This data protection declaration informs you in particular about the processing of personal data
- The use of our website and the offers contained therein (see IV. to XII.);
- Data processing via social media (LinkedIn and XING) (see XIII.);
- Job applications (see XIV.);
- Applicant database (see XV.);
- Contract conclusions (see XVI.);
- Remote Support Services (see XVII.);
- Supplier management system (see XVIII);
- Ordinary contact in the course of business operations (see XIX.);
- Visitor process in our premises (see XX.);
- Whistleblowing reports (see XXI.).
In addition, this data protection declaration contains information about data recipients / data transmission in third countries (see XXII.), rights of data subjects (see XXIII.), your right to object (see XXIV.) and automated decision-making (see XXV.).
I. Name and address of the responsible person
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
II. Name and address of the data protection officer
If you have any questions about these data protection regulations, the balancing of legitimate interests, or about data protection at ProMinent in general, you can also contact our data protection officer directly. The data protection officer of the data controller is:
Jens Christian Böttcher
Im Schuhmachergewann 5-11
Tel.: +49 6221 842 655
III. General information on data processing
1. Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. Otherwise, the collection and use of personal data of our users only takes place with the consent of the user.
2. Data deletion and storage period
The personal data of the person concerned will be deleted or blocked as soon as the data is no longer required for the purpose of storage and there is no further obligation to store the data. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. If you use the website for information purposes, you can find the storage periods in the following information. In the case of active use of our website, we initially store your personal data for the duration of the response to your enquiry or for the duration of our business relationship. This also includes the initiation of a contract or pre-contractual legal relationship and the processing of the same. We store your personal data for the purpose of preserving evidence until any legal claims arising from the relationship with you become time-barred. We delete your personal data when the statute of limitations expires, unless there is a legal obligation to retain the data, for example from the German Commercial Code (§§ 238, 257 para. 4 HGB) or from the German Fiscal Code (§ 147 para. 3, 4 AO). These retention obligations can be two to ten years.
IV. Provision of the website and creation of log files
Each time our website is accessed, our web server automatically records the following data:
- IP address of the user
- Host name (which ProMinent page was visited, e.g. http://www.prominent.com or similar)
- Date and time of access (Time)
- Type and location of the request
- Information about the browser type and the used version
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing, as the temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 30 days at the latest. In addition, the log files are stored in backup files for up to 12 months. These backups are only accessed in exceptional cases.
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. These cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. In addition, we also refer to "cookies" as web beacons as well as other comparable storage technologies for tracking user activities. Web beacons are mostly transparent graphic/image elements, usually no larger than 1 x 1 pixels, that are embedded in the website and can be used to detect cookies on your devices.
Cookies are used by us on the one hand to store session-relevant information within the website. These cookies expire at the end of the browser session (so-called transient cookies) and are not stored permanently. Other cookies remain on your computer beyond the respective browser session and enable us to recognise your computer on your next visit (so-called persistent/permanent cookies). Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the type of cookie.
Cookies can be divided into the following categories/cookie types in particular:
- Essential cookies
Essential cookies are required for the necessary execution of specific website functionalities.
- Performance Cookies
Performance cookies collect information about the use of a website. These cookies do not store any information that allows the user to be identified, but are only used to measure the performance of our website and improve the user experience.
- Functional Cookies
Functional cookies are used to enable requested services and functionalities (e.g. playing videos) on the website and/or to increase "usability".
- Targeting Cookies
Targeting cookies may be used by third parties (e.g. advertising partners) to profile user interests and display relevant ads and promotions on other websites based on this.
- Social Media Cookies
Social media cookies from social media services allow content to be shared with friends and networks. These services can track browsers across websites and profile interests.
By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. You can regularly obtain the procedure for deactivating cookies via the "Help" function of your internet browser. Please note, however, that these settings may potentially affect the full availability and function of our website.
Some of the cookies we use on our website are from third parties that help us analyse the impact of our website content and visitors' interests, measure the power and performance of our website or communicate with you. As part of our website, we use both first party cookies (only visible from the domain you are visiting) and third party cookies (visible across domains and set regularly by third parties).
Further details on the respective cookie providers, can be found in the Privacy Preference Centre, there under the respective cookie categories.
Cookie-based data processing is carried out for absolutely necessary cookies on the basis of Art. 6 Para. 1 lit f GDPR (legal basis) due to our legitimate interest in providing the information offer on our website. In the case of the other cookie types, data processing is carried out on the basis of your consent pursuant to Art. 6 para. 1 lit a GDPR (legal basis). You can revoke your consent at any time with effect for the future without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. In particular, you can use the following link to reset your cookie settings and thus revoke any consent you may have given:
VI. Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, (1600 Amphitheater Parkway Mountain View, CA 94043, USA). The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Use includes the Universal Analytics operating mode. For this purpose, Google uses the cookies mentioned in section V., provided that you have given your consent to the use of Google Analytics and to the data transfer to the USA. The information generated by the Google Analytics cookies about the use of the online offer by a user is usually transmitted to a Google server in the USA and stored there. The level of data protection in the USA does not fully correspond to the European data protection standard. There is no adequacy decision within the meaning of Art. 45 Para. 1 GDPR by the EU Commission. In addition, it is questionable whether Google provides suitable guarantees in accordance with Art. 46 GDPR for data transmission to the USA. Legal remedies comparable in their effectiveness to German legal remedies are also not available in every case. It is at least theoretically conceivable that US authorities could access your personal data. However, Google is contractually bound by the EU standard contract clauses to data protection-compliant processing. The data collected in this way by the cookies is automatically deleted once a month after 14 months.
Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
We use Google Analytics to display the ads placed within advertising services of Google and its partners only to users who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called "Remarketing Audiences", or "Google Analytics Audiences"). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and do not have a harassing effect.
For users who use Google Analytics advertising features, Google ad preference cookies are used to enable features such as remarketing on the Google Display Network for products such as Google Ads (formerly AdWords). For more information on Google's use of such cookies, please see the Google Privacy Statement Frequently Asked Questions. In the advertising settings, you can change the cookie settings or deactivate these functions.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser will not be merged with other data from Google.
We use "Google Optimize" within Google Analytics to show new functions or variants of our websites to some of the website users and thereby find out which innovations are attractive to our website users, among other things with the aim of improving the user experience. Google Optimize sets cookies to enable us to analyse your use of our website. This is only done if you have given your consent for these cookies to be set. The stored data is automatically deleted once a month after 90 days.
You can find out more information about Google's use of data, setting and objection options on Google's websites:
- https://policies.google.com/technologies/partner-sites („Data use by Google when you use our partners' websites or apps“),
- https://policies.google.com/technologies/ads („Data use for advertising purposes“),
- https://adssettings.google.com/authenticated („Manage information that Google uses to serve ads to you“).
VII. Google Marketing Services
We use the marketing and remarketing services (Google Marketing Services for short) of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). We or Google will only process your personal data in this context if you have given your consent to do so.
Google's marketing services allow us to target advertisements for and on our website in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products in which he or she has shown interest on other websites, this is known as "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are accessed, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or codes, also known as "web beacons") are integrated into the website, provided you have given your consent to this. With their help, an individual cookie is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, https://marketingplatform.google.com/intl/en/about/ , https://ads.google.com/intl/en/home/ , etc. More information: https://policies.google.com/technologies/types . This file records which websites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address will not be merged with the user's data within other Google offers. Google may also combine the above information with information from other sources. If the user subsequently visits other websites, he or she may be shown ads tailored to his or her interests.
The user's data is processed pseudonymously as part of Google's marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. This means that from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.
Furthermore, we use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website. Google Tag Manager is a tag management system (TMS) that allows us to manage and update measurement codes and associated code fragments, collectively known as tags, on our website. The Tag Manager captures interactions that are made on the website and sends them on to the connected tools.
If you do not wish to receive interest-based advertising through Google marketing services, you can use the settings options set by Google: https://adssettings.google.com/authenticated .
We use plugins from the YouTube video platform to embed videos and play them directly on this website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube"). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
The information generated by the YouTube cookies about your use of our website is usually transmitted to a YouTube server in the USA and stored there. Information on data protection at YouTube can be found at the following link https://www.google.de/intl/en/policies/privacy/ .
On our website, you have the option of subscribing to a free newsletter. When you register for the newsletter, the data you enter in the input mask is transmitted to us and processed (e.g. first and last name, e-mail address, address). If a field is not marked as "mandatory", the information is optional. In addition, the date and time of registration are collected during registration.
Your consent is obtained for the processing of the data during the registration process and reference is made to this data protection declaration. We use the so-called double-opt-in procedure to register for the newsletter, i.e. your registration is only completed when you have reconfirmed your registration by clicking on a link in a confirmation e-mail sent for this purpose. The confirmation is deemed to be your consent. If your confirmation is not received within 100 days, your registration will be automatically deleted from our database. This ensures that no one else can register you for our newsletter.
The data is used for sending the newsletter. The collection of the user's e-mail address is used to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mai address used.
The legal basis for the processing of the data after the user has registered for the newsletter is the user's consent in accordance with Art. 6 Para. 1 lit. a) GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored as long as the subscription to the newsletter is active.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in each newsletter. This also revokes the consent to the storage of the personal data collected during the registration process.
1. Tracking newsletter reactions in the Inxmail newsletter system
Tracking in Inxmail Professional is understood to mean the tracking or saving of recipient behaviour. Inxmail Professional is operated by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg ("Inxmail"). Recipient behaviour refers to the following three actions of your recipients:
- Opening a newsletter
- Clicking on text and image links
- Downloading images in an e-mail programme
2. Person-related Tracking (Unique-Count-tracking)
When a recipient opens a newsletter, clicks on a link or downloads images in their email program, this can be registered and saved by Inxmail Professional. These actions of the recipients are referred to as recipient reactions in Inxmail Professional. Inxmail Professional can be used to create an interest profile of the recipient based on the recipient reactions. For example, it can be determined which recipients have clicked on certain links. On the basis of these clicks, target groups can be formed and the recipients can be sent further information tailored to their areas of interest.
When registering for the newsletter, you can consent to your user behaviour being tracked on a personal basis in accordance with Art. 6 para. 1 lit. a GDPR as follows.
„Yes, I hereby confirm that ProMinent GmbH may record and evaluate my personal user behaviour in the newsletter in order to better tailor content to my personal interests. I can revoke my consent at any time via the link in the newsletter.“
In order to optimise content of the themed newsletters, we compare opening rates and recipient reactions of different mailings in general. The stored personal data is immediately deleted from the system when a recipient unsubscribes from the newsletter.
3. E-mail advertising without registering for the newsletter and your right to object
If we receive your e-mail address in connection with the sale of goods or services and you have not objected to this, we reserve the right to regularly send you offers for similar products to those already purchased on the basis of Section 7 (3) UWG , from our range by e-mail. This serves to safeguard our overriding legitimate interests in advertising to our customers (Art. 6 Para. 1 lit. f GDPR). You can object to this use of your e-mail address at any time by sending a message to the contact option described under Section I. or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic tariffs.
X. Contact form and e-mail contact
There are various contact forms on our website which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and processed (e.g. first and last name, e-mail address, address, details of the system relating to the service request (including service type, system type, location of the system, industry, country, language and message), details of the seminar request and required hotel reservation and, in the case of returned goods, details of the product and the use of the product). For product enquiries, spare parts enquiries, service enquiries and returned goods, file attachments provided by the user.
If a field is not marked as "mandatory", the information is optional.
At the time of sending the message, the date, time and IP address of the sending are also stored. Alternatively, it is possible to contact us by e-mail. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The processing of the personal data from the input mask serves us solely to process the contact request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data in accordance with the legal basis of Art. 6 (1) lit. f GDPR. If the e-mail contact is aimed at concluding a contract, Art. 6 para. 1 lit. b GDPR serves as the legal basis for further processing.
In this context, no data is passed on to third parties, but we may forward your enquiry to a responsible ProMinent company or the responsible ProMinent sales partner for processing.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and any applicable legal retention periods have expired.
If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, however, the conversation cannot be continued.
With the widget tool "GetSiteControl", content from our website can be shared on social networks of Facebook Ireland Ltd. or Facebook Inc, Google LLC, Twitter Inc and LinkedIn Ireland Unlimited Company. Through the integration into our internet pages, a connection to the servers of the respective social network is established via cookies stored on your computer, provided that you have given your consent to this. By clicking on the respective button, your IP address is transmitted to the respective social network.
If you are logged into your profile of one of the aforementioned social networks during your visit to our website, the operator of this network may collect and store further data about your visit to our website. If you do not wish such an allocation, we recommend that you log out of social networks before visiting our internet pages.
Please contact the respective operator of the social networks for information on the processing and use of your data. You can obtain information from the operators on the respective data protection provisions and, where applicable, possible settings to protect your privacy here:
- Facebook Ireland Ltd. bzw. Facebook Inc.: https://www.facebook.com/policy.php
- Twitter Inc.: https://twitter.com/en/privacy
- LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy
XII. App Store Links
- Google LLC, 1600 Amphitheater Parkway, Mountain View, California 94043, USA: https://policies.google.com/privacy?hl=en&gl=de
- Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014: https://www.apple.com/legal/privacy/
XIII. Data processing via social media (LinkedIn and XING)
ProMinent has a company profile on the LinkledIn and Xing social media platforms. We would like to provide you with further information about our company and use the opportunity to exchange information with you via social media. These services are operated exclusively by third parties. If you visit or interact with a profile on a social media platform, personal data about you may be processed. The purpose and scope of the data collection and the further processing and use of the data by the provider as well as your rights in this regard and setting options for protecting your privacy can be found in the data protection information of the respective provider.
In principle, LinkedIn Ireland Unlimited Company (“LinkedIn”) is solely responsible for the processing of personal data when you visit our LinkedIn page. You can find more information about the processing of personal data by LinkedIn at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy .
2. LinkedIn Insights Feature
We also use LinkedIn's Insights function. In doing so, we receive aggregated data from the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn") in particular in the following areas: Reach (impressions, page views, unique users, access to subpages), target group (demographic information), interaction (impressions, reactions, click-through rate, likes, shares, comments, (link) clicks, engagement rate), target group (demographic/geographical information). With regard to data processing as part of the Insights function, we are jointly responsible with LinkedIn for data processing and have concluded an agreement between joint controllers in accordance with Art. 26 GDPR ("Page Insights Supplement" - https://legal.linkedin .com/pages-joint-controller-addendum ), which sets out our respective obligations under the GDPR. In it we agreed with LinkedIn that
- we are joint data controllers with LinkedIn for the processing of Page Insights data;
- LinkedIn takes primary responsibility and is primarily responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR;
- the Data Protection Commission of Ireland ( https://www.dataprotection.ie ) is the authority with lead oversight over processing under shared responsibility.
You can reach LinkedIn's data protection officer via an online contact form provided by LinkedIn: https://www.linkedin.com/help/linkedin/ask/TSO-DPO .
In principle, New Work SE (Germany/EU) is solely responsible for the processing of personal data when you visit our XING profile. Further information about the processing of personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung .
XIV. Job applications
Within the application process, regardless of whether the application is made via an online module, by e-mail or by post, we process your personal data that you transmit to us (e.g. first and last name, e-mail address, address, application documents).
The legal basis for the processing of your personal data is § 26 para. 1, para. 8 p. 2 BDSG or § 26 para. 2, para. 8 p. 2 BDSG. The processing is carried out for the purpose of contacting you and assessing your suitability for the position for which you are applying.
It is not possible to apply to us without providing personal data. You are neither obliged to apply with us nor to provide your personal data. If you do not provide us with personal data, you may not be able to use the online application tool or we may not be able to consider your application. Otherwise, there will be no consequences for you.
XV. Applicant database
ProMinent operates an applicant database. ProMinent offers applicants who cannot currently be offered a position but who are of interest for future employment to include their data (e.g. first and last name, e-mail address, address, application documents) in the applicant database with their consent. The legal basis for the processing and inclusion of your data in the applicant database for this purpose is consent in accordance with Article 6 (1) (a) GDPR, Section 26 (2) BDSG. You can revoke your consent to the inclusion of your data in the applicant database at any time with effect for the future.
XVI. Conclusion and execution of contracts
In order to conclude or implement contracts with you (e.g. purchase contracts for our products, maintenance or other service or work contracts), we process personal data relating to you (e.g. contact data such as your name, address, e-mail or telephone number, order and contract data). The legal basis for the processing of your personal data is Article 6 (1) (b) GDPR. The purpose of the processing is to establish and implement the contractual relationship with you. This requires the provision of your personal data. You are not obliged to provide your personal data, but if you do not provide them, it is not possible to establish and implement the contractual relationship. Otherwise there will be no consequences for you.
In addition, we also process data from persons with whom there is no (direct) contractual relationship, insofar as this is necessary for the initiation or execution of contracts. This is how we can process your data if you are a representative, contact person or employee of a company that is our customer or other business partner. In this case, the legal basis is our legitimate interest in initiating or implementing the respective contractual relationship (Article 6 (1) (f) GDPR).
XVII. Remote Support Services
If you use our remote support services, we process your personal data in order to provide your employer or client with the relevant contractually agreed services. The legal basis for the processing is Art. 6 Para. 1 Letter f GDPR. Our legitimate interest is the fulfillment of contractual obligations to provide digital maintenance services to your employer or client.
We use the “Help Lightning” software from the US provider of the same name to provide remote support services. It cannot be ruled out that your personal data (name, e-mail address, video and audio recordings) will be transferred to the USA. The level of data protection in the USA does not correspond to the European data protection standard. For example, it is conceivable that US authorities may access your personal data. However, Help Lightning is contractually obliged to ProMinent with the EU standard contractual clauses to ensure data protection-compliant processing.
XVIII. Supplier Management (SAP Ariba)
To optimize our supplier network and the supplier approval process, we use the SAP Ariba supplier network (Supplier Lifecycle and Performance) SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Baden, and use SAP Ariba as the processor. SAP Ariba is a web-based cloud platform. We use SAP Ariba to design our purchasing processes efficiently and digitally. The legal basis for its use is therefore Art. 6 Para. 1 Letter f GDPR. All you need to log in to SAP Ariba is a working internet connection. You will receive an e-mail from us with the invitation to use and a registration e-mail from SAP Ariba. If you are already using SAP Ariba, you can link directly to ProMinent within your account, otherwise you will need to create a SAP Ariba account. The following personal data is processed when using the SAP Ariba supplier network: Name, contact details, authorization data (data required for access to SAP Ariba), contract, payment and billing data and all other information that you have in SAP -Enter Ariba and contain personal information.
XIX. Ordinary contact in the course of business operations (e.g. trade fairs)
This paragraph describes those circumstances that result in the processing of personal data that are customary in normal business operations and in which a notice in accordance with Art. 13 and Art. 14 GDPR cannot usually be given.
These are primarily cases such as the exchange of contact details at trade fairs, events, business lunches or other official activities, e.g. by exchanging business cards or the initial contact by ProMinent or by you with business content. ProMinent collects the following categories of personal data when you or we contact you: contact data such as your name, address, email or telephone number, data about your company such as address, email, business area, job description, title, data about your input/enquiry , such as content, time of request and means of communication. This data is processed for storage in our contact databases as part of business activities, such as e-mail programs, telephone books, files or our CRM system for the purpose of re-establishing contact and/or processing your request and further processing.
Your data is processed on the basis of Art. 6 (1) (f) GDPR and is in our legitimate interest in contacting you to initiate a business relationship, re-establishing contact and/or processing your request and further processing.
XX. Visitor process in our premises
As a visitor to our company, you must register upon arrival at the reception desk on our factory premises. Your name, company and contact person at ProMinent will be noted there and you will be given a visitor pass, which you must wear during your visit to our premises. The processing of your data as part of this visitor process takes place in our legitimate interest in securing our buildings and production facilities against unauthorized access, so that third parties cannot enter business premises unnoticed or unaccompanied and gain access to personal data or confidential information (Art. 6 Para. 1 lit . f GDPR).
XXI. Whistleblowing Reports
As part of the processing of a whistleblowing report, personal data about the person named in a report, the person submitting the report (if it is not submitted anonymously), and about third parties involved may be collected in order to investigate the reported (potential) misconduct investigate. This processing is carried out for the purpose of implementing the legal obligation to operate a whistleblower system and also the legitimate interest of the person responsible for processing to avoid reputational risks and promote integrity (Art. 6 Para. 1 lit. c and f GDPR). If you have any questions about the balancing of interests, you can contact the contact specified in Section II at any time.
The descriptions and facts provided as part of this processing are reserved exclusively for the competent and authorized persons who treat this information confidentially. The recipient of personal data is WhistleB Whistleblowing Center AB, World Trade Centre, Klarabergsviadukten 70, SE-107 24 Stockholm, Sweden (WhistleB) as processor for hosting and providing the whistleblowing application, including the processing of encrypted data, such as e.g. B. Whistleblowing Reports. WhistleB cannot decrypt or read messages. The data is stored within the EU.
XXII. Data recipient/data transfer to third countries
First of all, only our employees who are involved in technical, commercial or editorial support receive knowledge of your personal data.
In addition, we use external service providers within the scope of the data processing explained above or, if necessary, commission them with corresponding services. Insofar as service providers receive your personal data as processors, they are strictly bound by our instructions when handling your personal data. In particular, we shared personal data with the following categories of service providers:
- IT service providers, e.g. as part of the administration and hosting of our website or for website analysis/measurement; Supplier management, whistleblowing reports
- IT service and infrastructure,
- IT support and maintenance, including remote support;
- Companies that are affiliated with us pursuant to Art. 15 et seq. AktG and with whom we cooperate in order to provide services, as well as sales partners;
- If you have given your consent, we will pass on your personal data to the recipients named in the consent.
- Service provider to support application and personnel management
In the context of the use of the third-party tools shown, your personal data will be transmitted to the USA if you have consented to the use of the respective cookies. This takes place in shortened / masked form when using Google Analytics. The respective data transfer is based on standard contractual clauses issued by the European Commission and concluded by us with the respective service/third-party providers as well as on the consent granted by you pursuant to Art. 49 (1) p. 1 lit. a) GDPR. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations as defined in Art. 4 No. 26 GDPR.
XXIII. Data subject rights
You have the following rights in relation to personal data relating to you:
- pursuant to Art. 7 Para. 3 GDPR, to revoke the consent you have given to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future. However, even after a revocation and the deletion of the personal data (e.g. from the newsletter database), we must be able to prove the consent. The legal basis for the (also continued) storage of the consent is Article 6 Paragraph 1 lit. c i. In conjunction with Article 5 Paragraph 1 Letter a, Paragraph 2, Article 7 Paragraph 1 GDPR and Article 6 Paragraph 1 Letter f GDPR. It must be possible to provide evidence of consent both to the supervisory authority and to the person concerned within the standard periods of limitation for fines and civil law for claims (3 years, Section 31 (2) No. 1 OWiG and Section 195 BGB);
- in accordance with Art. 15 GDPR, the right to information;
- according to Art. 16 and 17 GDPR right to correction or deletion;
- according to Art. 18 GDPR, the right to restriction of processing;
- according to Art. 20 GDPR, the right to data portability;
- pursuant to Art. 77 GDPR, the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Königstraße 10a, 70173 Stuttgart.
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR. If you wish to exercise your right to object, please contact our data protection officer using the contact details provided in section II. or send an email to firstname.lastname@example.org
XXV. No automated decision-making (including profiling)
We do not use your personal data for automated decision-making (including profiling) within the meaning of Art. 22 (1) and (4) GDPR.
Status: July 2022