Privacy policy
1. general
1.1 What is personal data
Personal data is information that discloses or can disclose the identity of the user. We adhere to the principle of data avoidance. As far as possible, we refrain from collecting personal data.
1.2 Handling of personal data
Personal data is used exclusively for the purpose of establishing the contract, defining its content, implementing or processing the contractual relationship (Art. 6 I S. 1 b DSGVO).
In addition, personal data is only processed if we have received your consent to do so (Art. 6 I S. 1 a DSGVO) or it is data whose processing is necessary for our legitimate interests and insofar as the balancing shows that no overriding interests, fundamental rights or freedoms on your part are opposed (Art. 6 I S. 1 f DSGVO).
We may use processors for processing your personal data, with whom we have concluded a contract for order processing if necessary, but will generally not pass on personal data to third parties.
For payment processing, the necessary payment data is passed on to the credit institution commissioned with the payment and possibly the commissioned and selected payment service provider.
Your personal data is processed within the EU and in countries classified as safe or adequate by the EU. Should the processing of personal data take place in the USA, we will try to ensure that the services we use are certified under the "Data Privacy Framework".
If the processing takes place in the USA, it is already pointed out that the USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. There is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly also without legal remedies.
The processing and/or transfer of data may therefore also take place outside the European Union, Andorra, Argentina, Canada (only for commercial organizations), the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, and the United Kingdom, provided that this follows from the following clauses. However, for these countries previously mentioned, except for the European Union countries that are already classified as safe, there is an adequacy decision (Art. 45 GDPR) by the European Commission regarding the transmission of data. Therefore, the transfer of data to other countries is at least not expressly permitted. If a transfer of data is nevertheless to take place, the processor must ensure in another way that the personal data is adequately protected at the recipient. This can be done through the use of standard data protection clauses (Art. 46 GDPR), in the case of data transfers within a group of companies, through so-called binding corporate rules, by obliging to comply with codes of conduct that have been declared generally applicable by the Commission, or by certifying the processing process. You can find the standard contract clauses issued by the European Commission here: https://eur-lex.europa.eu/eli/dec_impl/2021/914
1.3 Usage data
When visiting the website, general technical information is collected. This includes the IP address used, time, duration of the visit, browser type, and, if applicable, the origin page. This usage data is recorded in a log file for technical reasons and may be used and stored for the purpose of statistical evaluation of this website. This usage data is not linked to your other personal data.
1.4 Storage period
We store your personal data after the purpose for which the data was collected has ended only for as long as is necessary due to legal (in particular tax) regulations.
2. Your Rights
2.1 Information
You have the right to request information from us about whether we process personal data about you, and if so, you have the right to information about this personal data and the further information specified in Art. 15 GDPR.
2.2 Right to rectification
You have the right to request the correction of incorrect personal data concerning you and, in accordance with Art. 16 GDPR, to request the completion of incomplete personal data.
2.3 Right to erasure
You have the right to demand that we immediately delete the personal data concerning you. We are obliged to delete them immediately, in particular if one of the following reasons applies:
Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You revoke your consent on which the processing of your data was based and there is no other legal basis for the processing.
Your data has been processed unlawfully.
The right to erasure does not exist to the extent that your personal data is necessary for the assertion, exercise, or defense of our legal claims.
2.4 Right to restriction of processing
You have the right to demand that we restrict the processing of your personal data if:
You dispute the accuracy of the data and we therefore check the accuracy,
The processing is unlawful and you refuse to delete it and instead demand the restriction of use
We no longer need the data, but you need it to assert, exercise or defend legal claims,
You have objected to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.
2.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and is carried out using automated procedures.
2.6 Right to withdraw consent
If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time.
2.7 General and right to complain
Exercising your above rights is generally free of charge for you. You have the right to complain directly to the supervisory authority responsible for us, the state data protection officer, in case of complaints.
3. Data security
3.1 Data security
All data on our website is secured against loss, destruction, access, modification, and distribution through technical and organizational measures.
3.2 Sessions and Cookies
To operate the website, we use cookies or server-side sessions in which data can be stored. We only use cookies or server-side sessions that are technically necessary for the operation of this website (e.g. spam protection in contact forms) and for which the balancing of interests shows that there are no overriding interests on your part (Art. 6 I S. 1 f GDPR).
4. Presence on social media platforms
We use the following social media platforms for company presentation and communication (reference is expressly made to the linked privacy policies and opt-out options).
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy statement https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
These social media platforms may process personal data outside the EU, and we refer to the above-mentioned privacy policies of the social media platforms in this regard.
The respective social media platforms may create user profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior can even be stored independently of the device. Your user profile can be used to place advertisements that presumably correspond to your interests.
We process personal data solely for communication with you via the selected social media platform and for optimizing our online presence, ensuring that no interests on your part are affected that outweigh this legitimate interest on our part (Art. 6 I sentence 1 f GDPR). To the extent that you have already given the respective operator of the social media platform an effective consent to the corresponding data processing, the processing of your personal data is also based on this consent (Art. 6 I sentence 1 a GDPR).
5. Third-party services
5.1 Social media links
We have our own social media pages accessible via links on this website to third-party providers. By using these links, you will be directed to the respective third-party provider's website (e.g. LinkedIn). To avoid unnecessary data transfer, we recommend logging out of the respective third-party provider before using the link, so that usage profiles by the third-party provider cannot be created.
5.2 Use of Google Maps
This website uses Google Maps, a mapping service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When using Google Maps, data on the use of the Maps functions by visitors to the website is also collected, processed, and used. The use of Google Maps is only with your consent (Art. 6 I S. 1 a GDPR). You can view Google's privacy policy at https://www.google.de/intl/de/policies/privacy/. Additional terms of use for Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html.
5.3 Google Web Fonts
We use so-called web fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to display a uniform font on our website. These are automatically stored in your browser cache when you visit one of our pages to enable the desired display. If your browser does not support the web fonts used, a default font from your computer may be used. No interests of the users are affected here that outweigh this technical necessity (Art. 6 I S. 1 f GDPR). You can view Google's privacy policy here: https://www.google.com/policies/privacy/. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq.
5.4 CDN from jsdelivr
Our website also uses a content delivery network (CDN) from jsdelivr (operated by ProspectOne, Królewska 65A/1, 30-081, Krakow, Poland). A CDN is a network of powerful servers that cache content at various locations around the world. To enable this, your IP address and other browser information are transferred to the provider. The use of the service is based on your consent (Art. 6 I S. 1 a GDPR) or, if consent is not given, on our legitimate interest in enabling easy and fast use of our online offering (Art. 6 I S. 1 f GDPR). You can view jsdelivr's privacy policy here: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.
5.5 Font Awesome
Our website also uses so-called web fonts or icons provided by Fonticons, Inc., 307 S. Main St., Suite 202, Bentonville, AR 72712, USA, to display fonts or icons uniformly. When a page is accessed, your browser loads the required web fonts or icons into your browser cache to display texts, fonts, and icons correctly. For this purpose, the browser you are using must establish a connection to Fonticons, Inc.'s servers. This allows Fonticons, Inc. to know that our website has been accessed via your IP address. Processing of the IP address by Fonticons, Inc. also takes place in the USA. The use of Font Awesome is based on your consent (Art. 6 I S. 1 a GDPR) or, if consent is not given, on our legitimate interest in enabling a simple and uniform display of our website (Art. 6 I S. 1 f GDPR). If your browser does not support Font Awesome, a default font will be used from your computer. Further information on Font Awesome can be found at https://fontawesome
5.6 Typekit from Adobe
We also use Adobe Fonts (operated by Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland) on our website to provide you with a consistent typeface on our website. In this process, your IP address is also processed in the USA. Adobe Fonts are used with your consent (Art. 6 I S. 1 a DSGVO) or, if this is not available, on the basis of our legitimate interest in enabling a simple and uniform presentation of our website (Art. 6 I S. 1 f DSGVO). Information on data protection and the standard contractual clauses used by Adobe Fonts can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html
5.7 Squarespace
We also use the Squarespace service (operated by Squarespace, Inc., 225 Varick Street, 8 Clarkson St, New York, NY 10014, USA) for our website. This is a website builder that makes it easier for us to create our site. The service processes your data collected on our website (e.g. IP address, input data, browser information, time of visit) also in the USA to enable the service. The use of the service is based on our legitimate interest in being able to create and provide our website for you in an appealing and simple manner (Art. 6 I p. 1 f DSGVO). You can view more information about data protection at Squarespace here: https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace#toc-wie%E2%80%93bertr-gt-squarespace-die-daten-von-kund-innen%E2%80%93und-besucher-innen-au-erhalb-der-eu-
The privacy policy of the service can be found here: https://de.squarespace.com/data-privacy
5.8 Weglot
In addition, we use the translation tool Weglot (operated by Weglot SAS, 7 cité Paradis 75010 Paris, France) for our website. Here, your IP address is transmitted to the service to enable the translation function. Weglot also uses a CDN for this purpose. You can find out exactly what this is in section 5.4 of this privacy policy. The use of Weglot is based on our legitimate interest in being able to display the website to our users in different languages (Art. 6 I p. 1 f DSGVO). You can view Weglot's privacy policy here: https://weglot.com/privacy/
6. Application Procedure
You can apply to us electronically, by telephone, or in writing. Your information will be used exclusively to process your application and will not be shared with third parties. Please note that if you send your application via email, unencrypted emails are not transmitted with access protection. Your personal data will be deleted immediately after the application process is completed or after a maximum of 6 months, unless you have expressly given us your consent to store your data for a longer period of time or a contract has been concluded. The legal basis is Art. 6 para. 1 a, b, or f GDPR and § 26 BDSG.
7. Contact
To contact us regarding data protection, please feel free to use the following contact options. Data controller under the GDPR:
GREA GmbH
Bettinastraße 35-37
60325 Frankfurt am Main
Germany
E-mail: frank.rackensperger@GREA.de
Phone: +49 (69) 9778 4986