With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and, in particular, on our websites as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").
The terms used are not gender-specific.
Last updated: February 21, 2024
Your contact person as a controller within the meaning of the European General Data Protection Regulation ("GDPR") and other national data protection laws of the member states as well as other data protection regulations is:
Bode – Die Tür GmbH
Ochshäuser Str. 14
34123 Kassel
Tel.: +49 561 5009-0
Fax: +49 561 54943
(hereinafter referred to as "we", "us" or "our")
You can reach our company data protection officer Mr. Blazy (https://gdpc.de/) by phone at +49 (0) 561 830 99 165, by post at the above address with the addition – Data Protection Officer / Confidential – or by e-mail at datenschutz@schaltbau-bode.com.
For further information on the processing of your personal data and for related questions, you can contact us at any time or directly to our company data protection officer.
Security Measures
In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
The measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability and segregation of data. Furthermore, we have put in place procedures to ensure the exercise of data subject rights, the deletion of data and reactions to the risk of data being compromised. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technical design and through privacy-friendly default settings.
TLS/SSL encryption (https): To protect users' data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology used to secure internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) appears in the URL when a website is secured by an SSL/TLS certificate.
Transfer of personal data
In the course of our processing of personal data, it happens that the data is transmitted to other bodies, companies, legally independent organisational units or persons or that it is disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
International Data Transfers
Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements. If the level of data protection in the third country has been recognised by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise ensured, in particular by means of standard contractual clauses (Art. 46 (2) (c) GDPR), explicit consent or in the case of contractual or legally required transfer (Art. 49 (1) GDPR). In addition, we will inform you of the basis of the third-country transfer with the individual providers from the third country, whereby the adequacy decisions take precedence as the basis. Information on third-country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA within the framework of the adequacy decision of 10.07.2023. The list of certified companies, as well as more information about the DPF, can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/. As part of the data protection notice, we inform you which service providers we use are certified under the Data Privacy Framework.
Rights of data subjects
Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Use of cookies
Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or functions used in an online offer. Cookies can also be used for various purposes, e.g. for the purposes of the functionality, security and convenience of online offers and the creation of analyses of visitor flows.
The following cookies are used on our website:
None
Notes on consent: We use cookies in accordance with the legal regulations. Therefore, we obtain prior consent from users, unless this is not required by law. In particular, consent is not required if the storage and reading of the information, including cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our online offering). Strictly necessary cookies usually include cookies with functions that serve the display and operability of the online offer, load balancing, security, the storage of users' preferences and choices, or similar purposes related to the provision of the main and secondary functions of the online offer requested by the users. The revocable consent is clearly communicated to the users and contains the information about the respective cookie usage.
Notes on data protection legal bases: The legal basis on which we process users' personal data with the help of cookies depends on whether we ask users for consent. If users give their consent, the legal basis for the processing of their data is their consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We explain the purposes for which the cookies are processed by us in the course of this privacy policy or as part of our consent and processing processes.
Storage period: With regard to the storage period, a distinction is made between the following types of cookies:
General information on revocation and objection (so-called "opt-out"): Users can revoke their consent at any time and object to processing in accordance with the legal requirements. To this end, users can, among other things, restrict the use of cookies in the settings of their browser (whereby this may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Cookie settings/opt-out:
Further information on processing processes, procedures and services:
Business Services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries.
We process this data in order to fulfil our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service failures. In addition, we process the data in order to safeguard our rights and for the purpose of the administrative tasks associated with these obligations, as well as the organization of the company. In addition, we process the data on the basis of our legitimate interests in proper and business management as well as in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties insofar as this is necessary for the aforementioned purposes or for the fulfilment of legal obligations. The contractual partners are informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.
We inform the contractual partners which data is required for the aforementioned purposes before or as part of the data collection, e.g. in online forms, by means of special markings (e.g. colours) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after the expiry of 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal reasons of archiving. The statutory retention period is ten years for documents relevant to tax law as well as for trading books, inventories, opening balance sheets, annual financial statements, the work instructions and other organizational documents and accounting documents required to understand these documents, and six years for received commercial and business letters and reproductions of the sent commercial and business letters. The period begins at the end of the calendar year in which the last entry in the book was made, the inventory, the opening balance sheet, the annual financial statements or the management report were drawn up, the commercial or business letter was received or sent, or the accounting document was created, the record was made or the other documents were created.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Further information on processing processes, procedures and services:
Provision of the online offer and web hosting
We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Further information on processing processes, procedures and services:
Contact & Enquiry Management
When contacting us (e.g. by post, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information provided by the enquiring persons will be processed insofar as this is necessary to answer the contact requests and any measures requested.
Further information on processing processes, procedures and services:
Video conferencing, online meetings, webinars and screen sharing
We use third-party platforms and applications (hereinafter referred to as "Conference Platforms") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as "Conference"). When selecting conference platforms and their services, we take into account the legal requirements.
Data processed by conference platforms: In the context of participation in a conference, the conference platforms process the personal data of the participants mentioned below. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g. provision of access data or real names) and which optional information is provided by the participants. In addition to processing for the implementation of the conference, the data of the participants may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, details of professional position/function, the IP address of the Internet access, details of the participants' end devices, their operating system, the browser and its technical and linguistic settings, information on the content of the communication processes, i.e. entries in chats, as well as audio and video data, as well as the use of other available features (e.g. surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users with the conference platforms, then further data may be processed in accordance with the agreement with the respective conference provider.
Logging and recordings: If text entries, participation results (e.g. of surveys) as well as video or audio recordings are logged, this will be communicated transparently to the participants in advance and they will be asked for consent if necessary.
Data protection measures of the participants: For the details of the processing of your data by the conference platforms, please note their data protection notices and select the optimal security and data protection settings for you within the settings of the conference platforms. Please also ensure that data and privacy are protected in the background of your recording for the duration of a video conference (e.g. by notifying roommates, locking doors and, as far as technically possible, using the function to make the background unrecognizable). Links to the conference rooms as well as access data may not be passed on to unauthorized third parties.
Notes on legal bases: If, in addition to the conference platforms , we also process the data of the users and the users ask for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for the fulfilment of our contractual obligations (e.g. in participant lists, in the case of processing of interview results, etc.). In addition, users' data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
Further information on processing processes, procedures and services:
Application Procedure
The application process requires applicants to provide us with the data necessary for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information provided therein.
Basically, the required information includes information about the person, such as name, address, a contact option and proof of the qualifications necessary for a job. On request, we will also be happy to provide you with information that is required.
If provided, applicants can submit their applications to us using an online form. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications via e-mail. However, please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the application between the sender and the receipt on our server.
For the purposes of searching for applicants, submitting applications and selecting applicants, we may make use of applicant management or recruitment software and platforms and services of third-party providers in compliance with the legal requirements.
Applicants are welcome to contact us about the method of submitting the application or send us the application by post.
Processing of special categories of data: If, in the course of the application process, special categories of personal data (Art. 9 para. 1 GDPR, e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants or communicated by them, their processing is carried out by the controller or the data subject who is entitled to him or her under labour law and social security and social protection law. and to fulfil his or her obligations in this regard, in the case of the protection of the vital interests of candidates or other persons, or for the purposes of preventive health or occupational medicine, for the assessment of the employee's capacity for work, for medical diagnosis, for health or social care care or treatment, or for the management of health or social care systems and services.
Deletion of data: In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified revocation by the applicants, the deletion will take place at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and comply with our obligations to provide evidence under the regulations on the equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with the tax regulations.
Inclusion in an applicant pool: Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the ongoing application process and that they can withdraw their consent at any time for the future. If you are included in the applicant pool, your data will be deleted after 12 months.
Further information on processing processes, procedures and services:
Whistleblower systems
As part of our whistleblowing process, we use external providers. In doing so, we act within the framework of the legal requirements and ensure that the technical and organizational requirements for the security measures that we comply with are also met by the external providers.
BKMS: We make it possible to report reports via a whistleblower portal. The online tool "BKMS" (Business Keeper Monitoring System) offers web-based access to reporting reports. The communication between your computer and the whistleblowing system takes place via an encrypted connection (SSL). The IP address of your computer is not stored during the use of the whistleblower portal. In order to maintain the connection between your computer and BKMS Incident Reporting, a cookie is stored on your computer, which only contains the session ID (so-called null cookie). The cookie is only valid until the end of your session and becomes invalid when the browser is closed. An order processing agreement has been concluded with the service provider in accordance with Art. 28 GDPR. The legal basis for the use of the whistleblower portal is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR) in secure and structured communication and documentation with whistleblowers.
Web Analysis, Monitoring and Optimization
Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offer and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, identify at what time our online offer or its functions or content are most frequently used or invite them to be reused. We can also understand which areas need to be optimized.
In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online offer or its components.
Unless otherwise stated below, profiles, i.e. data aggregated for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data vis-à-vis us or the providers of the services we use, location data may also be processed.
The IP addresses of the users are also stored. However, we do use IP masking (i.e., pseudonymization by shortening the IP address) to protect users. In general, in the context of web analysis, A/B testing and optimization, no clear user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Further information on processing processes, procedures and services:
Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with users who are active there or to offer information about us.
We would like to point out that user data may be processed outside the area of the European Union. This may result in risks for users, for example because it could make it more difficult to enforce users' rights.
Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. In turn, the user profiles can be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on users' computers, in which the user's usage behaviour and interests are stored. Furthermore, data may also be stored in the usage profiles, regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user's data and can directly take appropriate measures and provide information. If you still need help, you can contact us.
Further information on processing processes, procedures and services:
Management, Organization and Auxiliary Tools
We use services, platforms and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we comply with the legal requirements.
In this context, personal data may be processed and stored on the servers of third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their contents.
If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.
Further information on processing processes, procedures and services:
Changes and updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will amend the Privacy Policy as soon as the changes to the data processing we carry out make it necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting you
Basic information on the legally compliant use of Matomo:
Matomo must be integrated into the cookie consent tool, as the tool may not be used without the user's consent.
Likewise, for the legally compliant use of Matomo, its plugin Privacy Manager must be configured accordingly (abbreviation IP address + in data protection settings, additionally set the button for "Also use anonymised IP when enriching visit" to "Yes").
A web analysis by Matomo can also be carried out if no cookies are set on the website visitor's device. This can also be done via the settings ("deactivate all tracking cookies"). We would prefer this if it does not (very) hinder the result from your point of view.