Data protection policy
- Name and contact details of the controller
This data protection information applies to the data processing by:
Person responsible: Steinmüller Engineering GmbH (hereinafter referred to as Steinmüller), Fabrikstraße 5, D-51643 Gummersbach, Germany Email: firstname.lastname@example.org Phone: +49 (0)2261 - 789500 Fax: +49 (0)2261 -78950199
Steinmüller's company data protection officer can be contacted at the address dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, at the attention of Dr. Christian Lenz, or at email@example.com or 02261-8195-0.
- Rights of data subjects
You have the right:
to request information about your personal data processed by us in accordance with Art. 15 DSGVO. If we process your data, you may in particular request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, in particular in the case of recipients in third countries, the planned storage period or the criteria for determining it, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right of appeal to a supervisory authority, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof;
in accordance with Art. 16 DSGVO, to demand the correction of incorrect or incomplete personal data stored by us without delay;
in accordance with Art. 17 DSGVO to demand the deletion of your personal data stored with us, unless the processing is necessary in particular to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims
pursuant to Art. 18 DSGVO, to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you need the data for the assertion, exercise or defence of legal claims, or if you have lodged an objection to the processing pursuant to Art. 21 DSGVO and it has not yet been established whether our legitimate reasons outweigh your interests;
in accordance with Art. 20 DSGVO, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party, provided that the processing is based on your consent or a contract and that the processing is carried out using automated procedures;
in accordance with Art. 7 Para. 3 DSGVO to revoke your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent in the future and
complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace or to the supervisory authority of our company headquarters.
- Right of objection
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter e or f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing.
In the former case, we will no longer process your data unless we can prove compelling reasons that outweigh your interests, freedoms and rights or unless our processing serves to assert, exercise or defend legal claims.
In the latter case, you have a general right of objection, which will be implemented by us without specifying a special situation. If you would like to make use of your right of revocation or objection, an e-mail to firstname.lastname@example.org is sufficient.
- Disclosure of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
you have given your express consent in accordance with Art. 6 para. 1 sentence 1 letter a DSGVO,
the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation to pass on the data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, and
this is legally permissible and required under Art. 6 para. 1 sentence 1 lit. b DSGVO for the processing of contractual relationships with you.
In addition, our contract processors receive your personal data for processing in accordance with your instructions, insofar as this is necessary for the fulfilment of the order. Our contract processors do not have a right of use of their own to your data.
- Data security
We use the common SSL (Secure Socket Layer) procedure within the website visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol or by the use of https in front of the address of our (sub-)website. We also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
- Third countries
Data will only be transferred by us to third countries in accordance with the legal regulations.
As far as we fulfil our contract with you, data will be made available to third parties. Suitable guarantees according to Art. 46 DSGVO or an appropriateness decision according to Art. 45 DSGVO are not necessary for this.
If you do not consent to the transfer of data, if the transfer of data does not serve the fulfilment of the contract or if the transfer is necessary for the assertion, exercise or defence of legal claims, the data will only be transferred by us if suitable guarantees or a decision on appropriateness is available.
A suitable guarantee exists, for example, if the EU standard data protection clauses issued by the EU Commission have been concluded or if certification by means of a "privacy shield" is available.
The legal basis is Art. 45 and 46 DSGVO.
Specific data protection information for the data processing processes on the website
- When visiting the website
When you call up our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which the access takes place (referrer URL),
the browser used and, if applicable, the operating system of your computer and the name of your access provider.
We process the data mentioned above for the following purposes:
Ensure a smooth connection of the website,
Guarantee a comfortable use of our website,
Evaluation of system security and stability and
for other administrative purposes.
The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest lies in the operation of our website and the associated presentation of our company.
Your data will be deleted as soon as they are no longer required for the purposes stated, at the latest after 6 months.
- When using our contact form
If you have any questions of any kind, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid e-mail address so that we know who the enquiry comes from and can answer it. Further information can be provided voluntarily.
The data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after the completion of your request.
If your inquiry is aimed at the conclusion of a contract, Art. 6 para. 1 sentence 1 lit. b) DSGVO serves as the legal basis. In this case we will store your data for the duration of the statutory retention periods.
We store your data until you revoke your consent.
We use CleverReach for sending newsletters. The provider is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the sending of newsletters can be organized and analyzed. The data entered by you for the purpose of newsletter subscription (e.g. e-mail address) is stored on the servers of CleverReach in Germany or Ireland.
Our newsletters sent with CleverReach allow us to analyze the behavior of the newsletter recipients. Among other things, we can analyze how many recipients opened the newsletter message and how often which link in the newsletter was clicked on. With the help of the so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on our website) has taken place after clicking the link in the newsletter. Further information about data analysis by CleverReach newsletter can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not want CleverReach to analyze you, you have to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can unsubscribe directly on the website.
The data that you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data that has been saved for other purposes (e.g. e-mail addresses for the member area) remain unaffected.
Conclusion of a contract for commissioned data processing
We have concluded a contract for commissioned data processing with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.
- For applications
It is particularly important to Steinmüller to ensure the highest possible protection of your personal data. All personal data collected and processed by Steinmüller in the context of an application are protected against unauthorized access and manipulation by technical and organizational measures. Your data will only be processed for the purpose of filling positions at Steinmüller Engineering GmbH.
We require your personal data in the application documents in order to be able to consider you as an applicant in the application process and to check whether you are eligible to work for our company. If you provide information that goes beyond this required information, you voluntarily provide us with this information and agree to its processing.
The legal basis for the processing is thus Art. 6 para. 1 sentence 1 lit. a and b DPA. Consent may be revoked at any time. You can send your revocation at any time by e-mail to email@example.com.
After completion of the application procedure, we will store your documents for a further 6 months for evidence purposes.
For a possible conclusion of a contract it is necessary that you provide us with your personal data in the application documents. Otherwise we will not be able to consider you in the application process.
- Cookies, analysis tools, plugins and other third party elements
The analysis tools we use evaluate the user behaviour of the website visitors and enable us to optimise the website and adapt marketing measures.
We use plugins and other elements of third parties to integrate content from these providers into our website.
- a) Required first-party cookies
The use of our required first-party cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site.
In addition, we also use temporary cookies, which are stored on your end device for a certain fixed period of time, to optimise user-friendliness. If you visit our site again in order to use our services, we will automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
These data will be deleted after 6 months at the latest.
We process your data on the basis of our legitimate interest in the external presentation of our company via the website you have called up and to promote user-friendliness. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f DSGVO.
Most browsers accept these cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before such a cookie is created. However, completely disabling cookies may result in the website not being displayed correctly or you may not be able to use all the features of our website.
- b) 1&1 IONOS WebAnalytics
This website uses 1&1 IONOS WebAnalytics. This is a web analytics service provided by 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. 1&1 IONOS WebAnalytics uses pixels and log files to determine the following data:
Referrer (previously visited website)
requested web page or file
Browser type and version
Operating system used
used device type
Time of access
IP address in anonymous form (only used to determine the location of access)
1&1 IONOS SE receives this data as part of a contract processing relationship and may only process the data in accordance with our instructions and not for its own purposes.
We use the tool to evaluate your use of the website and to compile reports on website activity. We process this data on the basis of our legitimate interest in optimising our website (Art. 6 Para. 1 S. 1 lit. f) DSGVO).
This data protection declaration is currently valid and has the status of March 2020. Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.steinmueller.com/de/datenschutz.html.
- Personal data processing
The categories of personal data processed include, in particular, your master data (such as first name, surname, name affixes, nationality and personnel number), contact data (such as private address, (mobile) telephone number, e-mail address), the log data resulting from the use of the IT systems and other data from the employment relationship (e.g. time recording data, holiday periods, periods of incapacity to work, skills data, criminal records, if applicable, social data, bank details, social security number, pension insurance number, salary data and the tax identification number). This may also include special categories of personal data such as health data and information on religious affiliation.
Your personal data is generally collected directly from you as part of the recruitment process or during the employment relationship. In certain constellations, your personal data may also be collected by other agencies due to legal requirements. These include, in particular, requests for tax-relevant information from the responsible tax office as well as information on periods of incapacity to work from the respective health insurance company. In addition, we may have received data from third parties (e.g. employment agencies).
We process your personal data in compliance with the provisions of the DSGVO, the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. BetrVG, ArbZG, etc.).
The primary purpose of data processing is to establish, implement and terminate the employment relationship. The primary legal basis for this is Art. 6 para. 1 b) DSGVO in conjunction with Art. 26 para. 1 BDSG. In addition, collective agreements (group, general and works agreements as well as collective bargaining agreements) pursuant to Art. 6 para. 1 b) in conjunction with Art. 88 para. 1 DSGVO in conjunction with Section 26 para. 4 BDSG and, if applicable, your separate consent pursuant to Art. 6 para. 1 a), 7 DSGVO in conjunction with Section 26 para. 2 BDSG (e.g. in the case of video recordings) may be used as a data protection permit provision.
We also process your data in order to be able to fulfil our legal obligations as an employer, especially in the area of tax and social security law. This is done on the basis of Art. 6 Para. 1 c) DSGVO in conjunction with § 26 BDSG.
Where necessary, we also process your data on the basis of Art. 6 Para. 1 f) DSGVO in order to protect the legitimate interests of ourselves or third parties (e.g. authorities). This applies in particular to the clarification of criminal offences (legal basis § 26 para. 1 p. 2 BDSG), violations of the Compliance Directive or within the Group for the purposes of Group management, internal communication and other administrative purposes.
Insofar as special categories of personal data are processed in accordance with Art. 9 Para. 1 DSGVO, this serves the exercise of rights within the framework of the employment relationship or the fulfilment of legal obligations arising from labour law, social security law and social protection (e.g. provision of health data to the health insurance fund, recording of severe disability due to additional leave and calculation of the severely disabled persons levy). This is done on the basis of Art. 9 para. 2 b) DSGVO in conjunction with § 26 para. 3 BDSG. In addition, the processing of health data may be necessary for the assessment of your ability to work in accordance with Art. 9 Para. 2 h) in conjunction with § 22 Para. 1 b) BDSG.
In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 para. 2 a) DSGVO in conjunction with Art. 26 para. 2 BDSG (e.g. company health management).
Finally, consent can be given voluntarily in accordance with Art. 6 para. 1 a) DPA for e.g. photo or film recordings within advertising clips or for the website.
Should we wish to process your personal data for a purpose not mentioned above, we will inform you of this beforehand.
Within our company, only those persons and bodies (e.g. specialist department, works council, representative body for severely disabled persons) receive your personal data which they require to fulfil our contractual and statutory obligations.
In addition, we sometimes use different service providers to fulfil our contractual and legal obligations. A list of the service providers can be viewed in the personnel office.
In addition, we may transfer your personal data to other recipients outside of the company if this is necessary to fulfil our contractual and legal obligations as an employer. These may be, for example:
- authorities (e.g. pension insurance institutions, professional pension schemes;
- social security institutions, tax authorities, courts);
- bank of the employee (SEPA payment medium).
We delete your personal data as soon as they are no longer required for the above-mentioned purposes. After termination of the employment relationship, your personal data will be stored as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods thereafter are up to ten years. In addition, personal data may be stored for the time during which claims can be made against us (statutory limitation period of three or up to thirty years).
As part of your employment, you must provide us with the personal data that is necessary for the establishment, execution and termination of the employment relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data we will not be able to perform the employment contract with you.