GDPR
Responsible according to Art. 4 para. 7 EU General Data Protection Regulation
PIA Automation Holding GmbH
Theodor-Jopp-Straße 6
97616 Bad Neustadt a. d. Saale
Germany
Email: info(at)piagroup.com
Phone: +49 9771 / 6352 1000
Website: www.piagroup.com
Contact details of the data protection officer
Email: datenschutz(at)piagroup.com
Click on a topic
We have divided our privacy policy into four sections. This way you can get to the section of interest to you with one click.
If you have any questions about the handling of your personal data, you are welcome to contact our data protection officer. You will find the contact details at the top of this page.
- Data processing on the website
- Data processing of business partners
- Data processing of applicants
- Terminology
Data processing on the website
INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA
In the following, we inform you about the collection of personal data when using our website. If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
1. Legal basis for the processing of personal data
In the following, we inform you about the collection of personal data when using our website. If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) S.1 lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.
2. Data erasure and storage period
The personal data of the data subject shall be deleted or its use restricted as soon as the purpose of the storage expires. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Deletion or restriction of the processing of the data shall also take place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or performance of a contract.
3. Data transmission
3.1 As a matter of principle, your personal data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the performance of a contractual relationship, or you have previously expressly consented to the transfer of your data. Insofar as service providers process your personal data on our behalf, we ensure within the scope of commissioned processing pursuant to Art. 28 GDPR that they comply with the provisions of the data protection laws in the same manner. Please also note the data protection information of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
3.2 We make a point of processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient prior to the transfer of your personal data. This can be achieved, for example, via EU standard contracts or Binding Corporate Rules or special agreements to whose regulations the company can submit.
4. Collection of personal data when visiting our website (informational use)
During the mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we collect the following technical information (log file data):
- IP address
- Hostname
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Data volume transferred in each case
- Website from which the request comes (referrer)
- The specific pages of our website that you visit
- Browser: Type, version and set language
- Operating system: type and version
- Furthermore, with JavaScript enabled
The collection of this data is technically necessary to display our website to you and to ensure stability and security. We regularly do not know who is behind an IP address. We do not combine the data listed above with other data.
The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.
5. Contact us by e-mail or contact form
In addition to the purely informative use of our website, our website offers you further possibilities to contact us. When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable, your name and your telephone number) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. b & lit. f GDPR.
Mandatory fields are marked with an asterisk. Information in fields not marked in this way is voluntary. The voluntary information serves us to specify your request and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para. 1 p. 1 lit. a GDPR. Of course, you can revoke this consent at any time for the future.
Your data, which we have received in the course of contacting you, will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you, or its use will be restricted if there are legal obligations to retain data.
As the controller, our company has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can always have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use the postal service instead.
6. use of cookies
6.1 Cookies are data that are stored on your computer by a website you visit and allow your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This prevents you, for example, from having to reenter required form data each time you use the site. The information stored in cookies can also be used to identify preferences and to tailor content according to areas of interest.
6.2 There are different types of cookies:
- Session cookies are amounts of data that are only temporarily held in memory and are deleted when you close your browser.
- Permanent or persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The information can also be stored in text files on your computer with this type of cookie. However, you can also delete these cookies at any time via your browser settings.
- First-party cookies are set by the website you are currently visiting. Only that website is allowed to read information from these cookies.
- Third-party cookies are set by organizations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data by means of cookies and their storage period may vary. Insofar as you have given us your consent to the use of cookies (via our Cookie Consent Tool), the legal basis is Art. 6 (1) sentence 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 p.1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.
6.3 We use cookies to ensure the proper operation of the website and - with your consent - for reach measurement and to tailor our services to preferred areas of interest. When you access our website, the following cookies are used on the basis of your consent in accordance with Art . 6 para. 1 p. 1 lit. a GDPR via our Cookie Consent Tool stored on your computer.
Further information on cookies used and on the integration of Google Analytics into our website can be found below in this data protection declaration.
IMPORTANT: The use of add blockers can have influence for the visibility of the Cookie Consent Tool. In this case please deactivate the add blocker.
7. Use of Google Analytics
7.1 For the purpose of analyzing and optimizing our websites, we use Google Analytics on our website, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), insofar as you have declared your consent to this via the Cookie Consent Banner in the category "Analytics & Performance". This allows us to analyse, for example, how many users visit our site, which information is most in demand or how users find the offer. This helps us to design and improve our offers in a user-friendly way. The legal basis for this is Art. 6 para. 1 p. 1 lit. a .GDPR.
The use includes the User-ID operating mode. This makes it possible to assign one or several sessions (and activities within these sessions) a unique, permanent user ID and thus analyze a user's activities across devices.
Additionally, we use Google signals. With this further information about users, who have activated personalized advertisement (interests and demographic data) is recorded in Google Analytics. Advertisements can be delivered in cross-device remarketing campaigns to these users.
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
With Google Analytics 4 the anonymization of IP addresses is activated by default. Due to IP anonymization your IP address is shortened by Google within a member state of the European Union or European Economic Area. Only in exceptional cases the complete IP address is transferred to the servers of Google in the United States of America and shortened there. The IP address transferred by your browser will not be combined with any other data of Google. During your visit of the website, your consumer behavior is recorded in form of ‘events’. Events can be:
- page views
- first visit of the website
- beginning of the session
- your ‚click path‘, interaction with the website
- scrolls (whenever a user scrolls down to the bottom of the website (90%)
- clicks on external links
- internal search request
- interaction with videos
- seen / clicked advertisements
In addition, the following is recorded:
- your approximate location (region)
- your IP address (shortened)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet provider
- the referrer URL (from which website/which advertising medium you accessed this website)
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
7.2 Recipients of data are/might be:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be excluded that US-American authorities have access to the data storages of Google.
Insofar as data is processed outside the EU/EEA without a data protection level corresponding to the European standard, the EU standard contractual clauses with the processor are concluded in order to create an appropriate level of data protection. Google Ireland's parent company, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be excluded. According to data protection law, the USA is currently considered a third country. You do not have the same rights there as within the EU/EEA. You may not be entitled to lodge any legal remedies against access by authorities.
7.3 You can also prevent the storage of cookies by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in limited functionality on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by a) not giving your consent to the cookie setting or b) downloading and installing the browser add-on to disable Google Analytics (link: https://tools.google.com/dlpage/gaoptout?hl=de).
7.4 You can revoke your consent with effect for the future at any time by calling up the cookie settings (https://www.piagroup.com/?showOptIn=1) and changing your selection there. The lawfulness of the processing before the revocation remains unaffected.
IMPORTANT: The use of add blockers can have influence for the visibility of the Cookie Consent Tool. In this case please deactivate the add blocker.
7.5 Storage period
The data sent by us and linked to cookies are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
7.6 Further information on the terms of use of Google Analytics and on data protection at Google can be found at marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=en.
YouTube (enhanced privacy mode)
We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland is the controller of your data.
In order to protect your personal data, we use the extended data protection option provided by YouTube. If you call up a page in which a YouTube video is embedded, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser. According to YouTube's information, however, data is only transmitted to the YouTube server in "extended data protection mode" when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection corresponding to the European standard, Google states that it uses standard contractual clauses.
We use this service within our online offer on the legal basis of a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
Further information on YouTube's privacy policy is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/.
8. Integration of Vimeo
8.1 We use the provider Vimeo, among others, for the integration of videos. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011. With the integration of Vimeo videos, we pursue the purpose of making our website more interesting and attractive for our visitors and to achieve a better presentation of content or facts.
8.2 When you call up a video from the provider Vimeo on our website, a connection is established to the Vimeo servers. This transmits to the Vimeo server which website you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When you click on the start button of a video, this information can also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
8.3 We use this service within our online offer on the legal basis of a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
8.4 Further information on the purpose and scope of data collection and processing by Vimeo can be found in the privacy policy. There you will also find further information on your rights and setting options for protecting your privacy: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA; vimeo.com/privacy.
9. Integration of Google Maps
9.1 This site uses the mapping service Google Maps. Google Maps is a map service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
9.2 In order to use the functions of Google Maps, information, including the IP address as well as the address, which is entered within the scope of the route function, can be transmitted to the servers of the provider. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection with Google's servers, whereby the map content is sent to your browser and integrated by it. The provider of this site has no influence on this data transmission. According to current knowledge, this includes the following data:
- Date and time of the visit to the website in question,
- Internet address or URL of the accessed web page,
- IP address, (start) address entered during route planning
9.3 The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website.
9.4 If you do not wish Google to process data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case the interactive map function of Google Maps is not usable.
9.5 Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider in order to establish a secure level of data protection.
More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.
The data collection and storage only takes place after explicit consent according to Art. 6 para. 1 p. 1 lit. a GDPR. This can be revoked at any time with effect for the future.
10. Facebook fan page
10.1 Social media have become an integral part of the Internet and modern communication-. In order to stay in contact with our customers and interested parties, we have also set up our own fan page on Facebook. Facebook is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
We expressly draw your attention to the fact that Facebook stores the data (e.g. IP address, preferences and personal interests, behaviour on Facebook pages, any personal information stored on Facebook, etc.) of users and uses it for business purposes.
We have no influence on the processing and further use of this data, as Facebook alone determines the processing. To what extent, where and for how long the data is stored, to what extent the data is linked and evaluated and to whom the data is passed on is currently not comprehensible to us. Also with regard to deletion periods, i.e. whether and to what extent deletion periods are observed, we have no insight and no influence.
Details from Facebook itself about what information is collected can be found in Facebook's privacy policy, which can be viewed here:
https://www.facebook.com/about/privacy/ . When You are a Facebook member and logged into your Facebook user account, Facebook can associate your visit to our site with your user account. If you would like to prevent Facebook from linking data about your visit to our Fanpage with your membership data stored on Facebook, you must - log out of Facebook before each visit to our fan page - delete the cookies on your device - and close and restart your browser.
This way, according to Facebook, any information that can be used to identify you from Facebook will be deleted.
10.2 You do not need to be a Facebook member to view the content on our Facebook fan page. However, data is collected, stored and used by Facebook every time you visit our site. ln the moment you call up our fan page, your browser establishes a connection with a Facebook server. In doing so, data may be transferred to countries outside the European Union. In any case, regardless of whether you are -registered with Facebook or not, your IP address will be transmitted and cookies will be set. If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our site to your user account.
The cookies used include session cookies, which are deleted when the browser is closed, and persistent cookies, which remain on the end device until they expire or are deleted by the user. You can decide for yourself via your browser settings whether and which cookies you wish to allow, block or delete. Instructions for various browsers can be found here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called -ad blockers, such as Ghostery.
Facebook states that the cookies it uses are for authentication, security, website and product integrity, advertising and measurement, website features and services, performance, and analytics and research. Details of the cookies used by Facebook (e.g. cookie names, duration, content collected and purpose) can be found here: https://www.facebook.com/policies/cookies/ by following the links there. You can make settings regarding which advertisements are to be displayed or no longer displayed to you by Facebook at https://www.facebook.com/about/basics/advertising and at http://www.youronlinechoices.com.
You can manage your preferences regarding usage-based online advertising at the aforementioned link. If you object to usage-based -online advertising with
a particular provider using the preference manager, this will only apply to the particular business data collection via the web browser you are currently using. The preference management is cookie-based. Deleting all browser cookies will also remove the preferences you have set using the preference manager.
An automated decision making including profiling according to Art. 22 GDPR does not take place.
As a matter of principle, we only store personal data until the respective purpose for which the data was collected has been achieved. In the context of a business relationship with you, we store your personal data for as long as the business relationship lasts-, this also includes the initiation and execution of a contract as well as the regular limitation period. In addition, we store the data if and to the extent that we are -subject to statutory retention obligations. Such obligations may arise, for example, from the German -Commercial Code (HGB) or the German Fiscal Code (AO).
If you have given us consent for a processing operation, the data relating to the granting of consent will be stored until revoked or, at the longest,-duration of the processing operation and after its termination within the framework of the statute of limitations.
10.3 For statistical evaluation purposes, we use the Facebook Insights function. In this context, we receive anonymized data on the users of our Facebook fan page. A conclusion on your person is not possible for us. For further information, please refer to Facebook's cookie policy.
10.4 Insofar as you interact with Facebook, Facebook naturally also has access to your data. Facebook is located in an insecure third country where the level of data protection is lower. The data transfer is based on the legitimate interest (Art. 6 para. 1 lit. f GDPR)
10.5 If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR is the legal basis for the processing. We see our legitimate interest for data processing in the presentation of our company and our products as well as services for your information and in particular in the provision of up-to-date communication options for and with you.
10.6 Joint controllers:
PIA Automation Holding GmbH
Theodor-Jopp-Strasse 6
97616 Bad Neustadt a. d. Saale
Germany
and
Facebook Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour,
D2 Dublin
Ireland
According to the European Court of Justice (ECJ), we are jointly responsible with Facebook for the processing of your personal data. The decision of the ECJ from 05.06.2018 can be found here.
Due to the joint responsibility, we inform you in view of Art. 26 GDDPR about the following essence of the existing agreement between us and Facebook- on joint responsibility: https://www.facebook.com/legal/terms/page_controller_addendum
11. Data subject rights
In the following, we will inform you about your data subject rights according to Art. 15 GDPR. You can exercise these rights at any time and therefore contact us directly. If you demand these rights from us, we will examine them in detail, taking into account the associated legal requirements and obligations. If necessary, we will request further information from you in this regard. We will provide you with a detailed explanation of the results of our review and our approach to fulfilling your request. In doing so, it is possible that we will not be able to fully comply with your requests in the way you would like.
This should not prevent you from claiming your rights from us or from asking us about them. We will be happy to answer any questions you may have.
11.1 Right of access (Art. 15 GDPR)
Pursuant to Art. 15 GDPR, you have the right to request information from us at any time as to whether and which of your personal data is being processed by us. This also includes information on the purposes of processing, if applicable, recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data if we have not collected it directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us. We reserve the right to charge a reasonable administration fee for making the following copies.
11.2 Right of rectification (Art. 16 GDPR)
In accordance with Art. 16 GDPR, you have the right to demand that we correct any inaccurate data that we have stored about you. This also includes the right to complete incomplete personal data.
11.3 Right to erasure (Art. 17 GDPR)
You have the right to request that we delete data that we have stored about you. If we have published data about you, this also includes our obligation, within the framework of the "right to be forgotten" pursuant to Article 17 (2) of the GDPR, to forward all links to this data and copies or replications of this data to other controllers of this published personal data, taking into account available technology and implementation costs.
11.4 Right to restriction of processing (Art. 18 GDPR)
In accordance with Art. 18 GDPR, you have the right to demand that we restrict the processing of data that we have stored about you. After that, processing of this data is only possible with your consent or for a few, legally defined purposes.
11.5 Right to object to processing (Art. 21 GDPR)
Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing in accordance with Art. 21 GDPR. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your advertising objection via the contact channels listed above.
11.6 Right to withdraw a data protection consent
If you have given your consent to the processing of your data, you may withdraw this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.
11.7 Right to data portability (Art. 20 GDPR)
Pursuant to Art. 20 GDPR, you have the right to receive from us personal data that you have provided to us in a structured, common and machine-readable format for the purpose of transferring it to another controller. This also includes, at your request and taking into account the available technical possibilities, the direct transfer from us to the other controller.
11.8 Right of appeal to a supervisory authority
In accordance with Art. 13 GDPR, you have the right to complain to a data protection supervisory authority about our processing of data relating to you at any time.
11.9 Automated decision making including profiling
You have the right to obtain information about the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, to obtain meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Data processing of business partners
Information about the processing of your personal data
Diligence and transparency is the basis for a trusting cooperation with our business partners. We therefore inform you about how we process your data and how you can exercise the rights to which you are entitled under the General Data Protection Regulation. Which personal data we process and for what purpose depends on the respective contractual relationship.
1. Which of your personal data do we use?
If you have an enquiry, request an offer from us or conclude a contract with us, we process your personal data. In addition, we also process your personal data, among other things, to fulfil legal obligations, to protect a legitimate interest or on the basis of a consent granted by you.
Depending on the legal basis, the categories of personal data concerned are the following:
- First name, last name
- Address
- Communication data (telephone, e-mail address)
- Nationality
- Contract master data, in particular contract number, term, period of notice, type of contract
- Invoice data/turnover data
- Creditworthiness data
- Payment data/account information
- Health data
- Account information, especially registration and logins
- Video or image recording
In the course of initiating a contract, we also make use of data provided to us by third parties. Depending on the type of contract, this involves the following categories of personal data:
- Information on creditworthiness (via credit agencies)
2. What are the sources of the data?
We process personal data that we receive from our customers, service providers and suppliers.
We also receive personal information from the following:
- Credit bureaus
- Publicly available sources: Commercial or association registers, debtors' registers, land registers.
- Other Group companies
3. For what purposes do we process your data and on what legal basis?
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws.
3.1 Based on your consent (Art. 6 para. 1 a GDPR)
If you have given us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- Sending an e-mail newsletter
- Market research (e.g. customer satisfaction surveys)
- Marketing and advertising
- Publication of a customer reference (name and picture)
3.2 For the performance of a contract (Art. 6 para. 1 b GDPR)
We use your personal data for the execution of the order or the sales contract.
Within this contractual relationship, we will process your data in particular to carry out the following activities:
Contract-related contacting, contract management, ongoing customer care, service center, perception of warranty claims, claims management, contract termination management.
More detailed information on the purposes of data processing can be found in the respective contract documents and general terms and conditions.
3.3 For the fulfilment of legal obligations (Art. 6 para. 1 c GDPR)
As a company, we are subject to various legal obligations. The processing of personal data may be necessary in order to comply with these obligations.
- Control and reporting obligations
- Prevention/prevention of criminal acts
3.4 On the basis of a legitimate interest (Art. 6 para. 1 f GDPR)
In certain cases, we process your data to protect a legitimate interest of us or a third party.
- Central customer data management within the group
- Measures for building and plant safety
- Video surveillance for the preservation of the house right
- Consultation of and data exchange with credit agencies to determine creditworthiness or default risks
- Ensuring IT security and IT operations
- Creditworthiness and identity checks
4. To whom will your data be passed on?
In order to fulfil our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies, as well as external service providers.
Companies in the Group:
The PIA Group maintains a central customer data management system, which can be accessed by employees of all affiliated companies, in order to offer you the full range of our services from a single source. You can access the companies of the PIA Group under this link:
External Service Providers:
We work with selected external service providers to fulfil our contractual and legal obligations:
- IT service providers (e.g. maintenance service providers, hosting service providers)
- Service provider for file and data destruction
- Printing services
- Telecommunications
- Payment service provider
- Advice and consulting
- Service provider for marketing or sales
- Credit bureaus
- Web hosting service provider
- Certified Public Accountant
Public Agencies:
In addition, we may be required to disclose your personal data to other recipients, such as public authorities, in order to comply with legal notification requirements.
- Financial authorities
- Customs
5. Is your data transferred to countries outside the European Union (so-called third countries)?
Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries, we conclude the standard data protection clauses provided by the Commission of the European Union. These clauses provide appropriate safeguards for the protection of your data with third country service providers.
If you wish to inspect the existing warranties, you can contact us at datenschutz@piagroup.com.
6. How long will my data be stored?
We store your personal data as long as it is necessary for the fulfilment of our legal and contractual obligations.
If the storage of the data is no longer necessary for the fulfilment of contractual or legal obligations, your data will be deleted, unless their further processing is necessary for the following purposes:
- Fulfilment of retention obligations under commercial and tax law. These include retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are generally 10 years.
- preservation of evidence within the framework of the statutory limitation provisions. According to the statutes of limitation of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is three years.
7. What rights do you have in connection with the processing of your data?
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply.
7. 1 Right of objection
You may at any time object to the use of your data for advertising by electronic mail without incurring any costs other than the transmission costs according to the basic rates.
What right do you have in case of data processing based on your legitimate or public interest?
Pursuant to Art. 21 (1) GDPR, you have the right to object at any time to the processing of your personal data on the basis of Art. 6 (1) e GDPR (data processing in the public interest) or on the basis of Art. 6 (1) f GDPR (data processing for the protection of a legitimate interest) for reasons arising from your particular situation; this also applies to profiling based on this provision.
In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
What rights do you have in the event of data processing for direct marketing purposes?
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Art. 21 (2) GDPR; this also applies to profiling insofar as it is associated with such direct marketing.
In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
7.2 Withdrawal of consent
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future.
7.3 Right to information
You can request information about whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have in relation to this data.
7.4 Other rights
In addition, you have the right to correct incorrect data or to delete your data. If there is no reason for further storage, we will delete your data, otherwise restrict the processing. You may also request that we provide any personal data you have provided to us in a structured, commonly used and machine-readable format either to you or to a person or company of your choice.
In addition, there is a right of appeal to the competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
7.5 Exercising your rights
To exercise your rights, you can contact the data controller or the data protection officer at: datenschutz@piagroup.com. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken.
8. Is there an obligation to provide your personal data?
In order to enter into a business relationship, you must provide us with the personal data that is required for the implementation of the contractual relationship or that we must collect due to legal requirements. If you do not provide us with this data, then the implementation and processing of the contractual relationship is not possible for us.
9. Changes to this information
If there is a significant change in the purpose or manner in which we process your personal data, we will update this information and notify you of the changes in a timely manner.
Data processing of applicants
Information about the processing of your personal data in the application procedure
We are pleased that you have applied to a company of the PIA Group. Transparency and trustworthy handling of your personal data is an important basis for good cooperation. Therefore, we inform you about how we process your data and how you can exercise your rights, which you are entitled to under the General Data Protection Regulation. The following information provides you with an overview of the collection and processing of your personal data in connection with the application process.
1. Which of your personal data do we use?
We process your personal data insofar as this is necessary to carry out the application process. This includes the following categories of data:
Standard details:
- Applicant master data (first name, last name, address, job position)
- Qualification data (cover letter, curriculum vitae, previous activities, professional qualifications)
- (Work) references and certificates (performance data, appraisal data, etc.)
- Login data(e-mail)
Special information that may be required due to the position to be filled
- Police clearance certificate
- Schufa information
- Results of the aptitude test
Other information
- Publicly accessible, work-related data, such as a profile on professional social media networks
- Voluntary information, e.g. an application photo, details of severely disabled status or other information that you provide to us voluntarily in your application.
2. What are the sources of the data?
We process personal data that we receive from you as part of the application process.
We also receive personal information from the following:
- Other Group companies
- Service provider for applicant placement
And we process personal data that comes from public sources, i.e. work-related social networks.
3. For what purposes do we process your data and on what legal basis?
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws.
Data processing for the purpose of the application relationship (§ 26 para. 1 BDSG)
Personal data of applicants may be processed for the purpose of the application procedure if this is necessary for the decision on the establishment of an employment relationship with us.
The necessity and the extent of the data collection depend, among other things, on the position to be filled. If the position you are seeking involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health requirements, more extensive data collection may be necessary. In order to protect data privacy, such data processing will only take place after the applicant selection process has been completed and immediately before you are hired.
Data processing based on your consent (Art. 6 para. 1 lit. a GDPR, § 26 para. 2 BDSG)
If you have given us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- Inclusion in the applicant pool, i.e. we store the application documents beyond the current application procedure for consideration in subsequent application procedures.
- Forwarding of the application to group companies
Based on the legitimate interest of the controller (Art. 6 para. 1 lit. f GDPR)
In certain cases, we process your data to protect a legitimate interest of us or a third party.
- For the defence of legal claims in proceedings under the General Equal Treatment Act (AGG). In the event of a legal dispute, we have a legitimate interest in processing the data for evidence purposes.
- Data comparison with EU anti-terror lists in accordance with Regulations (EC) No. 2580/2001 and 881/2002: As a company, we are obliged under EU law to cooperate in the fight against terrorism. No funds may be made available to persons and organisations on the terror lists (ban on making funds available). For this reason, we are obliged to check our names against the terror lists.
4. To whom will your data be passed on?
Your data will mainly be processed by our HR department and the department head who fills your position. However, in some cases other internal and external bodies are also involved in the processing of your data.
Internal posts:
- Human Resources
- Management
- professional and disciplinary managers
- Specialists
- Works Council
- Representative for severely disabled persons, if applicable
Companies in the Group:
The PIA Group maintains a central customer data management system, which can be accessed by employees of all affiliated companies, in order to offer you the full range of our services from a single source. You can access the companies of the PIA Group under this link:
Internal and external service providers:
- Provider of applicant management systems
- internal and external IT service providers (e.g. maintenance service providers, hosting service providers)
- Service provider for file and data destruction
If you have further questions about any of the recipients, please contact us at: datenschutz@piagroup.com
5. Is your data transferred to countries outside the European Union (so-called third countries)?
Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries, we conclude the standard data protection clauses provided by the Commission of the European Union. These clauses provide appropriate safeguards for the protection of your data with third country service providers.
If you wish to inspect the existing warranties, you can contact us at datenschutz@piagroup.com.
6. How long will your data be stored?
We store your personal data as long as this is necessary for the decision on your application. Insofar as an employment relationship between you and us does not come about, we may continue to store data beyond this, insofar as this is necessary for the defence against possible legal claims. As a rule, your data will be deleted within 6 months after the end of the application process.
If an employment relationship does not come about, but you have given us your consent for the further storage of your data, we will store your data until you revoke your consent, but for a maximum of three further years. If there is a specific reason, we may also store your data for a longer period for the purpose of defending against possible legal claims.
7. What rights do you have in connection with the processing of your data?
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply.
Right to object
What right do you have in case of data processing based on your legitimate or public interest?
Pursuant to Art. 21 (1) GDPR, you have the right to object at any time to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) e GDPR (data processing in the public interest) or on the basis of Art. 6 (1) f GDPR (data processing for the protection of a legitimate interest) for reasons arising from your particular situation; this also applies to profiling based on this provision.
In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Withdrawal of consent
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future.
Right to information
You can request information about whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have in relation to this data.
Other rights
In addition, you have the right to correct incorrect data or to delete your data. If there is no reason for further storage, we will delete your data, otherwise restrict the processing. You may also request that we provide any personal data you have provided to us in a structured, commonly used and machine-readable format either to you or to a person or company of your choice.
In addition, there is a right of appeal to the competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
Exercising your rights
To exercise your rights, you can contact the data controller or the data protection officer using the contact details provided. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken.
8. Is there an obligation to provide your personal data?
The provision of personal data is neither legally nor contractually required, nor are you obliged to provide the personal data. However, the provision of personal data is necessary for the implementation of the application process. That means, as far as you do not provide us with any personal data in an application, we will not be able to carry out the application process.
9. Changes to this information
If there is a significant change in the purpose or manner in which we process your personal data, we will update this information and notify you of the changes in a timely manner.
Terminology
TERMINOLOGY
1. Personal data
Any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Processing
Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Restriction of processing
The marking of stored personal data with the aim of limiting their future processing.
4. Profiling
Any automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
5. Pseudonymisation
The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
6. Responsible
The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
7. Processor
A natural or legal person, public authority, agency or other body processing personal data on behalf of the controller.
Third party' means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
8. Consent of the data subject
Any freely given specific, informed and unambiguous indication of his or her wishes in the form of a declaration or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed.