Table of Contents
I. General information on data protection
III. Information for Applicants
IV. Information for business partners
I. General information on data protection
I.1. Note on the responsible body:
We attach particular importance to the protection of your personal data. Your personal data will be processed in accordance with the data protection regulations, in particular the European General Data Protection Regulation (EU DS-GVO) and the Federal Data Protection Act (BDSG-new).
The following information provides an overview of the type, scope and purpose of the collection, processing and transmission of personal data and the security measures used to protect this data.
Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person, such as B. Your name, your address, your telephone number, your date of birth as well as your e-mail and IP address.
I.2. Legal bases for the processing of personal data
- Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) EU GDPR serves as the legal basis. You can revoke this processing at any time in accordance with Art. 7 Para. 3 EU DS-GVO for the future.
- Article 6 (1) (b) EU GDPR serves as the legal basis for the processing of personal data required to fulfill a contract or to carry out pre-contractual measures.
- Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) EU GDPR serves as the legal basis.
- If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail, Article 6 Paragraph 1 Letter f of the EU GDPR serves as the legal basis for the processing. In this case you have a right of objection according to Art. 21 EU DS-GVO.
I.3. Data Erasure and Storage Duration
Personal data will be deleted as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by statutory storage obligations to which our company is subject (e.g. billing or tax storage periods of up to 10 years in accordance with the AO and HGB).
I.4. Your rights
Upon written request, we will inform you in accordance with Art. 15 EU DS-GVO in accordance with our legal obligation under Art. 12 EU DS-GVO whether and which of your personal data are processed or stored by us. Furthermore, you have the right to correction of incorrect data in accordance with Art. 16 EU DS-GVO, data portability in accordance with Art. 20 EU DS-GVO, blocking and deletion of your personal data in accordance with Art. 17 EU DS-GVO - provided that there are no legal storage obligations to the contrary - as well as the right to restriction of processing in accordance with Art. 18 EU DS-GVO. In addition, you have the right to contact the competent supervisory authority in accordance with Art. 77 EU DS-GVO.
YOU ALSO HAVE THE RIGHT TO OBJECT ACCORDING TO ART. 21 EU DS-GVO, IF THE PROCESSING IS BASED ON THE REASONABLE INTERESTS ACCORDING TO ART. 6 ABS. 1 LIT. F EU GDPR SUPPORTS.
If you have given us your consent to the processing of your data, you can of course revoke this at any time in accordance with Art. 7 Para. 3 EU DS-GVO for the future.
If you have any questions regarding the processing of your personal data, you can contact our data protection officer, who is also available to you in the event of requests for information, suggestions or complaints.
Data protection officer of DOSTOFARM GmbH
In order to ensure that our data protection declaration always corresponds to the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection declaration has to be adjusted due to new or revised services, for example new services.
II.1. Provision of the website
Use of hosting service providers
Our website is hosted on the servers of a hosting service provider located in the EU on the basis of order processing in accordance with Art. 28 EU DS-GVO. As part of its services, the hosting service provider may have access to our users' personal data, in particular to technical data that arises as part of the technical communication between you and our website (e.g. server log files). He may not use these for his own purposes. The use of a hosting service provider is based on our legitimate interests in the provision of infrastructure and platform services, computing capacity, e-mail dispatch and security services in accordance with Article 6 (1) (f) EU GDPR.
Server log files
When you visit our website or use its services, the device you use to access the site automatically transmits log data (connection data) to our server. The relevant information consists of:
- type and version of the browser you are using,
- type and version of the operating system you are using,
- referrer URL of the page from which you came to our website,
- date and time of access to our website,
- name of the sub-pages you have accessed,
- IP address of your computer system,
- Amount of data transferred in each case.
The data collected is used exclusively for statistical evaluations for the purpose of operation, security and optimization of the offer. For security reasons, however, we reserve the right to subsequently check the log data if there are concrete indications that there is a justified suspicion of illegal use. The data will not be stored for longer than necessary. This collection is based on our legitimate interests in accordance with Article 6 (1) (f) EU GDPR.
Cookies are small text files that your browser creates automatically and that are stored on your end device when you visit our website. Cookies do not damage your computer and do not contain viruses. Most of the cookies we use are deleted after the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer the next time you visit (so-called permanent or cross-session cookies). Thanks to these files, it is possible, for example, to display information on the site that is specially tailored to your interests.
Security of your data
We use technical and organizational security measures to adequately protect the data you provide against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. We therefore use for the transmission of confidential content, such. B. inquiries that you send to us as the site operator, an SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. Our security measures are being further developed in accordance with the state of the art.
If you contact us (e.g. via contact form, e-mail, telephone, social media), your personal information will be processed for the purpose of processing the request and any associated follow-up questions in accordance with Art. 6 Para. 1 lit. b EU DS -GVO (as part of pre-/contractual measures) or in accordance with Art. 6 Para. 1 lit. f EU DS-GVO (general inquiries) are stored and processed by us. We do not pass on this data without your respective consent.
The data you provide will remain with us until you ask us to delete it, object to the storage or the purpose for data storage no longer applies (ie after your request has been processed), provided that there are no legal storage obligations to the contrary.
If you register on our website in order to order goods, services and information in our online portal, personal data will be collected. Registration enables access to services and content that are only available to registered users. If necessary, registered users have the option of changing or deleting the data specified during registration at any time. Your data may be passed on to shipping and payment service providers commissioned by us to process the order. Any further disclosure to third parties will not take place. The processing of your personal data is carried out on the basis of contract processing (according to Art. 6 Para. 1 lit. b EU DS-GVO). This data is deleted in accordance with statutory retention requirements.
II.4. Analysis Tools
The analysis measures listed below and used by us are carried out on the basis of Article 6 (1) (a) EU GDPR (consent). With the use of these analysis measures, we want to ensure a needs-based design and the continuous optimization of our website. Using the analysis tools, we record the use of our website in pseudonymised form and evaluate this for the purpose of optimizing our offer.
You can revoke your consent to us at any time with effect for the future.
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The user and event data will be deleted automatically after 14, 26, 38, 50 months.
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser Plugin / Prevention of Data Collection
You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
II.5. Third Party Content and Services
On the basis of our legitimate interest in accordance with Article 6 (1) (f) EU GDPR, content and services from other providers that supplement our offer are integrated into our online offer. With the use of the following services, we want to ensure that our website is designed to meet needs and is continuously optimized. If we ask for your consent for the use of these services, the legal basis is Article 6 (1) (a) EU GDPR.
Further information on data protection at YouTube can be found in their data protection declaration at: http://www.youtube.com/t/privacy_at_youtube. There you will also find further information on your rights and setting options to protect your privacy.
Links to Third Party Websites
II.6. social media
We maintain publicly accessible online presences in social networks to communicate with customers and interested parties who are active there and to present our services.
The processing of the personal data of the users takes place on the basis of our legitimate interests in effective information of the users and communication with the users in accordance with Article 6 Paragraph 1 lit. f. EU DS-GVO. If the users are asked by the respective providers of the platforms for their consent to data processing or if the user voluntarily sends information to our online presence, the legal basis for the processing is Article 6 Paragraph 1 lit. In conjunction with Art. 7 EU GDPR. If this information contains contract-relevant content, Article 6 (1) (b) EU GDPR serves as the legal basis.
For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the provider.
Also in the case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.
- Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data protection declaration/opt-out: https://instagram.com/about/legal/privacy/.
- LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. Data protection: https://www.linkedin.com/legal/privacy-policy. Opt out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Xing: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Data protection / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
Facebook and Instagram (meta)
If you interact with our social media pages on Facebook and Instagram (make a comment, like posts or send us a message), your data will be stored with us. These social networks are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (henceforth: Meta).
When operating a company profile on these channels, it is a matter of joint responsibility under Art. 26 EU DS-GVO Meta and our company in terms of data protection. Accordingly, we have concluded an agreement with Meta in which the respective obligations under the EU DS-GVO are regulated: https://www.facebook.com/legal/terms/page_controller_addendum.
Meta provides profile operators with statistics and insights into the types of actions our profile visitors take (“Page Insights”). We have no influence on whether this data is collected by Meta. According to Meta, this data is only provided to us anonymously, so that the user cannot be identified from the information.
Personal data will be deleted as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by statutory storage obligations to which our company is subject.
With regard to data processing via our Facebook and Instagram page, you have the option of asserting your rights as a data subject against Meta. Further information can be found in Meta's data protection declaration: https://www.facebook.com/about/privacy/.
In principle, we address our online offer to persons of legal age. Personal information from persons who have not yet reached the age of 16 may only be made available to us if the express consent of the legal guardian has been obtained (Art. 8 EU DS-GVO). Processing without the consent of the legal guardian is not permitted. We therefore reserve the right to delete all data relating to minors unless we have the consent of a legal guardian.
III. Information for Applicants
III.1. Purpose and legal basis for collection and processing
Your data will be processed by us for the purpose of application processing in accordance with Art. 88 EU DS-GVO i. V. m. § 26 BDSG-reprocessed. If special categories of personal data within the meaning of Article 9 (1) EU GDPR are voluntarily communicated as part of the application process, they will also be processed in accordance with Article 9 (2) (b) EU GDPR.
III.2. recipients of your data
The recipients of your data are the departments involved in the human resources process (including human resources, managers and department heads) of the responsible body. Your data will be treated as strictly confidential and will not be passed on to third parties without your consent. A transfer to third countries or international organizations is not planned.
III.3. storage of your data
Your application data will be deleted 180 days after the position has been filled. If you are also interested in future vacancies, we need your written consent to store your application documents for a longer period of time. You can revoke this consent at any time in accordance with Art. 7 Para. 3 EU DS-GVO for the future. To do this, please send an e-mail with a corresponding note to the contact address given above.
IV. Information for business partners
IV.1. Purpose and legal basis for collection and processing
The primary purpose of data processing is to establish, implement and terminate the contractual relationship. The primary legal basis for this is Art. 6 (1) (b) EU GDPR. Without this type of use of your data, the business relationship between you and us cannot be carried out.
We also process your data on the basis of Article 6(1)(f) EU GDPR to safeguard our legitimate interests or those of third parties (e.g. authorities). This may be necessary, for example, to maintain IT security and IT operations or for corporate management, internal communication and other administrative purposes. You can object to this processing by stating special reasons in accordance with Art. 21 EU DS-GVO.
We also process your data to fulfill legal obligations such as B. regulatory requirements, commercial and tax law retention requirements or documentation requirements. The legal basis for this is Art. 6 Para. 1 lit. c EU GDPR in conjunction with the applicable national laws.
In individual cases, we may also process your data on the basis of your separate consent in accordance with Art. 6 Paragraph 1 lit. a, 7 EU DS-GVO (e.g. as part of registering for our newsletter or publishing photos and videos). You are always free to decide whether you want to give your consent. Once you have given your consent, you can revoke it at any time with effect for the future. To do this, use the link provided in the respective campaign or send relevant inquiries to the contact address given above.
If we process your personal data for a purpose not mentioned above, we will inform you in advance.
IV.2. recipients of your data
Within our company, only those people receive your personal data who need it to fulfill our contractual and legal obligations. In addition, we sometimes use different service providers to fulfill these obligations, so that it may be necessary to transmit your personal data to other recipients outside the company, insofar as this is necessary to fulfill our contractual and legal obligations. These third parties can e.g. E.g. authorities, financial institutions, suppliers, etc.
In order to technically process your data, we sometimes use external service providers. We may transfer and process your information outside of your country of residence/company headquarters or in any of the countries in which we operate. These can also be located outside the European Economic Area. If we transfer personal data to service providers or companies outside the European Economic Area (EEA), the transfer will only take place if the EU Commission has confirmed that the third country has an appropriate level of data protection or other appropriate data protection guarantees (e.g. binding corporate data protection regulations or EU standard contractual clauses). ) available. You can also request detailed information using the above contact information.
IV.3. storage of your data
We only store your personal data for as long as is necessary for the above purposes. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This results regularly from legal proof and storage obligations, which are regulated, among other things, in the German Commercial Code and the Tax Code. The storage periods are then up to ten years. In addition, it may happen that personal data is kept for the period in which claims can be asserted against us (statutory limitation period of three or up to thirty years).