A. General information

Controller
The controller under the terms of the General Data Protection Regulation (GDPR) is:

Herrenpfad Süd 36
41334 Nettetal
Germany

Telefon: +49 (0) 2157 / 89 69 -0 
Telefax: +49 (0) 2157 89 69-69

E-Mail: sales@essentracomponents.de
Website: www.essentracomponents.de
Managing directors: Scott Fawcett, Aamir Moiuddin

(hereinafter referred to as Essentra).

Data protection officer

You can contact our data protection officer using the following contact details:

datenschutz@hjp.de
Telefon: 06841 9816 0
Telefax: 06841 9816 29

You are welcome to contact our data protection officer if you have any queries relating to the processing of your personal data or the exercising of your rights as the data subject in accordance with the GDPR.

B. Processing operations

Website

Type and extent of the processed data

In principle, usage data (for example, visited websites, access times) and communication data (for example, browser information, IP addresses) are processed.

Browser and server data

Please note that your browser transfers information to us when you are simply using the website. The purpose of this transfer is to make it technically possible for you to visit the website. The data are required to process the request for information. The type of information transferred also depends on your chosen settings and default settings. On accessing our website, the following data may therefore be collected:

• IP address  

• time of access

• page selected or name of the accessed file (URL)

• status information (e.g. error codes)

• transferred data volume

• browser information (web browser, operating system, language setting used, etc.)

The data are used for statistical and security-related purposes. They are not transferred to third parties. This website, itself, does not use any techniques intended to analyse the access behaviour of individual users. Personal usage profiles are not created. Data are stored for the stated purposes for a maximum of 7 days.

Cookies

When using this website, cookies are stored on your computer. The legal basis for usage is section 15, paragraph 1 of the German Teleservices Act and section 15, paragraph 3 of the German Teleservices Act, in compliance with Article 6(1)(f) of the GDPR. Cookies are small text files stored on your hard drive by the browser you use and through which the site that sets the cookie obtains specific information. Cookies are a technical means of ensuring the website works properly and improving the user experience. For example, they are used to enable information to be stored across several pages.

Cookie name/provider Used for:
Essentra

storage of country and language preferences

Essentra

storage of data about items in the shopping basket

Essentra

highlighting relevant products based on previous search history

Google

search engine advertising and remarketing

Google

website usage pattern and user feedback

Hotjar

website usage pattern and user feedback

Tealium

tag management system

 

We use cookies for the following purposes:

• storage of user settings.

We use the following types of cookies:

• transient cookies (temporary use)

• persistent cookies (used for a limited time).

The latter may be used by third-party providers The cookies serve our interests by making our website user-friendly and improving it.

Transient cookies are automatically deleted when you close the browser. Persistent cookies are automatically deleted after a set time, which may differ depending on the cookie. The deletion times are in accordance with the respective third-party provider's specifications.

You can delete the cookies in your browser's security settings at any time. In addition, you can set your browser to reject all or just specific cookies. However, please note that website features may be limited in this case. We store the cookie-related information separately from any other data provided to us. These data are expressly not linked to your other data.

Categories of data subject

The data subjects whose data are processed by our website are the visitors to the website.

Purpose of processing

• To have an online presence

• To give users the opportunity to interact

• Security measures

Storage period

The criteria for the storage period for personal data is the respective statutory retention period and the purpose of the processing. At the end of the period, the relevant data are routinely deleted, provided they are no longer required for the purpose of processing.

The specific storage periods will be stated in this Policy with respect to each of the specific data processing operations.

Lawful basis

The GDPR considers there are several lawful reasons under which processing is permitted: firstly, Article 6(1)(a) of the GDPR provides the basis for processing operations where your consent is obtained for the processing operation. For such processing operations required to take steps prior to entering into a contract, for example in the case of enquiries about our services, processing is based on Article 6(1)(b) of the GDPR. In the case of compliance with tax obligations, processing is based on Article 6(1)(c) of the GDPR. In the case of this website, data processing is mainly based on Article 6(1)(f) of the GDPR. This lawful reason applies when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

The specific interests are expressed at the place of the processing operation.

Technical security measures

We put in place the latest technical and organisational measures to guarantee data security, particularly for the protection of your personal data from risks during data transfers and from third-party access. These measures are updated accordingly.

Third-party service providers

If we allow third parties to be involved in processing, this is exclusively on the basis of a statutory permissive rule and in compliance with statutory provisions. This permissive rule may be in the form of your consent, a legal obligation or our legitimate interests.

Hosting

Any hosting services we may use serve to provide the following services: infrastructure and platform services, software tools, computing capacity, storage space and the maintenance services we require to operate this website.

The hosting company processes usage data on the basis of our legitimate interest in providing this website effectively and securely in accordance with Article 6(1)(f) of the GDPR.

Links to other websites

Our website contains links to third-party websites. This Privacy Policy only applies to the content of our website and does not cover third-party websites with links on our website. We do not have any influence over the lawfulness of the content of these websites or their handling of personal data. In the case of queries about such third-party providers' content or data protection, please contact the provider concerned.

Plugins

Hotjar

This website uses the Hotjar web analysis service provided by Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta. Hotjar helps us to give website visitors a better user experience and a better service, helps to diagnose technical problems, and analyses user trends. To do this, movements on the website are tracked and visualised with so-called heat maps. This shows how far users scroll down, which buttons are pressed and how often they are pressed by users. When visiting a Hotjar-based website, you can prevent your data from being collected by Hotjar at any time by going to the opt-out page https://www.hotjar.com/legal/compliance/opt-out/ and clicking on deactivate Hotjar. The legal basis for data processing is Article 6(1)(a)(f) of the GDPR. You can see the Privacy Policy of Hotjar Ltd. at: https://www.hotjar.com/legal/policies/privacy/

Mpulse

This website uses mPulse from Akamai Technologies GmbH, Parkring 20 - 22 D-85748, Garching to monitor and improve the speed and availability of our website. The legal basis for data processing is Article 6(1)(a)(f) of the GDPR. mpulse is a real user monitoring (RUM) service, which passively collects performance data directly via the browser of the website visitor whenever the website visitor accesses a website or web service. It generates a report based on the user experience when visitors visit a website. The reports inform DevOps about a website's performance based on the environment variables of the website visitor, such as location, device, operating system and browser. Real user monitoring is particularly useful in the early detection of problems that may occur after website modifications or upgrades. Your personal data, such as your IP address for geolocation, are abbreviated and thereby anonymised immediately after collection. A cookie measures the website's response time. To do this, anonymised data are transferred to the tool provider. You can find further information and Akamai's privacy policy at: https://www.akamai.com/de/de/about/compliance/data-protection-at-akamai.jsp.

Bing

Bing places adverts from the manufacturer Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA on the website. This is for the purpose of targeting adverts at users' interests. The legal basis for data processing is Article 6(1)(a)(f) of the GDPR. The legitimate interest exists in ensuring the error-free functioning of the website, its constant improvement and optimisation as well as the economically efficient operation of our website. Usage is solely for the purpose in line with our interests. You can find further information about the handling of transferred data in Microsoft's aforementioned privacy policy. An option to control how your data are processed by the provider is available at: https://choice.microsoft.com/de-DE/opt-out. During processing, the transfer of data to other servers, possibly in the U.S., cannot be ruled out. In this respect, Microsoft is certified under the Privacy Shield Agreement and hereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK). You can find further information on data protection and the cookies used by Microsoft and Bing Ads on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement.

Tiycdn

The website uses the tag management tool from Tealium c/o Mindspace, Viktualienmarkt 8, 80331 Munich. You can find further information about the handling of transferred data in Tealium's aforementioned privacy policy at: https://tealium.com/privacy/. The legal basis for data processing is Article 6(1)(a)(f) of the GDPR.

Lead Forensics

This website processes data using software from the firm Lead Forensics, 4 Old Park Lane, Mayfair, London W1K 1QW. Lead Forensics determines the actual history of your visit to this website, including all the pages you visited and viewed and how long you spent on these pages. If IP addresses are collected, they are anonymised immediately after collection. On behalf of the operator of this website, Lead Forensics will use the collected information to analyse your visit to the website, to compile reports about website activities and to provide further services associated with website use and internet use to the operator of the website. You can find further information about data protection at https://www.leadforensics.com/ccpa/ and https://www.leadforensics.com/official-announcement-lead-forensics-gdpr-compliant/. Insofar as we process personal data, we do this on the basis of our legitimate interests to make our website better. The legal basis for data processing is Article 6(1)(a)(f) of the GDPR. You can opt out of any future data processing by Lead Forensics at any time by clicking this link [OPT OUT LINK].

Google Maps

We include "Google Maps" online maps and navigation service from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The service's privacy policy is available at: https://policies.google.com/privacy. An option to control how your data are processed by the provider is available at: https://adssettings.google.com/authenticated. This service provides a better and clear presentation of our geographical location and makes it easier for our visitors to find us. In so doing, the possibility of data also being transferred to other Google servers cannot be ruled out. Google LLC is certified under the Privacy Shield Agreement and hereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

Google Ads

We use an advertising system provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The service's privacy policy is available at: https://policies.google.com/privacy. Advertisers can place adverts via Google Ads on the basis of keywords. This serves the purpose of targeting adverts at users' interests. The legal basis for data processing is Article 6(1)(a)(f) of the GDPR. The legitimate interest exists in ensuring the error-free functioning of the website, its constant improvement and optimisation as well as the economically efficient operation of our website.Usage is solely for the purpose in line with our interests. You can find further information about the handling of transferred data in Google's aforementioned privacy policy. An option to control how your data are processed by the provider is available at: https://adssettings.google.com/authenticated. During processing, the transfer of data to other servers, possibly in the U.S., cannot be ruled out. Google LLC is certified under the Privacy Shield Agreement and hereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

Google Analytics (based on consent)

On the basis of permission granted by your consent, primarily via our consent banner (Article 6(1)(a) of the GDPR), we use Google Analytics, an analysis service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, for the purpose of constant improvement and optimisation as well as economically efficient operation. Usage is solely for the purpose in line with our interests. Google Analytics uses so-called cookies, which are text files that are stored on your computer to facilitate an analysis of your website usage. The information generated by the cookie about your website usage may also be transferred to, and stored on, a Google server in the U.S. In the event of IP anonymisation activation on this website, your IP address will first be abbreviated by Google in European Union member states or in other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the U.S. and abbreviated there. On behalf of the operator of this website, Google will use this information to analyse your website usage, to compile reports about website activities and to provide further services associated with website use and internet use to the operator of the website.

The IP address transferred from your browser by Google Analytics will not be combined with other data from Google.

You can prevent the storage of cookies by means of an appropriate setting in your browser software; however, please note that, in this case, you may not be able to fully use all features of this website. You can also prevent the collection and transfer of data generated by the cookie about your website usage (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the "_anonymizeIp()" add-on. This enables IP addresses to be processed in abbreviated form, thereby preventing them from being linked to a particular person. Consequently, insofar as the data collected about you contains a personal reference, this will immediately be excluded and deleted.

We use Google Analytics to be able to analyse use of our website and to regularly improve it. The statistics obtained enable us to improve our service and to make it more interesting for you as a user. In exceptional cases where personal data are transferred to the U.S., Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Google LLC is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

Third-party provider's information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.

This website also uses Google Analytics for a cross-device analysis of visitor streams by means of a user-ID. You can deactivate the cross-device analysis of your usage in your customer account.

A large number of websites use Google Analytics as described above. You can permanently prevent the collection of data by installing a plug-in on your browser: http://tools.google.com/dlpage/gaoptout?hl=de. You can also prevent cookies from being stored by changing your basic browser settings. You also have the option to deactivate Google Analytics for your visit to our website by opting out:

INSERT OPT-OUT

YouTube

We use the option on the "YouTube" platform of the provider Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The service's privacy policy is available at: https://policies.google.com/privacy. An option to control how your data are processed by the provider is available at: https://adssettings.google.com/authenticated. During processing, the transfer of data to other Google servers cannot be ruled out. Google LLC is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

Google Tag Manager

We use the so-called Tag Manager provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The service's privacy policy is available at: https://policies.google.com/privacy. An option to control how your data are processed by the provider is available at: https://adssettings.google.com/authenticated. The tags set up using Google Tag Manger record data, which are transferred to the destination system. As the data are only passed on, the system does not collect or store the collected data itself. According to the provider, Google Tag Manager is a cookie-free domain and cannot therefore collect any personal data in this way.

External payment service provider

We use external payment service providers to process payments for our products, and their platforms enable users and us to complete payment transactions:

  • Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
  • Klarna (https://www.klarna.com/de/datenschutz/)
  • Visa (https://www.visa.de/datenschutz)
  • Mastercard (https://www.mastercard.de/de-de/datenschutz.html)
  • American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html).

In the performance of contracts, we use payment service providers on the basis of Article 6(1) (a)(b) of the GDPR. We also use external payment service providers on the basis of our legitimate interests under Article 6(1)(b) of the GDPR to offer our users effective and secure methods of payment. The data processed by the payment service providers include inventory data, e.g. name and address, bank details, e.g. account numbers or credit card numbers, passwords, TANs and checksums as well as contract amounts and recipient details. The details are required to complete the transactions. The data entered are, however, only processed and stored by the payment service provider. Therefore, we never receive any information relating to accounts or credit cards, only information to confirm whether or not payment has been made. In certain circumstances, the data are transferred from the payment service provider to credit reference agencies. This transfer is for the purpose of checking identity and credit ratings. Please also take note of the data protection regulations and general terms and conditions of the individual payment service providers, which are available on the respective websites.

Credit report

Please note that, in connection with our services, we also use the services of credit reference agencies to check credit ratings. In this respect, please note the relevant provisions in our general terms and conditions.

DoubleClick

We use the DoubleClick service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google's privacy policy is available at: https://policies.google.com/privacy. DoubleClick is also used to place adverts when you visit our website and serves to make money from the website. DoubleClick uses information (but not personal data such as your name or email address) about visits to this and other websites in order to place adverts for products and services which are, or could be, of interest to you. You can find out more information about DoubleClick and what options you have to prevent DoubleClick from using this information here: http://www.google.de/policies/technologies/ads/.

Social plug-ins – links

Our website contains links to our products and services on social media sites. The display of these links does not transfer any data to the platforms. If you want to visit one of these sites, please note that you then leave the area covered by this privacy policy in terms of platform operation.

Contact form

You can use the contact form to send a message to our specialist departments. It is primarily intended to be used by interested parties to contact us about our products and services. Please note that your message cannot initially be allocated to a specific recipient, but will be distributed by the designated point of contact to the contact in our company. If you want to send your query directly to a specific contact, without informing other people, please make your enquiry by phone or post, naming the specific contact.

Only your email address is required for the contact form to be sent. The provision of further separately marked details is voluntary and is used to be able to contact you personally. If you do not want to state a name, you can also state a pseudonym.

We delete enquiries when they are no longer required and there is no further statutory obligation to store them. We regularly check requirements; statutory storage obligations also apply, which may arise from tax law or commercial law in particular.

Using our online shop

If you would like to place an order in our online shop, you are required to provide your personal details to conclude a contract, because we need them to process your order. Compulsory details required to perform contracts are marked separately, other details are voluntary. We process the data you provide in order to complete your order. To do this, we may forward your payment details to our company's bank. The legal basis for this is Article 6(1)(1)(b) of the GDPR.

You are free to or must, if applicable, create a customer account, enabling us to store your data for subsequent purchases. On creation of an account under "My Account", the details provided by you are stored on a revocable basis. All further data, including your user account, can be deleted at any time in the log-in section.

We can also process the data provided by you in order to inform you about other interesting products in our range or to send you emails containing technical information.

Due to commercial and tax regulations, we are obliged to store your address, payment and order details for a period of ten years. However, after two years, we restrict processing, i.e. your data are only used to comply with statutory obligations.

To prevent unauthorised third-party access to your personal data, especially financial data, the order process is encrypted using TLS technology.

Applications

Purposes of, and legal basis for, the processing of your application details

We process your personal data for the purpose of your job application, insofar as this is necessary for us to decide whether to enter into a contract of employment. The relevant legal basis is section 26, paragraph 1 in association with paragraph 8, sentence 2 of the German Federal Data Protection Act, insofar as ESSENTRA processes your personal data for the purpose of your job application where this is necessary for us to decide whether to enter into a contract of employment. Furthermore, ESSENTRA can process your personal data if this is necessary to defend ourselves against legal action resulting from the application process. In this respect, the legal basis is Article 6(1)(f) of the GDPR. The legitimate interest arises from the procedural steps associated with the purpose and is, for example, a burden of proof in proceedings in accordance with the German General Act on Equal Treatment. If an employment contract is established between you and ESSENTRA, ESSENTRA is entitled under section 26, paragraph 1 of the German Data Protection Act, to process personal data already provided by you for the purposes of the employment contract if this is necessary for performing or terminating the employment contract or to exercise or satisfy rights and obligations of employee representation laid down by law or a wage agreement, works agreement or collective agreement.

Processed categories of personal data

ESSENTRA processes your personal data associated with your application. This may be general data about you (such as name, address and contact details), information about your professional qualifications and education or information about professional development or other details you have provided to ESSENTRA in connection with your application. Furthermore, ESSENTRA can, in individual cases, process career-related information disclosed by you, for example a profile on professional networking sites.

Please do not give ESSENTRA any information not associated with the application. In particular, we would like to ask you not to provide information revealing racial or ethnic origins, political opinions, religious or philosophical beliefs or union membership or any genetic data or biometric data clearly identifying a natural person, health data or data relating to sex life or sexual orientation.

Sources of processed data

As a rule, data are collected directly from you. This is done by sending your application documents to ESSENTRA. In individual cases, career-related information you have disclosed can also be processed, for example information available from a profile on professional networking sites. This applies in particular when, as part of your application process, you disclose a profile on a social media platform or contact us via such a profile or method of communication to apply for a job.

Categories of recipients

ESSENTRA can transfer your personal data to affiliated companies in accordance with Article 4(19) of the GDPR, provided this is permitted in terms of the aforementioned purposes and legal basis. Furthermore, personal data are processed on our behalf on the basis of contracts under Article 28 of the GDPR, in particular by host providers or providers of applicant management systems.

Within the ESSENTRA organisation, your data will be transferred to the HR department and the departments responsible for making the decision. The latter are in particular decision-makers in the department where the job you have applied for is based.

Erasure of your data

ESSENTRA stores your personal data for as long as this is necessary for the decision to be made about your application. If an employment contract does not come into being between you and ESSENTRA, ESSENTRA can continue to store data if this is necessary to defend itself against possible legal claims. In this case, the application documents will be deleted six months after notification of the decision to reject the application, provided there is no requirement for a longer storage period due to legal disputes.

The only time this does not apply is if you have said you would like to be included in ESSENTRA's pool of applicants. The applications stored in the pool of applicants may be consulted later for subsequent job vacancies suited to the applicant's profile. However, personal data in the pool of applicants will also be deleted after no more than three years. At the end of this period, you must resend your details to ESSENTRA to be considered in future application processes.

Need for the provision of personal data

The provision of personal data is not prescribed by law or contract, nor are you obliged to provide personal data. However, personal data must be provided in order to enter into an employment contract with us. This means that, if you do not provide any personal data with an application, we will not enter into an employment contract with you.

Customers

Purposes of, and legal basis for, the processing of your data

We process personal data within the scope of customer relationships if this is necessary to enter into, perform or prepare for a contract. The relevant legal basis is Article 6(1)(a) of the GDPR, insofar as ESSENTRA carries out processing operations, for which it obtains consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as for example in the case of processing operations required for a goods delivery or to provide another service or service in return, processing is based on Article 6(1)(b) of the GDPR. This also applies to such processing operations necessary to take pre-contractual measures, for example in the case of enquiries from customers or interested parties about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, for example to comply with tax obligations, processing is based on Article 6(1)(c) of the GDPR. In addition, processing operations may be permitted on the basis of Article 6(1)(f) of the GDPR. This is possible in processing operations where processing is necessary for the legitimate interests of ESSENTRA or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

When we are contacted (e.g. by contact form, email, phone or social media), the user's details are processed to deal with the enquiry and its processing in accordance with Article 6(1)(b) of the GDPR. The user's details may be stored in a customer relationship management system ("CRM system") or a comparable communication set-up.

Processed categories of personal data

ESSENTRA processes your personal data associated with the contractual relationship. This also applies to data from interested parties who are informed about possible services by ESSENTRA. The categories of personal data may concern general information (for example name, address and contact details), communication relating to the contract or about the contract history to date.

Sources of processed data

As a rule, data are collected directly from you. For example, this may occur when you give us your business card or your name and contact details. Indirect collection occurs in cases where we are given the personal data by customers or third parties. This is the case, for example, if one of our customer company's contacts is named by the customer company. In individual cases, career-related information you have made publicly available can also be processed, for example information available from a profile on professional networking sites or the company website.

Categories of recipients

ESSENTRA can transfer your personal data to affiliated companies in accordance with Article 4(19) of the GDPR, provided this is permitted in terms of the aforementioned purposes and legal basis. Furthermore, personal data are processed on our behalf on the basis of contracts under Article 28 of the GDPR, in particular by host providers or providers of CRM systems.

Within the ESSENTRA organisation, your data will be transferred to the sales department and to departments responsible for processing the contractual relationship.

Transfer to a third country

Transfer to a third country is not planned.

Need for the provision of personal data

The provision of personal data is not prescribed by law or contract, nor are you obliged to provide personal data. However, personal data must be provided in order to enter into a contract with us. This means that, if you do not provide any personal data, we will not enter into a contract with you. If a contract has not yet been signed, we adhere to the principle of collecting as little data as possible. Nonetheless, a minimum amount of contact details is required in order to be able to send you the required information about our products and services and to be able to provide our services.

C. Rights of the data subject, requirement to provide information and decision-making

You have the right at any time, without stating any reasons, to receive information free-of-charge about what data we have stored relating to you, as well as about the origin, recipient or categories of recipient to whom these data are transferred and the storage purpose. You can at any time rectify, erase or restrict processing of the data we have collected from you and you can exercise your right to data portability. You also have the option to object.

Information: you have the right to obtain information about your personal data processed by us at Essentra, as well as the right to request access to your personal data and/or copies of this data. This includes information about intended use, the category of used data, recipients and persons with authorised access and, if possible, the planned period of data storage or, if this is not possible, the criteria to establish this period.

Rectification, erasure or restriction of processing: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to object: insofar as the processing of personal data concerning you is based on Article 6(1)(f) of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of these data. We shall then no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Withdrawal of consent: if the processing is based on consent, you have the right to withdraw your consent at any time, without this affecting the lawfulness of processing based on consent before its withdrawal. You can contact us or our data protection officer about this at any time using the aforementioned details.

Right to erasure: you shall have the right to obtain from us the erasure of personal data concerning you without undue delay and we, as Essentra, shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You object to the processing and there are no overriding legitimate grounds for the processing.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject. This shall not apply to the extent that processing is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject.

Right to restriction of processing: you shall have the right to obtain from Essentra the restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or you have objected to processing pending the verification whether our legitimate grounds override yours.
  • Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing, we shall inform you before the restriction of processing is lifted.

Right to lodge a complaint: without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. You can also contact our data protection officer. You can contact them at:

datenschutz@hjp.de

Telephone: 06841 98160

Fax: 06841 981629

D. Data erasure

We store data only for as long as this is required by law, unless longer storage is necessary on the grounds of legal disputes or you have agreed to a longer data storage period. Please note the statements regarding storage of applicant details.

E. Technical and organisational measures

The data controller must ensure the secure processing of personal data, in particular in accordance with Article 5(1)(2) of the GDPR, especially to protect your personal data from risks of data transfer and third-party access. Overall, the measures to be taken concern data security measures and measures to guarantee a level of protection appropriate for the risk with regard to confidentiality, integrity, availability and capacity of the systems

In so doing, it is necessary to take into account the state of the art, the costs of implementation and the nature, scope, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons in terms of Article 32(1) of the GDPR. We take the latest technical and organisational measures to guarantee data security, particularly for the protection of your personal data from risks during data transfers and from third-party access. These measures are updated accordingly.

F. Terminology

Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or data controller

Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data within the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

Data concerning health

"Data concerning health" means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about the natural person's health status.

Transfer to a third country

G. No automated decision-making

There is no automated individual decision-making under the terms of Article 22 of the GDPR.

Please feel free to contact us at any time if you have any further questions about our information, data protection and the processing of your personal data. You can also find further information about the subject of data protection in the Federal Republic of Germany at www.bfd.bund.de.

H. Date of the Privacy Policy

08.05.2020