Data Privacy Statement

Thank you for your interest in our company and our products and services. We want you to feel safe about your data when visiting our website. We take the protection of your data very seriously and strictly adhere to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

As part of our obligation to provide information, we want this Data Privacy Statement to be as transparent as possible and will explain the purposes for processing your data, the use of tracking/ analysis tools, cookies, social media and other third party services hereafter.

If you have any further questions regarding the handling of your personal data, please do not hesitate to contact us or our data protection officer (contact details see below).

 

1. Controller

the
APK AG
Beunaer Str. 2
06217 Merseburg

Phone: 03461 79457-0
Email:

is the controller in the sense of the EU General Data Protection Regulation (GDPR) who individually or jointly makes decisions on the purposes and means of the processing of personal data, hereafter referred to as “data.”

The person responsible for the editorial content of the blog contributions in accordance with Section 5 of the German Telemedia Act and Section 18, para. 2 of the German State Media Treaty is:

Florian Riedl
Press contact APK AG
Beunaer Straße 2
06217 Merseburg

Phone: +49 3461 79457-0
Email:

2. Definitions

In the following, we would like to inform you about the processing of your personal data when you visit our website and use our content and services.

“personal data” in the sense of the GDPR means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With regard to the other used data privacy terms, we refer to the definitions in Art. 4 GDPR.

3. Scope of the processing of personal data

FIn order to use our website, it is generally not necessary for you to provide data. In certain cases, however, we need your name and address and other information so that we can provide the desired services.

The same applies, for example, to the sending of information material and ordered goods or to the answering of individual questions. Where necessary, we will notify you accordingly. In addition, we only process data that you voluntarily provide to us and, if applicable, data that we automatically collect when you visit our website (e.g. IP address and the names of the pages you have accessed, the browser and operating system you are using, date and time of access, search engines used, names of downloaded files).

If you make use of our services, in general only data that we need to provide the services are collected. As far as we ask you for further data, the information is voluntary.

4. Purposes for the processing of personal data

We will process the data you provide in accordance with the principles of data economy and purpose limitation. The principle of purpose limitation states that data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is not considered to be incompatible with the initial purposes.

We only process your data to answer inquiries, handle your orders and provide access to certain information or offers to you. Maintaining customer relationships may also require us or a commissioned service provider to use this data to inform you about product offers or to conduct online surveys to fulfill the tasks and requirements set by our customers.

We will only process the data you provide online for the stated purposes. Your data will not be transferred to third parties without your express consent.

5. Disclosure of data to third parties

Your data will only be transmitted to third parties in exceptional cases,

  • to external service providers working for us (processors) if this is necessary for the purpose of executing the contract,
  • to state institutions and authorities if we are legally obliged to do so or
  • if you consent to this.

We conclude the relevant processing agreements with the processor based on Article 28 of the GDPR. The service companies commissioned by us are obliged by us to maintain confidentiality and to comply with the provisions of the GDPR and the BDSG. The transmitted data may only be used by our service providers to fulfill their task. Any other use of the information is not permitted and is not carried out by any of the service providers we entrust with.

A transmission and further processing of data to state institutions and authorities entitled to receive information only takes place within the framework of the relevant laws or if we are obliged to do so by a judicial decision.

In addition, we do not pass on any data to third parties unless you have given us your express consent.

Of course, we respect it if you do not want to give us your data to support our customer relationship (especially for direct marketing or for market research purposes). We will neither sell your data to third parties nor market it in any other way unless you have given us your consent.

6. Transfers of personal data to a third country

Insofar as it comes to the disclosure or transmission of data to third parties in a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), and data is further processed as part of the use of third-party services, this is only done based on your consent, a legal obligation, our legitimate interests or if it is necessary to fulfill our (pre) contractual obligations. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Article 44 and the following GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (e.g. standard contractual clauses for the transfer of personal data to processors established in third countries “Standard Contractual Clauses” (“SCC”))

7. Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, the consent according to point (a) of Article 6(1) of the GDPR is the legal basis for the processing of your data.

When processing personal data that is necessary to fulfill the requested service, we rely on point (b) of Article 6(1) of the GDPR serves as the legal basis.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, point (c) of Article 6(1) of the GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, point (f) of Article 6(1) of the GDPR is the legal basis for processing.

8. Deletion of data and duration of storage

We only store your data until the purpose is fulfilled and there are no other legal retention requirements (e.g. commercial law or tax retention obligations).

If you have given us your consent, we will store your data until you revoke your consent, if there is no other legal basis for the processing of your data and is not contrary to legal retention periods of extinction.

In addition, in individual cases, e.g. for evidence purposes, longer storage for defense / enforcement of civil or public law claims may be appropriate.

9. Data collected automatically when visiting our website

When using our website, the following data may be processed for technical and organizational reasons: The names of the pages you opened, your browser and operating system, time and date of access, search engines used or names of downloaded files and your IP address.

10. Cookies

When visiting our website, we may save information on your computer in form of a cookie. Cookies are small text files transmitted by a web server to your browser and saved on your computer’s hard disk.

Some cookies are deleted after the end of the browser session, so after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized the next time you visit our website (so-called persistent cookies). If cookies are set, they process individual user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

Except for your IP address, no personal user data will be saved. This information allows you to be automatically recognized during your next visit to our website and makes navigation easier. Cookies enable us to, e.g., adjust our website to your interests.

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Comfort cookies make it easier for you to use our websites. They enable a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in.

Statistics cookies collect anonymized data for statistics and analysis. They thus help to further improve the offer of our website and to optimize content.

You may also visit our website without the use of cookies. If you do not want us to recognize your computer, you may prevent cookies from being saved on your hard disk by setting your browser to “Disable cookies.” For detailed instructions, please see your browser’s help function. However, please note that disabling cookies may prevent you from fully using every function of our offers.

Cookies that are necessary for the technically error-free and optimized provision of our services (“technically necessary cookies”) are created based on our legitimate interest in accordance with point (f) of Article 6(1) of the GDPR saved. Technically not necessary cookies are only set after you have given your consent (based on the legal basis point (a) of Article 6(1) of the GDPR).

You can adjust the cookie-settings at any time using the following link and revoke your consent.

11. Google reCAPTCHA

Our website uses the service reCAPTCHA of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google“). This allows us to distinguish whether entries are made legitimately by humans or abusively by mechanical and automated processing. This service will transmit your IP address and, if applicable, other data required by reCAPTCHA to Google and takes place in establishing individual responsibility on the Internet and avoiding abuse and spam.

When using Google reCAPTCHA, personal data may also be transmitted to Google’s servers in the USA.

In the event that personal data is transferred to Google LLC., which is based in the USA, Google LLC has taken appropriate measures (such as concluding EU-SCC and additional measures) which ensure compliance with the level of data protection applicable in the EU.
Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

12. Video platforms

Our websites contain so-called embedding videos on YouTube. However, these only enable a connection to YouTube. YouTube is an offer from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA or, if the service is provided in the European Economic Area and Switzerland, by Google Ireland Limited, based in Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as “Google”).

In the event that personal data is transferred to Google LLC., which is based in the USA, Google LLC has taken appropriate measures (such as concluding Standard contractional clausel andadditional measures) which ensure compliance with the level of data protection applicable in the EU.

By integrating YouTube, we pursue the purpose of being able to present various videos on our website so that you can watch them directly on our website.

The legal basis for the processing of personal data described here is point (f) of Article 6 (1) of the GDPR. Our legitimate interest required for this lies in the great benefit that YouTube offers. By integrating external videos, we relieve our servers and can use the corresponding resources elsewhere. This can include Increase the stability of our servers. YouTube and Google also have a legitimate interest in the (personal) data collected in order to improve their own services.

If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place exclusively the basis of point (a) of Article 6 (1) of the GDPR. You can revoke your consent at any time with future effect by clicking on cookie settings.

You can find more information in the data protection information from YouTube or Google, which you can access here: www.google.com/policies/privacy/

Information on Google’s privacy settings can be found at https://privacy.google.com/take-control.html?categories_activeEl=sign-in

13. Social Media

Our website uses the following links and social media services:

13.1 Twitter

Our website contains functions of the social network Twitter. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco CA 94107 in the USA (“Twitter”). The Twitter (image) link is marked with a Twitter logo (bird in round shape).

For the event of transfering data in the USA Twitter has signed EU SCC and takes additional measures, thereby providing a guarantee of compliance with European data protection law.

We use the Twitter plugins/ links based on our legitimate interests in accordance with point (f) of Article 6 (1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place on the basis of point (a) of Article 6 (1) of the GDPR. You can revoke your consent at any time with future effect by clicking on the following link.

If you use the Twitter link, that means when you click on the button, information that you have accessed certain pages of our website will be forwarded to the Twitter servers. For Twitter users who are logged in at the same time, this means that the usage data is assigned to their respective personal account. If you click on the Twitter button, this information is transmitted from your browser directly to Twitter and stored there. Even if you are not a member of the social network mentioned, there is still the possibility that Twitter will determine and save your IP.

To find out the purpose and scope of the collection, processing and use of your data, as well as your rights and setting options to protect your privacy, please visit the Twitter website with the data protection information at http://twitter.com/privacy.

If you do not agree that Twitter collects data about you via our website, we ask you to log out of Twitter before visiting our website.

13.2 LinkedIn

Our website uses functions of the social network linkedin.com, which is operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View CA 94043 in the USA (“LinkedIn”). The LinkedIn (image) link is marked with a LinkedIn logo with the letters “in”.

If you use the LinkedIn link, that means when you click on the button, information that you have accessed certain pages of our website will be forwarded to the LinkedIn servers. For LinkedIn users who are logged in at the same time, this means that the usage data is assigned to their respective personal account. If you click on the LinkedIn button, this information is transmitted from your browser directly to LinkedIn and stored there. Even if you are not a member of the social network mentioned, there is still the possibility that LinkedIn will determine and save your IP.

If you do not agree that LinkedIn collects data about you via our website, we ask you to log out of LinkedIn before visiting our website.

We use the LinkedIn plugins/ links based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place on the basis of point (a) of Article 6(1) of the GDPR. You can revoke your consent at any time with future effect by clicking on the following link.

To find out the purpose and scope of the processing of your data, as well as your rights and setting options to protect your privacy, please visit the following websites with LinkedIn’s data protection information at https://de.linkedin.com/legal/privacy-policy.

13.3 XING

Our website uses functions of the social network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The XING (image) link is identified by an “X” based on the Xing logo.

If you use the XING link, that means when you click on the button, information that you have accessed certain pages of our website will be forwarded to the XING servers. For users of XING who are logged in at the same time, this means that the usage data is assigned to their respective personal account. If you click on the XING button, this information is transmitted from your browser directly to XING and stored there. Even if you are not a member of the social network mentioned, there is still the possibility that XING will determine and save your IP.

If you do not agree that XING collects data about you via our website, we ask you to log out of XING before visiting our website.

We use the XING plugins/ links based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place on the basis of point (a) of Article 6(1) of the GDPR. You can revoke your consent at any time with future effect by clicking on the following link.

To find out the purpose and scope of the processing of your data, as well as your rights and settings options to protect your privacy, please visit the XING data protection website at https://www.xing.com/privacy.

13.4 YouTube

Our website uses links to YouTube, which is provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA or, if the service is provided in the European Economic Area and in Switzerland, by Google Ireland Limited based in Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

If you activate the link by clicking on it, a connection to the YouTube servers will be established and the plugin will be displayed on the website by notifying your browser.

This tells the YouTube server which website you have visited. If you are logged in as a member of YouTube or Google, YouTube assigns this information to your personal user accounts on these platforms. When using these plugins e.g. by clicking the start buttons of a video or sending a comment, this information is assigned to your YouTube user account. You can prevent this by logging out before using the link.

In the event that personal data is transferred to Google LLC., which is based in the USA, Google LLC has taken appropriate measures (such as concluding Standard contractional clausel andadditional measures) which ensure compliance with the level of data protection applicable in the EU.

We use the YouTube plugins/ links based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place on the basis of point (a) of Article 6(1) of the GDPR. You can revoke your consent at any time with future effect by clicking on the following link.

You can find information on the collection and use of data by YouTube and Google at https://www.google.de/intl/de/policies/privacy/

14. Contact form

If you contact us through our contact form, we will request personal information. A valid email address an the name is required to respond to your inquiry. Additional personal information may be provided voluntarily.

[Versand Verschlüsselung]

Data for contacting us is processed on the basis of our your voluntary consent. By activating the “Send” button, you agree to our processing of your contact information for the above-stated purposes. If you do not agree, you must abort this process. No information will then be transmitted through our contact form and no data will be processed.

The processing of the data entered in the contact form is therefore based on your consent (point (a) of Article 6(1) of the GDPR). You may revoke your consent at any time with future effect. To do so, please write us at an APK AG, Beunaer Str. 2, 06217 Merseburg, Germany, or email us at .

We only use your data to the extent required for handling your inquiry and for further correspondence with you. We save data collected through your use of our contact form to process your inquiry and for subsequent questions and will delete your data in accordance with data protection regulations after completing your request, unless other legal storage obligations apply.

15. Online application process

15.1 Scope of data processing

You can apply online on our website.

Personal data is required to participate in the application process. These data include, among other things, identification data such as first name, last name, date of birth, contact details such as address, telephone number or email address, as well as data in connection with your school and / or professional career, such as school and work certificates, data about Act on training, internships or previous employers. This data can come from the documents you provide, such as a cover letter, a curriculum vitae, an application photo, certificates or other professional qualifications. Data that are absolutely necessary to participate in the application process are marked as mandatory.

We use external service providers for the provision and implementation of the online application process.
As part of the implementation of the application process, your transmitted personal data is processed on our behalf by service providers on the basis of Article 28 of the GDPR.

If, in the context of this commissioned processing, personal data is transferred to third parties outside the European Union or the European Economic Area, this will only take place if the special requirements of Article 44 and following of the GDPR take place.

We do not pass on the data to third parties unless they have been commissioned by us as service providers in accordance with the above-mentioned requirements.

15.2 Purpose and legal basis of data processing

We process the above data for the purpose of carrying out the application process. If you have given us your consent, the legal basis for processing the data is point (a) of Article 6 (1) of the GDPR. Insofar as the processing of the above data takes place to initiate an employment relationship / contractual relationship, the legal basis is Article 88 (1) GDPR in conjunction with Section 26 (1) BDSG and point (b) of Article 6 (1) of the GDPR.

15.3 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the event that an employment relationship, apprenticeship, internship or other employment relationship occurs after the application process, the data will initially continue to be saved and transferred to the personnel file. Otherwise, the application process ends with the receipt of a rejection. In this case, the data will be deleted after six months. Deletion will not take place if further processing and storage of your personal data is required in individual cases to assert, exercise or defend legal claims. In this case, we have a legitimate interest in the further processing and storage of your personal data. The legal basis is point (f) of Article 6(1) of the GDPR. Deletion will not take place even if we are obliged by law to store your personal data further.

15.4 Revocation and objection

You can revoke your consent at any time with future effect. You can object to the processing of your personal data at any time. In particular, you have the option to withdraw your application at any time. As part of the application process, you should only provide us with the personal data that is necessary to participate in and complete the application process. There is no legal or contractual obligation to provide data. However, we would like to point out that without this data we cannot carry out the application process and cannot consider your application. The same applies in the event of an objection to the processing of your data. You can change the data stored about you at any time.

16. Kinder und Jugendliche

Unsere Webseite richtet sich ausschließlich an potentielle Bewerber/ Kunden sowie Geschäftspartner und Pressevertreter.

Personen unter 16 Jahren sollten ohne Einwilligung der Eltern oder Erziehungsberechtigten keine Daten an uns übermitteln. Wir fordern keine Daten von Kindern und Jugendlichen an, die das sechzehnte Lebensjahr nicht vollendet haben an. Wir sammeln diese nicht und geben diese auch nicht an Dritte weiter.

17. Security

We have implemented technical and operational protective measures in accordance with the applicable legal regulations to protect your data from, loss, destruction, manipulation and unauthorized access.

The security measures include in particular the encrypted transmission of data between your browser and our server. This website uses TLS encryption for security reasons and to protect the transmission of confidential content such as inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line. If TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

All our employees and all persons participating in data processing are required to adhere to the General Data Protection Regulation, the German Federal Data Processing Act in its respectively valid form and other laws relevant for data protection and must treat data confidentially.

Furthermore, we conclude according agreements with any external service providers we commission.

Our security measures are reviewed regularly and adjusted to technological advances.

18. Data Subject Rights

If we process your data, you are entitled the following extensive rights as a data subject:

18.1 Revocation of Consent

Should the processing of your data require your consent, we will obtain it from you and use your data for the stated purposes for which we requested your consent. Your consent will be documented digitally.

If you have given us your consent to the processing of your data, you may revoke your consent at any time with future effect. To do so, please write us at an APK AG, Beunaer Str. 2, 06217 Merseburg, Germany, or email us at .

18.2 Right to Information

Under Article 15 of the GDPR, you have the right to information about the data processed by us.You may especially obtain information about the purposes of the processing, the categories of personal data concerned, the categories of possible recipients and the envisaged period for which the personal data will be stored.

Please submit information requests to an APK AG, Beunaer Str. 2, 06217 Merseburg, Germany, or by email to .

18.3 Right to Rectification

Under Article 16 of the GDPR, you have the right to obtain rectification or completion of your data from us.

You may exercise this right by contacting the above-stated addresses.

18.4 Right to Erasure

Under Article 17 of the GDPR, you have the right to obtain erasure of personal data concerning you if storage of the data is no longer required and if there is no other legal ground for its processing. You may also obtain erasure if you object to the processing and there are no overriding legitimate grounds for the processing and if your data was processed unlawfully or if the personal data must be erased for compliance with a legal obligation under EU or national law.

You may exercise this right by contacting the above-stated addresses.

18.5 Right to Restriction of Processing

Under Article 18 of the GDPR, you have the right to obtain the restriction of processing if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of your personal data; if the processing is unlawful, but you oppose the erasure of your personal data; the purposes for the processing cease to apply, but the data is required for the establishment, exercise or defense of legal claims or if you objected in accordance with Article 21 of the GDPR and if whether the legitimate grounds of the controller outweigh your interests has not yet been determined.

You may exercise this right by contacting the above-stated addresses.

18.6 Right to Data Portability

Under Article 20 of the GDPR, you have the right receive your personal data in a structured, commonly used and machine-readable format (data portability). In addition, under certain circumstances, you may also receive your data directly from a controller if technically possible.

You may exercise this right by contacting the above-stated addresses.

18.7 Right to Object

You have the right to object to use of your data for the above-stated purposes at any time (Article 21 of the GDPR). This is possible for objections to direct marketing or on grounds relating to your particular personal situation. If you object to direct marketing, we will implement your general objection right without information about your particular personal situation.

To exercise your right to object, please write us at an APK AG, Beunaer Str. 2, 06217 Merseburg, Germany, or email us at .

18.8 Right to Submit a Complaint to a Supervisory Authority

Please also note that, irrespective of other administrative or legal remedies, you have the right to submit complaints to supervisory authorities, especially in the Member state of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes on the GDPR.

A list of (non-public sector) supervisory authorities and their addresses is provided (in German) at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

19. Questions, Suggestions, Complaints to the Data Protection Officer

Should you have any questions about our Data Privacy Statement, data protection or the processing of your personal data, please contact our data protection officer directly:

Law Firm Costard
Law Firm for IT Law and Data Protection
Attorney at Law Thomas P. Costard

EUROCOM Businesspark
Lina-Ammon-Straße 9
90471 Nuremberg
Germany

Phone.: +49 (0) 911 / 790 30 34
Fax: +49 (0)911 / 790 30 35

Email:
www.it-rechtsberater.de

Information requests, suggestions and complaints may also be submitted to the data protection officer.

20. Changes to our Data Privacy Statement

We reserve the right to make changes to our security and data protection measures if required due to technical developments. In such cases, we will also adjust our Data Privacy Statement. Therefore, please note the respectively current version of our Data Privacy Statement. The current version is August 2021.