Data Privacy Statement
As a visitor to our website (hereinafter also referred to as 'user'), we would like to inform you about the processing of personal data in the context of the usage of our websites. 'Personal data' means any information relating to an identified or identifiable natural person (hereinafter also referred to as 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
I. Name and address of the controller
The controller of these this website within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:
PANINKRET chem.-pharm. Werk GmbH
Bahnhofstrasse 20
25364 Westerhorn
Telephone: +49(0)4127 9437-0
Fax: +49(0)4127 9437-22
E-mail: info(at)paninkret.com
URL: www.paninkret.com
The data protection officer of the controller can be reached at:
PANINKRET chem.-pharm. Werk GmbH
-Data Protection Officer-
Bahnhofstrasse 20
25364 Westerhorn
Telephone: +49(0)4127 9437-0
Fax: +49(0)4127 9437-22
URL: www.paninkret.com
E-mail: datenschutz@paninkret.com
II. General information about the data processing
Scope of the processing of personal data
In principle, we only process personal data of our users insofar as this is necessary in order to provide a functional website, as well as our content and services. Personal data are above all those data that allow for you to be personally identified.
General legal basis for the processing of personal data
Art. 6(1)(b) of the GDPR serves as legal basis for the processing of personal data, which is necessary for the performance of a contract to which the data subject is party. The same applies to the processing operations that are necessary in order to take steps prior to entering into a contract.
Art. 6(1)(c) of the GDPR serves as legal basis insofar as a processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
Art. 6(1)(f) of the GDPR serves as legal basis for the processing if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Art. 6(1)(a) of the GDPR serves as legal basis insofar as we seek the consent of the data subject for processing operations of personal data.
General data erasure and general storage period
As soon as the purpose of the storage ceases to exist, the personal data of the data subject are erased or blocked. Beyond that, storage is permissible and possible if this is provided for by the European or national legislator in Union law regulations, laws or other provisions to which the controller is subject. Data is also blocked or erased when a storage period stipulated by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
If no special storage period is specified in the particular case then the principles specified above apply for storage.
Encryption
To protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses Transport Layer Security (TLS), also known by the name of its predecessor, Secure Sockets Layer (SSL). An encrypted connection can be recognised by the character string 'https://' and the lock symbol in the address bar of your browser.
III. Provision of the website and log files
Description and scope of the data processing
With every visit to our website, data and information is automatically collected by the computer system of the accessing computer, even if you do not otherwise submit information. The following data, which are necessary for the technical operation of our website, are collected in the process:
- the operating system used by the accessing computer/device
- information about the browser version of the accessing computer/device
- the Internet service provider of the user
- the transmitted data volume
- the date and time of the access
- websites from which the user accesses our website (URL)
- websites that are accessed by the user's system via our website
- the subpages that are accessed via an accessing system on our website
- the type of the device and browser used, e.g. 'Apple iPhone 8 & Safari'
- the IP address of the accessing computer/device
The data are stored in log files in our system. These data are not stored together with other personal data of the user.
Legal basis for the data processing
Art. 6(1)(f) of the GDPR is the legal basis for the temporary storage of the data and the log files.
Purpose of the data processing
It is necessary for the system to temporarily store the IP address in order to enable a delivery of the website to the user's computer. The user's IP address must be stored for the duration of the session for this purpose.
The storage in log files is carried out in order to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. The data are not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in the data processing pursuant to Art. 6(1)(f) of the GDPR. Further interests are the stable and functional operation of this website, as well as achieving the objectives of protecting the confidentiality, integrity and availability of the data.
Duration of storage
The data are erased as soon as they are no longer necessary in order to fulfil the purpose of their collection. If the data is collected for the provision of the website, this is the case when the relevant session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Further storage beyond this point is possible. In such a case, the IP addresses of the users are deleted or altered so that an association with the accessing client is no longer possible.
Possibility of objection and erasure
The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
IV. Use of cookies
Description and scope of the data processing
Our website uses cookies. Cookies are small text files that are also saved on the computer system (terminal device) of the user via your browser. When a user accesses a website, a cookie can be saved in the operating system of the user. This cookie contains a characteristic string (cookie ID) through which web pages and servers can be associated with the specific web browser in which the cookie was saved. This allows the visited websites and servers to distinguish an individual web browser from other web browsers that contain other cookies. In this way, the cookie enables a clear identification of the browser when the website is visited (again).
We use cookies in order to design our website in a more user-friendly way and to enable certain functions.
For this we use 'session cookies' that are automatically deleted by your browser immediately after the end of the visit.
In the context of web analysis we also use persistent cookies, which allow us to recognise your browser on your next visit, for instance in order to remember information that you provided during your last visit for your subsequent visit to our website.
The following data, among others, are saved and transmitted in the cookies:
location data, login information, IP addresses
We also work with partners who help us optimise our website and make it more interesting for you. For this purpose, cookies from partner companies are also saved on your hard drive when you visit our website (third-party cookies).
website (third-party cookies).
Insofar as we cooperate with such advertising partners, you will be informed hereinafter about the use of such cookies and the scope of the information collected in each case.
Legal basis for the data processing
Should personal data be processed through cookies that we implemented, the processing takes place either for the performance of the contract pursuant to Art. 6(1)(b) of the GDPR, or pursuant to Art. 6(1)(f) of the GDPR for the purpose of our legitimate interests in the best possible functionality of the website, as well as a client-friendly and effective design of the site visit.
Purpose of the data processing
The purpose of the use of technically necessary cookies is to simplify the usage of websites for the users. Some functions of our website cannot be offered without the use of cookies, as they require the browser to be recognised even after a page is changed. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6(1)(f) of the GDPR.
The user data collected by technically necessary cookies are not used for the creation of user profiles.
Possibility of objection and erasure
Cookies are stored on the computer of the user, from which they are transmitted to our site. As a user, you therefore have full control over the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings in your web browser.
The possibilities of managing cookie settings vary depending on the type of browser used. A description can usually be found in the help menu of every browser, which provides instructions on how to change your cookie settings. Below you can find a list of links to the individual browsers:
- Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en-US/kb/disable-third-party-cookies
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Even cookies that have already been stored can be deleted at any time. This can also be automated. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
The transmission of any Flash cookies cannot be prevented through the browser settings, but rather by changing the Flash Player settings.
V. Contacting us
On our website you can use a contact form to contact us electronically. If a user chooses this option, the data entered into the input mask are transmitted to us and stored.
Which data are collected in the case of a contact form can be seen in the input mask of the respective contact form.
Alternatively, contact can also be established via the e-mail address provided. In this case, the user's personal data transmitted in the e-mail are stored.
There is no data transfer to third parties in this context. The data are used exclusively for the processing of the conversation.
Legal basis for the data processing
Art. 6(1)(f) of the GDPR is the legal basis for the processing of the data that are transmitted in the course of sending an e-mail. Art. 6(1)(b) of the GDPR is an additional legal basis for the processing if the e-mail contact aims to conclude a contract.
Purpose of the data processing
The processing of the personal data from the input mask serves the sole purpose of handling the established contact. In the case that contact is established via e-mail this also constitutes the necessary legitimate interest in the processing of the data.
Other personal data processed during the sending process serve the purpose of preventing a misuse of the contact form and ensuring the security of our information technology systems.
Duration of storage
The data are erased as soon as they are no longer necessary in order to fulfil the purpose of their collection. For the personal data from the input mask of the contact form and those sent via e-mail, this is the case when the respective contact with the user has ended and the erasure is not prevented by any statutory retention obligations. The contact has ended if it can be concluded from the circumstances that the issue in question has been resolved.
The additional personal data collected during the sending process are erased after a period of seven days at the latest.
Possibility of objection and erasure
If a user contacts us via e-mail, that user can object to the storage of that user's personal data at any time. In such a case, the communication with you cannot be continued. All personal data that were stored in the course of the establishment of contact will be erased in this case.
VI. Applicant data
Insofar as you respond to job postings on our website or send us an application for other reasons, we process those data that you send us in connection with your application in order to review your suitability for the position (or for comparable positions that are currently open at our company) and to carry out the application procedure. After your application is received, your application data are reviewed by the responsible employees in the human resources department. Suitable applications are passed on internally to the people within the departments who are responsible for the respective open position. In principle, the only people within the company who have access to your data are those who require it for the proper execution of the application procedure.
The legal basis for the processing of your personal data in this application procedure is first and foremost § 26 of the BDSG (Federal Data Protection Act) in the version applicable as of 25 May 2018. Pursuant to this provision, it is permissible to process the data that is necessary in connection with the decision about establishing an employment relationship. After completion of the application procedure, the data can be processed if the requirements of Art. 6 of the GDPR are met, in particular to safeguard legitimate interests pursuant to Art. 6(1)(f) of the GDPR. In the case of legal proceedings under the AGG (General Act on Equal Treatment), for instance, our interest lies in the assertion of or the defence against claims.
If the application is rejected, the applicant data are erased 3 months after completion of the application procedure.
In the event that you expressly consented to a further storage of your personal data, we will add your data to our pool of applicants. There the data will be erased after a period of two years.
If your application is successful and you are awarded a position within the framework of the application procedure, we will transfer your data from the applicant data system to our human resources information system.
The data are processed exclusively in data centres in the Federal Republic of Germany.
VII. Rights of the data subject
Data subjects whose personal data are processed have the following rights vis-à-vis the controller specified above with regard to the personal data concerning them.
Right of access
Upon your request, the controller will confirm whether personal data concerning you are processed by us.
If we do process data, you can request access to the following information from the controller:
(1) the categories of personal data that are processed;
(2) the purposes for which the personal data are processed;
(3) the recipients/categories of recipients to whom the personal data have been disclosed or will yet be disclosed;
(4) the planned period of storage for the personal data concerning you or, if it is not possible to specify this concretely, the criteria used to determine that period;
(5) the existence of the right to rectification or erasure of the personal data or to the restriction of processing by the controller or a right to object to that processing;
(6) all available information on the origin of the data if the personal data were not collected from the person concerned;
(7) the existence of a right to lodge a complaint with a supervisory authority;
(8) the existence of automated decision-making, including profiling (Art. 22(1) and (4) of the GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In addition, you have the right to obtain information about the extent to which the personal data concerning you are transmitted to a third country (or to an international organisation). In this context you can demand to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transmission.
Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The rectification is to be carried out without undue delay.
Right to restriction of processing
You can demand a restriction of processing of the personal data concerning you
(1) if you contest the accuracy of the personal data concerning you, for a period that enables the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
(4) if you have objected to processing pursuant to Art. 21(1) of the GDPR and the verification whether the legitimate grounds of the controller override yours is still pending.
If the processing of the personal data concerning you has been restricted, these data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been obtained according to the above-mentioned requirements, you shall be informed by the controller before the restriction of processing is lifted.
Right to erasure
Obligation of erasure
You can demand that the controller erases the personal data concerning you without undue delay and the controller shall have the obligation to erase these data without undue delay if one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing was based according to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
Information to third parties
If the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as a data subject have requested from them the erasure of any links to or copies or replications of those personal data.
Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for the exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
Right to information
If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided that:
(1) the processing is based on consent pursuant to Art. 6(1)(a) of the GDPR or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1)(b) of the GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected by this.
The right to data portability shall not apply to a processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications
Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Automated individual decision including profiling
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly adversely affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and a data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, such decisions shall not be based on special categories of personal data referred to in Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the data controller shall take suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of domicile, if you believe that the processing of personal data relating to you violates the GDPR.
The supervisory authority to whom the complaint was lodged shall inform the complainant of the progress and the outcome of the complaint and possibility of a judicial remedy pursuant to Art. 78 of the GDPR.