Data Privacy Statement
§1 Information concerning the collection of personal data
In the following text you will find information concerning the collection of personal data when using our website. Personal data is all data that relates to you personally, for example name, e-mail addresses, usage.
The Controller in accordance with Art. 4, paragraph 7 of the EU General Data Protection Regulation (GDPR) is Gustav Gerster GmbH & Co. KG, Memminger Straße 18, 88400 Biberach/Riss, firstname.lastname@example.org (see our website impressum). Our Data Protection Officer can be contacted at email@example.com or by writing to our postal address with “Data Protection Officer” added to the address.
When you contact us by e-mail or using a contact form, the data you supply (your name, your e-mail address and your telephone number) are stored so that we can answer your questions. Such data are deleted once storage is no longer required or processing is restricted in cases where there are legal retention obligations.
If we rely on contracted providers for individual functions of our offer or we wish to use your data for commercial purposes, we will inform you in detail of the respective processes as follows.
§2 Your Rights
In respect of your personal data, you have the right of access, the right of correction or erasure, the right to restriction of processing, the right of objection to processing and the right of data portability.
You also have the right to complain about our processing of your personal data to a data protection supervisory authority (The State Data Protection Officer for Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Germany)
§3 Collection of Personal Data for Visits to our Website
(1) For purely informational use of the website, that is if you are not registering or otherwise conveying information to us, we only collect personal data that your browser conveys to our server. If you want to view our website, we collect data that are technically required for us to show you our website and guarantee stability and security (the legal basis for this is Art. 6, paragraph 1, sentence 1f, GDPR). These data are the IP address, the date and time of the enquiry, the time zone difference to Greenwich Mean Time (GMT), the content of the enquiry (specific page), the access status/HTTP status code, the relevant data volume transferred, the website from which the enquiry comes, the browser, the operating system and its user interface, as well as the language and version of the browser software.
(2) In addition to the aforementioned data, when you use our website, cookies are stored on your computer. Cookies are small text files which are assigned by the browser you use and saved on your hard disk and via which certain information flows to the location where the cookie is placed (in this case, by us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the overall internet presence more user friendly and effective.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient Cookies (see b)
- Persistent Cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. Specifically included here are session cookies. These store a so-called session ID, which enables various enquiries from your browser to be assigned to the joint session. As a result of this, your computer can be identified if you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a predetermined period which can differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser settings as you require and, for example, refuse the acceptance of third-party cookies or all cookies. We would advise you that in this event you may not be able to use every functionality of this website.
(4) Google Analytics
The IP addresses conveyed from your browser within the context of Google Analytics are not merged with other Google data.
You can prevent the storage of cookies by adjusting your browser settings accordingly; we would advise, however, that in this case you may in certain instances not be able to fully use every function of this website. Moreover, you can prevent the collection of data generated by the cookie and which relate to your usage of the website (including your IP address) going to Google by downloading and installing the browser plug-in using the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Analytics to analyse usage of our website and to enable regular improvements. Using the statistics, we can improve our offer and make it more advantageous for you as a user. In exceptional cases where personal data are transmitted to the USA, Google is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. The legal basis underpinning usage of Google Analytics is Art. 6, paragraph 1 Sentence 1f GRDP.
Information concerning the third party supplier: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Overview of data protection:
as well as data privacy statement:
(5) Google Web Fonts
For the purposes of a uniform illustration of fonts, this site uses what are known as web fonts which are made available by Google. When a site is called up, your browser loads the required web fonts in your browser cache in order to show texts and fonts correctly.
To this end, the browser you are using has to establish communication with the Google server. As a result, Google becomes aware that our website was called up via your IP address. The use of Google Web Fonts is for the purpose of a uniform and attractive representation of our on-line offer. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1f GDPR.
If your browser does not support Web Fonts, one of your computer‘s standard fonts is used.
Further information about Google Web Fonts can be found on
§4 Further Functions and Services of our Website
(1) Facebook Plug-ins (Like & Share Button)
Plug-ins from the Facebook social network, Provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our web pages. The Facebook plug-ins on our site can be identified by the Facebook logo or the “Like” button. You can find an overview of Facebook plug-ins on https://developers.facebook.com/docs/plugins/.
Via the plug-in, when you visit our pages, a direct connection is established between your browser and the Facebook server. Through this, Facebook is informed that you have visited our site from your IP address. If you click the Facebook “Like” button when you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. As a result, Facebook can link the visit to our pages to your user account. We would advise that we as the provider of the web pages receive no information concerning the content of the data transmitted or its use by Facebook. You can find further information about this in Facebook’s privacy statement at: https://de-de.facebook.com/policy.php.
If you do not want Facebook to be able to match the visit to our web pages with your Facebook user account, please log out of your Facebook user account.
(2) Google+ Plug-in
Our web pages use Google+ functions. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Recording and forwarding information: Using the Google+ icon you can publish information worldwide. You and other users receive personalised content from Google and our partners via the Google+ icon .Google stores both the information that you entered as content +1 and also information about the web page you viewed when clicking on +1. Your +1 may be displayed as references in Google Services together with your profile name and your photo, for example in search results or in your Google profile, or in other places on websites and notifications on the internet.
Google records information about your +1 activity in order to improve Google Services for you and others. In order to be able to use the Google+ icon, you need a worldwide visible, public Google profile which must contain as a minimum the name selected for the profile. This name is used in all Google Services. In some cases, this name can also replace another name that you have used when sharing contents via your Google account. The identity of your Google profile can be displayed to users who know your e-mail address or who possess other identifying information about you.
Use of recorded information: Alongside the uses outlined above, the information provided by you is used in accordance with the current Google data protection provisions. Google may publish a summarised version of statistics concerning the +1 activities of users and forward these to users and partners, such as Publisher, advertisers of associated websites.
(3) Twitter Plug-in
Functions of Twitter are integrated into our webpages. These functions are supplied by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
By using Twitter and the retweet function, the websites you visit are connected with your Twitter account and made known to other users. Data is thereby also transmitted to Twitter. We would advise that we as the provider of the webpages receive no information concerning the content of the data transmitted or its use by Twitter. Further information on this can be found in Twitter’s privacy statement on: https://twitter.com/privacy.
You can change your data protection settings with Twitter in the settings account at https://twitter.com/account/settings.
(4) YouTube Plug-in
Our website uses plug-ins from the Google operated site YouTube. The operator of the webpages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one our sites equipped with a YouTube plug-in, a connection to the YouTube server is created. Via this, the YouTube server is informed which of our sites you have visited. If you are logged on to your YouTube account, you enable YouTube to assign your surfing activities directly to your personal profile. You can prevent this by logging out of your YouTube account.
Use of YouTube is for the purpose of providing an attractive representation of our on-line offer. This is a legitimate interest within the meaning of Art. 6, paragraph 1f GDPR.
Further information concerning how user data is dealt with can be found in the YouTube Privacy Statement at: https://www.google.de/intl/de/policies/privacy.
(5) Google Maps
This site uses Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
It is necessary to store your IP address to use the functions of Google Maps. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer.
Use of Google Maps is for the purpose of providing an attractive representation of our on-line offer and to make it easier to find the location of the places cited by us on the website. This is a legitimate interest within the meaning of Art. 6, paragraph 1f GDPR.
Further information concerning how user data is dealt with can be found in the Google Privacy Statement at: https://www.google.de/intl/de/policies/privacy/
If you wish to obtain the newsletter offered on the website, we require from you an e-mail address as well information which allows us to check that you are the owner of the e-mail address given and that you agree with receiving the newsletter. Further information will not be collected or if it is, only on a voluntary basis. We use this data exclusively for sending the required information and do not pass it on to third parties.
The processing of the data entered on the newsletter registration form will only be carried out with your consent (Art. 6, paragraph 1a GDPR). The consent given to store the data, the e-mail address and its use for sending the newsletter can be revoked at any time, for example via a notification with the word “unsubscribe” to firstname.lastname@example.org or by fax to +49 (0) 7351/586 5400. The legitimacy of data processing carried out previously is unaffected by any revocation.
Your data stored with us for the purposes of receiving the newsletter are stored by us until such time as you unsubscribe from the newsletter and deleted following cancellation of the newsletter. Data that we have stored for other purposes (for example, e-mail addresses for the member area) shall remain unaffected by this.
(7) Contact Form
If you send enquiries via the contact form, we store the details on the contact form including the contact data you have given in it for the purpose of processing the enquiry and for the case of associated questions. We do not pass on this information without your consent.
The processing of the data given on the contact form thus occurs uniquely on the basis of your consent (Art.6 paragraph 1a GDPR). You can revoke this consent at any time. A paperless notification by e-mail to us suffices for this. The legitimacy of previous data processing is unaffected by the revocation.
The information you give on the contact form stays with us until you ask us to delete it, you revoke your consent to store or the purpose for storing the data no longer applies (for example, when your enquiry has been dealt with). Compelling legal provisions – in particular, record retention periods – shall remain unaffected.
(8) Google reCAPTCHA
We use Google reCAPTCHA (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is intended to check whether the data entry on our websites (for example, on a contact form) has been carried out by a person or by an automated program. To do this, reCAPTCHA analyses the behaviour of website visitors using various features. This analysis begins automatically as soon as the website visitor enters the site. To carry out the analysis, reCAPTCHA evaluates various information (for example, IP address, duration of the website visitor‘s visit or the number of mouse movements activated by the user). The data recorded in the analysis are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.
Data processing is carried out on the basis of Art. 6 paragraph 1f GDPR. The website owner has a legitimate interest in protecting its web offers from the misuse of automated spying and SPAM.
For further information about reCAPTCHA and Google’s Privacy Statement, see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
(9) Application Form
In the course of your on-line application, the following list of personal application data are collected and processed:
• Name, forename
• Telephone number
• E-mail address
• Application documents (application letter, CV, references, certificates etc.)
a) Purpose of data recording / forwarding
The collection and processing of your personal application data is carried out purely for the specific purpose of filling vacancies in our company. Your data are in principal only forwarded to internal positions and specialist departments in our company which are responsible for the specific application process. There is no forwarding of your personal application data to other companies.
Your application data are not used for purposes over and above this nor are they forwarded to third parties.
b) Application data retention period
Erasure of your personal application data is carried out in principal automatically six months following closure of the application procedure. This does not apply if there are statutory provisions to the contrary, further storage is required for the purposes of evidence or you have expressly agreed to a longer period of storage.
c) Data security
In order to protect the application data collected as part of your application from manipulation and unauthorised attacks, we have taken a wide range of technical and organisational precautions. In particular, transmissions of your on-line application are encrypted using the latest technology.
d) Right of access and revocation
If you should have any questions about collection, processing or use of your personal data, or if there are questions concerning access, rectification or erasure of data, as well as the revocation of approvals given, please contact our Data Protection Officer.
§5 Changes to our Data Protection Provisions
To ensure that this privacy statement is always in accordance with current legal requirements, we reserve the right to adapt it from time to time, in particular if our services change, e.g. if a new service is introduced. The version of this privacy statement currently in force shall apply to you.
Version applicable as at: 09/2018