We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, e-mail addresses, user behavior. This is therefore data with which we can identify you. In addition, you will occasionally also find information on data processing processes outside this website (e.g. video conferences or newsletters).
Person responsible for data processing
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
TÖNNJES INTERNATIONAL GROUP GmbH
Syker Str. 201
+49 4221 795-315
Data Protection Officer
Phone: 02452 / 99 33 11
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations.
Information according to Art. 13 GDPR
This information is aimed at customers, interested parties, suppliers and employees. We process your personal data for the following purposes:
- To fulfill our contractual obligations to which we are committed to you (Art. 6 para. 1 lit. b GDPR).
- For the performance of pre-contractual obligations (Art. 6 para. 1 lit. b GDPR).
- To answer inquiries (Art. 6 para. 1 lit. b GDPR).
- If you have given us your consent to process your personal data for specific purposes (e.g. to receive our newsletter), the data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR).
- To fulfill legal obligations to which our company is subject (Art. 6 para. 1 lit. c GDPR).
- If necessary, we also process your data to safeguard our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research unless you have objected to the use of your data for this purpose, for measures for business management and further development of services and products, for measures for product and sales optimization, for measures for risk management, for the prevention or investigation of criminal offenses (Art. 6 para. 1 lit. f GDPR).
Categories of recipients of the personal data
Within our company, only those employees have access to the data who absolutely need it to fulfill their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected and data protection-compliant service providers based within the EEA. If service providers commissioned by us are given access to personal data in the performance of your services, order processing contracts have been concluded with them in accordance with Art. 28 para. 3 GDPR concluded.
Duration of data storage
The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are, in particular, retention obligations under commercial and tax law in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we will only process the data for as long as is necessary for the specific purpose.
Your rights as a data subject
As the data subject, you have the following rights vis-à-vis us with regard to your personal data:
- Right to information about your personal data processed by us.
- Right to rectification or erasure if they are incorrect, out of date or unlawfully collected by us.
- Right to restriction of processing if complete erasure is not possible, e.g. because we have to comply with statutory retention obligations.
- Right to object to processing if the data processing is based on a balancing of interests (the so-called legitimate interest), as described above under “Purpose of processing”. This is the case if the processing is not required in particular to fulfill a contract with you. When asserting your right to object, we ask you to explain the reasons why we should not process your data as we have done.
Of course, you can also object to the processing of your personal data for advertising purposes at any time. Please send your objection to our address given in the imprint or send us an e-mail to the address given in the imprint.
- Right of revocation if you have given us your consent to process your data. You can assert your revocation against our company at any time without giving reasons. Please contact the address given in the imprint.
- In addition, you have the right to complain to a data protection supervisory authority about the processing of your personal data by our company.
If you have any questions about data protection, you are welcome to contact us by e-mail at the address given in the legal notice.
Data processing in detail
Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which the access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who collects the aforementioned data on our behalf for the purpose of providing the website in accordance with GDPR. Art. 28 GDPR processed.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
We use the following hoster:
Mittwald CM Service GmbH & Co KG
Königsberger Street 4-6
Type and scope of processing
If you send us inquiries (e.g. via contact form, e-mail or telephone), we store all the data that results from this (e.g. name, e-mail address, subject of the inquiry, etc.). We need this data to process your request and to be able to answer follow-up questions. We do not share this data without your consent.
Purpose and legal basis
The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if you have previously given it.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
Contact form for applicants
Type and scope of processing
You have the opportunity to apply to us on our website (e.g. by e-mail, post or online application form).
Purpose and legal basis
We process the personal data of applicants in accordance with the legal requirements for the purpose of processing the application procedure and for the implementation of pre-contractual measures within the meaning of Art. 6 para. 1 lit. b. GDPR (initiation of an employment relationship) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of implementing the employment relationship is stored in our data processing systems.
Your data will be stored for a period of 6 months after the end of the application process. This is usually done to fulfill legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymize your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men in applications, number of applications per period, etc.).
If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Inclusion in the applicant pool
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 12 months on the basis of consent within the meaning of Art. 6 para. 1 lit. a. DS-GVO to be included.
The application documents in the talent pool will only be processed in the context of future job advertisements and the search for employees and will be destroyed after the deadline at the latest. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future.
If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.
Presence on social media platforms
Data processing through social networks
We operate publicly accessible profiles in social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively. Visiting our social media sites triggers the following data protection-related processing operations:
If you are logged into your social media account and visit our profile, the operator of this social medium can track this visit. Irrespective of this, the operator may be able to process your data (e.g. IP address) even if you are not logged into your account or do not have an account at all.
The operator summarizes this data in user profiles in which your preferences and interests are stored. These profiles are used to place personalized advertising within and outside the respective social media presence. If you have an account with the respective social network, the personalized advertising can be displayed on all devices on which you are logged in or were logged in.
Our social media presences are intended to provide as comprehensive a presence as possible on the Internet within the meaning of Art. 6 para. 1 lit. f GDPR must be guaranteed. The analysis processes carried out by the operators of the social networks may be based on different legal bases, which must be specified by the respective providers.
Responsible person and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaint) against both the controller and the data subject. us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Despite the joint responsibility with the social media portal operators, we have no full influence on the data processing operations of the portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory legal provisions – esp. retention periods – remain unaffected.
We use the short message service X (formerly Twitter). The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can adjust your X privacy settings yourself in your user account. Click on the following link and log in: https://twitter.com/personalization.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
We use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference, your personal data will be collected and processed by us and the provider of the respective tool.
The tools collect the data you provide, including your e-mail address and telephone number. They also process the duration of the conference, when you attended the conference, number of participants and other metadata.
In addition, the provider of the tool processes all technical data that is necessary for handling the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If you share content on this service, it will be stored on the provider’s servers. This includes cloud recordings, chat messages, voice messages, photos and videos that you have shared while using this service.
Please note that we do not have full control over the data processing operations of the tools used. For more information on data processing by the conference tools, please refer to the data protection declarations of the respective tools used.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards. You can find more information at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active