PRIVACY POLICY

General data protection declaration

Data protection information according to EU data protection basic regulation, which will become effective on 25.05.2018 - as of August 2018

General information

We take the protection of your personal data very seriously. Your privacy is important to us.

The following provisions serve to inform you about the processing of personal data in accordance with the requirements of the Basic Data Protection Ordinance (DSGVO) , in particular taking into account the information obligations under Articles 12 to 14 DSGVO, as well as to inform you about the rights of data subjects under the DSGVO in accordance with Articles 15 to 22 and 34 DSGVO.

Notes on the responsible body

Responsible for the processing of your personal data is

IHI Charging Systems International GmbH

Haberstrasse 24

D-69126 Heidelberg Germany

Phone: +49 6221 3096-0Fax : +49 6221 3096-111

E-mail : contact[at]ihi-csi.de

Website Privacy Policy

Scope of application

This data protection declaration applies to all pages of our online network that link to this declaration.

Purpose of data collection

The purpose of the data collection is the optimization of the website, the error analysis, the individual tailoring to your needs, the offer of contacting and, if necessary, the sale of goods and services.

General information on data processing

We only collect and use personal data of our users insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of personal data of our users takes place regularly only with the user's consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

Legal basis for the processing of your data:

 Insofar as we obtain the consent of the data subject for the processing of personal data, Art.6 Para.1 lit.a EU Data Protection Ordinance (DSGVO) serves as the legal basis.

 In the processing of personal data required for the performance of a contract to which the data subject is a party, Art.6 para.1 lit.b DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

 Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art.6 Para.1 lit.c DSGVO serves as the legal basis.

 In the event that vital interests of the data subject or another natural person require the processing of personal data, Art.6 para.1 lit.d DSGVO serves as the legal basis.

 If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art.6 para.1 lit.f DSGVO serves as the legal basis for processing.

Justified interests can be in particular:

 the answering of inquiries;

 the implementation of direct marketing measures;

 the provision of services and/or information intended for you;

 the processing and transfer of personal data for internal or administrative purposes;

 the operation and administration of our website;

 the technical support of the users;

 the prevention and detection of fraud and criminal offences;

 protection against non-payment in the event of obtaining credit information for inquiries about deliveries and services; and/or

 the guarantee of network and data security, insofar as these interests are in accordance with the applicable law and with the rights and freedom of the user;

 the achievement of efficiency gains by bundling services in individual Group companies (in particular marketing, IT, procurement)

Categories of recipients

 Service providers for the optimization of websites, online marketing service providers and tools, service providers for information and communication technology, companies for software and device maintenance, partly described in detail below

 Social networks and communities as described in more detail below

 internal recipients according to the "need to know" principle

Usage data/server log files

Every time you visit our website, our systems automatically collect data and information from the computer system of the calling computer.

The following types of data are collected: Browser type, version used, user's operating system, Internet service provider, user's IP address, date and time of access, websites from which the user's system has reached our website or to which the user accesses from our website.

The legal basis for the temporary storage of data and log files is Art.6 Para.1 lit. f DSGVO with the above-mentioned legitimate interests.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing also lies in these purposes. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. We also reserve the right to check the files if there is a justified suspicion of illegal use or a concrete attack on the pages based on concrete evidence. In this case, our legitimate interest is the processing for the purpose of clarification and criminal prosecution of such attacks and illegal uses.

Use of cookies

We use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies: Language settings, items in a shopping cart, log-in information, etc.....

The purpose of using technically necessary or functional cookies is to enable (necessary) or simplify (functional) the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change. We need cookies for the provision of shopping cart, adoption of language settings, remembering search terms, etc.. Processing is therefore carried out on the basis of Art.6 para. 1 lit. b and f DSGVO.

We also use cookies on some of our websites which enable an analysis of the user's surfing behaviour. In this way entered search terms, frequency of page views, use of website functions, etc. are transmitted. The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

Legal basis for data processing using cookies: The legal basis for processing personal data using technically necessary cookies is Art.6 Para.1 lit. f DSGVO. The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 para. 1 lit. a DSGVO, otherwise Art. 6 para. 1 lit. f DSGVO in conjunction with the user's consent. EC 47.

General statements about WebBeacons / Tracking-Pixel

WebBeacons are invisible graphics with the size of a pixel. These are used by partner companies, in particular for the purpose of tracking a user via various web pages to form profiles for use in advertising tailored to the user (targeting). A pixel embedded in the web page is loaded from the partner's server when the web page is called. The partner receives your IP address, information about your browser and its version as well as browser plug-ins used (browser fingerprint), your operating system and your network operator.

Contents of external providers

On our website we use active JavaScript content and fonts, which can also come from external providers such as Google. By accessing our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plug-in'NoScript' or deactivating JavaScript in your browser. However, this can lead to functional restrictions.

Some of our websites integrate third party content, such as videos from YouTube, maps from Google Maps, images, texts and multimedia files, RSS feeds or other services from other websites. This always requires a transmission of your IP address to the providers of this content. We cannot make any statement about the use of your data by these providers and have no influence on further processing. In particular, not about whether the data is also used for other purposes, such as profiling. You can protect yourself against further prosecution by tracking pixels of these providers by deactivating the acceptance of third party cookies in your browser settings.

Google Analytics

Some of our websites use Google Analytics, a web analysis service provided by Google Inc. "("Google"). Google Analytics uses"cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. The legal basis for processing the personal data of users is Art.6 Para.1 lit. f DSGVO. We use Google Analytics to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a device-independent analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, Privacy Policy: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/de/policies/privacy.

Special data protection clause for the monitoring software Matomo (formerly Piwik):

On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the user's computer (see above for cookies). If individual pages of our website are accessed, the following data is stored: Two bytes of the IP address of the user's calling system, accessed website, the website from which the user has accessed the accessed website (referrer), the sub-pages accessed from the accessed website, the time spent on the website, frequency of accessing the website. The software runs exclusively on the servers of our website. The personal data of users is only stored there. The data will not be passed on to third parties. The legal basis for processing the personal data of users is Art.6 Para.1 lit. f DSGVO. The processing of users' personal data enables us to analyse the surfing behaviour of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f DSGVO. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account. The data will be deleted as soon as they are no longer needed for our recording purposes.

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

Contact form and e-mail contact

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is: Name, address, e-mail address, telephone number, etc. At the time the message is sent, the following data is also stored: The IP address, date and time. Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for processing is:

 For the processing of the data after registration for the newsletter by the user, Art.6 para. 1 lit. a DSGVO.

 For the processing of data transmitted in the course of sending an e-mail, Art.6 para.1 lit.f DSGVO with the above-mentioned legitimate interests.

 If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art.6 Abs.1 lit.b DSGVO.

The processing of the personal data from the input mask serves us only for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Data transmission via the Internet

Data transmission over the Internet is generally associated with certain risks. A special encryption of the data is not carried out, especially messages from the contact form of our website and messages in the service chat are transmitted unencrypted . If you wish to communicate with us by encrypted e-mail, this is possible using SMIME encryption. Please inform us of your wish for encryption, as we regularly send unencrypted, due to the currently low market penetration of e-mail encryption methods.

Data transfer

If you provide us with personal data, this will only be passed on to third parties if this is necessary for the processing of the contractual relationship or if another legal reason justifies this transfer.

However, we provide certain services with the cooperation of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data.

Privacy Policy for Applicants

If you apply for a job in our company, we process and store your personal data , we take your privacy very seriously and would therefore like to inform you here about the handling of your applicant data.

Purpose of data collection

Before joining our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the required extent.

Types of data processed by us

The following types of personal data are processed regularly:

 Applicant data; name, date of birth, curriculum vitae, nationality/work permit, etc. for selection, recruitment, entry and exit management,

 private contact data; address, telephone number, email (for contact purposes),

 Data within the scope of personnel screening (e.g. police clearance certificate, reliability test (ZUP));

 Where applicable, data subject to professional secrecy; e.g. data on health suitability and any restrictions

 other data in personnel management: severe disability (if relevant), driving licence holder

We do not require any information from you that is not usable under the General Equal Treatment Act (AGG) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sexual life).

We ask you not to transmit such data to us. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, press law or general rights of third parties).

Legal basis of the processing

 for the establishment, execution and termination of a contractual relationship pursuant to Art. 6 para. 1 lit.b) in connection with 26 BDSG (version from 25.5.2018),

 to fulfil a legal obligation pursuant to Art. 6 para. 1 lit.c),

 in the case of processing for the protection of a legitimate interest pursuant to Art. 6 (1) (f),

 and on the basis of your voluntary consent by providing data which is not absolutely necessary for the purpose (such as hobbies in the curriculum vitae) (however, such consent is not required for the conclusion of a contract or the continuation of an existing contract) in accordance with Art. 6 (1) (a).

Our legitimate interests lie, for example, in:

 the optimization of the application processes,

 the achievement of efficiency gains by bundling services in individual Group companies (in particular personnel, IT),

 Ensure compliance with security regulations, requirements, industry standards and contractual obligations,

 the assertion, exercise or defence of legal claims,

 the avoidance of damage and/or liability of the company through appropriate measures.

Categories of recipients

 Internal receivers according to the "need to know" principle,

 Companies affiliated under company law (group companies) as joint responsible persons : The essential contents of the regulation of the tasks with regard to the rights of affected parties can be inquired at the contact address provided , but according to Art. 26 para. 3 DSGVO these rights can be claimed by affected parties from all companies involved.

Deletion periods

Your data will be deleted after the respective purpose has been achieved. However, data will be kept for as long as is necessary to defend legal claims. The storage period is usually 6 months. If your profile was submitted to us by a personnel service provider and if commission claims of this service provider exist, the storage period can amount to up to their fulfilment or limitation. If accounting-related processing, such as the reimbursement of travel expenses, is carried out, the data required for this will be deleted in compliance with the statutory retention periods, usually 6 or 10 years. If the application was successful and we conclude a contract with you, we will transfer the data collected during the application process into our personnel file.

Privacy policy for employees

Herewith we would like to inform our employees about our handling of their personal data in the context of the employment relationship.

Purpose of data collection

During the period of your employment your personal data will be processed mainly for the execution and/or termination of the contractual relationship including the tasks associated with the respective activity. Other purposes may be processing for the purpose of complying with legal regulations (including the right to information of third parties) or in measures for corporate development or communication.

Types of data processed by us

In the context of your employment relationship, we process the following personal data:

 Applicant data; name, date of birth, curriculum vitae, nationality/work permit, etc. for selection, recruitment, entry and exit management;

 private contact data; address, telephone number, email;

 business contact data; e.g. telephone numbers, email, place of work, job title;

 Image data; photo for identification and photographs during operational events;

 Identification/payment data; identity card data or work permit to identify and determine the legitimacy of employment, place of birth, marital status, parental status, tax identification number, health insurance membership, income tax class, allowances, religious affiliation for church tax, account number, any wage pledges (for the purpose of payroll accounting and fulfilment of social security, tax and other legal obligations);

 Health data; e.g. in the context of payroll accounting, for accounting with health insurance companies or professional associations or in the context of statutory obligations as an employer, e.g. company integration management or the fulfilment of duties in the protection of severely handicapped persons or in the context of company self-monitoring such as occupational safety or company medical examinations;

 Time recording and access data; vacation times, working time accounts, shift schedules, closing times or access logs, etc..;

 Data within the scope of personnel screening (e.g. police clearance certificate, reliability test (ZUP));

 Data on suitability and performance/behaviour monitoring; information on training and further education; data for the purpose of measuring target achievement, e.g. for variable remuneration, data on infringements of road traffic regulations ("parking tickets");

 other data in personnel management: sidelines, data in the context of occupational health care and health management, occupational safety, any degree of severe disability, driving licence holdership, any employee surveys, data in the context of proposal management, employee inventions,

Categories of recipients

We send your personal data to the following recipients, e.g. to comply with legal obligations or obligations arising from the employment relationship:

 Bank service providers, financial service providers, and, where applicable, service providers for calculating pension provisions,

 Service providers for payroll accounting (tax consultants), auditors, service providers for information and communication technology, software and equipment maintenance companies, service providers for personnel restructuring only,

 Health, social, pension and accident insurance carriers as well as other insurance companies and carriers of capital formation benefits,

 Authorities such as tax authorities, social security funds, employment agencies, safety, health, road traffic or related fine offices, customs authorities or monitoring offices for undeclared work and minimum wage; other authorities,

 Company medical service,

 Companies affiliated under company law (group companies) as joint responsible persons: the essential contents of the regulation of the tasks with regard to the rights of affected parties can be inquired at the contact address provided; however, according to Art. 26 para. 3 DSGVO, these rights can be claimed from affected parties from all companies involved,

 Third party debtor in case of wage garnishment, insolvency administrator in case of private insolvency

 Business partners and customers (business contact data), temporary employment agencies

Legal basis of the processing

When processing your personal data, we naturally comply with applicable law. Processing is therefore only on a legal basis. The following legal bases are particularly relevant in the employment relationship:

1. 26 BDSG (version from 25.05.2018) as far as necessary for the implementation of the employment relationship or for clarification of concrete suspicions of criminal offences

2. Art. 6 para. 1 lit. a) on the basis of your consent, whereby in principle no consent is required for the conclusion of a contract or the continuation of an existing contract,

3. Art. 6 para. 1 lit.b) for the establishment, execution and termination of a contractual relationship,

4. Art. 6 para. 1 lit.c) for the fulfilment of a legal obligation,

5. Art. 6 para. 1 lit. f) for the protection of a legitimate interest

6. Art. 88 DSGVO on the basis of collective agreements (works agreements)

If we process your data within the scope of our legitimate interest, this is e.g. in:

 the implementation of electronic access controls,

 the optimization of personnel planning,

 the achievement of efficiency gains by bundling services in individual Group companies (in particular personnel, IT, procurement)

 Ensure compliance with security regulations, requirements, industry standards and contractual obligations,

 the assertion, exercise or defence of legal claims, including data for the documentation of service flows

 the avoidance of damage and/or liability of the company through appropriate measures.

 the implementation of internal information and communication measures.

 reporting on company information.

You have the right to object to the processing of personal data within the framework of a legitimate interest for reasons arising from your particular situation. We will then no longer process your data unless we can prove compelling reasons worthy of protection which outweigh your rights and freedoms or the processing serves to assert, exercise or defend legal claims.

We do not use the personal data you provide to make automated decisions about you.

Data collected from third parties

Using the ELSTAM procedure, we collect data on payroll accounting , which is made available to us by the financial administration for correct accounting , in particular the data on payroll accounting mentioned below.

Storage time

Once the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods, usually 6 or 10 years, for various data categories such as occupational pension provision for 30 years and longer.

Data protection declaration for customers / interested parties / suppliers / other

As a customer and as an interested party or other interested party, we process your personal data primarily to establish and fulfil a contractual relationship concluded with you or on the basis of a legitimate interest. We collect, store and, if necessary, pass on your data to the extent necessary to provide the contractually agreed service, to provide information, to carry out direct marketing activities or other activities of our business operations. Non-provisioning may mean that the contract cannot be concluded. In addition, we will only process your data if you have consented to the processing or another legal permission exists.

Purposes of data processing

We process your personal data to achieve the following purposes in connection with the initiation and execution of a contractual relationship or other activities in the interest of the company:

 Contract processing (including shipping)

 the acquisition of existing customers, use as selection criterion for direct marketing in order to be able to offer you a service tailored to your needs

 dealer support

 the credit assessment

 the management of our supplier relationships

 service

 the quality management

 the improvement and development of intelligent and innovative services

 customer analysis for market and opinion research

 the handling of our logistics/our materials management

 reporting on our company

Beyond that we process your data only with your explicit declaration of consent.

Types of data processed by us

The following personal data are processed:

 private contact data; name, address, telephone number

 Identification/payment data; account number, VAT ID no.

 Ordering data: Quantity, Sales, Intervals

 Geodata: Addresses, terms of delivery

 Image data: Photos and video recordings in the context of corporate events and trade fair appearances

Categories of recipients

These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. Our service providers are regularly checked by us. The service providers will not pass this data on to third parties, but will delete it after fulfilment of the contract and the conclusion of legal storage periods, unless you have consented to further storage. If we are legally obliged to do so, we will disclose your data to the competent authority upon request.

These are, for example:

 Bank and payment service providers, business information agencies, lawyers,

 logistics firms

 associated undertakings

Legal basis of the processing

The legal bases for the processing of their data are in particular:

1. Art. 6 para. 1 lit. a) on the basis of your consent, whereby in principle no consent is required for the conclusion of a contract or the continuation of an existing contract,

2. Art. 6 para. 1 lit. b) for the establishment, execution and termination of a contractual relationship,

3. Art. 6 para. 1 lit. c) for the fulfilment of a legal obligation,

4. Art. 6 para. 1 lit. f) for the protection of a legitimate interest

Our legitimate interests lie in achieving the above-mentioned purposes and beyond, e.g. in:

 Perception of our business interests, including direct marketing and credit assessment,

 the improvement of efficiency and effectiveness potentials, also in cooperation with partners and possibly affiliated companies,

 Ensure compliance with security regulations, requirements, industry standards and contractual obligations,

 the assertion, exercise or defence of legal claims,

 the avoidance of damage and/or liability of the company through appropriate measures

 the implementation of information and communication measures, also of an advertising nature.

 reporting on company information.

Client analysis

In the case of customer analysis, your data will be processed either anonymously or, if anonymous processing is not possible or does not make sense for factual reasons, in pseudonymised form.

Individual of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data of these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, transfer to a third country takes place. Contractual data protection agreements are concluded with these service providers in order to establish an appropriate level of data protection and corresponding guarantees are agreed.

Data collected from third parties

We may be provided with data from third parties, e.g. as part of recommendations. In this case it usually concerns contact data in connection with data to concrete product and/or service needs.

If necessary, we collect data from credit agencies with regard to credit ratings and/or negative characteristics.

Storage period

After the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods.

Privacy policy for video surveillance

Information on data collection

We use video surveillance systems on our company premises for the surveillance of publicly accessible areas, especially outdoors .

Legal basis of video surveillance

The legal basis for the processing of your personal data in the context of video surveillance are in particular :Art. 6 para. 1 lit. f) for the protection of a legitimate interest

Our legitimate interests lie, for example, in

 the establishment of security and order on the company premises (vandalism prevention, domiciliary rights, access control)

 the assertion, exercise or defence of legal claims

 the avoidance of damage and/or liability of the company through appropriate measures (protection of property)

Purposes of data collection

The purpose of video surveillance is usually to safeguard one of the above-mentioned legitimate interests.

Duration of storage

The video data is usually not stored.

Types of data processed by us

Visual data

Categories of recipients

none, only internal

Transfer to third countries

Some data, in particular employee and customer data, is transferred to our parent company, IHI Corporation in Japan. Japan is not an EU country and there is no EU adequacy resolution, but we have ensured through contractual measures (standard contractual clauses) that we can assume a comparable level of data protection in the transmission. The data importer is subject to contractual guarantees for the security of personal data. A copy of this contract can be inspected on request in the personnel department or via the data protection officer.

Use of service providers

Individual of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data of these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, transfer to a third country takes place. Contractual data protection agreements are concluded with these service providers in order to establish an appropriate level of data protection and corresponding guarantees are agreed.

Notice of your rights

You have the right,

 to ask us to confirm whether we process personal data concerning you ; if this is the case, you have a right to information on this personal data and on the information specified in Art. 15 DSGVO.

 to demand the publication of the data concerning you in the restrictions of Art. 20 DSGVO in a common electronic, machine-readable data format. This also includes the handing over (as far as possible) to another person directly named by you.

 to request us to correct your data if it is incorrect, inaccurate and/or incomplete. Correction shall also include completion by declarations or communication.

 If you do not wish us to contact you by newsletter or other means, we will save your contact details on a blacklist, but we will not be able to delete any data that is subject to a legal retention period.

 to revoke any consent given by you with effect for the future without you incurring any disadvantages as a result.

 to require us to restrict processing if one of the conditions set out in Art. 18 DSGVO is met.

 We will then no longer process the personal data unless we can prove compelling reasons worthy of protection which outweigh your interests, rights and freedoms , or the processing serves to assert, exercise or defend legal claims (Art. 21 DSGVO).

 without prejudice to any other administrative or judicial remedy and if you consider that the processing of personal data concerning you is contrary to the DSGVO, to complain to

Deletion of your data

Unless otherwise regulated in the more detailed data protection declarations, we delete your personal data when the contractual relationship with you is terminated, you have made use of your right to deletion, all mutual claims have been fulfilled and no other legal storage obligations or legal justification bases for storage exist. The retention periods under commercial law for financially relevant data are generally up to 10 years. We may keep data remotely for as long as necessary to protect ourselves from claims that may be asserted against us. These periods can be up to 30 years.

Definitions

For the purposes of this general information for employees, the term:

1. Personal data - any information relating to an identified or identifiable natural person; identifiable is any natural person who can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Examples are contact data, communication data, billing data.

2. Controller - the natural or legal person, authority, body, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or certain criteria for his appointment may be laid down by Union law or by the law of the Member States.

3. processor - a natural or legal person, authority, institution or other body processing personal data on behalf of the data controller.

4. Recipient - any natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party.

5. Employees - employees, including temporary workers in relation to the hirer, to their vocational training, employees, participants in benefits for participation in working life as well as in clarifications of professional aptitude or work trials (rehabilitants), employees in recognised workshops for disabled persons, volunteers providing a service under the Youth Voluntary Service Act or the Federal Voluntary Service Act, persons who are to be regarded as employment-like persons because of their economic dependence. These include homeworkers and their peers, federal civil servants, federal judges, soldiers and civil servants. As well as applicants for an employment relationship and persons whose employment relationship has ended.

6. third party - a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or the data processor.

7. Profiling - any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person.

8. Restriction of processing - the marking of stored personal data with the aim of restricting their future processing.

Changes to this Privacy Policy

We reserve the right to change our data protection declaration if necessary and to publish it here. Please check this page regularly. The updated declaration shall enter into force on publication, subject to the legislation in force. If we have already collected information about you that is affected by the change and/or is subject to a legal obligation to provide information, we will also inform you of any material changes to our data protection declaration.