DATA PROTECTION
Privacy Policy
- Introduction
With the following information, we would like to give you, the “data subject”, an overview of our processing of your personal data and your rights under the data protection laws. It is generally possible to use our website without inputting personal data. However, if you wish to make use of specific services of our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and no legal basis exists for such processing, we generally obtain your consent.
The processing of personal data, such as your name, address or email address, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with current country-specific data protection regulations that apply for Thies. Through this privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us.
As the controller responsible for processing personal data, we have implemented numerous technical and organizational measures to ensure that all personal data processed via this website is protected as comprehensively as possible. Nevertheless, Internet-based data transmission can have security gaps and absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, such as by telephone or post.
- Controller
The controller for purposes of the GDPR is:
Thies GmbH & Co. KG
Borkener Straße 155, 48653 Coesfeld, Germany
Telephone: 02541 / 733-0
Fax: 02541 / 733-299
Email: ed.nenihcsamlitxetseiht@ofni
Representatives of the controller:
A. Thies |
C. Thies |
V. Thies- Niehoff |
- Data protection officer
You can reach the data protection officer as follows:
Data protection team of B-IT.Consulting GmbH
Email: gnitlusnoC.TI-B@BSD-seihT
You can contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.
- Definitions
The privacy policy is based on the terms the European issuers of directives and regulations used when they issued the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
We use the following terms, inter alia, in this privacy policy:
- Personal data
“Personal data” means any information relating to an identified or identifiable natural person. An “identifiable” natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject
The “data subject” means any identified or identifiable natural person whose personal data is processed by the controller (our company).
- Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
- Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
- Pseudonymization
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient
“Recipient” means a natural or legal person, public authority, agency or another body to whom the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- Third parties
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Consent
“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Legal basis of the processing
Art. 6(1)(a) GDPR (in conjunction with Section 15(3) TMG [German Telecommunications Act]) serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case with processing operations necessary for the delivery of goods or the provision of other services or considerations, for example, the processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures (in cases of enquiries about our products or services, for example).
If our company is subject to a legal obligation which requires the processing of personal data (to fulfil tax obligations, for example), the processing is based on Art. 6(1)(c) GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured at our company and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. In this case, the processing would be based on Art. 6(1)(d) GDPR.
Ultimately, processing operations could be based on Art. 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this provision if the processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject take priority. We are allowed to carry out such processing operations because they have been specifically mentioned by the European legislator. In this regard, it took the view that a legitimate interest could be assumed if you are a customer of our company (recital 47, sentence 2, GDPR).
- Technology
6.1 SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests, that you send to us as the operator. You can recognize an encrypted connection if the browser’s address bar contains “https://” (instead of “http://”) and a lock symbol.
We use this technology to protect your transmitted data.
6.2 Data collection when visiting the website
When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (in “server log files”). Our website collects a series of general data and information every time you or an automated system accesses the website. This general data and information are stored in the server’s log files. The following may be recorded:
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system arrives at our website (known as a referrer),
- the sub-pages that are accessed via an accessing system on our website,
- the date and time of access to the website,
- a truncated Internet protocol address (anonymized IP address),
- the Internet service provider of the accessing system.
Using this general data and information does not allow us to draw any conclusions about your person. Rather, this information is needed to
- deliver the contents of our website correctly,
- optimize the content of our website and the advertising for it,
- ensure the permanent functionality of our IT systems and the technology of our website, and
- provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
Therefore, we will use the collected data and information both for statistical purposes and with the aim of increasing the data protection and data security of our company so that we can ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
The legal basis for the data processing is Art. 6(1)(1)(f) GDPR. Our legitimate interest follows from the data collection purposes listed above.
6.3 What’s App Business
If our business partners expressly wish a communication exchange via What’s App, we use What’s App Business for our part. Further information are provided under Trust & Safety | WhatsApp Business.
7. Cookies
7.1 General information about cookies
We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site.
The cookie stores information that is related to the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity.
The use of cookies serves, first, to make the use of our offer a more pleasant experience for you. We use what are known as session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.
In addition, we also use temporary cookies, which are stored on your end device for a certain fixed period of time, to optimize user-friendliness. If you visit our site again to use our services, the fact that you already visited us and which entries and settings you made is automatically recognized so that you do not have to reenter them.
Furthermore, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.
7.2 Legal basis for the use of cookies
The data processed by cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6(1)(1)(f) GDPR.
For all other cookies, you must have consented to this within the meaning of Art. 6(1)(a) GDPR via our opt-in cookie banner.
- Contents of our website
8.1 Contact/Contact form
When we are contacted (e.g. via contact form or email), personal data is collected. Each contact form specifies the data that is collected when that form is used. This data is stored and used exclusively for the purpose of answering your enquiry or for contacting you as well as for the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted after your request has been conclusively processed. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and no legal storage obligations to the contrary exist.
8.2 Application management / Job exchange
We collect and process the personal data of applicants for the purpose of implementing the application procedure. The processing may also be carried out by electronic means. This is the case, in particular, if an applicant sends us the relevant application documents electronically, such as by email or via a web form on the website. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that we have no other justified interests that contradict erasure. A possible legitimate interest in this sense is a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
The legal basis for the processing of your data is Art. 88 GDPR in conjunction with Section 26(1) BDSG (Federal Data Protection Act).
- Our activities in social networks
We have a presence on social media, so we can also communicate with you through these channels and inform you about our services. If you visit one of our social media sites, we are jointly responsible with the provider of the respective social media platform within the meaning of Art. 26 GDPR with regard to the processing operations concerning personal data that are triggered by your visit.
We are not the original provider of these sites, but only use them within the scope of possibilities offered to us by the respective providers.
Therefore, as a precautionary measure, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore entail data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, erasure, objection, etc., and processing by providers in social networks often takes place directly for advertising purposes or to analyze user behavior, which is outside our sphere of influence. If usage profiles are created by the provider, cookies are often used or the usage behavior is directly assigned to your own social network member profile (provided you are logged in there).
The described processing operations of personal data are carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest and that of the respective provider so we can communicate with you in a timely manner and inform you about our services. If you have to give the respective providers your consent to data processing as a user, the legal basis is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.
Since we do not have access to the providers’ databases, we would like to point out that asserting your rights (e.g. to information, rectification, erasure, etc.) directly with the respective provider is best. Below, we have listed further information on the processing of your data in social networks and the possibility of making use of your right of objection or withdrawal (opt-out) with the respective provider of social networks that we use:
9.1 LinkedIn
(Joint) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy:
https://www.linkedin.com/legal/privacy-policy
Opt-out and advertising preferences:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Social media plug-ins
10.1 LinkedIn plug-in
We have integrated components of the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and make new ones.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for privacy matters outside the U.S.
Every time our website, which is equipped with a LinkedIn component (LinkedIn plug-in), is called up, this component causes the browser you use to download a corresponding representation of the component from LinkedIn. More information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. Within the scope of this technical procedure, LinkedIn receives information about which specific sub-page of our website you have visited.
If you are logged in to LinkedIn at the same time, LinkedIn recognizes which specific sub-page of our website you are visiting every time you call up our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned to your LinkedIn account by LinkedIn. If you click on a LinkedIn button integrated on our website, LinkedIn assigns this information to your personal LinkedIn user account and stores this personal data.
LinkedIn always receives information that you have visited our website via the LinkedIn component if you are logged into LinkedIn at the same time as calling up our website; this happens regardless of whether you have clicked on the LinkedIn component or not. If you do not want this information to be transmitted to LinkedIn, you can prevent the transmission by logging out of your LinkedIn account before accessing our website.
LinkedIn allows you to unsubscribe from email messages, SMS messages, and targeted ads, as well as to manage ad settings, at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s current Privacy Policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.
- Web analytics
11.1 Scalable central measurement methods from INFOnline GmbH
We have integrated a tracking pixel on this website to measure reach. A tracking pixel is a miniature graphic that is embedded in Internet pages to enable log file recording and log file analysis in order to subsequently perform statistical analysis. The integrated tracking pixels are used for the scalable central measurement method (SCM) from INFOnline GmbH.
The scalable central measurement method is operated by INFOnline GmbH, Forum Bonn Nord, Brühler Str. 9, 53119 Bonn, Germany.
The scalable central measurement method is used to determine statistical key figures, i.e. to measure the reach. The embedded tracking pixel is used to track whether, when and by how many users our website was opened and which content was accessed.
The data obtained by means of the scalable central measurement method is collected anonymously. To record access figures, either a session cookie is set for the purpose of recognizing the users of a website (i.e. a signature is created that is composed of various automatically transmitted information) or alternative methods are used. The IP address of the Internet connection you use is only collected and processed in anonymous form. You are not identified at any time.
You can prevent our website from setting cookies at any time by selecting the appropriate setting of the Internet browser used, thus permanently objecting to the setting of cookies. Applying such a setting in the Internet browser used would also prevent INFOnline from setting a cookie on your IT system. In addition, cookies already set by INFOnline can be deleted at any time via an Internet browser or other software programs.
Furthermore, you have the option to object to the collection of data generated by INFOnline and related to your use of this website, or to object to the processing of this data by INFOnline, or to prevent such processing. To do this, you must press the opt-out button under the link https://optout.ioam.de, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the IT system you use. If the cookies on your system are deleted after you have objected, you must call up the link again and set a new opt-out cookie.
These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6(1)(a) GDPR.
Setting an opt-out cookie may mean that the controller’s website is no longer fully usable. INFOnline’s current Privacy Policy is available at https://www.infonline.de/datenschutz/.
- Plug-ins and other services
12.1 Getty Images
Components of the company Getty Images have been integrated into this website. Getty Images is an American stock photo agency that offers images and other visual material. Various customers, in particular website operators, editorial departments of print and TV media and advertising agencies, license the images they use via a picture agency.
The operating company of the Getty Images components is Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines, Dublin 18, Ireland.
Getty Images allows images to be embedded (sometimes free of charge). Embedding is the integration of certain foreign content (text, video or image data) that is provided by another website and then appears on your own website. An embedding code is used for embedding. If a website operator has integrated an embedding code, the external content of the other website is displayed immediately by default as soon as a website is visited. Getty Images provides more information about embedding content at https://www.gettyimages.de/resources/embed.
Your IP address is transmitted to Getty Images via the embed code’s technical implementation, which enables the display of images from Getty Images. Getty Images also collects information about our website, the type of browser used, the browser language, and the time and length of access. In addition, Getty Images may collect information about which of our sub-pages you visit and which links you click, as well as other interactions you have had while visiting our site. This data may be stored and evaluated by Getty Images.
These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6(1)(a) GDPR.
Further information and the current Privacy Policy of Getty Images can be found at https://www.gettyimages.de/enterprise/privacy-policy.
12.2 Google Maps
We use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us, for example.
As soon as you open sub-pages that include the Google Maps map, information about your use of our website (such as your IP address) is transferred to a Google server in the USA and stored there. This takes place regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out of your Google account. Google saves your data as usage profiles and evaluates them (including users who are not logged in). You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. If you do this, however, you will not be able to use Google Maps or the map display on this website.
These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6(1)(a) GDPR.
You can view Google’s Terms of Use at http://www.google.com/intl/en/policies/terms/regional.html; the additional Terms of Use for Google Maps can be found at https://www.google.com/intl/en_US/help/terms_maps.html
Detailed information on data protection in connection with the use of Google Maps can be found on Google’s website (“Google Privacy Policy”): https://policies.google.com/?hl=en&gl=de
12.3 Google reCAPTCHA
On this website, we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This function is mainly used to determine whether the entry has been made by a natural person or fraudulently by a machine and via automated processing. This service also includes sending to Google the IP address and any other data required by Google for the reCAPTCHA service.
These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6(1)(a) GDPR.
Further information about Google reCAPTCHA and Google’s Privacy Policy can be found at: https://www.google.com/intl/en/policies/privacy/
12.4 SlideShare
We have integrated SlideShare components on this website. LinkedIn SlideShare is a file hosting service that allows sharing and archiving presentations and other documents, such as PDFs, videos, and webinars. The file hosting service allows users to upload media content in all popular formats, with the documents either publicly available or privately tagged.
The SlideShare operating company is the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Privacy matters outside the USA are the responsibility of LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
LinkedIn SlideShare provides what are known as embed codes for the media content stored there (presentations, PDF files, videos, photos, etc.). Embed codes are program codes that are embedded in web pages with the aim of displaying external content on their own web page. Embed codes make it possible to reproduce content on one’s own website without storing it on one’s own server and thereby possibly violating the reproduction rights of the respective content creator. Another advantage of using an embed code is that the respective operator of a web page does not use their own server’s storage capacity. An embed code can be integrated anywhere on another website so that external content can also be inserted within one’s own text. The purpose of using LinkedIn SlideShare is to spare use of our server and prevent copyright infringement while using third-party content.
Each time you visit a web page of ours that is equipped with a SlideShare component (embedded code), this component causes the browser you are using to download embedded data from SlideShare. As part of this technical process, LinkedIn receives information about the specific subpage of our website that the data subject has visited.
If you are logged in to SlideShare at the same time, SlideShare recognizes which specific subpage you are visiting each time you visit our website and for the entire duration of your respective stay on our website. This information is collected by SlideShare and assigned to your SlideShare account by LinkedIn.
LinkedIn always receives information via the SlideShare component that you have visited our website if you are logged into SlideShare at the same time as calling up our website; this takes place regardless of whether you click on the embedded media data or not. If you do not want this information to be transmitted to LinkedIn, you can prevent the transmission by logging out of your SlideShare account before accessing our website.
LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy.
These processing operations are carried out exclusively with the express consent of the customer in accordance with Art. 6(1)(a) GDPR.
LinkedIn’s current Privacy Policy is available at https://www.linkedin.com/legal/privacy-policy.
- Your rights as a data subject
13.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data relating to you is being processed.
13.2 The right to information Art. 15 GDPR
You have the right at any time to receive free information from us about the personal data stored about you, as well as a copy of this data, in accordance with statutory provisions.
13.3 Right of rectification Art. 16 GDPR
You have the right to request that inaccurate personal data concerning you be rectified. Furthermore, taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed.
13.4 Erasure 17 GDPR
You have the right to demand that we erase the personal data concerning you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
13.5 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
13.6 Data portability Art. 20 GDPR
You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us, as long as the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
13.7 Objection Art. 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.
This also applies to profiling based on these provisions within the scope of Art. 4(4) GDPR.
If you lodge your objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In individual cases, we will process your personal data for direct marketing purposes. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to any profiling connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
In addition, you have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
13.8 Revocation of consent under data protection law
You have the right to revoke consent to the processing of personal data at any time with future effect.
13.9 Complaint to a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data.