1. Introduction

n operating our website www.bontempo.de (hereinafter referred to as "website") we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). With our data protection information we want to inform you which personal data we collect from you, for which purposes and on which legal basis we use them and if necessary to whom we disclose them. Furthermore, we will explain to you which rights you are entitled to in order to protect and enforce your data protection.

2. Terms

Our data protection regulations contain technical terms that are new in the GDPR and the BDSG. For your better understanding we would like to explain these terms in simple words in advance:

• 2.1 Personal Data

  "Personal data" means all information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information relating to an identified person may,for example, be the name or the e-mail address. However, personal data also includes data for which the identity is not immediately apparent but which can be determined by combining one's own or third-party information and thus finding out who the person is. A person becomes identifiable, for example, by providing his or her address or bank details, date of birth or user name, IP address and/or location data. Relevant here is all information that in any way allows an inference to a person.
  
  

  2.2 Processing

  Art. 4 para. 2 GDPR defines "processing" as any operation involving personal data. This applies in particular to the collection, capture, administration, classification, recording, amendment, printing, making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.
  
  

3. Responsible

4. Processing Frame: Website

5. Provision of the Website and Server Log Files

• 5.1 Description of the processing

  Whenever you access the website, we automatically collect information that your browser sends to our server (so-called log files). These are the following data:
   
  • Your IP address
  • the website from which you have reached our website (so-called referrer)
  • the subpages you have accessed on our website
  • the date and time of your visit to our website
  • Status
   
  These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to the end device of a user. For this purpose, the user's IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files. ​

• 5.2 Purpose

  Processing is carried out to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.

• 5.3 Legal basis

  The processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 letter f GDPR). Our legitimate interest lies in the purpose stated in item 5. .2

• 5.4 Storage duration

  The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. The log files are deleted after 6 months.
  
  

6. Contact form and contact by e-Mail

• 6.1 Description of the processing

  We have provided a contact form on our website for contacting us. In this form you are asked to enter your e-mail address, your name, your telephone number and a message to us. When you click the "Send" button, the data will be transferred to us using SSL encryption (see item 10). The contact form can only be transmitted if you accept our privacy policy by clicking the corresponding checkbox. You can also contact us using the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

• 6.2 Purpose

  By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and answering your request.

• 6.3 Legal basis

  The processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 letter f GDPR). Our legitimate interest lies in the purpose stated in item 6. .2If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the purpose of contract fulfillment (Art. 6 para. 1 lit. b GDPR).

• 6.4 Storage duration

  The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is usually the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that your request has been finally clarified. If legal retention periods conflict with a deletion, a deletion will take place immediately after expiry of the legal retention period.
  
  

7. Cookies

• 7.1 Description of the processing

  Our website uses cookies. Cookies are small text files that are stored on the user's terminal device when a website is visited. Cookies contain information that enables the recognition of an end device and, if applicable, certain functions of a website. In most cases we only use so-called "session cookies". These are automatically deleted when you end your internet session and close the browser. Other cookies remain stored on your end device for a longer period of time. We use the following cookies on our website:

   

  • Cookie name: __RequestVerificationToken Purpose/function: Validation of Forms & Source Storage period: This cookie expires at the end of the browser session. 

  • Cookie name: MATOMO_SESSID Purpose/function: Matomo Session ID for tracking the session      Storage duration: This cookie expires at the end of the browser session. 

  • Cookie name: piwik_ignore Purpose/function: Matomo cookie opt-out on interaction Duration of storage: This cookie expires two years after it was stored.

  • Cookie name: mtm_consent Purpose/function: matomo opt-out used - status after interaction Storage period: This cookie expires 30 years after it was stored. 

• 7.2 Purpose

  We use cookies to make our website more user-friendly and to offer the functions described in section 7. .1.

• 7.3 Legal basis

  The processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 letter f GDPR). Our legitimate interest lies in the purpose stated in item 7.2. If you are asked by us for consent within the framework of a consent tool, the legal basis is Art. 6 para. 1 lit. a GDPR. Such consent is voluntary.

• 7.4 Storage period, revocation of consent

  Cookies are automatically deleted at the end of a session or when the specified storage period expires. Since cookies are stored on your terminal device, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent. If we obtain consent to use cookies via a cookie banner or a cookie content tool, you can revoke this consent at any time within the settings of the cookie banner or cookie content tool with effect for the future.
  
  

8. Matomo (formerly "PIWIK")

• 8.1 Description of the processing

  Our website uses "Matomo", a web analytics service provided by Innocraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is an open source software that we have installed on our server. Matomo does not use cookies for this purpose. The analysis of your use of our website is done by means of "device fingerprinting". The statistics created by Matomo record in particular how many users visit our website, from which country or place the access takes place, which sub-pages are visited and which links or search terms are used to reach our website. The information generated by "device fingerprinting" is transferred to our server and stored there. It is not passed on to third parties. Your IP address will not be linked to other data concerning you. The IP addresses are only recorded anonymously, so that an assignment is not possible (so-called IP-Masking).

• 8.2 Purpose

  The processing is done in order to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.

• 8.3 Legal basis

  You are asked by us for consent within the framework of a consent tool, the legal basis is Art. 6 para. 1 lit. a GDPR. Such consent is voluntary.

• 8.4 Storage period and right of objection

  If we obtain consent to use Matomo via the consent tool, such consent can be withdrawn by you at any time within the settings of the cookie banner or the cookie content tool with effect for the future. You can object to data processing by Matomo at any time by unchecking the following box to activate the opt-out plug-in:

The analysis data processed and stored with Matomo will be automatically deleted by us after one year. 

9. Processing of Applicant Data

• 9.1 Description of the processing

  We process the data you provide in connection with your application in order to check your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. This data includes general information about you (such as your name, address and contact details), information about your professional qualifications and schooling, information about further professional training, knowledge and skills, and other information you disclose to us in connection with your application. This is usually done by means of a letter of application, curriculum vitae, certificates, correspondence, telephone or oral information from you.
  We would like to evaluate all applicants only on the basis of their qualifications and therefore ask you to refrain, if possible, from including in your application the information "special categories of personal data" according to Art. 9 of the Basic Data Protection Regulation (e.g. a photo that indicates ethnic origin, information on severe disability, etc.). If your application contains such information, please send us a corresponding declaration of consent, otherwise your application cannot be considered.
  If your application is successful, we will transfer your data to your personnel file and use it to carry out and terminate your employment.
  If we are currently unable to offer you employment, we will continue to process your data even after the rejection has been sent in order to defend ourselves against possible legal claims, in particular because of an alleged disadvantage in the application process.
  If you are not selected for the vacant position, we will transfer your data to our pool of applicants - provided we have your consent.

• 9.2 Purpose

  The processing is carried out to carry out the application procedure, to decide on the establishment of an employment relationship with us and to document compliance with legal regulations in the application procedure.

• 9.3 Legal basis

  The data processing in connection with the application procedure has its legal basis in § 26 para. 1 sentence 1 BDSG and Art. 6 para. 1 para. 1 lit. b GDPR. If your application is successful, further data processing will be carried out in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with Art. 88 para. 1 GDPR in conjunction with Art. 26 para. 1 BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing will be carried out on the basis of Art. 6 para. 1 para. 1 lit. a GDPR. The legal basis for data processing after a refusal is otherwise Art. 6 para. 1 para. 1 lit. f GDPR. Our

• 9.4 Storage duration

  If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection. If we transfer your data to our pool of applicants after the application procedure has been completed, we will delete it from the pool of applicants if an employment relationship is established at a later date or otherwise two years after the application has been accepted.

• 9.5 Recipients of your data, transfer of data to third parties and transfer to third countries

  Your applicant data will be reviewed by the personnel department after receipt of your application. Suitable applications are then forwarded internally to the departmental managers responsible for the respective open position. The further procedure is then coordinated. Within the company, access to your data is only granted to those persons who need it for the proper processing of our application procedure. The data will not be transferred to third parties. Likewise, no data will be transferred to third countries, nor is such a transfer planned.
  
  

10. Security measures

To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure-Sockets-Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize the active SSL or TLS encryption by a small lock logo displayed on the far left of the browser's address bar.

11. Betroffenenrechte

Im Hinblick auf die oben beschriebene Datenverarbeitung durch unser Unternehmen stehen Ihnen die folgenden Betroffenenrechte zu:

• 11.1 Auskunft (Art. 15 DSGVO)

  Sie haben das Recht, von uns eine Bestätigung darüber zu verlangen, ob wir Sie betreffende personenbezogene Daten verarbeiten. Ist dies der Fall, steht Ihnen unter den in Art. 15 DSGVO genannten Voraussetzungen ein Recht auf Auskunft über diese personenbezogenen Daten und auf die in Art. 15 DSGVO aufgeführten weiteren Informationen zu.
  
  

• 11.2 Berichtigung (Art. 16 DSGVO)

  Sie haben das Recht, von uns unverzüglich die Berichtigung Sie betreffender unrichtiger personenbezogener Daten und ggf. die Vervollständigung unvollständiger personenbezogener Daten zu verlangen.
  
  

• 11.3 Deletion (Art. 17 DSGVO)

  You have the right to demand that we erase any personal data relating to you immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes we pursue.
  
  

• 11.4 Restriction of data processing (Art. 18 DSGVO)

  You have the right to ask us to limit the processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, the data processing will be limited for the time necessary to allow us to verify the accuracy of your data.
  
  

• 11.5 Data portability (Art. 20 DSGVO)

  You have the right, subject to the conditions set out in Art. 20 GDPR, to demand the surrender of the data concerning you in a structured, common and machine-readable format.
  
  

• 11.6 Withdrawal of consent (Art. 7 Abs. 3 DSGVO)

  You have the right to withdraw your consent at any time in the event of processing based on consent. The withdrawal is valid from the time of its assertion. In other words, it is effective for the future. In other words, the withdrawal of consent does not make the processing unlawful with retroactive effect.
  
  

• 11.7 Complaints (Art. 77 DSGVO)

  If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to complain to a supervisory authority. You can exercise this right before a supervisory authority in the EU Member State in which you are resident, in your place of work or in the place where the suspected breach occurs.
  
  

• 11.8 Restraint on automated decisions/profiling (Art. 22 DSGVO)

  Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making, including profiling, with respect to your personal data.
  
  

• 11.9 Objection (Art. 21 DSGVO)

  If we process your personal data on the basis of Art. 6 Para. 1 letter f GDPR (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. Following an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms. Nor do we have to stop processing if it serves to assert, exercise or defend legal claims. In any case - also irrespective of any special situation - you have the right to object at any time to the processing of your personal data for direct marketing purposes.

[Status: November 2020]