Direkt zum Inhalt | Direkt zur Navigation

Personal tools

Sektionen
Home | Privacy Policy

Privacy Policy

The requirements of the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply throughout Europe. We would like to inform you about the processing of personal data carried out by our companies in accordance with this Regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy statement, you can always send them to the email address given in sections 2 and 3 respectively.

Table of contents:

I. Overview

  1. Scope
  2. Data Controller
  3. Data Protection Officer
  4. Data Security

II. Data  Processing in Detail

  1. General information about data processing
  2. Processing activities as per scope 1 a)
  3. Processing activities as per scope 1 b

III. Rights of the Data Subject

  1. Right to object
  2. Right of access
  3. Right of rectification
  4. Right to erasure ("right to be forgotten")
  5. Right to restriction of processing
  6. Right to data transferability
  7. Right to withdraw consent
  8. Right to appeal

IV. Glossary

 


 

I. Overview

In this section of the data protection declaration you will find information on the scope, the entity responsible for data processing (the “Data Controller” or simply the “Controller”), the Data Protection Officer and on Data Security.

1. Scope

a)  External data processing carried out by our business entities may essentially be divided into the following categories:

Data processing by our business entities may essentially be divided into two categories:

  • All data required for the performance of a contract with our business entities will be processed for the purpose of performing the contract. If external service providers are also involved in the performance of these contract, e.g. agencies or IT service providers, your data will be passed on to them to the extent necessary in each case.
  • When you access the websites/applications of our business entities, various pieces of information are exchanged between your device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our websites.

This privacy policy applies to the following services:

All of these services are collectively referred to as "Services"

b) The internal data processing by our business entities can essentially be divided into the following categories:

  • For the purpose of performing contracts in the employment relationship, all data required for performing the employment contract with the relevant legal entity is processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent necessary in each case.
  • For other purposes, such as the public presentation of our businesses  or the safety and protection of our businesses’ assets, data is collected on the basis of either our legitimate interest or your consent.

2. Data Controller

a) The controller for any data processing in respect of the scope per item 1 a) above

The controller – i.e. the person who or undertaking which decides on the purposes and means of processing personal data – in connection with the Services is

Ostfriesische Tee Gesellschaft GmbH & Co. KG
Bosteler Feld 6 
21218 Seevetal 
GERMANY
Phone.: +49 4105 504-0 
Fax: +49 4105 624-0 
E-mail: [Email protection active, please enable JavaScript.]

b) The controller for any data processing in respect of the scope per item 1 a) above

Depending on the employment relationship, the responsible person is the respective legal entity.

Laurens Spethmann Holding 
Aktiengesellschaft & Co. KG
Bosteler Feld 6
21218 Seevetal
GERMANY
Phone: +49 4105 504-0
E-mail: [Email protection active, please enable JavaScript.]

Ostfriesische Tee Gesellschaft GmbH & Co. KG
Bosteler Feld 6
21218 Seevetal
GERMANY
Phone: +49 4105 504-0
E-mail: [Email protection active, please enable JavaScript.]

OnnO Behrends GmbH & Co. KG
Am Fridericussiel 5–7
26506 Norden
GERMANY
Phone: +49 4931 1895-0
E-mail: [Email protection active, please enable JavaScript.]
Milford Tea GmbH & Co. KG
Meilsener Straße 4
21244 Buchholz
GERMANY
Phone: +49 4181 213-0
E-mail: [Email protection active, please enable JavaScript.]
KRÄUTERHAUS WILD GmbH & Co. KG
Meßmerstraße 29
97508 Grettstadt
GERMANY
Phone: +49 9729 9110-0
E-mail: [Email protection active, please enable JavaScript.]
Nutrisun GmbH & Co. KG
Bosteler Feld 6
21218 Seevetal
GERMANY
Phone: +49 4105 504-0
E-mail: [Email protection active, please enable JavaScript.]
MEDIN GmbH & Co. KG
Triebweg 5
97906 Faulbach
GERMANY
Phone: +49 9392 809-0
E-mail: [Email protection active, please enable JavaScript.]
OTG Lager- und Frachtkontor GmbH & Co. KG
Meilsener Straße 8b
21244 Buchholz
GERMANY
Phone: +49 4181 213-163
E-mail: [Email protection active, please enable JavaScript.]
OTG Lager- und Frachtkontor GmbH & Co. KG
Meßmerstraße 31
97508 Grettstadt
GERMANY
Phone: +49 9729 9110-90
E-mail: [Email protection active, please enable JavaScript.]
OTG Zukunft durch Ausbildung GmbH
Meilsener Straße 8b
21244 Buchholz
GERMANY
Phone: +49 4181 213-260

 

3. Data Protection Officer

You may contact our Data Protection Officer as follows:

Contact form: https://www.dsextern.de/anfragen

DS EXTERN GmbH 
Dipl.-Kfm. Marc Althaus 
Frapanweg 22 
22589 Hamburg
GERMANY

4. Data Security

In order to develop the measures required in Art. 32 GDPR and achieve a level of protection appropriate to the risk, we have established an information security standard according to VdS 10000 in our companies.

The guidelines of the VdS 10000 – Cyber-Security für kleine und mittlere Unternehmen (KME) (VdS 10000 – Cyber Security guidelines for small and medium enterprises (SME)) of the VdS Schadenverhütung GmbH contain guidelines and assistance for the implementation of an information security management system as well as specific measures for the organizational and technical protection of IT infrastructures. They are designed to ensure an adequate level of protection.

 

II. Data processing in detail

In this section of the Privacy Policy, we will inform you in detail about the processing activities within the scope of our services. For better clarity, we structure this information according to certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can take effect one after the other or simultaneously.

1. Generel information about data processing

Unless otherwise indicated, all processing operations set out below are subject to the following conditions:

a. No obligation to provide personal data

There is no contractual or legal obligation to provide personal data. You are not obliged to provide data.

b. Consequences of non-provision

In the case of necessary data (data that are marked as mandatory data when entered), non-provision of this data means that the service in question cannot be provided. Otherwise the non-provision may result in our services not being provided in the same form and quality.

c. Consent

In various cases you have the opportunity to give us your consent to further processing in connection with the processing activities described below (even for only some of the data concerned). In this case, we will inform you separately about all modalities and the scope of the consent and about the purposes that we pursue with these processing activities in connection with you giving the respective declaration of consent.

d. Transfer of personal data to third countries

If we transmit data to third countries, i.e. countries outside the European Union, then the transmission takes place exclusively in compliance with the legally regulated conditions of permissibility.

The admissibility requirements are regulated by Art. 44-49 GDPR

e. Hosting with external service providers

Our data processing is carried out to a large extent by so-called hosting service providers, who provide us with storage space and processing capacities in their data centres and also process personal data on our behalf in accordance with our instructions. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection through the use of EU standard data protection clauses.

f. Transmission to public authorities

We transfer only personal data to government authorities (including law enforcement agencies) when such a trnsfer is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 c GDPR) or if it is necessary to assert, exercise or defend legal claims (legal basis: Art. 6 Para. 1 f GDPR).

g. Retention period

We do not store your personal data for a longer period than we need it for the respective processing purposes. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this could be:

  • Compliance with commercial and tax retention obligations
  • Obtaining evidence for legal disputes within the scope of the statutory limitation provisions

We may also continue to store your data if you have given your express consent.

h. Categories of recipients

In addition to the categories of recipients explicitly listed below, personal data is also transmitted to the following categories of recipients: postal or shipping providers, telephone and fax provider.

i. Data Categories

  • Account data: Login/user ID and password
  • Personal master data: Title, gender, first name, last name
  • Nationality and status of work permit
  • Address data: Street, building name or number, address supplements if applicable, postal code, city, country
  • Contact details: Telephone number(s), fax number(s), e-mail address(es)
  • Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration.
  • Payment details: account details
  • Access data: Date and time of the visit to our service; the page from which the accessing system accessed our site; pages accessed during use; session ID data; also the following information about the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
  • Application data: Curriculum vitae, references and further evidence of previous employment, work samples, certificates, pictures
  • Data according to Art. 9 GDPR: Data revealing racial or ethnic origin, religious or philosophical beliefs or trade union membership, as well as health data and information on disabilities.
  • Pictures/Videos: Photos, video recordings
  • Working hours: Attendances and absences, divided into duration and type (e.g. illness with/without continued pay, vacation, etc.)
  • Tax and social insurance data: tax class, ELSTAM characteristics, social insurance number, tax identification number, etc.

2. Processing activities as per scope 1 a)

2.1 Accessing the web site/application

This section describes how we process your personal data when accessing our services. We would particularly like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functionality of transmitting information on the internet.

We use the following cookies on our websites:

Cookie-name:Purpose / function:Retention period:
I18N_LANGUAGE Saves the language selected by the user. This is a session cookie and is deleted by the browser immediately upon closing.
sticky With this cookie, the load balancer decides which server answers the request. This cookie expires after 1 hour.
hide-dsgvo-banner With this cookie the website remembers that the data protection notice has been taken note of and the banner is no longer displayed. This cookie expires 10 years after it was stored.

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Access data Establishing a connection, displaying the contents of the service, detecting attacks on our site based on unusual activities, fault diagnosis Art. 6 para. 1 letter f GDPR proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems 1 year
Cookies User-friendly website design and device recognition Art. 6 para. 1 f GDPR User-friendly website design and device recognition See list under 2.1.

b.  Recipient of personal data

Recipient categoryData concernedLegal basis for the transmissionLegitimate interest, if any
Hosting service provider Access data Order processing (Art. 28 GDPR)
IT security service provider Access data Order processing (Art. 28 GDPR)
Agencies Access data Order processing (Art. 28 GDPR)  

2.2. Contact form

Here we describe what happens to your personal data in connection with the use of our contact forms:

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Contact details (mandatory mail field) Inquiries from customers and interested parties Art. 6 para. 1 letter f GDPR Processing of aubmitted requests 1 year
Personal master data Personalization of request processing Art. 6 para. 1 letter f GDPR Personalization of request processing ; delivery option for e.g: replacement delivery, information material … 1 year
address details postal dispatch Art. 6 para. 1 letter f GDPR Delivery option for e.g: Replacement delivery, information material … 1 year
Free text (required) Specification of the request Art. 6 para. 1 letter f GDPR Processing of requests made 1 year
Categorization Request (Mandatory field) Assigning the request Art. 6 para. 1 letter f GDPR enables faster processing 1 year

2.3 Newsletter

A newsletter subscription is currently not available.

2.4. Job applications

We describe in this section what happens to your personal data in connection with job applications:

a.   Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Address data, contact details Identification, contacting, communication prior to concluding a contract Art. 6 para. 1 b GDPR 6 months
Personal master data Identification, contacting, age verification Art. 6 para. 1 b GDPR 6 months
Application details Applicant selection Art. 6 para. 1 b GDPR 6 months

b. Empfänger der personenbezogenen Daten

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

HR consultants, temporary employment agencies

All data mentioned under a.

Application (Art. 6 para. 1f)

./.

Application management Software

All data mentioned under a.

Art. 28 GDPR

./.

2.5 Tracking

Tracking tools are not used for our websites.

 

3. Processing activities as per scope 1 b

3.1 Performance of the employment relationship

Here we describe how we process your personal data within the comtext of employment. These include in particular payroll accounting, the payment of taxes and social security contributions, the management of a personnel file, the recording and administration of attendance and absence times (illness, vacation, etc.) and internal business processes.

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Personal master data Performance of the employment relationship Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship

Nationality and status of work permit Performance of the employment relationship Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship

address details Performance of the employment relationship, postal availability Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship

contact details Performance of the employment relationship, accessibility Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship

payment details payroll accounting Art. 6 para. 1 b, c GDPR ./.

10 years following the termination of the employment relationship

application details Implementation of the employment relationship, part of the personal file Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship

Data according to Art.9 GDPR Implementation of the employment relationship, registration procedure for social security and tax office / allowances / BGM Art. 6 para. 1 b, c GDPR ./.

10 years following the termination of the employment relationship

working hours Execution and accounting of the employment relationship, creation of reserves Art. 6 para. 1 b, c GDPR ./.

10 years following the termination of the employment relationship

Tax and social security data

Taxes and levies /contribuations payable Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Affiliated companies

All data from table 2 a

Art. 6 para. 1 b, f GDPR

Optimization and simplification of administration within the group of companies

Tax and legal advisors

Personal master data, address data, payment data, tax and social security data

Art. 6 para. 1 b GDPR

./.

Authorities, social insurance carriers, accident insurance carriers

Personal master data, address data, citizenship, tax and social insurance data

Art. 6 para. 1 c GDPR

./.

Company medical service Personal master data Art. 6 para. 1 c GDPR ./.

3.2 Publication on our homepage

What happens to your personal data in connection with a publication on the Internet is described here:

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Pictures/videos Presentation of the company to the public Art. 6 para. 1 letter a GDPR ./.

Duration of consent

Personal master data Presentation of the company to the public Art. 6 para. 1 letter a GDPR ./.

Duration of consent

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Service provider for hosting

all data mentioned under a. (if not revoked/withdrawn in parts)

Order processing (Art. 28 GDPR)

./.

Public

all data mentioned under a. (if not revoked/withdrawn in parts)

Art. 6 para. 1 letter a GDPR

./.

3.3 Publication in our Intranet

We describe here what happens to your personal data in connection with a publication on the intranet:

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Pictures/videos Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent

Personal master data Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Service provider for hosting

all data mentioned under a. (if not revoked/withdrawn in parts)

Order processing (Art. 28 GDPR)

./.

Affiliated companies

all data mentioned under a. (if not revoked/withdrawn in parts)

Art. 6 para. 1 letter a GDPR

./.

3.4 Publication in print media

We describe here what happens to your personal data in connection with a publication in print media:

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Pictures/videos Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent

Personal master data Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Service provider for hosting

all data mentioned under a. (if not revoked/withdrawn in parts)

Order processing (Art. 28 GDPR)

./.

Affiliated companies

all data mentioned under a. (if not revoked/withdrawn in parts)

Art. 6 para. 1 letter a GDPR

./.

3.5 IT security

It is necessary to process data during the ongoing operation in order to safeguard IT security. You can find out how your personal data is processed here:

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Account details Determination of log-in usage Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months

Access data Access times, duration, what was accessed Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months

Contact details Possible use as user name Art. 6 para. 1 f GDPR Proof of personalised access

6 months

Personal master data username Art. 6 para. 1 f GDPR Proof of personalised access 6 months

3.6 User administration

You can find out here how your personal data is processed for user administration purposes:

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Account details Determination of log-in usage Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months

Permissions Manage users and access permissions Art. 6 para. 1 b GDPR ./.

Duration of the necessity of the authorization

3.7 Internet usage

You can find out here how your personal data is processed for user administration purposes:

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Account details Determination of log-in usage Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months

3.8 Processing in company pension scheme

We describe here what happens to your personal data in connection with the company pension scheme (“Betriebliche Altersversorgung” or “bAV”):

a. Information on processing

Data categoryIntended purposeLegal basisLegitimate interest, if anyRetention period:
Personal master data Performance and settlement of the employment relationship Art. 6 para. 1 b GDPR ./.

10 years following the minimum duration of employment

max. ensuring correct taxation of company pension payments at a later date

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Insurance companies, insurance service providers

Personal master data

Art. 6 para. 1 b GDPR

./.

 

III. Rights of the data subject

1. Right to objekt

If we process your personal data for the direct marketing purposes, you have the right to object, taking effect for the future, at any time to the processing of your personal data for the purpose of such marketing, insofar as it is connected with such direct marketing

You also have the right, on grounds relating to your particular situation, to object at any time and with future effect to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f) of the GDPR.

You can exercise your right to object free of charge.

You can reach us via the contact details mentioned under I.2

2. Right of access

You have the right to obtain from us confirmation as to whether or not we process personal data concerning you, which personal data this may be, and other information pursuant to Art. 15 GDPR

3. Right of rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning yourself (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed - including by means of providing a supplementary statement.

4. Right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of your personal data without undue delay if one of the grounds stated in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 GDPR.

5. Right to restriction of processing

You are entitled to obtain from us restriction of processing of your personal data if one of the conditions laid down in Art. 18 para. 1 letters a) to d) GDPR applies.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible person without hindrance from us or to obtain a direct transfer by us, if this is technically possible. This shall apply whenever the data processing is based on consent or a contract and the data are processed automatically. This therefore does not apply to data held only in paper form.

7. Right to withdraw consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. This shall not affect the lawfulness of the processing carried out on the basis of consent until withdrawal.

8. Right to appeal

You have the right to appeal to a supervisory authority.

 

IV. Glossary

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: Iconnection with the World Wide Web, a cookie describes a small text file that is stored locally on the user's computer when a website is visited. This file stores data about the behaviour of the user. If the browser is called and the corresponding website is visited repeatedly, the cookie is used and provides the web server information about the surfing behaviour of the user using the stored data.
Cookies in this context are about information that a website stores locally on the visitor's computer in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read out again by the same web server from which they were created. Most browsers automatically accept cookies. You can manage cookies using the browser functions (usually under "Options" or "Settings"). This may deactivate the storage of cookies, make it dependent on your consent in individual cases or otherwise restrict it. You can also delete cookies at any time.

Third countries: country not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA).

Personal data: Any information relating to an identified or identifiable natural person. A natural person shall be regarded as identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered. This allows the server operator to see if and when an e-mail was opened or a website visited. Usually this function is realized by calling a small program (Javascript). This allows certain types of information to be recognized and shared on your computer system, such as the content of cookies, the time and date the page was viewed, and a description of the page on which the tracking pixel is located.

Services: Our offers, to which this data protection declaration applies (see scope of application).

Tracking: The collection of data and its evaluation regarding the behaviour of visitors to our services.

Tracking Technologies: Tracking can be done both through the activity logs (log files) stored on our web servers and by collecting data from your device device via pixels, cookies and similar tracking technologies.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 Last modified: 30.09.2019

x
Our website uses cookies to help provide you with the best experience we can. For more information about cookies, please visit our privacy policy.