SunCoal Industries GmbH would like to promote user confidence in the Web and is therefore laying out its policy for handling personal data. The following section will show you what information we collect for what purposes and how we use it.
- Objective and responsibility
- Basic information for data processing and legal basis
- Security measures
- Disclosure of data to third parties and third-party suppliers
- Purpose and scope of the processing of applicant data
- Type of transmission of applications
- Retention and deletion of applicant data
- Cookies and audience measurement
- Social media buttons and links
- Integration of third-party services and content
- Rights of users
- Deletion of data
- Right to object
1. Objective and responsibility
- The provider of online content, and therefore legally responsible for data privacy, is SunCoal Industries GmbH, Rudolf-Diesel-Str. 15, 14974 Ludwigsfelde, Germany, e-mail: email@example.com (hereinafter referred to as “we” or “us”). For details of representatives and more contact options, please refer to our masthead: https://www.suncoal.com/impressum/?lang=de
- Our data privacy officer can be contacted at the e-mail address: firstname.lastname@example.org.
- The term “users” used in the following includes the applicant as well as other website visitors. All terms used such as “applicants” are to be understood as gender-neutral.
2. Basic information for data processing and legal Basis
- We process personal data of the user only in compliance with the relevant data privacy regulations. This means that the data of users will be processed only when there is legal permission, i.e. especially if the data processing is necessary for the provision of our services within the scope of the agreement (e.g. processing of orders) as well as online services; required by law; the informed consent of the user present; as well as due to our legitimate interests (i.e. interest in the analysis, optimization, and economic operation and security of our online offer within the meaning of Article 6, Paragraph 1, Subparagraph F, of the GDPR or until the validity of the GDPR on the basis of Section 15, Paragraph 3, of the TMG), particularly for audience measurement, creation of profiles for advertising and marketing purposes, collection of access data, and use of third-party services.
- With regard to the processing of personal data on the basis of the European Union’s General Data Protection Regulation (GDPR), we would like to point out that the legal basis of consent is Article 6, Paragraph 1, Subparagraph A, and Article 7 of the GDPR, the legal basis for processing for the provision of our services and in order to fulfill our contractual measures is Article 6, Paragraph 1, Subparagraph B, of the GDPR, the legal basis for processing in order to fulfill our legal obligations is Article 6, Paragraph 1, Subparagraph C, of the GDPR, and the legal basis for processing to protect our legitimate interests is Article 6, Paragraph 1, Subparagraph F, of the GDPR.
3. Security measures
- We take organizational, contractual, and technical security measures in accordance with the state of the art in order to ensure that the provisions of the data privacy laws are complied with and to ensure that the data processed by us is protected from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
- The security measures include, in particular, the encrypted transfer of data between your browser and our server.
4. Disclosure of data to third parties and third-party suppliers
- Forwarding of data to third parties only takes place within the framework of the legal guidelines. We forward the data of users to third parties only if this is necessary, for example, for billing purposes or for other purposes if these are necessary in order to fulfill our contractual obligations vis-à-vis the users.
- If we use subcontractors in order to provide our services, we will take appropriate legal measures and appropriate technical and organizational measures for the protection of personal data in accordance with the relevant statutory provisions.
- Third countries are countries in which the GDPR is not directly applicable, i.e., in principle, countries outside the European Union (EU) or the European Economic Area (EEA).
- The transfer of data to third countries is carried out if an adequate level of protection for the data, user consent, or otherwise legal permission exists.
5. Purpose and scope of the processing of applicant data
- We process applicant data only for the purpose and within the framework of the application procedure in accordance with the legal requirements. The processing of applicant data is carried out in order to fulfill our contractual obligations and on the basis of our legitimate interests, as well as the interests of the applicant in the implementation of a rapid and effective application process.
6. Type of transmission of applications
- Applicants can submit their applications to us via e-mail. In this case, however, we note that e-mails are not sent in encrypted form. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server.
7. Retention and deletion of applicant data
- In the case of a successful application, the data provided to us by the applicant can be further processed by us for the purposes of employment.
- Otherwise, if the application for a position is not successful, the data of the applicant will be deleted. The data of the applicant will also be deleted if an application is withdrawn, which the applicant is entitled to do at any time.
- The deletion will be carried out, subject to a justified revocation of the applicant, after the expiry of a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations of proof arising from the General Act on Equal Treatment (AGG).
- When contacting us (via the contact form or e-mail), the information of the user will be processed to edit the contact request and its resolution.
- Business letters and the information included must be stored for six years and, in the case of legally prescribed relevance to tax law, are stored for ten years.
9. Cookies and audience measurement
- If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer.
10. Social media buttons and links
- The links/buttons to social networks and platforms (hereinafter referred to as “social media”) used within our online offer do not create a connection between social networks and the users until users click on the links/buttons and the respective networks, or their websites, are accessed. This function corresponds to the operation of a regular online link.
11. Integration of third-party services and Content
- Within our online offer, and on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offer within the meaning of Article 6, Paragraph 1, Subparagraph F, of the GDPR), we use content or service offerings from third-party suppliers to embed their contents and services such as videos or fonts (hereinafter referred to uniformly as “content”). This always requires that the third-party supplier of the content learn the IP address of the user, because the content can not be sent to the browser without the IP address. The IP address is therefore required for the presentation of that content. We strive to use only such content whose respective provider only uses IP addresses for delivery of the content.
- The following diagram provides an overview of third-party suppliers and their content, along with links to their respective privacy policies, which contain more information about the processing of data and, in some cases already mentioned here, objection options (the so-called opt-out):
12. Rights of users
- Users have the right to request, free of charge, to receive information about the personal data that we have stored about them. In addition, users have the right to correct incorrect data, to limit the processing and deletion of their personal data, if applicable, to assert their right to data portability, and, in the case of suspicion of unlawful data processing, to file a complaint with the competent supervisory authority (the data privacy office in the German state of Brandenburg, Stahnsdorfer Damm 77, 14532 Kleinmachnow, Germany).
- Users can also, in general with future effect, withdraw their consent without giving reasons.
13. Deletion of data
- The data stored on our servers will be deleted as soon as it is no longer required for its intended purpose and the deletion does not violate any statutory retention obligations. If the data of the user cannot be deleted because it is required for other purposes permitted by law, the processing of this data is restricted, which means that the data is locked and cannot be used for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
- In accordance with the legal requirements, retention is carried out for six years pursuant to Section 257, Paragraph 1, of the German Commercial Code (trade books, inventories, opening balances, annual financial statements, business letters, receipts, etc.) and for ten years pursuant to Section 147, Paragraph 1, of the German Fiscal Code (books, records, financial reports, receipts, trade and business letters, tax-related documents, etc.).
14. Right to object
- Users can object to the future processing of their personal data in accordance with the statutory provisions at any time without giving reasons. The objection may relate, in particular, to processing for purposes of direct marketing.