Privacy Policy
1. Foreword
CeoTronics AG attaches high priority to the handling of your personal data. With the following information we would like to let you know for which purposes we collect, store and process which of your data, when and how. The Privacy Policy applies to our web presence, websites and our online offers.
2. Version, changes and updates of the Privacy Policy
In order to enable the implementation of new technologies and measures and to ensure that our Privacy Policy always complies with legal requirements, we occasionally adapt it. We therefore ask you to inform yourself regularly about the content of our Privacy Policy. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Last revised: 01 June 2022 | Version 01/05 | Classification: 01 PUBLIC
Table of Contents:
1. Foreword
2. Version, changes and updates of the Privacy Policy
3. Basic definitions of terms
4. Controller
5. Data protection officer (external)
6. Processing activities
7. Legal basis for the processing
8. Security measures (TOMs)
9. Transmission and disclosure of data to third parties and service providers
10. Data processing in third countries
11. Use of cookies, analysis and marketing tools (Cookie Policy)
12. Establishing contact
13. Registration and login for the protected area
14. Newsletter and advertising for existing customers
15. Provision of the web presence or website / web hosting
16. Business relations
17. Applications
18. Obligations to retain and erase data
19. Rights of data subjects
3. Basic definitions of terms
3.1 „Processor“: means any natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
3.2 „Third party“: means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
3.3 „Recipient“: means any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party.
3.4 „Personal data“: means any information (hereinafter also referred to as „Data“) which relates an identified or identifiable natural person (hereinafter also referred to as the „Data Subject“) (e.g. surname, first name, email address, IP address, etc.).
3.5 „Controller“: means any natural or legal person, public authority, agency or other body which alone or jointly with other controllers decides on the purposes and means of processing personally identifiable data.
3.6 „Processing“: means any operation or set of operations carried out with or without the aid of automated procedures relating to personally identifiable data, such as collection, recording, organisation, ordering, filing,storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Controller
CeoTronics AG
Adam-Opel-Straße 6
D – 63322 Rödermark
Phone: +49 6074 8751-0
E-mail: datenschutz@ceotronics.com
(hereinafter called „we“ or „us“)
5. Data protection officer (external)
wavesun-technologies
Patrick Bäcker
Am Lerchenberg 15
D - 63322 Rödermark
Phone: +49 6074 3709395
E-mail: info@wavesun-technologies.de
If you have any questions regarding our Privacy Policy, the processing of your personal data by us or other data protectionrelated topics that concern us, you are welcome to contact our external data protection officer, Mr. Bäcker, directly at any time.
6. Processing activities
In the following overview, we have summarised the categories of personal data, the purposes of the processing and the categories of data subjects:
6.1 Categories of personal data
- Master data (e.g. names, addresses)
- Contact details (e.g. emails, telephone numbers)
- Summary of contents (e.g. text entries)
- Usage data (e.g. websites visited)
- Meta / communication data (e.g. IP addresses, device information)
6.2 Purposes of the processing
- Provision of the online offer, its contents and functions
- Provision of the protected area
- Provision of (pre-)contractual services, service and customer care
- Management and response to requests
- Statistical evaluations
- (Direct) marketing and advertising
- Safety measures
6.3 Categories of data subjects
- Interested parties
- Customers
- Service providers
- Suppliers
- Business and contract partners
- Communication partners
- Users of the website (website visitors)
6.4 Special categories of personal data (Art. 9 para. 1 GDPR)
No special categories of personal data are processed.
7. Legal basis for the processing
We process the aforementioned personal data in compliance with the respective applicable statutory data protection
requirements in accordance with the following legal bases of the General Data Protection Regulation („GDPR“).
7.1 Based on your consent (Art. 6 para. 1 lit. a GDPR)
You have given us permission to process your personal data for specific purposes. Your voluntarily given consent can be revoked at any time with effect for the future.
7.2 In order to fulfil contractual obligations or to implement precontractual measures (Art. 6 para. 1 lit. b GDPR)
We process your data so that we can fulfil our contractual obligations to provide services or to carry out precontractual measures, which are carried out on request.
7.3 Based on legal obligations (Art. 6 para. 1 lit. c GDPR)
We are subject to different legal obligations, this means legal requirements (e.g. commercial and tax retention periods according to the German Fiscal Code and the German Commercial Code), according to which we must process your data.
7.4 In the context of the legitimate interest / balancing of interests (Art. 6 para. 1 lit. f GDPR)
We process your data to protect our legitimate interests or, if necessary, those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail.
7.5 National data protection regulations (BDSG)
In addition to the provisions of the GDPR, national regulations apply in Germany, including in particular the Federal Data Protection Act („BDSG“). These contain special data protection regulations at national level, according to which we process your data.
8. Security measures (TOMs)
The security of your data has the highest priority for us. In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying degrees of probability of occurrence and the extent to which the rights and freedoms of natural persons are threatened, we take appropriate technical and organisational measures („TOMs“) to ensure a level of protection of your personal data that is commensurate with the risks involved.
The measures taken by us (in accordance with Art. 32 GDPR) include in particular the safeguarding of the confidentiality, integrity and availability of data. We ensure this by regularly monitoring physical and electronic access to data, access, input, disclosure and safeguarding of the availability and separation of data. Furthermore, we have established procedures to ensure that the data subjects‘ rights are exercised, data is deleted, and responses are made to any threats to the data. We already take the protection of your personal data into account when developing or selecting hardware and software and when introducing new processes involving personal data by designing technology and by using data protectionfriendly presettings (in accordance with Art. 25 GDPR).
8.1 SSL encryption (HTTPS)
Our security measures include in particular the encrypted transmission of data between your browser and our server. You can recognise the encrypted connection by the prefix https:// and the lock symbol in the address line of your browser.
9. Transmission and disclosure of data to third parties and service providers
9.1 Third parties: As a matter of principle, your data will not be transferred to third parties, unless we are contractually entitled or legally obliged to do so or you have given us your consent. If our website contains links to other websites or other providers, i.e. other controllers, this Privacy Policy does not extend to other websites outside our responsibility. If the use of other providers‘ websites involves the collection, processing or use of personal data, please refer to the data protection information of the respective providers.
9.2 Service providers: We commission carefully selected external service providers (in particular processors according to Art. 28 GDPR) with tasks such as hosting, marketing services and programming. All service providers are obliged by us to maintain confidentiality and to comply with the legal requirements and are regularly checked and controlled with regard to compliance with the provisions of the data protection laws.
10. Data processing in third countries
An active transfer or disclosure and processing of personal data in third countries (i.e. outside the European Union (EU) or the European Economic Area (EEA)) to third parties will only take place if this is (pre)contractually necessary to execute your orders, if it is legally binding or if you have given us your consent. Subject to possible transfers and processing of your data in third countries, these will only be carried out on the basis of specific guarantees, such as the officially recognised establishment of a level of data protection equivalent to that in the EU or compliance with officially recognised specific contractual obligations (Standard privacy clauses).
11. Use of cookies, analysis and marketing tools as well as your objection possibilities (Cookie Policy)
11.1 Scope of coverage
This cookie policy applies in addition to the Privacy Policy for our website (as of 01 / 06 / 2022) and provides you with additional information on the type, scope and purposes of data processing for cookies used and statistical evaluations/Range measurement (hereinafter also referred to collectively as „Cookies“).
Below, we will also explain to you what the function of the Cookies is, which cookies we use on our website and how you can restrict or prevent the use of the Cookies and how you can object to them.
11.2 What are cookies?
Cookies are small text files that the browser stores on your end device (computer, smartphone, tablet, etc.) when you call up a website. Cookies contain, for example, information about your cookie selection, language settings and visit duration. Cookies help us to provide services, keep them up to date and constantly improve them, and to compile anonymous visitor statistics in order to continuously improve our website.
There are different types of cookies, for which we provide you with detailed information below.
11.3 Categories of cookies
Cookies are classified by origin, purpose and expiration time. The cookies we use serve different purposes, the expiration time is variable. These are categorised by us according to: technically required cookies, statistics cookies and marketing cookies.
11.4 Cookie provider
11.4.1 First-party cookies
These are cookies which are set and managed directly by us. We use them, for example, to record your cookie selection.
11.4.2 Third-party cookies
These are cookies which are set and used by other agencies or websites, for example by providers of analysis tools, route planners or for the display of videos. Thirdparty providers may also use cookies to display advertisements or to integrate content from social networks such as social plugins.
11.5 Storage duration of the cookies
11.5.1 Session cookies
Certain cookies are only required for the duration of your current service call or your session and are deleted or lose their validity as soon as you leave our website or your current session expires. Session cookies are used, for example, to retain certain information during your session, such as your registration for our online offers.
11.5.2 Permanent / timelimited cookies
These cookies are stored for a longer period of time, for example to recognise you at a later time when you call up our website again and to be able to call up stored settings. This allows you, for example, to access our website more quickly or conveniently or to avoid having to make certain settings such as your chosen cookie selection again. Permanent cookies are automatically deleted after a predefined period of time. The exact storage time for each individual cookie can be found in the following tables.
11.6 Purpose of the cookies, ordered by categories
11.6.1 Technically required cookies
Description: These cookies ensure the basic functionality and usability of our website. Among other things, they ensure smooth navigation on the website and make our website as a whole available. They are set, for example, to:
- enable basic functions of the website,
- save your cookie selection,
- provide a secure authentication with which you can log in to our protected area/your user account.
The legal basis for the integration of these cookies is: Art. 6 para. 1 lit. f GDPR.
We need this information to provide you with these online services.
We have currently integrated the following cookies in this category:
Cookie name |
Cookie provider | Purpose | Storage duration | ||||
1frontend | First-Party / Contenido (locally on CeoTronics server) | Secure authentication/login to our protected area | Session |
11.6.2 Statistics cookies
Description: These cookies enable us to obtain statistics about visitors to our website - for example, the number of visits to different categories of the website or the total frequency of visits. Navigation, services and offers can thus be improved. We use the open source visitor statistics tool „Matomo“ as a service. No cookies are used here, but "device fingerprinting". For further information on the use of „Matomo“, please refer to section 11.7.
11.6.3 Marketing cookies
Our videos are integrated via the third-party provider „Vimeo“. A „do-not-track“ function means that no cookies are set for this. We currently do not integrate marketing cookies.
11.7 Visitor statistics by Matomo (Range measurement)
11.7.1 Scope of the processing
Our website uses the tool / service „Matomo“, an open source software for statistical analysis of visitor access. For this purpose, so-called "device fingerprinting" (digital fingerprint) is used. This is a technology (usually undetectable by the user) that reads and combines device-specific information (such as device type, device performance, screen resolution, operating system, etc.). This creates a unique "device fingerprint" that potentially changes on a regular basis. The "device fingerprint" is not stored on the end device and no cookies are set, which means that the creation of user profiles (in addition to the anonymisation of IP addresses) is not possible. Matomo is hosted on our own servers, therefore no data is transferred/disclosed to third parties. A website-wide device recognition is not possible due to the local hosting and the cookie-less use. Only we (authorised employees) have access to the evaluations. The protection of your data is important to us, therefore we have additionally configured Matomo so that your IP address is only recorded in abbreviated form. We therefore process your personal usage data anonymously. It is not possible for us to draw conclusions about your person. For more information on the terms of use and Matomo‘s data protection regulations, please visit: https://matomo.org/privacy/.
11.7.2 Purposes of the processing
We use the data for the statistical evaluation (range measurement) of user behaviour on our website for the purpose of optimising the functionality and stability of the website and for the improved presentation of our products and services. From the above points follows our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. By making the IP address anonymous, we take into account the interests of users in the protection of personal data. The data is never used to personally identify the user of the website and is not merged with other data.
11.7.3 Legal basis for the processing
The legal basis for data processing by means of Matomo is our legitimate interest according to Art. 6 para. 1 lit. f GDPR for the above-mentioned purposes, taking into account your possibly conflicting interests.
11.7.4 Categories of data subjects
- Users of the website (website visitors)
11.7.5 Categories of personal data
- Usage data (e.g. categories visited, interest in content, access times)
- Meta / communication data (e.g. device information, IP addresses)
11.7.6 Right to object
Since no cookies are used in our Matomo configuration as described in point 11.7.1 and the IP address is anonymised, i.e. no data is stored on your device and we have no way of identifying you, an objection option via an opt-out or similar is currently not possible. However, you can make further data protection options in your browser settings (see point 11.9).
11.7.7 Storage duration
We delete the anonymous evaluation overviews after half a year (180 days).
11.7.8 Service providers and services used
„Matomo“ (www.matomo.org), a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. The service is hosted on our own servers as described above, therefore no data will be transferred / disclosed to third parties. Only we (authorised employees) have access to the evaluations.
11.8 You can find privacy information about the third party providers we use on their sites (clicking on the links opens a new tab and redirects you to the corresponding pages of the third party providers):
11.9 Instructions on how to accept, disable or block cookies through special browser settings of the most common browsers (clicking on the links opens a new tab and redirects you to the corresponding pages of the browser manufacturers):
12. Establishing contact
12.1 Scope of the processing
If you contact us via the contact form, email etc. with regard to questions or requests of any kind, your personal data will be collected, processed and stored. Which data is collected in the case of a contact form (especially mandatory fields) can be seen from the respective contact form. The provision of further data is optional and voluntary. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. As a matter of principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a contractual or legal obligation to do so or you have given us your consent.
12.2 Purposes of the processing
The information you provide is collected, processed and stored for the purpose of processing your request and for possible follow-up questions. If your contact is aimed at the conclusion of a contract, the data will be processed for the contractual initiation and the conclusion of the contract. If a contractual relationship already exists, the data will be processed for the purpose of executing the contract.
12.3 Legal basis for the processing
The legal basis for the processing of the data is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to respond to your request. If the aim of the request is the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
12.4 Categories of data subjects
- Communication partners
12.5 Categories of personal data
- Master data (e.g. names, addresses)
- Contact details (e.g. emails, telephone numbers)
- Summary of contents (e.g. text entries)
12.6 Right to object
If you would like to request erasure of the data relating to your enquiry, you can contact us at any time (for contact details see section 4. „Controller“). However, this may mean that we will not be able to process your request completely.
12.7 Storage duration
Your data, which we have received in the course of contacting you, will be deleted as soon as they are no longer required for the purpose of their collection, i.e. your request has been completely processed, no further communication with you is necessary or desired by you, no legal or contractual basis exists, no consent has been granted and no storage obligations apply.
13. Registration and login for the protected area
13.1 Scope of the processing
If you wish to register for the protected area on our website / create a user account, your data will be required for the use of our personalised services. For registration, you will be informed of the required mandatory data which will be collected, stored and processed for the purpose of providing the user account on the basis of contractual obligation. The processed data include in particular the registration and login information (title, surname, first name, authority and a valid email address). The provision of further data is optional and voluntary.
In the context of using our registration and login functions, the user account or the protected area, we store the IP address and the time of the respective user action. Collection, storage and processing are based on our legitimate interest as well as that of the users in protection against misuse and other unauthorised use of our protected area. As a matter of principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a contractual or legal obligation to do so.
13.2 Purposes of the processing
The data entered during registration are used for the purpose of using the user account and its purpose. After sending your data, authorised employees will check internally within the scope of our legitimate interest whether a legitimate registration and the provision of a user account with the accompanying transmission of access data exists.
If you have registered, we can inform you by email about processes relevant to your user account, such as technical changes.
13.3 Legal basis for the processing
The legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. The execution of the (pre-)contractual measure for the provision of a user account within the scope of the included provision of services and performances as well as for the answering of enquiries. Otherwise, we process your data in the legitimate interest (in accordance with Art. 6 para. 1 lit. f GDPR) to answer your enquiries (if these are not aimed at a contract), to send the above-mentioned technical information, and for technical administration and the application of security measures to protect user accounts and the protected area.
13.4 Categories of data subjects
- Users of the website (website visitors)
13.5 Categories of personal data
- Master data (e.g. names, addresses)
- Contact details (e.g. emails, telephone numbers)
- Summary of contents (e.g. text entries)
- Meta / communication data (e.g. IP addresses, device information)
13.6 Right to object and storage period
If you no longer wish to use your user account / have applied for the erasure of your user account or if the contractual basis expires / you have terminated your user account, your data with regard to the user account will be deleted, subject to the legal obligation to preserve records. It is your responsibility to secure your data before the deletion request is made, the contractual basis expires or the termination is made. We are entitled to irretrievably erase all data stored during the period of use, provided that there is no obligation to keep records.
14. Newsletter and marketing for existing customers
14.1 Scope of the processing
We send newsletters and other promotional information if you have given us your consent to do so or if you are registered with us as an „existing customer“ in our system in compliance with the legal regulations. Our newsletters and other promotional information contain the topics product news and trade fair information.
In order for you to receive the newsletter, it is necessary to enter your email address, to address you personally, your title, first and last name and the desired target group for the topic-specific sending of information. If you register to receive our newsletter, the data you provide will be used exclusively for this purpose and will not be passed on to third parties.
14.2 Purposes of the processing
The sending of our newsletter and other promotional information serves the purpose of informing interested parties and customers about our current product news and trade fair information.
Subscribers can also be informed by email about circumstances relevant to the service or registration (such as changes to the newsletter offer or technical conditions).
14.3 Consent via double opt-in procedure
If you would like to subscribe to our newsletter, this is always done by the so-called double opt-in procedure. This involves that after registration (entering your data in the newsletter form and sending it) you will receive an email to confirm your registration. This confirmation is necessary to ensure that you are the owner of the email address provided and therefore no strangers (email addresses) can register for the newsletter. Your data will also be checked internally by us for legitimate receipt. The entire application and registration process is logged in order to be able to prove this according to the legal requirements. This includes the storage of the registration and confirmation time, the confirmation of consent and its content as well as the IP address. This data is stored in our system as well as in our shipping program or with our shipping service provider.
14.4 Advertising for existing customers
If we have received your email address in connection with the sale of a product or service and you have not objected to this, we will process your email address in order to carry out email marketing (direct advertising) for our own similar products or services, and possibly other personal data in order to address you personally in this connection.
14.5 Performance measurement
Our sent newsletters contain a so-called web beacon, i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. Within the scope of this retrieval, technical information such as information on the shipping or delivery status, your browser and your system, as well as your IP address and the time of retrieval, is initially collected.
We use this technical information to improve our newsletter. This analysis includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider (if used) to evaluate individual user information. The evaluations serve the sole purpose of identifying the reading habits of our users and adapting our content to them or sending different content according to the interests of our users. Explicitly no user-specific analyses or observations are carried out. Additionally, only authorised employees have access to this information. As a central security measure, the newsletter is sent via software hosted by us, therefore only we have access to these evaluations.
The evaluation of the newsletter and the measurement of success are carried out, subject to the explicit consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.
A separate revocation of the performance measurement and the newsletter itself is unfortunately not possible, in this case the consent for the entire newsletter must be revoked or contradicted.
14.6 Legal basis for the processing
If you have registered for our newsletter via the „double opt-in procedure“, this is done on the basis of your consent (in accordance with Art. 6 para. 1 lit. a GDPR). Existing customer advertising is based on our legitimate interests in direct advertising (Art. 6 para. 1 lit. f GDPR or delivery on § 7 para. 3 UWG). Insofar as we commission a service provider to send emails, this is done on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The registration procedure is recorded on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in order to prove that it was carried out in accordance with the law.
14.7 Categories of data subjects
- Communication partners
14.8 Categories of personal data
- Master data (e.g. names, addresses)
- Contact details (e.g. emails, telephone numbers)
- Usage data (e.g. websites visited, access times, content interests)
- Meta/communication data (e.g. IP addresses, device information)
14.9 Right to object and storage period
You can cancel the newsletter or the existing customer advertising at any time with effect for the future. You can do this via the „unsubscribe link“, which is included in every newsletter. In addition, you can unsubscribe via the website using the following link: https://www.ceotronics.com/en/news/newsletter-registration/newsletter.html. You can also send an email with your notice of objection to the data protection email address in section 4. „Controller“. As proof of a given consent, we can store the registered email addresses for up to three years within the scope of our legitimate interest. If there are obligations to permanently observe contradictions, we reserve the right to store the email address in a blacklist exclusively for this purpose.
14.10 Service providers and services used
Our newsletter is sent via a software hosted by us. Therefore only we or authorised employees have access to the newsletter data.
15. Provision of the web presence or website/web hosting
15.1 Scope of the processing
For the secure and efficient provision of our web presence, we have commissioned carefully selected service providers with the web hosting. A contract for processing orders („OP contract“) was concluded with them in accordance with Art. 28 of the GDPR. Similarly, service providers in the areas of marketing services and programming are used to design our website, who have been obliged to maintain confidentiality or with whom an OP contract may also have been concluded. These are regularly checked by us to prove the protection of the data.
When visiting our web presence/websites, in the context of providing the above-mentioned hosting, the data of all visitors are processed which are generated during communication with our servers as well as during direct contact with us. These include in particular your IP address, which is technically necessary for establishing a connection. Further data are collected by us (or the commissioned (hosting) service providers) as so-called server log files (access log data of our servers). These include:
- IP address used
- Date and time of access
- Called file with method (GET or POST)
- Status code (200 O. K., 404 Not found)
- Amount of data sent in bytes
- Source / link from which the file was accessed
- User agent (browser used, operating system used and its interface, language and version of the browser software)
15.2 Purposes of the processing
We use the services (servers, their associated infrastructure, security services and maintenance services) of our hosting service providers to operate our website securely and efficiently. Furthermore, this technical information is necessary in order to correctly deliver the contents of websites you have requested.
It is processed in particular for the following purposes:
- Ensuring that the websites establish a connection without problems,
- Ensuring a smooth use of our websites,
- Evaluating system security (e.g. defence against DDoS attacks, „cyber attacks“) and system stability, and
- for other administrative purposes.
15.3 Legal basis for the processing
The processing of the personal data is based on our legitimate interest (in accordance with Art. 6 para. 1 lit. f GDPR) from the above-mentioned purposes for data collection.
We do not use these data to draw conclusions about your person.
15.4 Categories of data subjects
• Users of the website (website visitors)
15.5 Categories of personal data
• Summary of contents (e.g. text entries)
• Usage data (e.g. categories visited)
• Meta / communication data (e.g. IP addresses, device information)
15.6 Storage duration
The server log files are deleted after three months. Should the above-mentioned security-relevant events occur, we reserve the right, within the scope of our legitimate interest, to store the data for a longer period of time for the above-mentioned purposes. If the stated purpose is achieved, the data will be deleted immediately.
16. Business relations
In the context of the use of our web presence and communication (e.g. enquiries via the contact form) with us, a contract may be initiated. Further communication for this purpose will take place not via our website, but by email, post, personal meetings etc. For this purpose, in addition to our Privacy Policy (which is used for the use of our web presence and related services), we provide the information obligations pursuant to Art. 13 GDPR for interested parties, customers, service providers and suppliers under the following link: https://www.ceotronics.com/en/information-duties.html.
17. Applications
Our website contains information on current job offers. Communication (e.g. application for a job) will not take place via our website, but by email, post, personal interviews etc., as specified in the respective job description. For this purpose, in addition to our Privacy Policy (which serves to ensure the use of our website and related services), we make available the information obligations pursuant to Art. 13 GDPR for applicants under the following link: https://www.ceotronics.com/en/information-duties.html.
18. Obligations to retain and erase data
Your personal data will only be stored as long as this is necessary for the fulfilment of our contractual and legal obligations or if you revoke your given consent. Unless your data are deleted because they are required for other legal purposes, their processing is limited to these purposes, i.e. blocked.
Further information on the deletion of your personal data can also be found in the individual data protection notes of this Privacy Policy.
If, as mentioned above, the data are no longer necessary for the fulfilment of contractual or legal obligations, they will be deleted on a regular basis. Unless temporary and limited further processing is required for purposes such as the following:
- Fulfilment of commercial and tax law retention periods: e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention periods specified there are up to 10 years.
- Preservation of evidence within the framework of the legal statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), the regular limitation period is 3 years, in special circumstances up to 30 years.
- Compliance with storage obligations under telecommunications law and storage obligations under other laws.
19. Rights of data subjects
You have the following rights:
- in accordance with Art. 7 para. 3 GDPR, the right to revoke your consent towards us at any time with effect for the future. As a result, we are not allowed to continue the data processing that was based on this consent in the future;
- in accordance with Art. 15 GDPR, the right to request information free of charge about the personal data processed by us concerning your person;
- in accordance with Art. 16 GDPR, the right to demand the correction of incorrect or incomplete personal data stored by us without delay or the completion of your personal data processed by us;
- in accordance with Art. 17 GDPR, the right to demand the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another controller
- in accordance with Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company for this purpose.
- In Hesse, this is the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden.
- You can find a list of the supervisory authorities (for the non-public area) with their addresses at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to object (Art. 21 GDPR):
Insofar as the processing of your data is carried out to protect legitimate interests, you have the right to object to this processing at any time using our contact details given above, if reasons arise from your particular situation that conflict with this data processing. We will then terminate this processing unless it serves predominant interests worthy of protection on our part.
Right to object to the processing of data for direct marketing purposes:
You have the right to object at any time at the contact details given above to the processing of personal data concerning you for the purposes of such advertising.
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes in future.