Data Protection Information
n operating our website www.bontempo.de (hereinafter referred to as "website") we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). With our data protection information we want to inform you which personal data we collect from you, for which purposes and on which legal basis we use them and if necessary to whom we disclose them. Furthermore, we will explain to you which rights you are entitled to in order to protect and enforce your data protection.
Our data protection regulations contain technical terms that are new in the GDPR and the BDSG. For your better understanding we would like to explain these terms in simple words in advance:
2.1 Personal Data
"Personal data" means all information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information relating to an identified person may,for example, be the name or the e-mail address. However, personal data also includes data for which the identity is not immediately apparent but which can be determined by combining one's own or third-party information and thus finding out who the person is. A person becomes identifiable, for example, by providing his or her address or bank details, date of birth or user name, IP address and/or location data. Relevant here is all information that in any way allows an inference to a person.
Art. 4 para. 2 GDPR defines "processing" as any operation involving personal data. This applies in particular to the collection, capture, administration, classification, recording, amendment, printing, making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.
4. Processing Frame: Website
5. Provision of the Website and Server Log Files
5.1 Description of the processingWhenever you access the website, we automatically collect information that your browser sends to our server (so-called log files). These are the following data:• Your IP address• the website from which you have reached our website (so-called referrer)• the subpages you have accessed on our website• the date and time of your visit to our website• StatusThese are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to the end device of a user. For this purpose, the user's IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.
Processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
5.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 letter f GDPR). Our legitimate interest lies in the purpose stated in item 5. .2
5.4 Storage duration
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. The log files are deleted after 6 months.
6. Contact form and contact by e-Mail
6.1 Description of the processing
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and answering your request.
6.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 letter f GDPR). Our legitimate interest lies in the purpose stated in item 6. .2If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the purpose of contract fulfillment (Art. 6 para. 1 lit. b GDPR).
6.4 Storage duration
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is usually the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that your request has been finally clarified. If legal retention periods conflict with a deletion, a deletion will take place immediately after expiry of the legal retention period.
7.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 letter f GDPR). Our legitimate interest lies in the purpose stated in item 7.2. If you are asked by us for consent within the framework of a consent tool, the legal basis is Art. 6 para. 1 lit. a GDPR. Such consent is voluntary.
7.4 Storage period, revocation of consent
8. Matomo (formerly "PIWIK")
8.1 Description of the processing
The processing is done in order to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.
8.3 Legal basis
You are asked by us for consent within the framework of a consent tool, the legal basis is Art. 6 para. 1 lit. a GDPR. Such consent is voluntary.
8.4 Storage period and right of objection
If we obtain consent to use Matomo via the consent tool, such consent can be withdrawn by you at any time within the settings of the cookie banner or the cookie content tool with effect for the future. You can object to data processing by Matomo at any time by unchecking the following box to activate the opt-out plug-in:
The analysis data processed and stored with Matomo will be automatically deleted by us after one year.
9. Processing of Applicant Data
9.1 Description of the processing
We process the data you provide in connection with your application in order to check your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. This data includes general information about you (such as your name, address and contact details), information about your professional qualifications and schooling, information about further professional training, knowledge and skills, and other information you disclose to us in connection with your application. This is usually done by means of a letter of application, curriculum vitae, certificates, correspondence, telephone or oral information from you.
We would like to evaluate all applicants only on the basis of their qualifications and therefore ask you to refrain, if possible, from including in your application the information "special categories of personal data" according to Art. 9 of the Basic Data Protection Regulation (e.g. a photo that indicates ethnic origin, information on severe disability, etc.). If your application contains such information, please send us a corresponding declaration of consent, otherwise your application cannot be considered.
If your application is successful, we will transfer your data to your personnel file and use it to carry out and terminate your employment.
If we are currently unable to offer you employment, we will continue to process your data even after the rejection has been sent in order to defend ourselves against possible legal claims, in particular because of an alleged disadvantage in the application process.
If you are not selected for the vacant position, we will transfer your data to our pool of applicants - provided we have your consent.
The processing is carried out to carry out the application procedure, to decide on the establishment of an employment relationship with us and to document compliance with legal regulations in the application procedure.
9.3 Legal basis
The data processing in connection with the application procedure has its legal basis in § 26 para. 1 sentence 1 BDSG and Art. 6 para. 1 para. 1 lit. b GDPR. If your application is successful, further data processing will be carried out in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with Art. 88 para. 1 GDPR in conjunction with Art. 26 para. 1 BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing will be carried out on the basis of Art. 6 para. 1 para. 1 lit. a GDPR. The legal basis for data processing after a refusal is otherwise Art. 6 para. 1 para. 1 lit. f GDPR. Our
9.4 Storage duration
If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection. If we transfer your data to our pool of applicants after the application procedure has been completed, we will delete it from the pool of applicants if an employment relationship is established at a later date or otherwise two years after the application has been accepted.
9.5 Recipients of your data, transfer of data to third parties and transfer to third countries
Your applicant data will be reviewed by the personnel department after receipt of your application. Suitable applications are then forwarded internally to the departmental managers responsible for the respective open position. The further procedure is then coordinated. Within the company, access to your data is only granted to those persons who need it for the proper processing of our application procedure. The data will not be transferred to third parties. Likewise, no data will be transferred to third countries, nor is such a transfer planned.
10. Security measures
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure-Sockets-Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize the active SSL or TLS encryption by a small lock logo displayed on the far left of the browser's address bar.
Im Hinblick auf die oben beschriebene Datenverarbeitung durch unser Unternehmen stehen Ihnen die folgenden Betroffenenrechte zu:
11.1 Auskunft (Art. 15 DSGVO)
Sie haben das Recht, von uns eine Bestätigung darüber zu verlangen, ob wir Sie betreffende personenbezogene Daten verarbeiten. Ist dies der Fall, steht Ihnen unter den in Art. 15 DSGVO genannten Voraussetzungen ein Recht auf Auskunft über diese personenbezogenen Daten und auf die in Art. 15 DSGVO aufgeführten weiteren Informationen zu.
11.2 Berichtigung (Art. 16 DSGVO)
Sie haben das Recht, von uns unverzüglich die Berichtigung Sie betreffender unrichtiger personenbezogener Daten und ggf. die Vervollständigung unvollständiger personenbezogener Daten zu verlangen.
11.3 Deletion (Art. 17 DSGVO)
You have the right to demand that we erase any personal data relating to you immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes we pursue.
11.4 Restriction of data processing (Art. 18 DSGVO)
You have the right to ask us to limit the processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, the data processing will be limited for the time necessary to allow us to verify the accuracy of your data.
11.5 Data portability (Art. 20 DSGVO)
You have the right, subject to the conditions set out in Art. 20 GDPR, to demand the surrender of the data concerning you in a structured, common and machine-readable format.
11.6 Withdrawal of consent (Art. 7 Abs. 3 DSGVO)
You have the right to withdraw your consent at any time in the event of processing based on consent. The withdrawal is valid from the time of its assertion. In other words, it is effective for the future. In other words, the withdrawal of consent does not make the processing unlawful with retroactive effect.
11.7 Complaints (Art. 77 DSGVO)
If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to complain to a supervisory authority. You can exercise this right before a supervisory authority in the EU Member State in which you are resident, in your place of work or in the place where the suspected breach occurs.
11.8 Restraint on automated decisions/profiling (Art. 22 DSGVO)Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making, including profiling, with respect to your personal data.
11.9 Objection (Art. 21 DSGVO)
If we process your personal data on the basis of Art. 6 Para. 1 letter f GDPR (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. Following an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms. Nor do we have to stop processing if it serves to assert, exercise or defend legal claims. In any case - also irrespective of any special situation - you have the right to object at any time to the processing of your personal data for direct marketing purposes.
[Status: November 2020]