ENGLISH

General privacy policy

 

 

Use of service providers

 

Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is located outside the European Union or the European Economic Area, a third country transfer takes place. Data protection agreements are contractually agreed with these service providers in accordance with the legal requirements to establish an appropriate level of data protection and corresponding guarantees are agreed.

 

Rights of data subjects

 

 

You have the right

to request confirmation from us as to whether personal data concerning you is being processed by us; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

to demand the publication of the data concerning you in the restrictions of Art. 20 GDPR in a common electronic, machine-readable data format. This also includes the transfer (where possible) to another controller named directly by you.

To demand that we rectify your data if it is incorrect, inaccurate and/or incomplete. Rectification also includes completion by means of declarations or communication.

to demand that we erase personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies.

 

Unfortunately, we are not permitted to erase data that is subject to a statutory retention period. If you no longer wish us to contact you by newsletter or other means, we will store your contact details in this regard on a blacklist.

to revoke any consent you have given with effect for the future without any disadvantages for you.

to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR applies

to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims (Art. 21 GDPR).

without prejudice to any other administrative or judicial remedy, and if you believe that the processing of personal data concerning you is in breach of the GDPR, to lodge a complaint with our data protection officer: datenschutz@gin.de or by post (see legal notice)

a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.

 

Deletion of your data

Unless otherwise stipulated in the more detailed privacy policies, we will erase your personal data once the contractual relationship with you has ended, you have exercised your right to erasure, all mutual claims have been satisfied and there are no other statutory retention obligations or legal justifications for storage. Commercial law retention periods for financially relevant data are generally up to 10 years. In addition, we may retain data for as long as is necessary to protect us from claims that could be asserted against us. These periods can be up to 30 years.

Definitions

For the purposes of this general information for employees, the term:

  • Personal data – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are contact data, communication data, billing data.
  • Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
  • Employees – employees, including temporary workers in relation to the hirer, persons employed for their vocational training, participants in services for participation in working life as well as in clarifications of professional aptitude or work trials (rehabilitants), persons employed in recognised workshops for disabled persons, volunteers who perform a service in accordance with the Youth Volunteer Service Act or the Federal Volunteer Service Act, persons who are to be regarded as employee-like persons due to their economic independence. These also include persons working from home and those treated as such, civil servants of the Federal Government, judges of the Federal Government, soldiers and persons performing civilian service. As well as applicants for employment and persons whose employment has ended.
  • Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyse or predict aspects concerning the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person.
  • Restriction of processing – the marking of stored personal data with the aim of restricting its future processing.

Changes to the privacy policy

We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. Subject to the applicable legal provisions, the updated declaration shall enter into force upon publication. If we have already collected data about you that is affected by the change and/or is subject to a legal obligation to provide information, we will also inform you of any significant changes to our privacy policy.