
GDPR
Responsible party pursuant
to Art. 4 (7) EU General
Data Protection Regulation
PIA Automation Holding GmbH
Theodor-Jopp-Straße 6
97616 Bad Neustadt a. d. Saale
Germany
Email: info(at)piagroup.com
Phone: +49 9771 / 6352 1000
Website: www.piagroup.com
Contact details of the data protection officer
Email: datenschutz(at)piagroup.com
Welcome to our website! We appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation laws applicable to us. With this privacy policy, we provide you with comprehensive information about the processing of your personal data by PIA and your rights.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address, and your IP address. Anonymous data is data that cannot be linked to any individual user.
We have divided our privacy policy into four sections. This allows you to access the area that interests you with a single click.
Data processing on the website
Information about the processing of your
personal data
1. Your rights as a data subject
First of all, we would like to inform you about your rights as a data subject. These rights are standardized in Articles 15–22 of the EU GDPR. This includes:
- The right to information (Art. 15 EU GDPR),
- The right to erasure (Article 17 EU GDPR),
- The right to rectification (Article 16 of the EU GDPR),
- The right to data portability (Article 20 EU GDPR),
- The right to restriction of processing (Article 18 EU GDPR),
- The right to object to data processing (Art. 21 EU GDPR).
To exercise these rights, please contact: datenschutz@piagroup.com . The same applies if you have any questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
2. Purposes and legal basis for the processing of personal data
When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are observed.
The legal basis for data processing is set out in particular in Art. 6 EU GDPR.
We use your data for business development, to fulfill contractual and legal obligations, to execute the contractual relationship, to offer products and services, and to strengthen customer relationships, which may also include analyses for marketing purposes, customer satisfaction surveys, and direct advertising.
Your consent also constitutes a data protection permission provision. In this context, we will inform you about the purposes of data processing and your right of withdrawal. If the consent also relates to the processing of special categories of personal data, we will expressly point this out to you in the consent form.
Special categories of personal data within the meaning of Art. 9 (1) EU GDPR will only be processed if this is required by law and there is no reason to assume that your legitimate interest in excluding such processing outweighs this.
3. Data storage period
We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored. This applies in particular to commercial or tax law retention obligations (e.g., Commercial Code, Tax Code, etc.). Unless further storage obligations exist, the data will be routinely deleted once the purpose has been fulfilled. The personal data of the data subject will be deleted or its use restricted as soon as the purpose of storage ceases to exist.
In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the scope of statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.
4. Transfer to third parties
We will only disclose your data to third parties within the scope of the statutory provisions or with your consent. Otherwise, data will not be disclosed to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).
4.1. Recipients of data / categories of recipients
Within our company, we ensure that only those employees who need your data to fulfill contractual and legal obligations receive it.
Other PIA companies may be involved in processing your request.
In some cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers.
Please also note the data protection information of the respective providers. The respective service providers are responsible for the content of third-party services, whereby we check the services for compliance with legal requirements within the scope of what is reasonable.
4.2. Third country transfer / intention to transfer to third countries
We make sure your info stays within the EU/EEA. But sometimes we might use service providers outside the EU/EEA to process your info. If we do, we'll make sure they have the same level of data protection as the EU before they get your personal info.
5. Categories, sources, and origin of data
5.1. Collection of personal data when visiting our website (informational use)
When you use the website for informational purposes only, i.e. if you do not provide us with information, we collect the following technical information (log file data):
- IP address
- Host
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred
- Referrer URL (i.e., the address of the website you visited before, if you arrived at our website by clicking on a hyperlink from there)
- The specific pages of our website that you have accessed
- Browser: type, version, and language settings
- Operating system: type and version
These types of data are technically necessary to display the pages you have accessed on this website correctly. In addition, they may be used to maintain the secure operation of this website (e.g., to prevent hacking attempts). The IP address and browser language are also used to suggest the appropriate language setting for our website. The referrer URL is used in anonymized form for statistical purposes. For technical security reasons and in particular to defend against attempts to attack our web server, this type of data is also stored for a specific period of time in accordance with Art. 6 para. 1 lit. f EU-DS-GVO.
5.2. Contact via email or contact form
Our website offers you various ways to contact us. You can choose between a contact form and an email address.
When you contact us, the data you provide (your email address, first and last name, and country) will be stored by us in order to answer your questions and process your requests. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b & lit. f GDPR.
Mandatory information is marked with an asterisk. Information in fields not marked in this way is voluntary. The voluntary information helps us to clarify your request and improve the processing of your concern. The provision of this information is expressly voluntary and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. You can, of course, revoke this consent at any time with future effect.
As the data controller, our company has implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted emails is not secure.
5.3. Downloading company brochures, information flyers, and general terms and conditions
On our website, we offer you the opportunity to download our current company brochures, information flyers, and general terms and conditions. No separate provision of personal data is required for this.
5.4. Search
We use the services of dkd Internet Service GmbH, Kaiserstr. 73, 60329 Frankfurt am Main, Germany, for our search function. The infrastructure used is located exclusively in Germany and is managed directly by dkd. When you use the search function, the following data is transmitted to their server for technical purposes and processed there:
- Search terms that you enter in the search field
- IP
- Time of the request
- Technical browser information
6. Use of cookies
Our website uses cookies in several places. They serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive). Based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f EU GDPR), we use technically necessary cookies that are necessary for the operation of the website and to ensure its functionality. Depending on their purpose, these are stored permanently – even after the end of the session – (so-called persistent cookies, e.g. opt-out) or are deleted when the browser is closed (so-called session cookies – these are only valid for one browser session).
In addition, we also use other cookies with your consent. These cookies enable us to analyze how users use our websites. This allows us to tailor the content of the website to the needs of our visitors. Cookies also enable us to measure the effectiveness of a particular advertisement and, for example, place it in accordance with the thematic interests of the user. The legal basis for this is your consent (Art. 6 para. 1 sentence 1 lit. a EU GDPR).
If you have given your consent here, you can of course revoke it at any time without giving reasons.
Please note: If you disable cookies, you may not be able to use all the features of our website to their full extent.
6.1. Use of Google Analytics/Google Signals
We use the tracking tool Google Analytics from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, on our website. This records and systematically evaluates your interactions with our website as a user.
The following data is stored:
- IP address (in abbreviated form)
- Usage
- Click path
- App updates
- Browser information
- Device information
- JavaScript support
- Visited pages
- Referrer URL
- Downloads
- Flash version
- Location information
- Purchase activity
- Widget interactions
- Date and time of visit
- Interaction with videos
- Ads viewed/clicked
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a EU GDPR. You can withdraw your consent at any time with future effect in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by accessing the cookie settings (https://www.piagroup.com/?showOptIn=1) and changing your selection there. The lawfulness of the processing carried out based on the consent until withdrawal remains unaffected.
IMPORTANT: The use of ad blockers may prevent the cookie consent tool from being displayed. In this case, please disable the ad blocker temporarily.
The purpose of processing your personal data by the Google Analytics service is to analyze the interaction of our website visitors with our website. By evaluating the data obtained here, we can optimize our offering and increase user-friendliness.
We delete or anonymize the data collected by Google Analytics as soon as it is no longer required for our purposes. This is the case after 14 months.
This service may transfer the data collected to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. However, we take the necessary measures in accordance with Art. 44 ff. EU-DS-GVO to ensure the level of data protection in the third country.
The information collected by cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
With Google Analytics 4, the anonymization of IP addresses is enabled by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.
We also use Google Signals. This collects additional information in Google Analytics about users who have enabled personalized ads (interests and demographic data) and allows ads to be delivered to these users in cross-device remarketing campaigns.
You can also prevent the storage of cookies by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions on the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by a) not giving your consent to the setting of the cookie or b) downloading and installing the browser add-on to disable Google Analytics (link: tools.google.com/dlpage/gaoptout).
6.2. Use of Meta Pixel
We use the "Meta Pixel" tool from Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2k5, Ireland on our website. Meta Pixel is a JavaScript code snippet that enables us to track the activities of visitors to our websites. This allows us to optimize our websites and adapt them to the behavior of visitors.
The pixel base code records general interactions of website visitors, such as page views or technical parameters of the website visit and forms the basis for detailed analyses and targeted advertising measures. With the help of the meta pixel, we also want to ensure that our ads match the potential interests of users and are not annoying. In addition, the pixel enables us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
The data is transmitted back to Facebook and stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Meta Data Usage Policy. Based on the information collected via the pixel, you may also see interest-based advertisements about our offers in your Facebook account (retargeting).
Various personal data may be collected when using the Meta Pixel. This applies in particular to the following information:
- HTTP headers – all information that is usually contained in HTTP headers. This information may include data such as IP addresses, information about the web r browser, the location of the page, the document, the referrer, and the person using the website.
- Pixel-specific data – including the pixel ID and the Facebook cookie.
- Button click data – all buttons clicked by visitors to our websites, the labels of these buttons, and all pages accessed as a result of these button clicks.
- Optional values – we can optionally specify that additional information about the visit be sent via events for custom data. Examples of events for custom data include conversion value and page type.
- Form field names – These include website field names such as email or address.
Further information on the data collected can be found on the following websites: https://developers.facebook.com/docs/meta-pixel/#meta-pixel and https://www.facebook.com/privacy/policy
We store the personal data you provide for up to 2 years. The information is then deleted. We process this data exclusively for the specified purpose and on the basis of your consent, i.e. only for as long as is necessary to achieve the stated purposes.
You can prevent certain cookies from being used, either in whole or in part, by adjusting your browser settings. You can also delete cookies that have already been set via your browser settings. Further information on usage-based online advertising and online data protection, as well as an opt-out option, can also be found on the following website, for example: https://www.youronlinechoices.com/de/
Meta Platforms Ireland Limited also processes personal data in countries outside the EU or the EEA, including through Meta Platforms, Inc., 1601 Willow Rd, Menlo Park, CA 94025, USA. The level of data protection in the USA may not meet the same standards as the level of data protection within the EU or the EEA. Meta Platforms, Inc. is certified under the Data Privacy Framework, meaning that data transfers to Meta Platforms, Inc. are subject to an adequacy decision within the meaning of Art. 45 GDPR.
The legal basis for the processing of your personal data for the purposes stated is your consent (Art. 6 para. 1 lit. a GDPR and § 25 TDDDG). You can revoke your consent at any time with effect for the future. To revoke your consent, you can simply adjust your cookie settings accordingly using our cookie management tool.
7. Embeds
On our website, we use so-called embeds or embeds of content in our online offerings, among other things. These embeds can be provided by the YouTube platform, for example. A classic embed is, for example, a video on the YouTube platform. In this case, data is always transferred to the server of the corresponding platform.
7.1. YouTube (extended data protection mode)
We use services provided by YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, is the controller responsible for your data.
We use the extended data protection option provided by YouTube to protect your personal data. When you visit a page that contains an embedded YouTube video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. According to YouTube's information at , however, in "extended data protection mode," data is only transmitted to the YouTube server when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you view will be associated with your YouTube member account. You can prevent this by logging out of your member account before visiting our website. If data is processed outside the European Economic Area/EU, where there is no data protection level equivalent to the European standard, Google uses standard contractual clauses according to its own information.
We use this service within our online offering on the legal basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.
Further information on YouTube's data protection policy is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/
7.2. Integration of Vimeo
We use the provider Vimeo, among others, to integrate videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011. By integrating Vimeo videos, we aim to make our website more interesting and attractive for our visitors and to achieve a better presentation of content and facts.
When you view a video from the provider Vimeo on our website, a connection to the Vimeo servers is established. This transmits to the Vimeo server which website you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When you click on the start button of a video, this information may also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
We use this service within our online offering on the legal basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.
Further information on the purpose and scope of data collection and its processing by Vimeo can be found in the privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA; vimeo.com/privacy.
7.3. ntegration of Google Maps
Our website contains a link to Google Maps, the map service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. If you follow the link, you will be taken to Google Maps. When you click on the link, a connection to the servers of Google LLC is established.
8. Social networks
8.1. Social plugins from social networks
No social plugins are active on our website.
8.2. Links to social media
On our website, you will find links to the social media services of Facebook, YouTube, Instagram, and LinkedIn. Links to the websites of social media services can be recognized by the respective company logo. If you follow these links, you will be taken to our company profiles on the respective social media service. When you click on a link to a social media service, a connection to the servers of the social media service is established. This informs the social media service's servers that you have visited our website. In addition, further data is transferred to the provider of the social media service. This includes, for example:
- Address of the website on which the activated link is located
- Date and time of the website visit or link activation
- Information about the browser and operating system used
- IP
If you are already logged in to the relevant social media service when you activate the link, the social media service provider may be able to determine your user name and, in some cases, even your real name from the data transmitted and assign this information to your personal user account with the social media service. You can prevent this association with your personal user account by logging out of your user account beforehand.
The servers of the social media services are located in the USA and other countries outside the European Union. The data may therefore also be processed by the social media service provider in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as in the member states of the European Union.
Please note that we have no influence on the scope, type, and purpose of data processing by the social media service provider. For more information about how your data is used by the social media services integrated into our website, please refer to the privacy policy of the respective social media service.
9. Links to other providers
Our website also contains other links to the websites of other companies, which are clearly identifiable. We have no influence on the content of websites linked to by other providers. Therefore, we cannot accept any liability for this content. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal content was not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any violations of the law, such links will be removed immediately.
10. Automated individual decision-making
Please note that we generally do not use purely automated processing procedures to make decisions.
11. Presence on our social media
We are present on various social media platforms in order to communicate with customers, interested parties, and users who are registered there and to inform them about our offers.
We would like to point out that you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).
We also point out that your data may be processed outside the European Union.
In addition, your data may be processed for market research and advertising purposes. For example, usage profiles may be created based on your usage behavior and the resulting interests . This allows, for example, advertisements that are likely to be of interest to you to be displayed within and outside the platforms. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not collected directly from your end devices may also be stored in the usage profiles (in particular if you are a member of the respective platforms and are logged in to them).
As the provider of this information service, we do not collect or process any data from your use of our service.
The processing of users' personal data is based on our legitimate interests in providing effective information to users and communicating with them in accordance with Art. 6 para. 1 sentence 1 lit. f. EU GDPR. If you are asked by the respective providers for consent to data processing (i.e., you declare your consent, for example, by ticking a checkbox or confirming a button), the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 EU GDPR.
Right to object
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored member data on the respective network, you must log out of the respective network before visiting our website, delete the cookies on your device, and close and restart your browser.
However, once you log in again, you will be recognized as a specific user by the network.
For a detailed description of the respective processing and the options for objection (opt-out), we refer you to the information provided by the providers linked below.
In the event of requests for information and the assertion of user rights, we would also like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you require assistance, please contact us.
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Privacy policy: https://www.facebook.com/about/privacy/,
- Opt-out: www.facebook.com/settings and http://www.youronlinechoices.com
- Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- Privacy policy: policies.google.com/privacy,
- Opt-out: adssettings.google.com/authenticated,
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
- Privacy policy: http://instagram.com/about/legal/privacy/
- Opt-out: instagram.com/about/legal/privacy/
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Privacy policyhttps://www.linkedin.com/legal/privacy-policy,
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Data processing of business partners
Information about the processing of your
personal data
Care and transparency are the basis for a trusting relationship with our business partners. We therefore inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation. Which personal data we process and for what purpose depends on the respective contractual relationship.
1. Types of personal data
If you have an inquiry, request a quote from us, or enter into a contract with us, we process your personal data. In addition, we also process your personal data to fulfill legal obligations, to protect a legitimate interest, or based on your consent.
Depending on the legal basis, the following categories of personal data are processed:
- First name, last name
- Address
- Communication data (telephone, email address)
- Nationality
- Contract master data, in particular contract number, term, notice period, type of contract
- Invoice data/sales data
- Credit rating data
- Payment data/account information
- Health data
- Account information, in particular registration and logins
- Video or image recordings
In the course of contract initiation, we also access data provided to us by third parties. Depending on the type of contract, this includes the following categories of personal data:
- Creditworthiness information (via credit agencies)
2. Your rights as a data subject
First of all, we would like to inform you about your rights as a data subject. These rights are standardized in Articles 15–22 of the EU GDPR. This includes:
- The right to information (Article 15 EU GDPR),
- The right to erasure (Art. 17 EU GDPR),
- The right to rectification (Art. 16 EU GDPR),
- The right to data portability (Article 20 EU GDPR),
- The right to restriction of processing (Article 18 EU GDPR),
- The right to object to data processing (Art. 21 EU GDPR).
To exercise these rights, please contact:datenschutz@piagroup.com . The same applies if you have any questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
Rights of objection
Please note the following in connection with rights of objection:
If we process your personal data for direct marketing purposes, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, preferably todatenschutz@piagroup.com .
In the event that we process your data to protect legitimate interests, you may object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
3. Origin of data
We process personal data that we receive from our customers, service providers, and suppliers.
We also receive personal data from the following sources:
- Credit agencies
- Publicly accessible sources: commercial or association registers, debtor directories, land registers
- Other group companies
4. Purposes and legal basis of data processing
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws.
4.1. Based on your consent (Art. 6 para. 1 a GDPR)
If you have given us your voluntary consent to the collection, processing, or transfer of certain personal data, this consent forms the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- Market research (e.g., customer satisfaction surveys)
- Marketing and advertising
- Publication of a customer reference (name and image)
4.2. To fulfill a contract (Art. 6 para. 1 b GDPR)
We use your personal data to fulfill the order or purchase contract.
Within this contractual relationship, we will process your data in particular for the following activities:
Contract-related contact, contract management, ongoing customer service, service center, handling warranty claims, receivables management, contract termination management.
Further information on the purposes of data processing can be found in the respective contract documents and general terms and conditions.
4.3. To fulfill legal obligations (Art. 6 para. 1 c GDPR)
As a company, we are subject to various legal obligations. Processing personal data may be necessary to fulfill these obligations.
- Control and reporting obligations
- Prevention/defense against criminal acts
4.4. Based on a legitimate interest (Art. 6 para. 1 f GDPR)
In certain cases, we process your data to protect a legitimate interest of ours or of third parties.
- Central customer data management within the group
- Measures for building and facility security
- Video surveillance to protect property rights
- Consultation of and data exchange with credit agencies to determine creditworthiness and default risks
- Ensuring IT security and IT operations
- Creditworthiness and identity checks
5. Disclosure to third parties
In order to fulfill our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies, as well as external service providers.
5.1. Companies within the group
The PIA Group maintains a central customer data management system that can be accessed by employees of all affiliated companies in order to offer you the entire range of our services from a single source. You can find the companies of the PIA Group at this link: https://www.piagroup.com/unternehmen/#c14683
5.2. External service providers
We work with selected external service providers to fulfill our contractual and legal obligations:
- IT service providers (e.g., maintenance service providers, hosting service providers)
- Service providers for file and data destruction
- Printing services
- Telecommunications
- Payment service providers
- Consulting
- Marketing or sales service providers
- Credit agencies
- Web hosting service providers
- Auditors
5.3. Public authorities
In addition, we may be required to transfer your personal data to other recipients, such as authorities, in order to comply with legal disclosure requirements.
- Tax authorities
- Customs authorities
5.4. Third country transfer / intention to transfer to third countries
Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data is processed in third countries as securely as it is within the European Union. We conclude the standard data protection clauses provided by the European Commission with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data when it is processed by service providers in third countries.
If you wish to view the existing guarantees, please contact us at datenschutz@piagroup.com.
6. Data storage period
We store your personal data for as long as it is necessary to fulfill our legal and contractual obligations.
If storage of the data is no longer necessary for the fulfillment of contractual or legal obligations, your data will be deleted unless further processing is necessary for the following purposes:
- Fulfillment of commercial and tax-related retention obligations. These include retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are generally 10 years.
- Preservation of evidence within the scope of the statutory limitation provisions. According to the limitation provisions of the German Civil Code (BGB), these limitation periods can in some cases be up to 30 years; the regular limitation period is three years.
7. Obligation to provide personal data
In order to enter into a business relationship, you must provide us with the personal data that is necessary for the performance of the contractual relationship or that we are required to collect by law. If you do not provide us with this data, we will not be able to perform and process the contractual relationship.
Data processing of applicants
Information about the processing of your
personal data in the application procedure
We are delighted that you have applied to a company within the PIA Group. Transparency and the trustworthy handling of your personal data are an important basis for good cooperation. We therefore inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation. The following information provides an overview of the collection and processing of your personal data in connection with the application process.
1. Types of personal data
We process your personal data to the extent necessary for the application process. This includes the following categories of data:
Standard information:
- Applicant master data (first name, last name, address)
- Qualification data (cover letter, resume, previous employment, professional qualifications)
- (Work) references and certificates (performance data, assessment data, etc.)
- Contact details (email, telephone number)
Special information that may be required for the position to be filled and may be requested by the Human Resources department:
- Police clearance certificate
- Schufa credit report
- Results of aptitude tests
Other:
- Publicly available, job-related data, such as a profile on professional social media networks
- Voluntary information, such as an application photo, information on severe disabilities, or other information that you voluntarily provide in your application.
We implement appropriate security measures to protect the security and confidentiality of your data as best as possible. Your application documents are transmitted to us in encrypted form via our application system. The data security measures we take are always in line with the latest technology.
2. Origin of the data
We process personal data that we receive from you during the application process.
We also receive personal data from the following sources:
- Other group companies
- Service providers for applicant placement
And we process personal data obtained from public sources, i.e., professional social networks.
3. Purposes and legal basis of data processing
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws.
3.1. Data processing for the purposes of the application relationship (Section 26 (1) BDSG)
Personal data of applicants may be processed for the purposes of the application process if this is necessary for the decision on the establishment of an employment relationship with us.
The necessity and scope of data collection are assessed based on the position to be filled, among other things. If your desired position involves particularly confidential tasks, increased personal and/or financial responsibility, or is linked to certain physical and health requirements, more extensive data collection may be necessary. In order to protect data privacy, such data processing will only take place after the selection of applicants has been completed and immediately before your employment.
3.2. Data processing based on your consent (Art. 6 (1) (a) GDPR, § 26 (2) BDSG)
If you have given us your voluntary consent to the collection, processing, or transfer of certain personal data, this consent forms the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- Inclusion in the applicant pool, i.e., we store the application documents beyond the current application process for consideration in future application processes
- Forwarding of the application to group companies
3.3. Based on the legitimate interest of the responsible body (Art. 6 para. 1 lit. f GDPR)
In certain cases, we process your data to protect a legitimate interest of ours or of third parties.
- To defend legal claims in proceedings under the General Equal Treatment Act (AGG). In the event of a legal dispute, we have a legitimate interest in processing the data for evidence purposes.
- Data comparison with EU anti-terrorism lists in accordance with Regulations (EC) No. 2580/2001 and 881/2002: As a company, we are obliged under EU law to cooperate in the fight against terrorism. No funds may be made available to persons and organizations that are included in the terrorism lists (prohibition on making funds available). For this reason, we are obliged to compare names with the terrorist lists.
4. Transfer to third parties
Your data will mainly be processed by our Human Resources department and the department head responsible for your position. However, other internal and external departments may also be involved in processing your data.
4.1. Internal departments
- Human resources
- Management
- Technical and disciplinary managers
- Technical specialists
- Works council
- Disability officer, if applicable
4.2. Companies within the group
The PIA Group maintains a central customer database that can be accessed by employees of all affiliated companies so that we can offer you the entire range of our services from a single source. You can find the companies of the PIA Group at this link:
4.3. Internal and external service providers
- Providers of applicant management systems
- Internal and external IT service providers (e.g., maintenance service providers, hosting service providers)
- Service providers for file and data destruction
If you have any further questions about the individual recipients, please contact us at: Datenschutz@piagroup.com
5. Third country transfer / intention to transfer to third countries
Countries outside the European Union (and the European Economic Area, "EEA") handle the protection of personal data differently than countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data is processed in third countries as securely as it is within the European Union. We conclude the standard data protection clauses provided by the European Commission with service providers in third countries. These clauses provide appropriate safeguards for the protection of your data when it is processed by service providers in third countries.
6. Data storage period
We store your data during the application process in accordance with applicable law and delete it after six months at the latest. Data will only be stored beyond this period if we are obliged or entitled to do so, e.g. if you have given us permission to store your data for a specific, longer period or for the exercise of legal rights.
Regulations that require us to retain data can be found, for example, in the German Commercial Code or in the German Fiscal Code. In addition, limitation periods must be observed. Further information can be found in the privacy policy provided as part of the application process.
7. Are you obliged to provide your personal data?
The provision of personal data is neither required by law nor contractually stipulated, nor are you obliged to provide personal data. However, the provision of personal data is necessary for the application process. This means that if you do not provide us with personal data when applying, we will not be able to process your application.
8. Changes to this information
If the purpose or manner of processing your personal data changes significantly, we will update this information and inform you of the changes in a timely manner.