Protection of personal data and responsible handling of information are important and special concerns for us. We process personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).
1. Controller and Data Protection Officer
Controller in the meaning of Data Protection Law is Harbort GmbH & Co. KG, Südring 28-30, 29640 Schneverdingen (see also Imprint).
2. Website Visit
When you visit our website, we process personal data to the extent described in section 2.1. In addition, personal data may be processed for other purposes as described under 2.2. et seq.
2.1 Data Processing to Enable the Use of the Website
When you visit our website, we process personal data to enable your use (Usage Data). Usage Data includes your IP address and information on start, end and your use of the website. It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please contact us.
2.2 Cookies and Web Tracking
When you visit our website, information in the form of cookies may be stored on your device. A cookie is a small text file that is sent from a web server to your browser and stored on your device. When you revisit our website, cookie data are transmitted to our web server again.
We use the following technically necessary cookies to ensure the functionality of the website:
Retention period: Session
Purpose: Protection against malicious http requests, so-called Cross-Site-Request-Forgery-Requests
Retention period: 1 hour
You can deactivate the storage of cookies in your browser and have the option to delete them from your hard drive at any time. In this case, not all functions of this website may be available to you. The legal basis for the use of these cookies is our legitimate interest in providing our website in accordance with Art. 6(1)(f) GDPR.
2.3 Google Maps
On the page of the contact form there is a plugin which shows a map of Google Maps. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us.
This is done by connecting your browser to Google's servers as if you were visiting the Google search engine's website. However, this only takes place when you activate the plugin and thus agree to the connection being established. There is no tracking by Google on our website.
The legal basis for this data processing is your consent by clicking on the Accept button (Art. 6(1)(a) GDPR.
2.4 Contact Form
We process your personal data when you use our contact form. If you contact us via the contact form provided, your details will be stored in order to respond to your enquiry. Legal basis is either the performing of a contract obligation or our legitimate interest in providing a contact form (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.
3. Job Applications
Within the application process, regardless of whether the application is made online or by post, we process your personal data. We process your personal data for the purpose of contacting you and assessing whether or not you are the right candidate for the position. All our employees entrusted with data processing are obliged to maintain the confidentiality of your data.
The legal basis for processing your personal Data are Sec. 26(1), (8)(2) BDSG or Sec. 26(2), (8)(2) BDSG.
4. Transfer to Recipients of Personal Data within the EEA
We will transfer personal data to third parties only where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR. In particular, we transferred personal data to the following categories of service providers:
In other cases, we transfer personal data to other recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.
5. Transfer to Recipients of Personal Data in States outside the EEA
If necessary, for our purposes, we may also transfer your data to recipients outside the EEA.
We only do this within the framework of the data protection requirements for transfers to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and no other interests worthy of protection speak against the transfer of data.
We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for YYY to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
Job-related data is retained until a decision is made and then deleted after a maximum of three months or, in the event of a successful application, transferred to your personnel file.
7. Your Rights
As a data subject of the data processing, you have the right to confirmation as to whether personal data relating to you are processed by YYY and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about our data protection measures, we recommend that you first contact us (see contact details under section 1).
8. No automated individual Decision-Making
We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.
Status: February 2021