ist eine Marke der LSH
ist eine Marke der LSH

Privacy Policy

The requirements of the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply throughout Europe. We would like to inform you about the processing of personal data carried out by our companies in accordance with this Regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy statement, you can always send them to the email address given in sections 2 and 3 respectively.

Table of contents:

I. Overview

  1. Scope
  2. Data Controller
  3. Data Protection Officer
  4. Data Security

II. Data  Processing in Detail

  1. General information about data processing
  2. Processing activities as per scope 1 a)
  3. Processing activities as per scope 1 b

III. Rights of the Data Subject

  1. Right to object
  2. Right of access
  3. Right of rectification
  4. Right to erasure ("right to be forgotten")
  5. Right to restriction of processing
  6. Right to data transferability
  7. Right to withdraw consent
  8. Right to appeal

IV. Glossary

 

 

I. Overview

In this section of the data protection declaration you will find information on the scope, the entity responsible for data processing (the “Data Controller” or simply the “Controller”), the Data Protection Officer and on Data Security.

1. Scope

a)  External data processing carried out by our business entities may essentially be divided into the following categories:

Data processing by our business entities may essentially be divided into two categories:

  • All data required for the performance of a contract with our business entities will be processed for the purpose of performing the contract. If external service providers are also involved in the performance of these contract, e.g. agencies or IT service providers, your data will be passed on to them to the extent necessary in each case.
  • When you access the websites/applications of our business entities, various pieces of information are exchanged between your device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our websites.

This privacy policy applies to the following services:

  • our online services are available at www.lsh-ag.dewww.otg.deprofiline.otg.de and www.nutrisun.de
  • all other services (e.g. websites, subdomains, mobile applications, web services or links to third party sites) that refer to this privacy policy, regardless of how you access or use it.

All of these services are collectively referred to as "Services"

b) The internal data processing by our business entities can essentially be divided into the following categories:

  • For the purpose of performing contracts in the employment relationship, all data required for performing the employment contract with the relevant legal entity is processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent necessary in each case.
  • For other purposes, such as the public presentation of our businesses  or the safety and protection of our businesses’ assets, data is collected on the basis of either our legitimate interest or your consent.

2. Data Controller

a) The controller for any data processing in respect of the scope per item 1 a) above

The controller – i.e. the person who or undertaking which decides on the purposes and means of processing personal data – in connection with the Services is

Ostfriesische Tee Gesellschaft GmbH & Co. KG
Bosteler Feld 6 
21218 Seevetal 
GERMANY
Phone.: +49 4105 504-0 
Fax: +49 4105 624-0 
E-mail: info@lsh-ag.de

b) The controller for any data processing in respect of the scope per item 1 a) above

Depending on the employment relationship, the responsible person is the respective legal entity.

Laurens Spethmann Holding 
Aktiengesellschaft & Co. KG
Bosteler Feld 6
21218 Seevetal
GERMANY
Phone: +49 4105 504-0
E-mail: info@lsh-ag.de

Ostfriesische Tee Gesellschaft GmbH & Co. KG
Bosteler Feld 6
21218 Seevetal
GERMANY
Phone: +49 4105 504-0
E-mail: info@lsh-ag.de
OnnO Behrends GmbH & Co. KG
Am Fridericussiel 5–7
26506 Norden
GERMANY
Phone: +49 4931 1895-0
E-mail: onnobehrends.tee@lsh-ag.de		 Milford Tea GmbH & Co. KG
Meilsener Straße 4
21244 Buchholz
GERMANY
Phone: +49 4181 213-0
E-mail: info@lsh-ag.de
KRÄUTERHAUS WILD GmbH & Co. KG
Meßmerstraße 29
97508 Grettstadt
GERMANY
Phone: +49 9729 9110-0
E-mail: info@lsh-ag.de		 Nutrisun GmbH & Co. KG
Bosteler Feld 6
21218 Seevetal
GERMANY
Phone: +49 4105 504-0
E-mail: info@nutrisun.de
OTG Lager- und Frachtkontor GmbH & Co. KG
Meilsener Straße 8b
21244 Buchholz
GERMANY
Phone: +49 4181 213-163
E-mail: olf-nord@lsh-ag.de		 OTG Lager- und Frachtkontor GmbH & Co. KG
Meßmerstraße 31
97508 Grettstadt
GERMANY
Phone: +49 9729 9110-90
E-mail: olf-sued@lsh-ag.de
OTG Zukunft durch Ausbildung GmbH
Meilsener Straße 8b
21244 Buchholz
GERMANY
Phone: +49 4181 213-260		  

 

3. Data Protection Officer

You may contact our Data Protection Officer as follows:

Contact form: https://www.dsextern.de/anfragen

DS EXTERN GmbH 
Dipl.-Kfm. Marc Althaus 
Frapanweg 22 
22589 Hamburg
GERMANY

4. Data Security

In order to develop the measures required in Art. 32 GDPR and achieve a level of protection appropriate to the risk, we have established an information security standard according to VdS 10000 in our companies.

The guidelines of the VdS 10000 – Cyber-Security für kleine und mittlere Unternehmen (KME) (VdS 10000 – Cyber Security guidelines for small and medium enterprises (SME)) of the VdS Schadenverhütung GmbH contain guidelines and assistance for the implementation of an information security management system as well as specific measures for the organizational and technical protection of IT infrastructures. They are designed to ensure an adequate level of protection.

 

II. Data processing in detail

In this section of the Privacy Policy, we will inform you in detail about the processing activities within the scope of our services. For better clarity, we structure this information according to certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can take effect one after the other or simultaneously.

1. Generel information about data processing

Unless otherwise indicated, all processing operations set out below are subject to the following conditions:

a. No obligation to provide personal data

There is no contractual or legal obligation to provide personal data. You are not obliged to provide data.

b. Consequences of non-provision

In the case of necessary data (data that are marked as mandatory data when entered), non-provision of this data means that the service in question cannot be provided. Otherwise the non-provision may result in our services not being provided in the same form and quality.

c. Consent

In various cases you have the opportunity to give us your consent to further processing in connection with the processing activities described below (even for only some of the data concerned). In this case, we will inform you separately about all modalities and the scope of the consent and about the purposes that we pursue with these processing activities in connection with you giving the respective declaration of consent.

d. Transfer of personal data to third countries

If we transmit data to third countries, i.e. countries outside the European Union, then the transmission takes place exclusively in compliance with the legally regulated conditions of permissibility.

The admissibility requirements are regulated by Art. 44-49 GDPR

e. Hosting with external service providers

Our data processing is carried out to a large extent by so-called hosting service providers, who provide us with storage space and processing capacities in their data centres and also process personal data on our behalf in accordance with our instructions. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection through the use of EU standard data protection clauses.

f. Transmission to public authorities

We transfer only personal data to government authorities (including law enforcement agencies) when such a trnsfer is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 c GDPR) or if it is necessary to assert, exercise or defend legal claims (legal basis: Art. 6 Para. 1 f GDPR).

g. Retention period

We do not store your personal data for a longer period than we need it for the respective processing purposes. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this could be:

  • Compliance with commercial and tax retention obligations
  • Obtaining evidence for legal disputes within the scope of the statutory limitation provisions

We may also continue to store your data if you have given your express consent.

h. Categories of recipients

In addition to the categories of recipients explicitly listed below, personal data is also transmitted to the following categories of recipients: postal or shipping providers, telephone and fax provider.

i. Data Categories

  • Account data: Login/user ID and password
  • Personal master data: Title, gender, first name, last name
  • Nationality and status of work permit
  • Address data: Street, building name or number, address supplements if applicable, postal code, city, country
  • Contact details: Telephone number(s), fax number(s), e-mail address(es)
  • Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration.
  • Payment details: account details
  • Access data: Date and time of the visit to our service; the page from which the accessing system accessed our site; pages accessed during use; session ID data; also the following information about the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
  • Application data: Curriculum vitae, references and further evidence of previous employment, work samples, certificates, pictures
  • Data according to Art. 9 GDPR: Data revealing racial or ethnic origin, religious or philosophical beliefs or trade union membership, as well as health data and information on disabilities.
  • Pictures/Videos: Photos, video recordings
  • Working hours: Attendances and absences, divided into duration and type (e.g. illness with/without continued pay, vacation, etc.)
  • Tax and social insurance data: tax class, ELSTAM characteristics, social insurance number, tax identification number, etc.

 

2. Processing activities as per scope 1 a)

2.1 Accessing the web site/application

This section describes how we process your personal data when accessing our services. We would particularly like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functionality of transmitting information on the internet.

We use the following cookies on our websites:

Cookie-name: Websites Purpose / function: Retention period:
I18N_LANGUAGE

www.lsh-ag.de
www.otg.de

 Saves the language selected by the user. This is a session cookie and is deleted by the browser immediately upon closing.
sticky

www.lsh-ag.de
www.otg.de

 With this cookie, the load balancer decides which server answers the request. This cookie expires after 1 hour.
hide-dsgvo-banner

www.lsh-ag.de
www.otg.de

 With this cookie the website remembers that the data protection notice has been taken note of and the banner is no longer displayed. This cookie expires 10 years after it was stored.
fe_typo3_user

www.lsh-ag.de
www.otg.de

 Saves the login status of a user on the backend of the TYPO3 editorial system. Session

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Access data Establishing a connection, displaying the contents of the service, detecting attacks on our site based on unusual activities, fault diagnosis Art. 6 para. 1 letter f GDPR proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems 7 days
Cookies User-friendly website design and device recognition Art. 6 para. 1 f GDPR User-friendly website design and device recognition See list under 2.1.

b.  Recipient of personal data

Recipient category Data concerned Legal basis for the transmission Legitimate interest, if any
Hosting service provider Access data Order processing (Art. 28 GDPR)
IT security service provider Access data Order processing (Art. 28 GDPR)  
Agencies Access data Order processing (Art. 28 GDPR)  

YouTube:

To provide you with information in the form of videos, we have incorporated the YouTube video service of Google’s subsidiary YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. In order to be able to display the content in your browser, YouTube must receive your IP address; otherwise, YouTube will not be able to provide you with this embedded content.
Your consent serves as the legal basis for processing this data, according to Art. 6 para. 1 a) DSGVO. The system does not store this, and it only applies to the current session.
Only after your confirmation as the user will data such as the IP address be processed and content delivered.
Further information on Google’s data processing can be found in Google’s privacy policy at https://www.google.de/intl/de/policies/privacy/.

2.2. Contact form

Here we describe what happens to your personal data in connection with the use of our contact forms:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Contact details (mandatory mail field) Inquiries from customers and interested parties Art. 6 para. 1 letter f GDPR Processing of aubmitted requests 1 year
Personal master data Personalization of request processing Art. 6 para. 1 letter f GDPR Personalization of request processing ; delivery option for e.g: replacement delivery, information material … 1 year
address details postal dispatch Art. 6 para. 1 letter f GDPR Delivery option for e.g: Replacement delivery, information material … 1 year
Free text (required) Specification of the request Art. 6 para. 1 letter f GDPR Processing of requests made 1 year
Categorization Request (Mandatory field) Assigning the request Art. 6 para. 1 letter f GDPR enables faster processing 1 year

 

2.3 Newsletter

A newsletter subscription is currently not available.

2.4. Job applications

We describe in this section what happens to your personal data in connection with job applications:

a.   Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Address data, contact details Identification, contacting, communication prior to concluding a contract Art. 6 para. 1 b GDPR   6 months
Personal master data Identification, contacting, age verification Art. 6 para. 1 b GDPR   6 months
Application details Applicant selection Art. 6 para. 1 b GDPR   6 months

b. Empfänger der personenbezogenen Daten

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

HR consultants, temporary employment agencies

All data mentioned under a.

Application (Art. 6 para. 1f)

./.

Application management Software

All data mentioned under a.

Art. 28 GDPR

./.

 

2.5 Tracking

Tracking tools are not used for our websites.

2.6 Communication with new and existing clients

In this section we describe how we process personal data when communicating with new and existing clients:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Address data, Contact details Identification, establishing contact, communication Art. 6 para. 1 b and 1 f GDPR Acquisition of new clients 10 years
Personal master data Identification, establishing contact Art. 6 para. 1 b and 1 f GDPR Acquisition of new clients 10 years
Payment details Payment processing Art. 6 para. 1 b GDPR ./. 10 years

b. Recipients of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Only within the business

All data mentioned under a.

Art. 6 para. 1b GDPR

./.

 

2.7 Visitors‘ management / Contractors‘ management

Here we describe what happens to your personal data in connection with the management of our visitors and contractors:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Contact details Identification, establishing contact, communication prior to entering into a contract Art. 6 para. 1 b and 1 f GDPR Seamless technical and organisational operation; Safeguarding access to our business premises max. 14 days
Personal master data Identification, establishing contact Art. 6 para. 1 b and 1 f GDPR Seamless technical and organisational operation; Safeguarding access to our business premises max. 14 days

b. Recipients of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Only within the business

All data mentioned under a.

Art. 6 para. 1f GDPR

Seamless technical and organisational operation; Safeguarding access to our business premises

 

2.8 Quality assurance (Laboratory analyses / complaints)

How we process personal data for the purpose of quality assurance is described in this section:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Account data (only Laboratory analyses) Logon via a portal Art. 6 para. 1 b GDPR ./. 6 and 10 years respectively
Address data, Contact details Complaints management Art. 6 para. 1 b and 1 f GDPR Quality assurance and customer service 6 and 10 years respectively
Personal master data Complaints management Art. 6 para. 1 b and 1 f GDPR Quality assurance and customer service 6 and 10 years respectively

b. Recipients of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Laboratories

Account data, Contact details, Personal master data

Art. 6 para. 1 b and 1 f GDPR

Quality assurance

Only within the business

Account data, Contact details, Personal master data

Art. 6 para. 1 b and 1 f GDPR

Quality assurance and customer service

 

2.9 CCTV

In this section we describe how we process personal data when using CCTV:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Pictures / videos Access control via video surveillance Art. 6 para. 1 f GDPR Safeguarding access to our business premises 24 hours or longer when necessary to hold as evidence

b. Recipients of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Security firm

Pictures / videos

Art. 6 para. 1 f GDPR

Safeguarding access to our business premises

 

2.10 Management of goods

In this section we describe how we process personal data in connection with our managment of goods:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Contact details Fulfilling orders Art. 6 para. 1 b GDPR ./. max. 6 months after order placement; Contracts and invoices 10 years
Personal master data Fulfilling orders Art. 6 para. 1 b GDPR ./. max. 6 months after order placement; Contracts and invoices 10 years

b. Recipients of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Only within the business

All data mentioned under a.

Art. 6 para. 1 b GDPR

./.

Suppliers/logistics providers

All data mentioned under a.

Art. 6 para. 1 b GDPR

./.

 

2.11. YouTube

In order to provide you with information in the form of videos, we have integrated the video service YouTube of the Google subsidiary YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. In order to be able to display the content in your browser, YouTube must receive your IP address, because otherwise YouTube could not provide you with this embedded content.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) a) DSGVO. This is not stored by the system and only applies to the current session.
Only after confirmation by you as the user will data such as: IP address processed and content delivered.
For more information on data processing by Google, please refer to Google's privacy policy at www.google.de/intl/de/policies/privacy/.

The embedding of Youtube on this website takes place without the setting of cookies via the domain www.youtube-nocookie.com in the so-called "extended data protection mode". No cookies are then collected on user activity in order to personalize video playback. However, if you are logged in to Youtube or Google in the background and/or cookies from these services are already stored on your device, these cookies will be read in connection with the provision of the video and processed by the provider.

 

2.21 Participation in consumer surveys and product panels

Here we explain how we process personal data of participants in our product panels:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:

Personal master data, Contact details, taste likes and dislikes

Implementation of consumer surveys and product panels

 Art. 6 para. 1 a GDPR ./.

Until the withdrawal of consent
Health data (allergies) Prevention of allergies or intolerances when conducting consumer surveys and product panels Art. 6 para. 1 a GDPR in conjunction with
 Art. 9 GDPR		 ./.

Until the withdrawal of consent

b. Recipients of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Hosting Service Providers / Software Providers

All data mentioned under a.

Art. 28 GDPR

./.

2.11. YouTube

 

3. Processing activities as per scope 1 b

3.1 Performance of the employment relationship

Here we describe how we process your personal data within the comtext of employment. These include in particular payroll accounting, the payment of taxes and social security contributions, the management of a personnel file, the recording and administration of attendance and absence times (illness, vacation, etc.) and internal business processes.

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Personal master data Performance of the employment relationship Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship
Nationality and status of work permit Performance of the employment relationship Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship
address details Performance of the employment relationship, postal availability Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship
contact details Performance of the employment relationship, accessibility Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship
payment details payroll accounting Art. 6 para. 1 b, c GDPR ./.

10 years following the termination of the employment relationship
application details Implementation of the employment relationship, part of the personal file Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship
Data according to Art.9 GDPR Implementation of the employment relationship, registration procedure for social security and tax office / allowances / BGM Art. 6 para. 1 b, c GDPR ./.

10 years following the termination of the employment relationship
working hours Execution and accounting of the employment relationship, creation of reserves Art. 6 para. 1 b, c GDPR ./.

10 years following the termination of the employment relationship

Tax and social security data

 Taxes and levies /contribuations payable Art. 6 para. 1 b GDPR ./.

10 years following the termination of the employment relationship

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Affiliated companies

All data from table 2 a

Art. 6 para. 1 b, f GDPR

Optimization and simplification of administration within the group of companies

Tax and legal advisors

Personal master data, address data, payment data, tax and social security data

Art. 6 para. 1 b GDPR

./.

Authorities, social insurance carriers, accident insurance carriers

Personal master data, address data, citizenship, tax and social insurance data

Art. 6 para. 1 c GDPR

./.
Company medical service Personal master data Art. 6 para. 1 c GDPR ./.

 

3.2 Publication on our homepage

What happens to your personal data in connection with a publication on the Internet is described here:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Pictures/videos Presentation of the company to the public Art. 6 para. 1 letter a GDPR ./.

Duration of consent
Personal master data Presentation of the company to the public Art. 6 para. 1 letter a GDPR ./.

Duration of consent

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Service provider for hosting

all data mentioned under a. (if not revoked/withdrawn in parts)

Order processing (Art. 28 GDPR)

./.

Public

all data mentioned under a. (if not revoked/withdrawn in parts)

Art. 6 para. 1 letter a GDPR

./.

 

3.3 Publication in our Intranet or the training platform OnCademy

We describe here what happens to your personal data in connection with a publication on the intranet or the training platform:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Pictures/videos Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent
Personal master data Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Service provider for hosting

all data mentioned under a. (if not revoked/withdrawn in parts)

Order processing (Art. 28 GDPR)

./.

Service provider for the creation of images/videos

all data mentioned under a. (if not revoked/withdrawn in parts)

Art. 6 para. 1 letter a GDPR

./.

Affiliated companies

all data mentioned under a. (if not revoked/withdrawn in parts)

Art. 6 para. 1 letter a GDPR

./.

platform OnCademy Pink University GmbH

all data mentioned under a. (if not revoked/withdrawn in parts)

Order processing (Art. 28 GDPR)

./.

 

3.4 Publication in print media

We describe here what happens to your personal data in connection with a publication in print media:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Pictures/videos Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent
Personal master data Presentation for internal or group processes Art. 6 para. 1 letter a GDPR ./.

Duration of consent

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Service provider for hosting

all data mentioned under a. (if not revoked/withdrawn in parts)

Order processing (Art. 28 GDPR)

./.

Affiliated companies

all data mentioned under a. (if not revoked/withdrawn in parts)

Art. 6 para. 1 letter a GDPR

./.

 

3.5 IT security

It is necessary to process data during the ongoing operation in order to safeguard IT security. You can find out how your personal data is processed here:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Account details Determination of log-in usage Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months
Access data Access times, duration, what was accessed Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months
Contact details Possible use as user name Art. 6 para. 1 f GDPR Proof of personalised access

6 months
Personal master data username Art. 6 para. 1 f GDPR Proof of personalised access 6 months

 

3.6 User administration

You can find out here how your personal data is processed for user administration purposes:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Account details Determination of log-in usage Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months
Permissions Manage users and access permissions Art. 6 para. 1 b GDPR ./.

Duration of the necessity of the authorization

 

3.7 Internet usage

You can find out here how your personal data is processed for user administration purposes:

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Account details Determination of log-in usage Art. 6 para. 1 f GDPR Protection of data and verification possibility

6 months

 

3.8 Processing in company pension scheme

We describe here what happens to your personal data in connection with the company pension scheme (“Betriebliche Altersversorgung” or “bAV”):

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Personal master data Performance and settlement of the employment relationship Art. 6 para. 1 b GDPR ./.

10 years following the minimum duration of employment

max. ensuring correct taxation of company pension payments at a later date

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Insurance companies, insurance service providers

Personal master data

Art. 6 para. 1 b GDPR

./.

 

3.9 Insurances

a. Information on processing

Data category Intended purpose Legal basis Legitimate interest, if any Retention period:
Address data Risk protection Art. 6 para. 1 b GDPR ./.

10 years after end of contract or end of discovery period
Working time Risk protection Art. 6 para. 1 b GDPR ./.

10 years after end of contract or end of discovery period
Sensitive information pursuant to Art. 9 GDPR Risk protection Art. 6 para. 1 b GDPR ./.

10 years after end of contract or end of discovery period
Contact details Risk protection Art. 6 para. 1 b GDPR ./.

10 years after end of contract or end of discovery period
Personal master data Risk protection Art. 6 para. 1 b GDPR ./.

10 years after end of contract or end of discovery period
Payment details Risk protection Art. 6 para. 1 b GDPR ./.

10 years after end of contract or end of discovery period

b. Recipient of personal data

Recipient category

Data concerned

Legal basis for the transmission

Legitimate interest, if any

Insurance brokers

All data mentioned under a.

Art. 6 para. 1 b GDPR

./.

 

III. Rights of the data subject

1. Right to objekt

If we process your personal data for the direct marketing purposes, you have the right to object, taking effect for the future, at any time to the processing of your personal data for the purpose of such marketing, insofar as it is connected with such direct marketing

You also have the right, on grounds relating to your particular situation, to object at any time and with future effect to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f) of the GDPR.

You can exercise your right to object free of charge.

You can reach us via the contact details mentioned under I.2

2. Right of access

You have the right to obtain from us confirmation as to whether or not we process personal data concerning you, which personal data this may be, and other information pursuant to Art. 15 GDPR

3. Right of rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning yourself (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed - including by means of providing a supplementary statement.

4. Right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of your personal data without undue delay if one of the grounds stated in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 GDPR.

5. Right to restriction of processing

You are entitled to obtain from us restriction of processing of your personal data if one of the conditions laid down in Art. 18 para. 1 letters a) to d) GDPR applies.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible person without hindrance from us or to obtain a direct transfer by us, if this is technically possible. This shall apply whenever the data processing is based on consent or a contract and the data are processed automatically. This therefore does not apply to data held only in paper form.

7. Right to withdraw consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. This shall not affect the lawfulness of the processing carried out on the basis of consent until withdrawal.

8. Right to appeal

You have the right to appeal to a supervisory authority.

 

IV. Glossary

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: Iconnection with the World Wide Web, a cookie describes a small text file that is stored locally on the user's computer when a website is visited. This file stores data about the behaviour of the user. If the browser is called and the corresponding website is visited repeatedly, the cookie is used and provides the web server information about the surfing behaviour of the user using the stored data.
Cookies in this context are about information that a website stores locally on the visitor's computer in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read out again by the same web server from which they were created. Most browsers automatically accept cookies. You can manage cookies using the browser functions (usually under "Options" or "Settings"). This may deactivate the storage of cookies, make it dependent on your consent in individual cases or otherwise restrict it. You can also delete cookies at any time.

Third countries: country not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA).

Personal data: Any information relating to an identified or identifiable natural person. A natural person shall be regarded as identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered. This allows the server operator to see if and when an e-mail was opened or a website visited. Usually this function is realized by calling a small program (Javascript). This allows certain types of information to be recognized and shared on your computer system, such as the content of cookies, the time and date the page was viewed, and a description of the page on which the tracking pixel is located.

Services: Our offers, to which this data protection declaration applies (see scope of application).

Tracking: The collection of data and its evaluation regarding the behaviour of visitors to our services.

Tracking Technologies: Tracking can be done both through the activity logs (log files) stored on our web servers and by collecting data from your device device via pixels, cookies and similar tracking technologies.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 Last modified: 26.01.2024