website uses functions of Google Marketing Platform. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Marketing Platform is used to show you interest-based ads across the Google advertising network. In order to be able to show users interest-based advertising, Google Marketing Platform must recognize the respective viewer and be able to assign the websites they have visited, clicks and other information on user behavior to them. For this purpose, Google Marketing Platform uses cookies or comparable recognition technologies (e.g. device fingerprinting). Google Marketing Platform uses a special cookie script. This draws among other things on:
The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned. If you have a Google account, the search engine associates the data obtained with the information available in the Google account.
As part of processing by Google, data may be transmitted to the USA. The following recipients may include Google LLC. and Alphabet Inc. The level of data protection in the USA is currently not equivalent to that in the EU. This is due in particular to far-reaching official access rights to personal data processed by companies and insufficient legal protection options for data subjects. The security of the transmission is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a security level that corresponds to that of the GDPR.
Processing takes place exclusively on the basis of Article 6 (1) (b) GDPR. 6 paragraph 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. For more information on how to object to the ads displayed by Google, please see https://policies.google.com/technologies/ads?hl=en.
We use the cookie management platform called OneTrust on our website to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider is OneTrust Technology Limited (hereinafter "OneTrust"), 82 St John St, Farringdon , London EC1M 4JN, United Kingdom (UK).
By integrating a JavaScript code, a banner is displayed to users when the page is accessed, which gives the user the option of giving or rejecting their consent to the setting of cookies for individual purposes or individual functions of our website. The tool blocks the setting of all cookies that require consent until the respective user gives their consent. This ensures that cookies that require consent are only set on the user's end device if there is a legal basis. So that OneTrust can individually record and log the consent settings made by the user, the following user information is collected by the tool when our website is accessed:
OneTrust is used to obtain the legally required consent for the use of cookies. The legal basis is Article 6 (1) (c) GDPR. We have concluded an order processing contract with OneTrust. This is a contract required by data protection law, which ensures that One Trust only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR. We would like to point out that your data may be transferred to the USA. The data collected is stored until you ask us to delete it or delete the OneTrust cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.
Details on the data processing of OneTrust cookies can be found in the OneTrust data protection declaration at https://www.onetrust.com/privacy/.
We use "Mautic Pixel" on our website. The Mautic.org website is owned by Mautic Inc. (53 State St, Boston, Massachusetts 02109, US), an Acquia company. Mautic enables brands to integrate and personalize all of their digital properties and channels into a seamless customer experience. With its modern approach to marketing automation, Mautic's suite of tools enables marketers to deliver campaigns and content with higher performance and drive results. Through Mautic, we can send newsletters or embed case studies/downloads on the website. Mautic uses so-called "first-party cookies" - this means that the data is stored directly on our server and is not passed on to third-party providers. The legal basis is Art. 6 para. 1 p. 1 lit. f) DSGVO.
This website uses the functions of the "Microsoft Advertising" service (formerly: Bing Ads). The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter "Microsoft"). Microsoft Advertising (hereinafter "MS Ads") enables us to draw the attention of as many people as possible to our products and services. For this purpose, a conversion tracking tag (Universal Event Tracking (UET)) is integrated on our website. This is used to learn more about user behavior when someone arrives at our website via Microsoft advertising. It allows us to learn which keyword or ad a user came to our website from, what they clicked on on that website, and how long they stay on our website. We can also see how many users have come to our website via the ads. However, we only process data and evaluations on web behavior here. At no time do we have the possibility to personally identify individual users.
Microsoft sets a cookie on your computer if you have accessed our website via a Microsoft Ads ad. MS Ads collects information about visitor behavior on various websites. As part of the use of MS Ads, the following data is collected and processed:
The use of MS Ads is based on your consent in accordance to Article 6 para. a GDPR. You can revoke your consent at any time with effect for the future under "Cookie preferences".
Microsoft uses the data to optimize its own advertising offer and other services. If you have a Microsoft account yourself, the collected data may be linked to your account. Thus, it may also be that Microsoft recognizes and stores your IP address. Microsoft stores your personal data as long as it is necessary for the provision of its own services or products or for legal purposes. When you search via Bing, Microsoft deletes your saved searches after 6 months by deleting your IP address. Cookie IDs are made unrecognizable after 18 months. In the context of processing via MS Ads, data may be transmitted to the USA. The security of the transmission is secured via so-called standard contractual clauses.
Further information can be found in the privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
This website uses the functions of the "Microsoft Clarity" service. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as "Microsoft"). Microsoft Clarity (hereinafter referred to as "MS Clarity") is a tool for analysing user behaviour on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behaviour within our website. Recordings data is retained for 30 days. Any labeled or favorited sessions are retained for 13 months. Heatmaps data is retained for 13 months.
Microsoft places a cookie on your computer if you have reached our website via a Microsoft advertising advert. The following data is collected and processed as part of the use of MS Clarity:
The use of MS Clarity is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke your consent at any time with effect for the future under "Cookie preferences".
We would like to point out that Microsoft may transfer personal data to the USA. The European Commission adopted its adequacy decision for the USA on 10 July 2023. Microsoft Corporation is certified under the EU-US Privacy Framework. This certification confirms that the required data protection regulations and practices are complied with by the US company.
Microsoft uses the data to optimise its own advertising and other services. If you have a Microsoft account, the data collected can be linked to your account. Microsoft may also recognise and store your IP address. As part of processing via MS Clarity, data may be transferred to the USA. The security of the transfer is ensured by so-called standard contractual clauses.
Further information can be found in the privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
On our website, we use Microsoft Bookings (hereinafter "MS Bookings") to book online appointments. The provider is Microsoft Corporation (hereinafter "Microsoft"), One Microsoft Way, Redmond, WA 98052-6399, USA. MS Bookings includes a web-based booking calendar and integrates with Outlook to give customers the flexibility to book a time that works best for them. MS Bookings is a Microsoft 365 app, meaning all data is stored within the Microsoft 365 platform and Exchange.
On our website, you will see the available slots for an online appointment. You can select an appointment and book it by entering your data. You will then receive a confirmation email and a calendar invitation. Each Bookings calendar is a mailbox in Exchange Online. Storage and retrieval of the files is done via Exchange. Booked appointments are conducted virtually via Microsoft Teams (hereinafter "MS Teams"). Each appointment that is booked as an online appointment creates a unique meeting link that is sent to attendees so they can participate via a web browser, phone dial-in, or the Teams app.
As part of booking an appointment through MS Bookings, the following personal data is collected from you: Date and time of appointment, name, email address, phone number, notes (optional), company (optional), zip code (optional). We process the data to confirm the appointment and to contact you.
In the context of using MS Teams, the following data is processed: name, email address, profile picture (optional), preferred language, meeting metadata (e.g. date, time, meeting ID, phone number, location, text, audio and video data). You may have the option to use the chat function in an online meeting. In this case, the text entries you make are processed in order to display them in the online appointment. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from a video camera of the terminal device are processed during the online appointment. You can turn off or mute the camera or microphone yourself at any time via MS Teams.
The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You have the option to revoke your consent at any time with effect for the future. In this case, the intended contact with the user is no longer possible or an already initiated communication can no longer be continued. You also have the option to cancel or rebook your bookings in the appointment invitation. We would like to point out that you are not obliged to use MS Bookings to book an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.
Personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and insofar as the deletion does not conflict with any retention obligations to which we are legally bound. A requirement may exist in particular if the data is still needed to fulfill contractual services. If it becomes apparent during the online appointment that there is no interest in working together, your personal data will be deleted after the appointment has taken place.
For the appointment arrangement your personal data will be transferred to Microsoft. Generally, the data is hosted in Germany. In the course of processing by Microsoft, data may be transferred to the USA. The level of data protection in the USA is currently not equivalent to that in the EU. This is due in particular to far-reaching authority to access personal data processed by companies and to insufficient legal protection options for data subjects. The security of the transfer is safeguarded via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security equivalent to that of the GDPR. Further information on the handling of your data can be found in privacy policy.
This website uses features of the Visual Website Optimizer ("VWO") web analytics service. The provider is Wingify Software Pvt. Ltd. (KLJ TOWER, 1104, North, Netaji Subhash Place, Pitam Pura, Delhi, 110034, India). This is a tool for statistical analysis of user behaviour for optimisation and marketing purposes. The legal basis is Art. 6 para. 1 lit. a DSGVO.
We use VWO to create user tests for the optimisation and further development of our website. VWO analyses static data on the use of our website. With the help of A/B test tools, the data, such as the number of visitors, click behaviour and the average active dwell time of the website users, are assigned to the corresponding test variants. Based on the behaviour of the users, e.g. staying longer on the website or interacting more frequently with the elements, it can be determined which of these websites or elements are more likely to meet the needs of the users.
VWO uses IP addresses to check traffic. However, the user's IP address is anonymised immediately after it is collected and before it is stored. By default, VWO replaces the last octet (digits after the fourth dot) for your visitor's IP address that passes through the VWO server with 0. The website visitor data collected by VWO is stored in the data centre in Belgium. The retention period is 30 days.
In order to object to the data collection and storage of your visitor data for the future, you can obtain an opt-out cookie from VWO under the following link, which will have the effect that no visitor data of your browser will be collected and stored by VWO in the future: https://vwo.com/opt-out/. You can find more information on the topic of data protection at: https://vwo.com/privacy-policy/.
1. Right of access
You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from us about the following:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data that are being processed;
(3) the recipients or the categories of recipients to whom the personal data related to you has been disclosed or is still being disclosed;
(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;
(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing of data;
(6) the existence of a right to make a complaint to a supervisory authority;
(7) all the information that is available about the origin of the data, if the personal data is not being gathered from the person involved;
You can receive a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for the additional copies.
2. Right to rectification
You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.
3. Right to restriction of processing
You may demand restrictions on the processing of the personal data related to you in the following situations:
(1) if you dispute the correctness of the personal data related to you for a period that enables the controller to check the correctness of the personal data;
(2) if the processing of the data is illegal and you reject any deletion of your personal data and demand that restrictions are placed on the use of your personal data instead;
(3) if the controller no longer requires the personal data for the purposes of processing it, but you require it to assert, exercise or defend legal claims; or
(4) if you have lodged an objection to the processing according to Article 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons presented by the controller override your reasons.
4. Right to erasure
You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;
(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;
(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;
(4) the personal data related to you has been processed illegally;
(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;
(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.
a) Exceptions
There is no right to have the data deleted if the processing of the data is required:
(1) to exercise the right of free expression and information;
(2) to meet a legal obligation, which requires the processing of the data according to the laws of the Union or the member states, to which the controller is subject, or to perform a task that is of public interest or takes place in connection with exercising any state authority that has been transferred to the controller;
(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 h) and i) as well as Article 9 Para. 3 of the GDPR;
(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 Para. 1 of the GDPR, if the right cited in paragraph a) will probably make the achievement of the goals of this processing of data impossible or will serious impair it; or
(5) to assert, exercise or defend legal claims.
5. Right to data portability
You have the right to receive the personal data related to you, which you have made available to the controller, in a structured, conventional and machine-readable format. You also have the right to transfer this data to a different controller without any obstruction by the first controller, to which the personal data was made available, if
(1) the processing of the data is based on consent in line with Article 6 Para. 1 a) of the GDPR or Article 9 Para. 2 a) of the GDPR or on a contract according to Article 6 Para. 1 b) of the GDPR and
(2) the processing of the data takes place using automated procedures.
When exercising this right, you also have the right to ensure that the personal data related to you is directly transferred from one controller to a different controller, if this is technically feasible. The freedoms and rights of other persons may not be impaired by this process.
The right to data portability shall not apply to any processing of personal data that is necessary to perform a task that is in the public interest or takes place in connection with exercising any state authority that has been transferred to the controller.
6. The right to object
You have the right to lodge an objection at any time to the processing of the personal data related to you, if this takes place according to Article 6 Para. 1 e) or f) of the GDPR, for reasons arising from your particular situation; this shall also apply to any profiling supported by these stipulations. In this case we will no longer process your data. The latter does not apply if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests or if we need your data to assert, exercise or defend legal claims.
If the personal data related to you is processed to provide direct marketing, you have the right to lodge an objection to the processing of the personal data related to you for the purpose of this kind of advertising at any time; this shall also apply to profiling, if it is connected to this kind of direct marketing. If you object to the processing of the data for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.
7. The right to cancel the declaration of consent under data protection law
You have the right to cancel your declaration of consent provided under data protection law at any time. By cancelling your consent, the legitimacy of the processing of the data that was performed on the basis of your consent until your cancellation shall not be affected.
8. The right to lodge a complaint to a supervisory authority
Regardless of any different administrative law or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data related to you breaches the GDPR.