Privacy policy

Overview

In the text below, we will inform you about how your personal data is collected when you use this website. Personal data is all data that personally relates to you, such as your name, address, email address, or user behaviour. We only process personal data in accordance with the statutory regulations. This particularly includes the EU General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG). In this Privacy Policy, we will inform you about how, to what extent, and for what purposes we process your personal data when you use this website.

We wish to inform you that transferring data over the Internet (e.g. such as when communicating by email) can carry security risks. It is not possible to perfectly protect data against access by third parties.

Notice: In the text below, we have referenced provisions of the GDPR, which will enter into force on 25 May 2018. Until the GDPR enters into force, these references should be understood as references to the corresponding provisions of the BDSG in the version then valid.

I. Data protection on the website

1. Name and contact information of the controller

The controller for data processing on this website is:
GP JOULE GmbH
Cecilienkoog 16
25821 Reußenköge
Telephone: +49 4671 6074-0
Telefax: +49 4671 6074-199
Email: info(at)gp-joule.de

2. Name and contact information of the data protection officer

Our data protection officer is:
Ann-Katrin Meißner
Meißner Datenschutz GmbH
Markt 31
25821 Bredstedt
Telefon: +49 (0) 4671 93 10 31
E-Mail: dsb(at)mds.legal

3. General information about data processing

When you contact us by email, we save the information you share with us (your email address, your name and telephone number if relevant) to answer your question. We delete the data collected in this connection once it is no longer necessary to save it or limit processing if statutory retention periods apply.

If we use external service providers for some functions of our website or want to use your data for commercial purposes, we will inform you about the respective processes in detail. In the process, we will also name the set criteria for the length of storage.

a) Scope of processing personal data
We only process our user's personal data inasmuch as is necessary to provide a functioning website and our contents and services. Generally, the personal data of our users is only processed after we have received consent from our users. An exception applies in cases when it is not factually possible to obtain permission before collecting data and processing data is permitted by statutory provisions.

b) Legal basis for processing personal data
Inasmuch as we have obtained consent from the affected person to process personal data, Art. 6 para. 1 p. 1 lit. a GDPR is the legal basis.

When personal data is processed to fulfil an agreement to which the affected person is a contractual party, Art. 6 para. 1 p. 1 lit. b GDPR is the legal basis. This also applies for processing that is necessary to perform precontractual measures.

If processing personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 lit. c GDPR is the legal basis.

If a vital interest of the affected person or another natural person renders processing of the personal data necessary, Art. 6 para. 1 p. 1 lit. d GDPR is the legal basis.

If processing is necessary to protect a legitimate interest of our company or of a third party and the interests, basis rights, and basic freedoms of the affected party do not outweigh this first interest, Art. 6 para. 1 p. 1 lit. f GDPR is the legal basis for processing.

c) Deleting data and terms of storage
The personal data of the affected person will be deleted or locked as soon as the purpose for storage lapses. Data can continue to be stored thereafter if this is provided for by the European or national legislature in Union law regulations, laws, or other provisions to which the controller is subject. Data will also be locked or deleted if a storage period prescribed by the laws listed above elapses, unless it is necessary to continue storing this data for contractual conclusion or contractual fulfilment. In addition, storage can continue if you have given your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.

4. Collection of your personal data when visiting our website

In purely informational use of our website, e.g. if you do not register or otherwise send information to us, we only collect the personal data that your browser sends to our server. When you view our website, we collect the following data, which is technologically necessary for us to show you our website and to ensure security. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR:

  • IP address,
  • Date and time of visit,
  • Time difference from Greenwich Mean Time (GMT),
  • Content of the visit (specific pages),
  • Access status/HTTP status code,
  • Quantity of data transferred,
  • Website from which the visit originates,
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

5. Cookies

The website uses what is referred to as cookies. Cookies do not damage your computer and do not contain viruses. Cookies help to make our website more user-friendly, more effective, and more secure. Cookies are small text files that are set on your computer and stored by your browser.

Most of the cookies used by us are what is called “session cookies”. They are deleted automatically at the end of your visit. Other cookies are stored on your end device until you delete them. These cookies allow us to recognize your browser at your next visit.

You can set up your browser to inform you when cookies are set and to only allow cookies in specific cases, to prohibit cookies from being accepted in certain cases or generally, and to activate the automatic deletion of cookies when your browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are necessary to perform the electronic communication process or to provide certain functions that you could request are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for technologically correct and optimal provision of their services.

Use of Cookiebot

Cookiebot is an online service that helps us use cookies and track them online in compliance with data protection legislation. When using the web service Cybot A/S (Havnegrade 39, 1058 Copenhagen, Denmark), your browser transmits personal data to the company named. The legal basis for the processing of this data is Art. 6(1)(f) GDPR. Our legitimate interest is the error-free functioning of our website. This data is erased as soon as the purpose for which it was collected has been fulfilled. Further information on how the transmitted data is handled is provided in Cookiebot’s privacy policy: www.cookiebot.com/en/privacy-policy/ . You can prevent cook-iebot.com from collecting and processing your data by deactivating the execution of script code or installing a script blocker in your browser (available for example at www.noscript.net or www.ghostery.com).

You have the right to change or withdraw your consent at any time.

6. Contact form

If you send us inquiries using our contact form, your information from the contact form, including the contact information you have entered there, will be saved for the purpose of processing the inquiry and in the event of any follow-up questions. We will not disclose this data without your consent.

The requested mandatory information must be entered in full. Otherwise, the contact inquiry can't be answered.

The processing of the data entered in the contact form therefore occurs exclusively on the basis of your consent (Art. 6 para. 1 p. 1 lit. a GDPR). You can revoke this consent at any time. An email to us is sufficient; no particular form is required. The legality of the data processing that has occurred up to the time consent is revoked remains unaffected by the revocation.

The data that you enter in the contact form stays with us until you request that we delete it,
revoke your consent to save your data, or the purpose for data storage lapses (e.g. processing of your inquiry is completed). Mandatory statutory provisions – particularly retention periods – remain reserved.

7. Registration on this website (login)

You can register on our website to use additional functions on the website. We only use the data entered for this purpose for purposes of using the respective product or service for which you registered. The mandatory information requested during registration must be entered in full. Otherwise, we will reject the registration.

For important changes, such as to the scope of products or for technically necessary changes, we will use the email address entered during registration to send you this information.

The processing of the data entered during registration occurs on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke consent that you have issued at any time. An email to us is sufficient; no particular form is required. The legality of the data processing that has already occurred remains unaffected by the revocation.

The data collected during registration stays with us until you request that we delete it, revoke your consent to save your data, or the purpose for data storage lapses (such as after the end of our contract). Mandatory statutory provisions – particularly retention periods – remain reserved.

8. “Lease areas” form

If you send us inquiries or information using our “lease areas” form, your information from the form will be saved, including the contact information you have entered there, for the purpose of processing the inquiry and in the event of any follow-up questions. We will not disclose this data without your consent.

The requested mandatory information must be entered in full. Otherwise, the inquiry can't be answered.

The processing of the data entered in the form therefore occurs exclusively on the basis of your consent (Art. 6 para. 1 p. 1 lit. a GDPR). You can revoke this consent at any time. An email to us is sufficient; no particular form is required. The legality of the data processing that has occurred up to the time consent is revoked remains unaffected by the revocation.

The data that you enter in the form stays with us until you request that we delete it, revoke your consent to save your data, or the purpose for data storage lapses (e.g. processing of your information is completed). Mandatory statutory provisions – particularly retention periods – remain reserved.

9. JAMES magazine

If you send us your data using the “JAMES magazine” form, your information from the form will be saved, including the contact information you have entered there, for the purpose of processing the order. Additional data will not be collected or will only be collected on a voluntary basis. We use your data exclusively to send JAMES magazine and do not give it to third parties.

The requested mandatory information must be entered in full. Otherwise, we cannot complete the order, since we cannot send the magazine without the mandatory information.

The processing of the data entered in the form occurs exclusively on the basis of your consent (Art. 6 para 1 lit. a GDPR). You can revoke your consent to store the data and its use for the shipment at any time by sending us an email. The legality of the data processing that has already occurred remains unaffected by the revocation.

The data that you enter in the form stays with us until you request that we delete it, revoke your consent to save your data, or the purpose for data storage lapses (e.g. processing of your order is completed).

Mandatory statutory provisions – particularly retention periods – remain reserved.

10. Application process

This section provides information under data protection law for applicants to GP JOULE GmbH with regard to the processing of their personal data. This concerns applications that either relate to a specific job advertisement or to unsolicited applications.

We process the data that you send in connection with your application to assess your suitability for the position (or possibly for other vacant positions in our company) and to perform the application process.

After receiving your application, the data is viewed by the HR department. Suitable applications are then internally sent to the responsible party for the department that has an open position. The method of proceeding will then be coordinated. In the companies, it is always the case that the only people who have access to your data are those who need it to perform our application process.

The legal basis for processing your personal data in this application process is sec. 26 GDPR. Pursuant to sec. 26 GDPR, it is admissible to process data that is required in connection with deciding whether to establish an employment relationship.

If the data is required after the application process is completed, such as for legal prosecution, data processing may occur pursuant to Art. 6 GDPR, particularly to protect a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our interest is then founded in the assertion of or defence against claims.

In the event of a rejection, applicant's data will be deleted after 6 months. If you have consented to continued storage of our data, we will transfer your data to our applicant pool. From there, the data is deleted once two years have elapsed. If you are approved for a position in the course of the application process, the data will be stored in our systems.

II. Rights of data subjects

You have the following rights with regard to your personal data:

  • Right to information pursuant to Art. 15 GDPR,
  • Right to correction or deletion pursuant to Art. 16 and Art. 17 GDPR,
  • Right to limit processing pursuant to Art. 18 GDPR,
  • Right to object to processing pursuant to Art. 21 GDPR,
  • Right to data portability pursuant to Art. 20 GDPR.

III. Right to complain to responsible data protection supervisory authorities

You also have the right to complain about our processing of your personal data to the responsible data protection supervisory authorities pursuant to Art. 77 GDPR.

IV. Consent

If you have issued consent for your data to be processed, you can revoke this consent pursuant to Art. 7 para. 3 GDPR at any time. Such revocation of consent influences the legality of processing your personal data once you have expressed it to us.

V. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, inasmuch as there are reasons based in your particular situation.

If you want to use your right to object, send an email to: info(at)pg-joule.de.

VI. Transferring data to third parties

In our “GP JOULE” corporate group (www.gp-joule.de), we work closely with other corporate groups. It may be necessary for us to process your personal data within the existing or future corporate group. Our legitimate interest consists of efficiently structuring business processes. The legal basis for processing your personal data is Art. 6 para. 1 lit. f GDPR in this case.

In addition to this, your personal data is processed within the existing or future corporate group, inasmuch as this is necessary for the foundation, content, or amendment of the legal relationship. The legal basis for processing your personal data in this case is Art. 6 para. 1 lit. b GDPR, which permits data to be processed to fulfil a contract or for precontractual measures.

The collected personal data will be deleted after the order is concluded or the business relationship has ended. Statutory retention periods remain reserved.

In some cases, we use external service providers to process your data. They are carefully selected and commissioned by us, are bound to follow our instructions, and are monitored by us on a regular basis. This generally occurs on the basis of order processing pursuant to Art. 28 GDPR.

Otherwise, we only send personal data to third parties if this is permitted under the law or you have issued your consent in advance. If you have issued consent, you can revoke this consent with effect for the future at any time.

VII. Data transferral to countries outside of the European Economic Area (EEA)

Inasmuch as we process data outside of the EEA, cause this to occur in the context of using third party services, or data is disclosed or transmitted to third parties, this only occurs if it is necessary to fulfil our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interest.

Otherwise, we only transfer data to third party countries if it has been assured that the recipient of the data ensures an appropriate level of data protection in the sense of Chapter V of the GDPR and there are no other justified interests against data transferral. To ensure an appropriate level of protection with the recipient of the data, we particularly use the sample contracts of the EU Commission for the transfer of personal data to third party countries.

VIII. No automated individual decisions

We do not use your personal data for automated individual decisions in the sense of Art. 22 paragraph 1 GDPR.

IX. Links to other websites

Our website contains links to other websites. Please note that our Privacy Policy does not apply to these other websites.

X. Data security

We have taken the necessary technological and organizational measures to protect the personal data that you provide from loss, destruction, manipulation, and unauthorized access. All of our employees and all people who participate in data processing are obligated to comply with the GDPR, the BDSG, and other laws relevant to data privacy and confidential handling of personal data. Our employees are trained correspondingly. Both internal and external inspections ensure compliance with all data privacy processes.

To protect the personal data of our users, we use a secure online transfer process referred to as a “secure socket layer” (SSL) or “transport layer security” (TSL) transfer. You can see that this is the case if there is an “s” displayed in the address component (“https://”) or a green, closed lock symbol displayed in the browser. By clicking the symbol, you can get information about the SSL certificate that is used. The depiction of the symbol depends on the version of the browser that you use. SSL encryption ensures that your data is transferred securely and completely.

XI. Amendments to the Privacy Policy

New statutory provisions, company decisions, or technological developments may require amendments to our Privacy Policy. The Privacy Policy will then be adjusted accordingly. You can always find the most current version on our website.

Version: May 2018