us

Privacy Statement

Introduction

Thank you for visiting our website and for your interest in our broad range of products. To help us provide you with the best possible service, personal data are collected, processed and transmitted on our web pages.

Personal data (e.g. the name, postal address, email address and telephone number of a data subject) are always processed in accordance with the EU’s General Data Protection Regulation (GDPR) as well as with the specific national data protection rules applicable to us.

As the controller responsible for data processing, we have implemented numerous technical and organisational measures to ensure the fullest possible protection for all personal data which is processed on our website. However, no data transmission over the Internet can be guaranteed to be one hundred percent secure and vulnerabilities can never be completely ruled out.

1. Key concepts and definitions

This Privacy Statement is based on the key concepts and definitions as used by the Community legislature and regulatory authority at the time the GDPR was adopted (Art. 4 GDPR). This Privacy Statement is written in plain language, so that it can be easily understood by anyone. To make doubly sure of this, we shall begin by explaining and defining a few key concepts. The following key concepts and definitions are used in this Privacy Statement:

  1. "Personal data":
    Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, geographical location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. "Data subject":
    Any identified or identifiable natural person whose personal data are processed by the controller responsible for processing;
  3. "Processing":
    Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  4. "Restriction of processing":
    The marking of stored personal data with the aim of limiting its processing in the future;
  5. "Profiling":
    Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, geographical location or movements;
  6. "Controller":
    The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  7. "Recipient":
    A natural or legal person, public authority, agency or other body, to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  8. "Third party":
    A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  9. "Consent"
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Contact

Responsible controller

NORRES Schlauchtechnik GmbH
Am Stadthafen 12-16
45881 Gelsenkirchen
GERMANY
Telefon +49 209 8 00 00 0
Phone info(at)norres.com

External Data protection officer

As data protection officer is ordered from us:

Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstraße 45
58095 Hagen
Phone +49 2331 356 832 0
E-Mail datenschutz(at)gdi-mbh.eu

3. Hosting

Our website is operated on servers of NORRES Schlauchtechnik GmbH, Am Stadthafen 12-16, 45881 Gelsenkirchen, Germany.

Collection and storage of personal data and nature and purpose of its processing

When you visit the website

We may, to a limited extent, collect information automatically when you visit the website. These data help us to focus on improving your experience of our website, and we will always use them in a responsible way. Such information is automatically collected and stored in log files on the server of our provider. The data thus collected include:

  • Name of the website you accessed
  • Date and time of the access
  • Volume of data transmitted
  • Confirmation that the access was successful
  • Type of browser
  • Browser version
  • Patch level of the browser
  • Site you visited previously
  • Requesting provider
  • IP addresses [anonymised]

We will process this information for the following purposes:

  • To improve our website
  • To ensure IT security
  • To improve our services

The legal basis for processing on our website is Art. 6(1) sentence 1(f) GDPR. Our legitimate interests are derived from the aforementioned data collection purposes.

Duration of retention of your data:

Any data stored by us will be deleted after the legal retention periods.

Before initiating a business relationship:

We store your contact details (title, first and last name, postal address, email address, landline and / or mobile telephone number and fax number) to enable us to contact you in the course of present or future dealings. These data which we have collected about you are stored until such time as the establishment or continuation of a business relationship is no longer realistic.

We use information held about you in the following ways:

  • For the performance of a contract
  • For the purpose of sending you an offer

We will process this information for the following purposes:

  • To facilitate the maintenance of business relationships
  • To facilitate the proper execution of a contract
  • To facilitate the proper and efficient processing of your enquiry

The legal basis for processing is Art. 6(1) sentences 1(b) and (f) GDPR and is derived from the aforementioned purpose.

4. When do we store personal information?

We collect personal information about you whenever you:

  • Use our website
  • Open a personal customer account
  • Subscribe to our newsletter
  • Fill in a request or quotation form
  • Contact us by email
  • Share such information with us in conversation provided you have given us your consent

5. Who do we share your personal information with?

We share your personal information with the following business partners:

  • Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany
  • Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) (Google Analytics, Google Tag Manager)

To our knowledge, our business partners apply all the required data protection standards and demonstrate compliance with data protection principles.

6. Cookies

We use the following cookies on our website::

Google Analytics/ Google Tag Manager

Name Expires Purpose
_ga 2 years after your last visit to the website Used to track if you have visited before.
_gat 10 minutes after your last visit to the website Used to manage the rate at which page view requests are made.
_gid 24 hours after your last visit to the website Used to store the session ID and to group the entire session’s activity together for each user.
_gac_UA-32375863-1 90 days after your last visit to the website This cookie is set when a user clicks on a Google advertisement to reach the website. It contains information about which ad was clicked, so that achieved successes such as orders or contact requests can be assigned to the ad.

https://policies.google.com/technologies/ads?hl=en

YouTube

Name Expires Purpose
VISITOR_INFO1_LIVE 179 days after your last visit to the website Tries to estimate the user bandwidth on pages with embedded YouTube videos.
PREF 8 months after your last visit to the website Registers a unique ID that is used by Google to keep statistics on how a visitor uses YouTube videos across different websites.
YSC At the end of your session Registers a unique ID to keep statistics on embedded YouTube videos the user has seen.
GPS At the end of your session Registers a unique ID on mobile devices to enable tracking based on the geographical GPS location.
CONSENT 8031 days after your last visit to the website This cookie tracks information about how the end user uses the site and what advertisements the end user may have seen before visiting the site.

https://policies.google.com/technologies/ads?hl=en

Cookie-Einstellungen

Name Ablaufdatum Funktion
cookieChoiceDone 1 year after your last visit to the website Saves the settings of visitors selected in the cookie box and controls the display of cookie settings.
ga-disable
gaOptIn
ytOptIn
  Session-Cookies der Website
Name Ablaufdatum Funktion
sid At the end of your session Identifies the user to provide essential functionalities such as the shopping cart.
sidb2b
sidcms
sidcatalog
 

How to block cookies

Firefox

  1. Open the Firefox browser.
  2. Press the “Alt” key on your keyboard.
  3. Click the menu button and choose “Options”.
  4. Select the “Privacy & Security” panel.
  5. Under “Firefox will remember history:”, choose “Use custom settings for history”.
  6. Uncheck “Accept cookies” and save your own settings.

You can also find current information here: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

Internet Explorer

  1. Open Internet Explorer.
  2. Click the “Tools” button, then select “Internet options”.
  3. Select the “Privacy” tab.
  4. Under “Cookies”, uncheck the settings and save your own settings.

You can also find current information here: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome

  1. Open Google Chrome.
  2. Choose “Settings”.
  3. Click “Advanced”.
  4. Under “Privacy and security”, click “Content settings”.
  5. In the “Cookies” section you can disable cookies and save your own settings.

You can also find current information here: https://support.google.com/chrome/answer/95647?co=GENIE.Platform&hl=en

Safari

  1. Open Safari.
  2. Choose “Preferences” from the toolbar (grey cog in the top right-hand corner) and click “Privacy”.
  3. In the “Accept cookies” section, you can specify whether, and if so, when Safari should accept cookies from websites. To see an explanation of the options, click the Help button (“?”).
  4. f you want to see which websites store cookies on your computer, click “Display cookies”.

You can also find current information here: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Edge

  1. Open the Edge browser.
  2. Click the three dots in the top right-hand corner.
  3. Go to “Settings” -> “View advanced settings”.
  4. Scroll down to “Cookies”.
  5. Click the radio button underneath and set it to “Block all cookies”.

Opera

  1. Open the Opera-browser.
  2. Click the Opera icon in the top left-hand corner.
  3. Go to “Settings”.
  4. Choose “Privacy and security”.
  5. In the “Cookies” section, you can set “Block sites from setting any data”.

How you can contact us

Our website offers you the opportunity to contact us, either by sending us an email or using the contact form. You may want to contact us for the following reasons:

  • Requirements
  • Offer
  • Enquiry

We provide various forms for this purpose in which all required information is recorded.

Your personal data are stored and processed in this connection for the purpose of communication. We do not share the data thus collected ([title, first and last name, telephone number, email address, IP address]) with third parties.

Your data will not be associated with other data collected on this website.

If you are already a customer of our company, these data may be stored for the purpose of customer relationship management (CRM).

The contact form is transmitted using TLS encryption, which serves to protect your personal data against unauthorised access.

The basis for data collection pursuant to Art. 6(1) sentence 1 GDPR is, where applicable, the consent you have given us (point a), the processing of data for the purpose of performing a contact or in order to take steps prior to entering into a contract (point b) as well as the legitimate interests of our company in the communication initiated by you (point f).

The data will be erased as soon as the purpose for which they have been stored no longer applies.

reCAPTCHA

In order to protect data forms on our site, we use the “reCAPTCHA” service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (referred to below as “Google”). With this service, we can differentiate between information that has been entered into a form by a human and information entered by an automated machine. The use of automated information entry constitutes misuse. The legal basis is Art. 6(1) sentence 1(f) GDPR.

The legal basis for using Google reCAPTCHA is your consent pursuant to Art. 6(1) sentence 1(a) GDPR insofar as you gave us this consent the first time you accessed the website.

Since no adequacy decision has been issued by the EU Commission regarding the transmission of personal data to the United States, we have agreed standard privacy clauses with Google within the meaning of Art. 46(2) point c GDPR.

To our knowledge, the referrer URL, the IP address, the behaviour of the website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, user input behaviour and mouse movements in the “reCAPTCHA” checkbox are transmitted to “Google”.

Amongst other things, Google uses the information obtained in this manner in order to digitise and optimise various of its own services.

The IP address transmitted by “reCAPTCHA” is not associated with other data by Google unless you are logged into your Google account at the time the “reCAPTCHA” plug-in is used, in other words when you visit our website. If you want to prevent this transmission and storage of data by Google about you and your behaviour on our website, you must log out of Google before you access our website. For the “reCAPTCHA” terms of service, see:
https://policies.google.com/privacy?hl=en.

Google Tag Manager

We use “Google Tag Manager” on our websites. This service is provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or – if you have your registered offices or your place of residence in the EU – by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Tag Manager provides features which allow us to integrate other services on our website easily, efficiently and dynamically. We can also configure and customise services integrated via Google Tag Manager with little effort and without having to make technical changes to our website. Furthermore, if you have already objected to the use of such services, Google Tag Manager will not deliver them to your browser.

Google does not collect any personal data when you use Google Tag Manager. Google collects non-personal, technical data for general use or if such data are necessary to implement Google Tag Manager.

Data processing takes place on the basis of Art. 6(1) sentence 1(f) GDPR.

We have a legitimate interest in ensuring the efficient provision of our website, including all embedded services and features.

Since no adequacy decision has been issued by the EU Commission regarding the transmission of personal data to the United States, we have agreed standard privacy clauses with Google within the meaning of Art. 46(2) point c GDPR.

For the Google privacy policy, please see here: https://policies.google.com/privacy?hl=en.

For the “Google Tag Manager” terms of service, please see here:
https://www.google.com/analytics/terms/tag-manager/

7. Applications (email / application form)

Please feel free to apply for vacancies advertised on our website directly or send us a speculative application.

You can do this using the email address indicated. Alternatively, you may complete our online application form.

When you apply for a job with us, we will process the information we receive from you in the course of the application procedure, e.g. in your letter of application, CV, references and correspondence as well as by telephone or verbally. In addition to your contact details, your training, qualifications, work experience and skills are of particular relevance to us. We will only judge you by your suitability for the job, so that you do not need to send us a photograph.

If you send us your application by email, the information you supply to us will not be encrypted for transmission unless your email provider supports SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption. If you prefer, you may instead send us encrypted emails provided you give us advance notification by telephone. Alternatively, you can send us your application details in encrypted files which are protected by password (for example *.zip) and tell us the password which we need to decrypt them by telephone or other means.

If you apply to us using the application form, we will process the data you enter in the input fields (title, first and last name, email address, desired starting date, salary expectations, other voluntary information) as well as any documents uploaded by you to enable us to process your application.

If we conclude a contract of employment with you on the basis of this application, we will store the data transmitted to us for the purpose of processing the employment contract in compliance with legal regulations.

However, if we do not conclude a contract of employment with you, we will erase this data six months after your application is rejected. The legal basis is Art. 6(1) sentence f GDPR (legitimate interests). Our legitimate interests in storage for this period are derived from the exercise or defence of claims, for example in connection with the burden of proof in a procedure under the German General Equal Treatment Act (AGG).

If you have given your consent to the storage of your application details for a longer period, we will transfer these data to our applicant pool (Section 26(2) BDSG (German Data Protection Act) in conjunction with Art. 6(1) sentence a GDPR). The data stored there will be erased after one year has elapsed.

Data are processed for the purpose of carrying out an application procedure.

The legal basis for processing in the context of the application procedure and as part of your personnel file is Section 26(1) sentence 1 BDSG and Art. 6(1) sentence b GDPR as well as – insofar as you have given your consent, for example by communicating other information which is not essential for the application procedure – Art. 6(1) sentence a GDPR.

You may withdraw your consent to the processing of personal data during the application procedure at any time by sending an email to dataprotection(at)norres.eu.

The legal basis for processing after your application has been rejected is Art. 6(1) sentence f GDPR.

Our legitimate interests in processing on the basis of Art. 6(1) sentence f GDPR are derived from the defence of legal claims.

The legal basis for budgetary and tax storage is Art. 6(1) lit. c GDPR in conjunction with § 147 AO.

Applicants wishing to submit their application using the online form should read our Privacy Notices for online applicants.

8. Data protection

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as any purchase orders or enquiries which you send to us as the site operator. You can recognise an encrypted connection in your browser when the address changes from “http://” to “https://” and a locked padlock is displayed in the address line.

If SSL or TLS encryption is enabled, the data you transfer to us cannot be read by third parties (end-to-end encryption). The protocols provide authentication of the communication partner and secure the integrity of the data transmitted.

Newsletter

Our website offers you the opportunity to subscribe to a newsletter, which will be sent to you by email. The newsletter will be sent to the email address provided by you at the time of registering. We will also require confirmation that you are the owner of this email address (double opt-in) and that you agree to receive the newsletter. The legal basis for this is Art. 6(1) sentence 1(a) GDPR. We will store your email address as well as other optional information such as your first and last name for the purposes of sending you the newsletter.
These data will be passed on to Episerver, our service provider, to enable the newsletter to be sent to you.

Our newsletter system has a tracking function that allows us to keep track of which recipients opened the newsletter at what time. These data are stored and used to evaluate the reach of individual campaigns.

Withdrawal of consent: You may object to the future use of your data at any time. For example, you can unsubscribe from the newsletter by clicking the link at the bottom of every email.

9. Google Analytics

This website uses “Google Analytics”, a web analytics service provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or – if you have your registered offices or your place of residence in the EU – by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site insofar as you have given your consent to the use of cookies for marketing purposes.

The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.

IP anonymisation is enabled on this website. If, however, you enable IP anonymisation on this website using the “anonymizeIp” option, Google will remove the end of your IP address so it only locates you as within the member states of the European Union or other members of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there.

Google will use this information on behalf of the operator of this website to evaluate how you use the website, compile reports on website activity and offer the website operator other services relating to website activity and Internet usage.

Google will never associate your IP address as transmitted by Google Analytics from your browser with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do this you may not be able to use the full functionality of this website. Any data will be erased after 14 months.

Furthermore, you can prohibit Google from collecting and analysing the data generated by the cookie about your use of the website (including your IP address) by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=en.

For the terms of service and information on data privacy, see https://www.google.com/analytics/terms/us.html and https://policies.google.com/?hl=en/.

Google processes your personal data on our behalf. We have therefore signed an agreement with Google pursuant to Art. 28(3) GDPR to handle order processing, in which Google undertakes to protect your personal data and to refrain from passing them on to third parties for other than the aforementioned purposes.

The legal basis for using Google Analytics is your consent pursuant to Art. 6(1) sentence 1(a) GDPR insofar as you gave us this consent the first time you accessed the website.

Since no adequacy decision has been issued by the EU Commission regarding the transmission of personal data to the United States, we have agreed standard privacy clauses with Google within the meaning of Art. 46(2) point c GDPR.

You may withdraw your consent to the processing and transmission of personal data at any time without giving reasons by sending a message to our Data Protection Officer’s contact address, by deleting cookies in your browser or by clicking on the link below:

Disable Google Analytics

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10. Fan Page on Facebook / Facebook Page

Facebook is a social network provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or – if you have your registered offices or your place of residence in the EU – by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

When you visit our online services on social media, your personal data may be automatically collected and stored for market research and advertising purposes. User profiles may then be created under a pseudonym from the data which is processed in this way. These profiles may be used, for example, to place advertisements on or outside platforms which are presumed to match your interests. Cookies are generally placed on your device for this purpose.

Our Privacy Statement explains how cookies work; please refer to the notices there for all further information. These cookies track visitor behaviour and users’ interests. This is necessary in order to safeguard our predominantly legitimate interest, based on a balance of interests, in improving the presentation of our products and services as well as in effective communication with existing and prospective customers. The legal basis for processing is therefore Art. 6(1) point f GDPR.

The legal basis for data collection and processing is your consent pursuant to Art. 6(1) point a GDPR. You may withdraw the consent you have given us to future processing of personal data at any time; to do this, please contact Facebook directly. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

For more comprehensive information on the processing and use of personal data by the providers on their respective websites as well as contact details, the rights you have in relation to your data and the settings you can choose to protect your privacy – in particular, how to exercise your right of objection (opt out) – please see Facebook’s privacy policies:
https://www.facebook.com/about/privacy/.

To exercise your right of objection (opt out), go to: https://www.facebook.com/settings?tab=ads.

Data processing takes place on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR which you can access here:
https://www.facebook.com/legal/terms/page_controller_addendum.

11. Using YouTube components in Enhanced Privacy mode

This website uses components (videos) of YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA; YouTube’s “Enhanced Privacy” feature is enabled for this purpose.

The YouTube videos are accessed by specifically clicking on them. This means that only information required to play the videos – in other words, which of our pages you have visited – is actually transmitted to the service provider. If you are logged into YouTube when you visit our website, this information will be assigned to your YouTube member account. You can prevent this by logging out of your YouTube account before you visit our website.

When you access one of our pages in which a YouTube video is embedded, you will be connected to the YouTube servers; your browser is informed which of our pages you have visited, to enable the content (in other words, the video) to be displayed.

The legal basis for using YouTube is this consent pursuant to Art. 6(1) sentence 1(a) GDPR, insofar as you gave us your consent the first time you accessed the website.

Since no adequacy decision has been issued by the EU Commission regarding the transmission of personal data to the United States, we have agreed standard privacy clauses with Google within the meaning of Art. 46(2) point c GDPR.

For more information on YouTube’s privacy policy, you can review the Google privacy policy here:
https://policies.google.com/privacy?hl=en.

12. LinkedIn

We use “LinkedIn”, the careers networking site for professionals, for personnel recruitment purposes and have a corporate profile there. LinkedIn is provided by the LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085 USA, or – if you have your registered offices or your place of residence in the EU – by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

When you visit our corporate profile on LinkedIn, your personal data may be automatically collected and stored by LinkedIn for market research and advertising purposes as well as to alert you to job offers which are presumed to match your interests. User and interest profiles may then be created under a pseudonym from the data which are processed in this way. Cookies are generally placed on your device for this purpose. Our Privacy Statement and the LinkedIn Cookie Policy explain how cookies work; please refer to the notices there for all further information. These cookies track visitor behaviour and users’ interests.

We additionally receive a statistical evaluation of the data thus collected, informing us which groups of persons have shown an interest in our company page. These data are processed for statistical purposes in anonymised form such that individual persons cannot be identified; the evaluations may, for example, contain information on a person’s approximate geographical location or age group as well as other aggregated metrics.

If LinkedIn asks you to give your consent to the processing of your personal data, for example by checking a box, the legal basis for processing is Art. 6(1) point a GDPR. You may withdraw your consent to future processing at any time; to do this, you must contact LinkedIn directly. Processing based on consent before its withdrawal remains lawful.

For more comprehensive information on the processing and use of personal data by LinkedIn as well as contact details, the rights you have in relation to your data and the settings you can choose to protect your privacy, please see LinkedIn’s privacy policies which you can access here: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=de.linkedin.com%7Cli-other.

To review the LinkedIn Cookie Policy, go to: https://www.linkedin.com/legal/cookie-policy.

Data processing takes place on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum.

Notwithstanding any internal understandings which are reached between us and LinkedIn on respective responsibilities, you can contact either us / our Data Protection Officer or LinkedIn if you have any questions or enquiries relating to the protection of personal data.

Since no adequacy decision has been issued by the EU Commission regarding the transmission of personal data to the United States, we have agreed standard privacy clauses with LinkedIn within the meaning of Art. 46(2) point c ) GDPR.

13. Xing

“Xing” is a career-oriented social networking site which is provided by New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany.

We have our own company page on Xing, which we use to actively search for potential employees in a professional setting and using a modern format. We also share information about our company on this page and present ourselves to the outside world. We use the site to communicate information on our services and products as well as any special activities or events which may be of interest or opportunities for employment at our company.

If Xing asks you to give your consent to the processing of your personal data, for example by checking a box, the legal basis for processing is Art. 6(1) sentence 1(a) GDPR.

For more comprehensive information on the processing and use of personal data by the providers on their respective websites as well as contact details, the rights you have in relation to your data and the settings you can choose to protect your privacy, please see Xing’s privacy policies:
https://privacy.xing.com/en/privacy-policy.

You can change your personal privacy settings in your account settings:
https://xing.com/settings/privacy/data.

14. Rights of the data subject

Your rights / exercise of rights

You are entitled to the rights set out below. You may exercise these rights against us. To exercise your rights, please use the aforementioned contact methods or send an email to datenschutz@gdi-mbh.eu

  1. Right of access under Art. 15 GDPR:
    You have the right to request information about your personal data processed by us, in particular about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data as well as to object to such processing, the right to lodge a complaint with a supervisory authority, the origin of your data if they were not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you, and finally, where personal data are transferred to a third country, the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
  2. Right to rectification under Art. 16 GDPR:
    You have the right to demand the rectification of inaccurate personal data concerning you and / or the right to have incomplete personal data completed without undue delay.
  3. Right to erasure under Art. 17 GDPR::
    You have the right pursuant to Art. 17(1) GDPR to demand the erasure of personal data concerning you. This right shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
  4. Right to restriction under Art. 18 GDPR:
    You have the right to demand the restriction of processing of your personal data as long as the accuracy of the personal data is contested by you, the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims or if you have objected to processing for reasons arising from your particular situation, pending the verification whether our legitimate grounds override your own as the data subject.
  5. Notification obligation under Art. 19 GDPR:
    If you have asserted the right of rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
  6. Right to data portability under Art. 20 GDPR:
    You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to have that personal data transmitted directly to another controller, where technically feasible.
  7. Right to withdraw consent under Art. 7(3) GDPR
    If our processing of personal data is based on your consent, you have the right to withdraw your consent to future processing at any time. If you withdraw your consent, we will cease processing of the data for which you have withdrawn consent, unless we have a legal obligation to keep some or parts of your data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right to lodge a complaint under Art. 77 GDPR
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

15. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1) sentence 1(e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process personal data concerning you unless the controller demonstrates compelling, legitimate reasons for continuing data processing which override your interests, rights and freedoms or, alternatively, for the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent it is related to such direct marketing.

If you object to processing for direct marketing purposes, personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding EU Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

16. Storage period for personal data

The storage period for personal data is determined by the respective legal retention period. After expiry of this period, the data concerned will be routinely deleted, provided they are no longer necessary for the performance or initiation of the contract and / or there is no longer any legitimate interest on our part in further storage.

17. Updates and changes to this Privacy Statement

This Privacy Statement is regularly reviewed and was last updated in February 2020.
We reserve the right to change this Privacy Statement without prior notice to reflect improvements to our website, or to the services offered on our website, as well as legal and regulatory changes. The most current version of the Privacy Statement can be reviewed on our website and printed out at any time by following this link:

https://www.norres.com/en/legal/privacy-statement/

NORRES Privacy Certificate
Download