Thank you for your interest in our company! Data protection is a particular priority for the Managing Directors of Fäth GmbH. The basic functions of Fäth GmbH’s website can be used without specifying any personal data. If a data subject would like to use special services provided by our company via our website, personal data may have to be processed. If processing of personal data is necessary, and where there is no legal basis for such processing, we generally obtain consent from the data subject.
As the data processor, Fäth GmbH has taken many technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. In spite of this, internet-based data transmissions are fundamentally susceptible to security gaps, meaning that absolute protection cannot be guaranteed. For this reason, all Data Subjects are free to share personal data with us using alternative methods, for example by telephone.
1. a) Personal Data
Personal Data includes all information referring to an identified or identifiable natural person (hereinafter ‘Data Subject’). Natural persons are deemed identifiable if they can be identified directly or indirectly, in particular by means of attribution to an identifier to a name, a code number, location data, online identification data or one or more special characteristics, the expression of physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.
1. b) Data Subject
A Data Subject is any identified or identifiable natural person whose personal data is processed by the responsible Data Controller.
1. c) Processing
Processing refers to any procedure with or without automated processes or any series of procedures in the context of personal data, such as collecting, recording, organising, sorting, storing, adapting or changing, reading, querying, using, disclosing by sending, distributing or any other form of provision, comparison or linking, restricting, deleting or destroying.
1. d) Restriction of Processing
Restriction of Processing refers to marking stored personal data with the aim of restricting its future use.
1. e) Profiling
Profiling refers to any form of automated processing of personal data that consists of using this personal data to evaluate specific personal aspects that relate to a natural person, in particular to analyse or predict aspects regarding performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or changes in location of these natural persons.
1. f) Pseudonymisation
Pseudonymisation refers to processing of personal data in a way that prevents personal data being attributed to specific data subjects without using additional information, provided this additional information is stored separately and subject to technical and organisational measures that guarantee that the personal data cannot be attributed an identified or identifiable natural person.
1. g) Controller or Data Controller
Controller or Data Controller refers to the natural or legal person, authority, institution or other body that decides, alone or with others, on the purposes and means of processing personal data. If the purposes and means of this processing are required by EU law or the law of the Member States, the Controller or the specific criteria of their appointment may be prescribed under Union law or Member State law.
1. h) Processor
A Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the Controller.
1. i) Recipient
A Recipient is a natural or legal person, authority, institution or other body to whom or which Personal Data is disclosed, irrespective of whether it is a third party or not. However authorities that receive Personal Data as part of a specific investigation mandate under EU law or Member State law are not deemed Recipients.
1. j) Third Party
A Third Party is a natural or legal person, authority, institution or other body other than the Data Subject, the Controller, the Processor and the persons authorised to process the Personal Data under the immediate responsibility of the Controller.
1. k) Consent
Consent is any voluntary declaration of intent by the Data Subject for the specific case in an informed manner and unmistakeably provided in the form of a declaration or another clearly confirmatory act with which the Data Subject indicates that he or she agrees to processing of his or her personal data.
2. Name and address of the Data Controller
The Data Controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the European Union Member States and other data protection law-like provisions is:
Schwabacher Str. 10
Tel.: +49 (0) 35204 3930-50
3. Name and address of the Data Protection Officer
The Data Controller’s Data Protection Officer is:
External Data Protection Officer
mobilplus Systemhaus GmbH
Am Wüsteberg 3
01723 Wilsdruff OT Kesselsdorf
Tel.: +49 (0) 35204 270 318
4. SSL or TLS encryption
Our website uses SSL or TLS encryption to protect transfers of confidential content you send us via this website, and for security reasons. That prevents third parties reading the data you send via this website. You can tell that the connection is encrypted by the ‘https:/’ in the address bar or the lock icon in your browser.
5. Server log files
The website provider automatically collects and saves information that your browser automatically sends to us in server log files. They are:
- The date and time when you accessed the website
- The website from which the accessing system accesses our website (‘referrer’)
- The sub-pages an accessing system visits on our website
- The access method/function called by the requesting computer
- The input values sent by the requesting computer (e.g. file name)
- Access status of the web server (file sent, file not found, command not executed etc.)
- Browser types and versions used
- An Internet Protocol (IP) address, anonymised where applicable
- Other similar data and information to protect against hazards in the event of attacks on our IT systems.
These data are not combined with other sources of information. Data are processed on the basis of Section 6 Subsection 1 b of GDPR, which permits processing of data to fulfil a contract or precontractual measures. This information is technically necessary to deliver the content of websites you requested correctly and are essential when using the Internet. We also use data to identify and track illegal access attempts and access to our web servers. The data are otherwise used only for anonymised access statistics to optimise the website. No access profiles are produced. This is only information that does not permit personal identification, as your IP address is not saved or is anonymised. The logged data are stored for 426 days and then deleted unless a detected web attack results in a civil or criminal prosecution of the attacker.
6. Legal basis for processing
Section 6 I a of GDPR provides data controllers with a legal basis to process data for which the data subject gave consent to use such data for a specific purpose. If personal data must be processed to perform a contract in which the data subject is a contracting party, for example as is the case for processing that is necessary to deliver goods or provide miscellaneous services or consideration, processing shall be based on Section 6 I b of GDPR. The same applies for processing necessary precontractual measures, for example in cases of inquiries about products or services. If the data controller is subject to a legal obligation that requires processing of personal data, for example to fulfil taxation obligations, processing shall be based on Section 6 I c of GDPR. In rare cases, it may be necessary to process personal data to protect vital interests of the data subject or another natural person. For example, this would be the case if a visitor were injured on our premises, in which case we would have to inform a doctor, hospital or other third party of their name, age, health insurance data and other vital information. Processing would then be based on Section 6 I d of GDPR. Processing could ultimately also be based on Section 6 I f of GDPR. Processing not covered by any of the above legal grounds shall be based on these legal grounds if the processing is required to uphold legitimate interests of the data controller or a third party, provided the interests, fundamental rights and freedoms of the data subjects do not outweigh such interests. Processing of this kind is permitted in particular because it was specifically mentioned by European Legislator. Accordingly it took the view that a legitimate interest could be assumed if the data subject is a customer of the data controller (Recital 47 Subsection 2 of GDPR).
7. Period for which personal data are stored
The criterion for duration of storage of personal data is the respective legal storage period. After expiry of the period, the corresponding personal data are deleted unless it is required to fulfil the contract or to prepare a contract.
8. Contact form
We save the data sent in the contact form along with your contact details to enable us to answer your inquiry or to respond to any further concerns you may have. Your data are not passed on to third parties without your consent.
Data are processed on the basis of Section 6 Subsection 1 a of GDPR, which permits processing of data based on consent. However, you can revoke your consent at any time without stating grounds. Informal notification by e-mail is sufficient to revoke consent. The legitimacy of data processing procedures prior to the revocation remains unaffected by the revocation.
Data sent via the contact form shall be stored until you ask us to delete it, revoke your storage consent or storage is no longer necessary. Mandatory legal provisions or archiving periods remain unaffected.
If you contact us (by e-mail or telephone), your user details are used to handle the contact request and process it in accordance with Section 6 Subsection 1 b of GDPR.
The user details may be stored in our Customer Relationship Management System (CRM system) or similar inquiry organisation method.
User details shall be stored until you ask us to delete them, revoke your storage consent or storage is no longer necessary. Mandatory legal provisions or archiving periods remain unaffected.
10. Data protection for applications and in application processes
When you send us your application documents, we process your personal data to handle the application process. If you send us your application documents electronically, for example by e-mail or in a web form, we also process them electronically.
The personal data you send shall only be used to handle your application for the position advertised. Only persons involved in the application process shall have access to your personal data. All employees entrusted with processing your data are obliged to treat your data as confidential. We do not pass your data on to third parties unless you consent to data forwarding or we are obliged to pass on data by law and/or official or court orders.
If you share personal data with us as part of the application process, we divide them into the following data types and categories for collection, processing and/or use:
- Personal data (e.g. first name and surname, date of birth, address)
- Communication data (e.g. telephone number, e-mail address)
- Data on evaluation or assessment in the application process
- Data on education and previous professional career (e.g. school, vocational training, university degrees, doctorate, certificates)
- Information on other qualifications (e.g. language skills, PC skills, volunteer work)
- Application photo
- Information on salary expectations
- Application history
If we conclude an employment contract with you, the data you sent will be stored for the purpose of the employment relationship in accordance with the legal regulations. If no employment contract is concluded with you, the data shall be deleted automatically 6 months after announcement of the rejection decision, unless the data controller has other legitimate interests that prevent deletion. Other legitimate interests in this sense include a burden of proof in a case pursuant to the German General Equal Treatment Act (AGG).
Transient cookies are deleted automatically when you close your browser or log out. They include in particular session cookies that store a session ID that can be used to assign various requests of your browser to a common session. That allows your computer to be recognised if you return to our website. Persistent cookies are automatically deleted after a prescribed period, which can differ depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
We use the cookie/consent management tool by Objectis Ltd’s on our website. (Objectis Ltd., Laisves st. 60, LT-05120 Vilnius, Lithuania; www.cookie-script.com; “Consent Manager”).
The tool enables you to give consent to data processing via the website, in particular the setting of cookies, and to make use of your right of withdrawal for consent that has already been given.
Data processing serves the purpose of obtaining and documenting the necessary consent to data processing and thus complying with legal obligations. Cookies may be used. Among other things, the following information is collected and transmitted to the consent manager: date and time of the page view, information about the browser you are using and the device you are using, anonymized IP address, opt-in and opt-out data. This data will not be passed on to other third parties.
The data is processed to fulfill a legal obligation on the basis of Article 6 Paragraph 1 Letter c GDPR and our legitimate interest in accordance with Article 6 Paragraph 1 Letter f GDPR.
You can find more information about the data protection of the consent manager at: https://cookie-script.com/privacy-policy.html
12. Analytics with SlimStat
13. Your rights
Right to confirmation
You have the right to request confirmation from the data controller whether the corresponding personal data has been processed.
Right to restrict processing
You have the right to demand that the data controller restricts processing if one of the following conditions is met:
The accuracy of the personal data is disputed by the data subject, for a period that allows the data controller to assess the accuracy of the personal data.
Processing is not legitimate, the data subject rejects erasure of the personal data and instead requests restriction of the use of the personal data.
The data controller no longer requires the personal data for processing, but the data subject requires it to assert, exercise or reject legal claims.
The data subject has objected to processing per Section 21 Subsection 1 of GDPR and it has not yet been stipulated whether the data controller’s legitimate grounds supersede those of the data subject.
Right to object
You have the right to object to processing of your personal data in accordance with Section 6 Subsection 1 e or f of GDPR at any time. This shall also apply to profiling based on these provisions.
The data controller will then no longer process your personal data unless it can prove compelling legitimate reasons for processing, which supersede the data subject’s interests, rights and freedoms or the processing serves to assert, exercise or reject legal claims.
If the data controller processes personal data for direct advertising purposes, the data subject is entitled to object to the processing personal data for the purposes of such advertising. The same also applies for profiling, where it is linked to such direct advertising. If the data subject objects to the data controller processing for direct advertising purposes, the data controller shall no longer process the personal data for these purposes.
The data subject is also entitled to object to processing of their personal data by the data controller for scientific or historical research purposes, or statistical purposes in accordance with Section 89 Subsection 1 of GDPR for reasons arising from their particular situation, unless such processing is essential to fulfil an obligation in the public interest.
The data subject is also entitled to object using automatic procedures in which technical specifications are used in conjunction with the use of information society services, irrespective of Directive 2002/58/EC.
Right to complain to the responsible supervisory authority
As a data subject you have the right to complain to the responsible supervisory authority in the event of violations of data privacy law. The responsible supervisory authority in data privacy matters is the state data protection officer of the Federal State in which our company has its registered office. The following link provides a list of the data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You are entitled to have data we process automatically based on your consent or to fulfil a contract forwarded to you or third parties. Your data are provided in a machine-legible format. If you demand direct transfer of the data to another data controller, this shall only be done if it is technically feasible.
Right to information, correction, erasure, blocking
You shall be entitled, within the scope of the applicable statutory provisions, to receive information free of charge on any data stored relating to you personally as well as on their origin, their recipient and the purpose of data processing. You may also be entitled to claim the correction, erasure or blocking of such data.
Revoking your consent to process your data
Some data processing procedures are only possible with your express consent. You can revoke your consent at any time after granting it. Informal notification by e-mail is sufficient to do so. The legitimacy of the data processing prior to the revocation remains unaffected by the revocation.
Automated decisions including profiling
You are entitled not to be subjected to a decision made exclusively based on automated processing – including profiling – with legal effect on you, or that significantly impacts you in a similar way, provided the decision:
(1) is not required to conclude or fulfil a contract between the data subject and the data controller or
(2) is permitted in accordance with the laws of the Union or Member States to which the data controller is subject, and these laws contain appropriate measures to uphold the rights and freedoms and legitimate interests of the data subjects or
(3) is made with the express consent of the data subject.
If the decision is necessary to conclude or fulfil a contract between the data subject and the data controller, or if it is made with the express consent of the data subject, the data controller shall take appropriate measures to uphold the rights and freedoms and legitimate interests of the data subject, which shall include at least the right to procure the intervention of a person on the part of the data controller, representation of a personal point of view and to object to the decision.
Questions on data protection
If you have questions on data protection, please send us an e-mail or contact us directly (see above for contact details).
Last amended: 04/12/2019