DATA PRIVACY STATEMENT

According to General Data Protection Regulation (GDPR)

Part A: General data privacy statement

I. Name and address of data controller

The data controller pursuant to the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection regulations, is:

Petrofer Chemie H.R. Fischer GmbH + Co. KG
Römerring 12-16
D - 31137 Hildesheim
Germany
Tel.: +49 5121 76 27 0
E-mail: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
Website: www.petrofer.com

II. Name and address of data protection officer

The data protection officer answering to the data controller is:

Attorney Frank Henkel
E-mail: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.

III. General statement regarding data processing

1. Scope of processing of personal data

We gather and use the personal data of our users only insofar as this is necessary for the deployment of an operational website as well as of our content and services. The personal data of our users will only be regularly gathered and used with the consent of the user. An exception applies in cases where it is not possible to obtain prior consent for specific reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we can obtain the data subject’s consent for the processing of his personal data, Article 6 (1)(a) of the European Union’s General Data Protection Regulation (GDPR) will serve as the legal basis.

Where the processing of personal data is necessary for the performance of a contract and the contracting party is the data subject, Article 6 (1)(b) GDPR will serve as the legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the performance of a legal obligation affecting our company, Article 6 (1)(c) GDPR will serve as the legal basis.

Where the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1)(d) GDPR will serve as the legal basis.

Where data processing is necessary to uphold a legitimate interest of our company or of a third party and the interests, rights or freedoms of the data subject do not outweigh the former interest, Article 6 (1)(f) GDPR will serve as the legal basis for such processing.

3. Data deletion and duration of storage

The personal data of the data subject will be deleted or blocked once the purpose of storage no longer applies. Storage may also be required if this is provided for in European or national law via EU legal regulations, laws or other regulations applicable to the data controller. The data is then blocked or deleted when a storage deadline as prescribed by the above standards expires unless further storage of the data is necessary in order to enter into or perform a contract.

IV. Deployment of website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system gathers automated data and information from the computer system of the accessing computer.

The following data will be gathered:

(1)       information about the type and version of the browser being used

(2)       date and time of access

(3)       websites that are accessed by the user’s system through our website

The data will also be stored in the log files of our system. This will not apply to the IP address of the user or to other data that would permit the mapping of the data to a particular user. Such data will not be stored with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data is Article 6 (1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to permit delivery of the website to the user’s computer. The user’s IP address must for this purpose be stored for the duration of the session.

These purposes also contain our legitimate interest in data processing according to Article 6 (1)(f) GDPR.

4. Duration of data storage

The data will be deleted when no longer necessary to achieve the purpose for which they were gathered. Where data are being gathered in order to deploy the website, this will occur when the current session ends.

5. Possibility of objection and removal

The gathering of data to deploy the website and the storage of data in log files is mandatory for the operation of the website. Users therefore have no possibility of objection.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. These are text files that are stored in the web browser itself or stored by the web browser on the user’s computer system. If a user accesses a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic string that allows clear identification of the browser when the website is accessed once more.

We use cookies to make our website user-friendly. Some elements of our website require that the accessing browser can be identified even after changing the page. The cookies are valid only until the end of the session.

b) Legal basis for data processing

The legal basis for the processing of personal data when using cookies is Article 6 (1)(f) GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website are not offered without the use of cookies. For this it is necessary that the browser be recognised even after changing the page.

We need cookies for the following purposes:

(1)       Identifying search items

These purposes also contain our legitimate interest in data processing according to Article 6 (1)(f) GDPR.

e) Duration of storage, objection and possibility of removal

Cookies are stored on the user’s computer and transmitted from there to our website. As a user you therefore have full control over the use of cookies. You can disable or restrict the sending of cookies by changing the settings in your browser. Stored cookies can be deleted at any time. This process can also be automated.

VI. Contact form and e-mail contact

1. Description and scope of data processing

Our website offers a contact form that can be used for electronically contacting us. If the user makes use of this, the data entered into the input mask will be sent to us and stored. Such data are as follows:

Form of address *
Your name *
How can we help you? *
Your e-mail address *
Company *
Street and house number *
Post code *
City *
Country *
Phone number *
Customer number
Your message *

(* = obligatory fields)

The following data will be stored when the message is sent:

(1)       the user’s IP address

(2)       the date and time of registration

Your consent to the processing of the data will be obtained in conjunction with the sending process and your attention brought to this data privacy statement.

As an alternative, contact is possible via the e-mail address provided. In this case the user’s personal data that has been sent with the e-mail will be stored.

No data will be disclosed to third parties in this process. The data will be used solely for the processing of the conversation.

2. Legal basis for data processing

The legal basis for data processing with the user’s consent is Article 6 (1)(a) GDPR.

The legal basis for the processing of data transferred when sending an e-mail is Article 6 (1)(f) GDPR. If the aim of the e-mail contact is to enter into a contract, the additional legal basis for the processing is Article 6 (1)(b) GDPR.

3. Purpose of data processing

The personal data from the input mask will be processed solely for administering the contact procedure. Contact by e-mail also entails the legitimate interest in the processing of the data.

The other personal data processed during the sending process will serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted once it is no longer necessary for the purpose for which it was gathered. Personal data from the input mask in the contact form and data sent by e-mail will be deleted when the respective conversation with the user ends. The conversation ends when the matter in question is definitively resolved.

Additional personal data gathered during the sending process will be deleted at the latest after a period of seven days.

5. Possibility of objection and removal

Users may at any time revoke their consent to the processing of their personal data. Users may contact us by e-mail to object at any time to the storage of their personal data. Conversations cannot be continued in such cases.

Revocation of consent and objection to storage may follow the same path as the original contact, i.e. via contact form or by e-mail.

All personal data stored in the course of the contact procedure will in this case be deleted.

VII. Rights of data subject

If your personal data are processed, you are a data subject pursuant to the GDPR and you have the following rights in respect of the data controller:

1. Right of information

You may ask the data controller to confirm whether your personal data are being processed by us.

If such processing is taking place, you may ask the data controller for the following information:

(1)      the purpose for which the personal data is being processed;

(2)      the categories of personal data that are being processed;

(3)      the recipients or categories of recipients to whom your personal data has been or is being disclosed;

(4)      the planned duration of the storage of your personal data or, if specific information is not possible, the criteria for determining the duration of storage;

(5)      the existence of a right of correction or deletion of your personal data, a right to restriction of processing by the data controller, or a right of objection against such processing;

(6)      the existence of a right to appeal to a supervisory authority;

(7)      any available information on the origin of the data if the personal data has not been gathered from the data subject.

You are entitled to ask whether your personal data has been transferred to a third country or to an international organisation. In this context you may ask for information on the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion of your personal data in respect of the data controller should the data being processed be incorrect or incomplete. The data controller must make the correction immediately.

3. Right to restriction of processing

You can request that the processing of your personal data be restricted under the following conditions:

(1)      you contest the accuracy of your personal data for a period that permits the data controller to check the accuracy of the personal data;

(2)      the processing is unlawful and you reject the deletion of your personal data and instead require the restriction of the use of your personal data;

(3)      the data controller no longer needs the personal data for the purposes of the processing, but you need the data in order to assert, exercise or defend legal claims, or

(4)      you object to the processing as set out in Article 21 (1) GDPR and it is not yet established whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of your personal data is restricted, such data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the European Union or of a Member State.

If the restriction on processing is limited according to the above conditions, you will be notified thereof by the data controller before the restriction is lifted.

4. Right to deletion

a. Deletion obligation

You may request the data controller to delete your personal data immediately and the data controller is obliged to delete such data immediately where one of the following reasons applies:

(1)      your personal data are no longer necessary for the purposes for which they were gathered or in any other way processed;

(2)      you revoke the consent that formed the basis for processing under Article 6 (1)(a) or Article 9 (2)(a) GDPR and no other legal basis for processing exists;

(3)      you object to the processing under Article 21 (1) GDPR and no overriding legitimate grounds for processing exist, or you object to the processing under Article 21 (2) GDPR;

(4)      your personal data have been unlawfully processed;

(5)      the deletion of your personal data is required by the laws of the European Union or of Member States in order to fulfil a legal obligation to which the data controller is subject;

(6)      your personal data were gathered in relation to services offered by an information society in accordance with Article 8 (1) GDPR.

b. Information provided to third parties

If the data controller has made your personal data public and is, pursuant to Article 17 (1) GDPR, obliged to delete them, he shall take all appropriate measures, including those of a technical nature, taking account of the available technology and the costs of implementation, in order to inform data controllers processing the personal data that you, as the data subject, have demanded the deletion of all links to such personal data or of copies or reproductions thereof.

c. Exceptions

The right to deletion will not apply insofar as processing is necessary:

(1)      for the exercise of the right to freedom of expression and information;

(2)      for the performance of a legal obligation that requires such processing under the laws of the European Union or of Member States to which the data controller is subject, or for the observance of a duty that is either in the public interest or is entailed by the exercise of public authority and is incumbent upon the data controller;

(3)      for reasons of public interest in the field of public health pursuant to Article 9, (2)(h) and (i) as well as to Article 9 (3) GDPR;

(4)      for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right under (a) above may prevent or seriously impair the achievement of the aims of such processing; or

(5)      to assert, exercise or defend legal claims.

5. Right to be informed

Should you have asserted your right to rectification, deletion or restriction on the processing of data in respect of the data controller, he is obliged to notify all recipients to whom your personal data have been disclosed of such rectification or deletion of your data or restriction on processing unless this should prove impossible or involve disproportionate effort.

You have the right to request the data controller to provide information about such recipients.

6. Right to data portability

You have the right to obtain the personal data that you have provided to the data controller in a structured, up-to-date and machine-readable format. You also have the right to transmit such data to another data controller, without hindrance on the part of the data controller to whom the personal data have been provided, unless

(1)      the processing is based upon consent pursuant to Article 6 (1)(a) GDPR or Article 9 (2)(a) GDPR or pursuant to a contract as per Article 6 (1)(b) GDPR, and

(2)      the processing uses automated procedures.

In exercising this right, you also have the right to obtain a guarantee that your personal data will be sent directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of others must not be impaired thereby.

The right to data portability will not apply to the processing of personal data that is required for the observance of a duty that is either in the public interest or is entailed by the exercise of public authority and is incumbent upon the data controller.

7. Right of objection (to advertising)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Article 6 (1)(e) or (f) GDPR.

The data controller will no longer process your personal data, unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is used to assert, exercise or defend legal claims.

If your personal data is processed for the purposes of direct mailing, you have the right at any time to object to the processing of your personal data for the purposes of such advertising.

Should you object to processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes.

You may exercise your right of objection in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.

8. Right to revoke consent under data protection legislation

You have the right at any time to revoke your consent under the data protection legislation. The revocation of consent will not affect the lawfulness of the processing carried out on this basis up until the revocation of consent.

9. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial redress, you have the right to appeal to a supervisory authority, in particular in the Member State of your residence, at your workplace or in the location of the alleged infringement if you believe that the processing of your personal data is in breach of the GDPR.

The supervisory authority to which appeal was made will inform the appellant of the status and the results of the appeal, including the possibility of judicial remedy pursuant to Article78 GDPR.

Part B: Supplementary data privacy statement for careers portal

The protection of your privacy is of utmost importance to us. We will only gather or use your information for our own purposes in accordance with the Federal Data Protection Act or other legislation. It is also important to us that you always know when we store data and how we use such data. The following is intended to tell you about where we obtain information from you during your visit to our website and how we deal with it.

The following gives information about the specifics of the data processing to be found on our careers websites.

I. Applications and data usage via the careers portal

1. Description and scope of data processing

Our careers portal offers candidates the opportunity to submit applications to us with the provision of personal data. Such data are entered in an input mask, transmitted to us and stored. No data will be disclosed to third parties.

We use technical and organisational measures to ensure that your data are protected against inadvertent or deliberate manipulation and unauthorised access. Your data are transmitted using a specific SSL connection to guarantee the highest level of data security to match the latest state of the art. It is however expressly brought to your attention that, despite these measures, it cannot be fully excluded that unauthorised persons may become aware of or even falsify data.

All personal data and attachments to your application will be gathered and used by Petrofer only for the purposes of evaluation, analysis and mapping relating to the application procedures.

Only competent employees dealing with selection and recruitment in the field of human resources may access the data that you provide. In the case of an application for a specific advertised position, your data will be disclosed to the appropriate HR personnel in the relevant departments and offices, as well as to the Petrofer works council. No data will be disclosed to third parties.

After your documents have been sent, your data will be stored in a database. You can contact us at any time to request deletion of your data, irrespective of whether you have applied for a specific position or have only expressed a general interest.

The following data will be gathered from the careers portal:

Obligatory fields:

Form of address
First name
Last name
E-mail address
Phone number (landline or mobile)
How we came to your attention
Uploads of attachments for letters or complete documentation
Data storage (either only for or also after the application process)

Voluntary details

Title
Further uploads of attachments

The following data are also stored when an application is submitted:

(1) the user’s IP address

(2) the date and time of registration

Before submitting the application documents via the form, the applicant must confirm having read the careers data privacy statement for the processing of such data.

If you send us your application documents in writing without using our website, we will scan your documents and enter the data in our application management system. The information that you send us in free text outside the standardised data fields will also be stored with your attachments and may be copied into free text fields.

We will also copy your documents into our application management system in the case of applications made via e-mail.

2. Legal basis for data processing

The legal basis for the data processing is the entering into of a contractual relationship and the implementation of pre-contractual measures pursuant to Article 6 (1) (b) GDPR.

3. Purpose of data processing

The details are required so that we can contact you and check your suitability for the advertised position. This in turn may permit the initiation of a contract of employment with us.

If you are applying at your own initiative and have a general interest in joining Petrofer, your information will be stored in a database in the same way as when applying for a job. Petrofer staff in the human resources department dealing with selection and recruitment may search this database in order to fill vacant positions with suitable candidates.

4. Duration of storage

The data will be deleted when no longer necessary to achieve the purpose for which they were gathered, in other words if we have chosen another candidate for the vacancy or decided not to pursue an unsolicited application.

If you apply for a specific vacancy, account will be taken of your data for the duration of the selection process. In this case your data will be disclosed to the appropriate HR personnel in the relevant departments and offices. Six months following rejection, should this occur, your data will be anonymised. We will delete all attachments and all communication. The anonymised datasets will be stored to permit us to create reports in the portal statistics. Once your data are anonymised they will no longer be considered in the search for suitable candidates in the database.

If you wish your data to be given further consideration for future personnel development in the wake of an actual application, please submit a separate unsolicited application.

We will hold unsolicited applications for a period of 6 months. After this time, we will proceed with the anonymisation of these applications as set out above.

If we decide to offer you a contract and you accept, your documents will be passed to our day-to-day HR administration by means of the usual processes. They will then be further used in the framework of the relevant legal provisions.

5. Possibility of objection and removal

As an applicant you have the opportunity to correct or withdraw your application and to delete the data at any time. Please send an e-mail to this effect to Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.

II. Rights of data subject

For your particular rights as a data subject for the purposes of data processing, please consult our general data privacy statement in Part A.

Right of objection

Insofar as your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1)(f) GDPR, you have the right to object to the processing of your personal data under Article 21 GDPR for reasons arising from your particular situation or if you object to direct mailing. In the latter case you have a general right of objection that we will agree to without the need for you to specify a particular situation.

If you wish to exercise your right of revocation or of objection, simply send an e-mail to Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.

Part C: Information pursuant to Article 13 of the General Data Protection Regulation in the case of video surveillance

Name and contact details of data controller and his representative, if any:

Petrofer Chemie H.R. Fischer GmbH + Co. KG
Römerring 12 - 16, 31137 Hildesheim

Contact details of data protection officer:

Attorney Frank Henkel
E-mail: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.

Legitimate interests to be pursued:

Protection of property

Purpose of data processing:

Prevention of vandalism, rights over property

Legal basis for data processing:

Article 6 (1)(f) EU General Data Protection Regulation

Duration of storage:

10 days on works premises, otherwise 72 hours

Recipients or categories of recipients of data:

None

Information regarding rights of data subjects

The data subject has the right to obtain from the data controller confirmation as to whether his personal data are being processed and, if so, he has a right to be informed about such personal data and to the individual information listed in Article 15 GDPR.

The data subject has the right to obtain from the data controller without delay the rectification of inaccurate personal data concerning himself and, if necessary, the data subject has the right to have incomplete personal data completed (Article 16 GDPR).

The data subject has the right to demand that the data controller delete personal data immediately if the event that any of the reasons listed in Article 17 GDPR applies, e.g. when the data is no longer necessary to achieve the required purposes (Right to deletion).

The data subject has the right to require the restriction of processing, while the data controller is conducting an examination, where one of the conditions listed in Article 18 GDPR applies, e.g. if the data subject objects to processing.

The data subject has the right, for reasons arising from his particular situation, to object at any time to the processing of his personal data. The data controller will no longer process the personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or if the processing is used to assert, exercise or defend legal claims (Art. 21 GDPR).

Every data subject has the right to appeal to a supervisory authority without prejudice to any other administrative or judicial redress if, in the view of the data subject, the processing of his personal information is in breach of the GDPR (Art. 77 GDPR). The data subject may assert this right before a supervisory authority in the Member State of his residence, at his workplace or in the location of the alleged infringement. The supervisory authority for Lower Saxony, Germany, is the Data Privacy Commissioner for Lower Saxony, Prinzenstrasse 5, 30159 Hannover, phone +49 511-120 4500, fax +49 511-120 4599, Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser..