Privacy
Privacy policy
Privacy
Privacy Policy Terhalle Holding GmbH & Co. KG
Basic information
We, Terhalle Holding GmbH & Co. KG (hereinafter referred to as Terhalle), take the protection of your personal data very seriously and strictly adhere to the rules of the currently applicable data protection laws. These include, above all, the General Data Protection Regulation (hereinafter DS-GVO) and the Federal Data Protection Act (BDSG).
Personal data is collected on our websites and when using our services only to the extent necessary and processed for the intended purpose. Personal data is data by which you are personally identifiable or other data linked to you.
Responsible body in the sense of the DS-GVO:
Terhalle Holding GmbH & Co KG
Solmsstrasse 46
48683 Ahaus-Ottenstein
Tel.: (+49) 02561 9823-0
Fax: (+49) 02561 9823-87
Processing within Terhalle Holding GmbH & Co. KG
In accordance with Art. 13, 14 of the EU General Data Protection Regulation (EU GDPR), we inform you below about the processing of your personal data by us and about your rights under data protection law. The collection and processing of data is carried out in accordance with the basic principles, legality and data subject rights of the DS-GVO and the BDSG.
Scope of application of the privacy policy
It applies to all websites for which Terhalle is responsible or if you contact us via other communication channels.
This privacy policy consists of six parts:
- The first part (Provisions for business partners) applies to Terhalle’s business partners.
- The second part (provisions for applicants) applies to the private users of Terhalle’s services in relation to applications.
- The third part (General information and regulations for the Terhalle website) applies to all users who use services or the Terhalle website.
- The fourth part applies to all users of our online meeting tool “GoToMeeting”.
- The fifth part applies to the implementation of lotteries .
- The sixth part (information on data subjects’ rights) applies to all users whose data is subject to data protection law, but not to legal entities.
Furthermore, our websites may contain links to websites of other providers to which this data protection declaration does not extend.
I. Provisions for business partners
Purposes for which the personal data are processed and the legal bases for the processing
We process personal data insofar as this is necessary for the establishment, execution and fulfillment of a contract as well as for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b DS-GVO, e.g. in connection with the initiation, execution and management of orders), for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c DS-GVO, e.g. compliance with commercial and tax retention obligations under § 257 HGB and § 147 AO), to protect the legitimate interests of the responsible party or a third party (Art. 6 para. 1 lit. f DS-GVO, e.g. storage of data for a reasonable period of time for acquisition efforts or for the assertion of legal claims and defense in legal disputes) as well as on the basis of consent of the data subjects (Art. 6 para. 1 lit. a DS-GVO, e.g. forwarding of data to third parties, evaluation for marketing purposes or addressing by e-mail).
Sources and categories of personal data processed
We process personal data that we receive from you or from public sources such as commercial registers, the Internet and directories or from third parties such as credit or credit agencies or business partners in the course of contacting you and in the course of our business relationship, e.g. for processing an inquiry or an order.
Relevant personal data are in particular personal data (such as surname, first name, address, bank details, billing address, tax number or VAT ID number) and other contact data (such as telephone number. e-mail address). In addition, this may also include contractual or order data (e.g. sales data, order volume), information about your financial situation (e.g. creditworthiness data) as well as personal data (e.g. profession, position, duties and powers) and other data comparable to the categories mentioned.
Recipients or categories of recipients of the personal data
Within the company, only those departments that need the data to fulfill contractual and legal obligations or to implement our legitimate interests (e.g. sales) will have access to the data. We may transfer your personal data to companies affiliated with us to the extent that this is permissible within the scope of the purposes and legal bases set out in section 3 of this data protection information sheet. Processors used by us pursuant to Sec. Art. 28 DS-GVO can process data for these purposes such as IT service providers, cloud providers as well as disposal companies in the field of data destruction. All service providers are contractually obligated to treat your data confidentially.
Data is only passed on to recipients outside the company in compliance with the applicable data protection regulations. Recipients of personal data may include, for example, companies in the logistics sector, service providers, suppliers, subcontractors, tax advisors, auditors and tax inspectors, credit and financial service providers, credit agencies, debt collection companies, lawyers and public authorities. In such cases, information is shared with these companies or individuals to enable them to continue processing.
Transfer to a third country (outside EU / EEA) or to an international organization
The transfer to a third country does not take place and is not intended.
Duration for which the personal data are stored and the criteria for determining this duration
The required personal data is stored for the duration of the existence of warranty and guarantee claims. In addition, the personal data is stored in accordance with the legally prescribed periods. Corresponding proof and storage obligations result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage and documentation are then up to ten years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted.
In addition to the above information, an overview of your other data protection rights follows below:
– Right of access to the personal data concerned (Art. 15 DS-GVO)
– Right to rectification (Art. 16 DS-GVO), deletion (Art. 17 DS-GVO) as well as to restriction of processing (Art. 18 DS-GVO)
– Right to object to processing (Art. 21 DS-GVO)
– Right to data portability (Art. 20 DS-GVO)
– Right to affect the processing carried out until the withdrawal of consent (Art. 7(3) DS-GVO)
– Right of appeal to a supervisory authority (Art. 77 DS-GVO)
For the establishment, fulfillment or implementation of the business relationship as well as for pre-contractual measures, we generally do not use fully automated decision-making pursuant to Art. 22 DS-GVO. If we use these procedures in individual cases, we will inform you about this separately or obtain your consent if this is required by law.
Is there an obligation to provide data?
Within the framework of the contractual relationship or contract initiation, you must provide the personal data that is required for the commencement, execution and termination as well as for the fulfillment of the associated contractual obligations or for the collection of which we are legally obligated. Without this data, we will generally not be able to carry out the necessary pre-contractual measures or the contractual relationship with you.
Separate information about your right to object according to Article 21 DS-GVO
According to Art. 21 para. 1 DS-GVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) DS-GVO. 1 lit. f of the DS-GVO (data processing on the basis of the balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If the processing is carried out for the purpose of direct marketing, you have the right to withdraw your consent pursuant to Art. 21 Para. 2 DS-GVO the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
If you wish to exercise your right of objection or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.
II. Provisions for applicants
Purposes for which the personal data are processed and the legal bases for the processing
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.
The legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
Furthermore, we may process personal data about you if this is necessary for the fulfillment of legal obligations (Art. 6 para. 1 lit. c DS-GVO, e.g. reimbursement of travel expenses) as well as for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 lit. f DS-GVO; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). If there is a need for longer-term storage (e.g. for further vacant positions or positions that become vacant), this will be done on the basis of your consent in writing (pursuant to Art. 6 Para. 1 lit. a DS-GVO). The same applies to the transfer of your application data to other companies in our group of companies.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DS-GVO are communicated, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. b DS-GVO in connection with § 26 para. 3 BDSG (e.g. severely disabled status). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DS-GVO are requested from applicants, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a DS-GVO in connection with § 26 para. 2 and para. 3 sentence 2 BDSG (e.g. health data if this is necessary for the exercise of the profession).
Sources and categories of personal data processed
We process personal data that we receive from you or recruiters as part of the application process, such as, in particular, personal master data (name, address and other contact data, date and place of birth, nationality), bank details (for the purpose of travel expense reimbursement), qualification documents (e.g. certificates, evaluations and other proof of training), IP addresses and photographs.
Recipients or categories of recipients of the personal data
If provided, applicants may submit their applications to us using an online form on our website. The data is transmitted to us encrypted according to the state of the art. Furthermore, applicants can send us their documents by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. Therefore, we cannot take responsibility for the transmission path of the application between the sender and the reception on our server and therefore recommend using an online form or postal delivery.
Your data will be sifted by the personnel department after receipt of your application. Suitable applications are then made available internally to the persons responsible for the respective open position, and if necessary also to the works council. In principle, only those persons in the company have access to your data who need it for the proper conduct of the application process.
We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out in section 3. Furthermore, personal data is processed on our behalf on the basis of contracts pursuant to Art. 28 DS-GVO, this applies in particular to IT service providers, cloud computing and applicant management systems and software. Recruiters may also be engaged as part of the application process, if necessary. All service providers are contractually obligated to treat your data confidentially.
Otherwise, data is only passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations, or if we have your consent.
Transfer to a third country (outside EU / EEA) or to an international organization
The data is processed exclusively in data centers in the Federal Republic of Germany. A transfer to a third country does not take place and is not intended.
Duration for which the personal data are stored and the criteria for determining this duration
If no employment relationship is established following your application, we retain applicant data for a maximum of six months from receipt of the rejection decision so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act (AGG). This does not apply if legal provisions prevent deletion (e.g. archiving of travel expense reimbursements in accordance with tax law requirements for up to 10 years), if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. In the event that you have given your consent for your personal data to be stored for a longer period of time, we will transfer your data to our applicant pool. There, the data is deleted after one year
If you are accepted for a position during the application process, the relevant and necessary data will be transferred from the applicant data system to our personnel data system.
In addition to the above information, an overview of your other data protection rights follows below:
– Right of access to the personal data concerned (Art. 15 DS-GVO)
– Right to rectification (Art. 16 DS-GVO), deletion (Art. 17 DS-GVO) as well as to restriction of processing (Art. 18 DS-GVO)
– Right to object to processing (Art. 21 DS-GVO)
– Right to data portability (Art. 20 DS-GVO)
– Right to revoke consent at any time without affecting the lawfulness of the processing carried out on the basis of consent until revocation (Art. 7 (3) DS-GVO)
– Right of appeal to a supervisory authority (Art. 77 DS-GVO)
The decision about your application is not based solely on automated processing. Thus, no automated decision in individual cases within the meaning of Art. 22 DS-GVO takes place.
Is there an obligation to provide data?
As part of the application process, you only need to provide the personal data that is required for the application process. There is no obligation to provide this data. Without this data, we will generally not be able to carry out the application process and make a decision on the establishment of the employment relationship.
Separate information about your right to object according to Article 21 DS-GVO
According to Art. 21 para. 1 DS-GVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of Article 6(1) DS-GVO. 1 lit. f of the DS-GVO (data processing based on a balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If you wish to exercise your right of objection or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.
III. General information and regulations for the Terhalle website
These provisions apply in addition to the provisions for all affected groups for Terhalle’s website.
(1) In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR):
– IP address
– Date and time of the request
– Time zone difference from Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status/HTTP status code
– Data volume transferred in each case
– Web page from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software.
YouTube use
Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
Personal data is generally transferred on the basis of the signing of standard data protection clauses, taking into account technical, organizational and contractual data security measures.
When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DS-GVO).
YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. a GDPR.
For more information on how we handle user data, please see YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.”
Data processing via social media
We are represented on several social media platforms with a fan page. Through this, we would like to offer further opportunities for information about our company and for employee acquisition.
We have presences on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data. If you have consented that data about you can be processed and stored, this consent is deemed to be
Legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). Under certain circumstances, your data may also be processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO). The legitimate interest pursued by us lies in establishing contact with (potential) interested parties and applicants as well as the external presentation of the company.
Most social media platforms set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
In the following, we inform you about the processing of your personal data and about your rights as a data subject in the area of our social media pages.
Visit a social media page
a. Instagram
We use a link on our website to our company page on the social media network Instagram. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012. and belongs to the Facebook products.
When you visit our Instagram page, through which we present our company, certain information about you is processed. Instagram uses the same systems and technologies as Facebook. Your data is thus processed across all Facebook companies. Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
Meta provides us with anonymized statistics and insights for our Instagram page that help us gain insights into the types of actions people take on our page (known as “page insights”). These SeitenInsights are created based on certain information about people who have visited our site. This processing of personal data is carried out by Meta and us as joint controllers.
The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these findings. The legal basis for this processing is Art. 6 para. 1 letter f) DSGVO. We cannot associate the information obtained through Page Insights with individual Instagram profiles that interact with our Instagram page. Meta has published a Joint Controller Agreement that sets forth the allocation of data protection obligations between us and Meta. This is available at: https://www.facebook.com/legal/terms/information_about_page_insights_data
There is a possibility with Instagram that some of the collected information is also processed outside the European Union, e.g. in the USA. The U.S. constitutes so-called unsafe third countries. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 para. 1 GDPR, which confirms that there is adequate protection for personal data in the country. This may result in various risks to the lawfulness and security of data processing.
Meta uses standard data protection clauses approved by the EU Commission (= Art. 46. para. 2 DSGVO) as the basis for data processing for recipients located in third countries or a data transfer there.
You have the right of access, portability, rectification and deletion of your data at any time You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you need to permanently delete your Instagram account. If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and consequently will not be deleted. Instagram stores your data primarily via cookies. You can manage, disable or delete these cookies in your browser. You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.
In relation to this data processing, you have the possibility to assert your data subject rights also against Meta. For more information, please see Meta’s privacy policy at https://www.facebook.com/privacy/explanation.
b. LinkedIn
We use a link on our website to our company page of the social media network LinkedIn, the company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing.
When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions people take on our site (known as page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personally identifiable information about you. We only have access to the summarized page insights. It is also not possible for us to draw conclusions about individual members using the information from the page insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings. The legal basis for this processing is Art. 6 para. 1 letter a) DSGVO
LinkedIn has published a Joint Controller Agreement that sets forth the allocation of data protection responsibilities between us and LinkedIn. This is available at: https://legal.linkedin.com/pagesjoint-controller-addendum
There is a possibility with LinkedIn that some of the collected information is also processed outside the European Union, e.g. in the USA. The U.S. constitutes so-called unsafe third countries. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 Par. 1 GDPR, which confirms that there is adequate protection for personal data in the country. This may result in various risks to the lawfulness and security of data processing.
LinkedIn uses so-called standard data protection clauses (= Art. 46. para. 2 DSGVO) as the basis for data processing for recipients located in third countries or a data transfer there.
You have the right to access and also delete your personal data at any time. In your LinkedIn account you can manage, modify and delete your data. In addition, you can also request a copy of your personal data from LinkedIn. You also have the option in your browser to prevent data processing by LinkedIn. LinkedIn stores most data via cookies that are set in your browser. You can manage, disable or delete these cookies. Depending on which browser you have, the management works slightly differently. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.
You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.
For further information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footerprivacypolicy.
c. Facebook
What are Facebook tools?
We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc. or for the European area of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people who are interested in our products and services the best possible offer.
If data is collected from you and forwarded via our embedded Facebook elements or via our Facebook page (Fanpage), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our shared commitments have also been embodied in a publicly available agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are securely integrated into our website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you submit the question to us, we are required to forward it to Facebook.
Below we provide an overview of the different Facebook tools, what data is sent to Facebook and how you can delete this data.
Among many other products, Facebook also offers the so-called “Facebook Business Tools”. This is the official name of Facebook. However, since the term is hardly known, we decided to just call them Facebook tools. Among them are:
- Facebook Pixel
- social plug-ins (such as the “Like” or “Share” button)
- Facebook Login
- Account Kit
- APIs (Application Programming Interface)
- SDKs (collection of programming tools)
- Platform integrations
- Plugins
- Codes
- Specifications
- Documentations
- Technologies and services
Through these tools, Facebook extends services and has the ability to obtain information about user activity outside of Facebook.
Why do we use Facebook tools on our website?
We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, in order to show users suitable advertising, Facebook needs information about people’s wishes and needs. Thus, the company is provided with information about user behavior (and contact details) on our website. As a result, Facebook collects better user data and can show interested people the appropriate ads about our products or services. The tools thus enable customized advertising campaigns on Facebook.
Facebook calls data about your behavior on our website “event data”. These are also used for measurement and analysis services. Facebook can thus generate “campaign reports” on our behalf about the impact of our advertising campaigns. Furthermore, through analytics we get a better insight into how you use our services, website or products. As a result, we use some of these tools to optimize your user experience on our website. For example, you can use the social plug-ins to share content on our site directly on Facebook.
What data is stored by Facebook tools?
By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address can be sent.
Facebook uses this information to match the data with the data it itself has from you (if you are a Facebook member). Before customer data is transmitted to Facebook, a so-called “hashing” takes place. This means that a data set of any size is transformed into a string. This also serves to encrypt data.
In addition to contact data, “event data” is also transmitted. “Event Data” means that information we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless the company has explicit permission or is legally required to do so. “Event data” can also be associated with contact data. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact data again.
In order to deliver ads in an optimized manner, Facebook only uses event data when it has been aggregated with other data (collected by Facebook in other ways). Facebook also uses this event data for security, safety, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools you use and whether you are a Facebook member, different numbers of cookies are created in your browser. In the descriptions of the individual Facebook tools, we go into more detail about individual Facebook cookies. General information about the use of Facebook cookies can also be found at https://www.facebook.com/policies/cookies.
How long and where is the data stored?
Basically, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers spread all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been compared with the user’s own data.
How can I delete my data or prevent data storage?
In accordance with the Basic Data Protection Regulation, you have the right to information, correction, transferability and deletion of your data.
A complete deletion of the data only occurs if you delete your Facebook account completely. And this is how deleting your Facebook account works:
1) Click Settings on the right side of Facebook.
2) Then click “Your Facebook information” in the left column.
3) Now click “Deactivation and deletion”.
4) Now select “Delete account” and then click “Next and delete account”.
5) Now enter your password, click “Next” and then click “Delete account”.
The storage of data that Facebook receives via our site takes place, among other things, via cookies (e.g. for social plugins). In your browser, you can disable, delete or manage individual or all cookies. Depending on which browser you use, this works in different ways. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. Thus, for each individual cookie, you can decide whether to allow it or not.
Legal basis
If you have consented that data from you can be processed and stored by integrated Facebook tools, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view Facebook’s privacy policy or cookie policy.
Facebook also processes data from you in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing.
Facebook uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Facebook’s data processing terms and conditions, which comply with the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend that you read the data policy at https://www.facebook.com/privacy/policy/.
d. XING
What is Xing?
We use social plugins of the social media network Xing, of the company Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany, on our website. Through these functions, you can, for example, share content on Xing directly from our website, log in via Xing or follow interesting content. You can recognize the plug-ins by the company name or the Xing logo. When you visit a website that uses a Xing plug-in, data may be transmitted to the “Xing servers”, stored and analyzed. In this privacy policy, we want to inform you about what data is involved and how to manage or prevent this data storage.
Xing is a social network headquartered in Hamburg, Germany. The company specializes in managing professional contacts. That is, unlike other networks, Xing is primarily about professional networking. The platform is often used for job hunting or to find employees for one’s own company. In addition, Xing offers interesting content on various professional topics. The global counterpart to this is the American company LinkedIn.
Why do we use Xing on our website?
There is now a flood of social media channels and we are well aware that your time is very precious. Not every company’s social media channel can be scrutinized closely. That’s why we want to make your life as easy as possible, so you can share or follow interesting content directly from our website on Xing. With such “social plug-ins” we extend our service on our website. In addition, the data collected by Xing helps us to carry out targeted advertising measures on the platform. This means that our service is only shown to people who are really interested in it.
What data is stored by Xing?
Xing offers the share button, the follow button, and the log-in button as plug-ins for websites. As soon as you open a page where a social plug-in from Xing is installed, your browser connects to servers in a data center used by Xing. In the case of the share button, no data should be stored – according to Xing – that could derive a direct reference to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. Thus, no evaluation of your user behavior takes place. For more information, please visit https://dev.xing.com/plugins/share_button/privacy_policy
For the other Xing plug-ins, cookies are only set in your browser when you interact with or click on the plug-in. Personal data such as your IP address, browser data, date and time of your page view on Xing may be stored here. If you have a XING account and are logged in, collected data will be assigned to your personal account and the data stored in it.
The following cookies are set in your browser when you click on the follow or log-in button and are not yet logged in to Xing. Please keep in mind that this is an exemplary list and we cannot claim completeness:
Name: AMCVS_0894FF2554F733210A4C98C6%40AdobeOrg
Value: 1
Purpose: This cookie is used to create and store identifications of website visitors.
Expiration date: after end of session
Name: c_
Wert: 157c609dc9fe7d7ff56064c6de87b019311942099-8
Purpose: We could not find out any more information about this cookie.
Expiration date: after one day
Name: prevPage
Value: %2FWelcome%
Purpose: This cookie stores the URL of the previous web page you visited.
Expiration date: after 30 minutes
Name: s_cc
Value: true
Purpose: This Adobe Site Catalyst cookie determines whether cookies are generally enabled in the browser.
Expiration date: after end of session
Name: s_fid
Wert: 6897CDCD1013221C-39DDACC982217CD1311942099-2
Purpose: This cookie is used to identify a unique visitor.
Expiration date: after 5 years
Name: visitor_id
Wert: fe59fbe5-e9c6-4fca-8776-30d0c1a89c32
Purpose: The visitor cookie contains a unique visitor ID and the unique identifier for your account.
Expiration date: after 2 years
Name:_session_id
Wert: 533a0a6641df82b46383da06ea0e84e7311942099-2
Purpose: This cookie creates a temporary session ID that is used as an in-session user ID. The cookie is absolutely necessary to provide the functions of Xing.
Expiration date: after end of session
As soon as you are logged in to Xing or become a member, additional personal data is definitely collected, processed and stored. Xing also discloses personal data to third parties if this is necessary for the fulfillment of its own business purposes, if you have given your consent, or if a legal obligation exists.
How long and where is the data stored?
Xing stores the data on different servers in various data centers. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.
How can I delete my data or prevent data storage?
You have the right to access and also delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent possible data processing or manage it according to your wishes. Most of the data is stored via cookies. Depending on which browser you have, the management works slightly differently. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.
You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.
Legal basis
If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
We have tried to bring you closer to the most important information about data processing by Xing. At https://privacy.xing.com/de/dat enschutzerklaerung you can learn even more about the data processing of the social media network Xing.
Privacy policy for the contact form
The personal data that you provide to us as part of this contact request will only be used to respond to your request or contact and for the associated technical administration. The transfer to third parties does not take place.
You have the right to revoke your consent at any time with effect for the future. In this case, your personal data will be deleted immediately.
Your personal data will also be deleted without your revocation if we have processed your request or if you revoke the consent to storage given here. This also happens if the storage is inadmissible for other legal reasons.
You can inform yourself at any time about the data stored about your person.
Detailed information on data protection and the handling of personal data can be found in the general privacy policy of this website.
Newsletter subscription
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the consent form.
(2) For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time with effect for the future and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details provided in the imprint.
IV. Online Meeting Tool “GoToMeeting
In the following, we inform you about the processing of personal data in connection with the use of “GoToMeeting” of LogMeIN Inc.
Purpose of processing
We use the tools of “LogMeIn” to conduct conference calls, online meetings, video conferences. (hereinafter: “Online Meetings”).
What data is processed?
When using the tools of “LogMeIn”, different types of data are processed. The scope of the data also depends on the information you provide before or during participation in an “online meeting”.
Legal bases of data processing
Insofar as personal data of employees of Terhalle Holding GmbH & Co. KG is processed, § 26 BDSG is the legal basis for the data processing. If, in connection with the use of “GoToMeeting”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “GoToMeeting”, Art. 6 para. 1 lit. f) DS-GVO is the legal basis for the data processing. Our interest in these cases is in the effective conduct of “online meetings”.
Incidentally, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DS-GVO, insofar as the meetings are conducted in the context of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Again, our interest is in the effective conduct of “online meetings”.
Should video and audio recordings be necessary by way of exception, this will be done exclusively on the basis of the consent given by you in accordance with Art.6 Para. 1 lit. a) GDPR.
Nature and scope of data processing
We use “GoToMeeting” to conduct “online meetings”. If we want to record “online meetings”, we will transparently tell you in advance and ask for your consent. If necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
Automated decision-making within the meaning of Art. 22 DS-GVO is not used.
The following personal data are subject to processing when using “GoToMeeting”, whereby the handling of the data in this context also depends on the information on data you provide before or when participating in an “Online Meeting”:
User details (registration information): e.g. user name, activation and conference codes, e-mail address, first and last name, company, organization ID, participant IP, profile picture (optional).
Configuration and communication data: e.g. device name, IP address, geodata, time zone, activity logs, hardware type
Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information
Text, audio and video data: You may have the option to use the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “Online Meeting”. To enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device are processed accordingly during the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “GoToMeeting” applications.
Recipient / passing on of data
Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties as a matter of principle, unless they are specifically intended to be disclosed. Please note that content from “online meetings,” as well as in-person meeting content, is often intended precisely to communicate information with customers, prospects, or third parties and is therefore intended to be shared.
Another recipient is the provider of “GoToMeeting,” “LogMeIn Inc.”
Data processing outside the European Union / EEA
Data processing in third countries does not take place as a matter of principle, as we or the service provider have restricted the storage location to data centers in the EU or the EEA.
However, we cannot rule out the possibility that the service provider also uses servers outside the EU or EEA or that the routing of data takes place via Internet servers that are located outside the EU or EEA. In this case, an adequate level of data protection is guaranteed on the one hand by the conclusion of EU standard data protection clauses. In addition, as a supplementary protective measure, the data is encrypted during transport over the Internet and thus fundamentally secured against unauthorized access by third parties.
Storage duration
Your personal data that we process in the context of your use of “GoToMeeting” will generally be deleted as soon as they are no longer required for the purposes for which they were collected. A requirement for storage may exist in particular if the data is still needed to fulfill contractual services and to be able to check and grant or defend against warranty or guarantee claims. In the case of the statutory retention obligations of 6 years or 10 years according to commercial and tax law, deletion only comes into consideration after the expiry of the respective retention obligation. If and insofar as the processing is based on your consent, the data will only be stored until you revoke your consent, unless there is also another legal basis for the processing.
Your rights as a data subject
As a data subject, you may exercise the rights granted to you by the GDPR at any time, insofar as they apply to the processing:
- the right to information as to whether and which of your data is being processed (Art. 15 DS-GVO)
- the right to request the correction or completion of data concerning you (Art. 16 DS-GVO)
- the right to have the data concerning you deleted in accordance with Art. 17 DS-GVO
- the right to request restriction of the processing of the data in accordance with Art. 18 DS-GVO
- the right to data transfer in accordance with Art. 20 DS-GVO;
- the right to object to future processing of data concerning you in accordance with Art. 21 DS-GVO
Revocability of your consent
If the processing takes place on the legal basis of consent, this can be revoked at any time. The revocation shall not affect the lawfulness of the processing carried out until the revocation (Art. 7 (21) DS-GVO).
Right of complaint to a supervisory authority
You have the right to lodge a complaint about the processing of personal data by us with asupervisory authority for data protection.
V. Implementation of raffles
Purposes for which the personal data are processed and the legal basis for the processing
The purpose of the data processing is the implementation and processing of competitions, in particular the verification of the eligibility to participate, as well as the determination of the winners. Participation in the competition is only possible if you provide us with the above data, otherwise no contact can be made in the context of a prize notification.
If you participate in one of our sweepstakes, you consent to the processing of data for the aforementioned purposes. The data processing is therefore based on your consent (Art. 6 para. 1 lit. a DSGVO).
Another legal basis for the processing of personal data is the fulfillment of a contract. (Art. 6 para. 1 lit. b DSGVO), provided that the personal data are processed exclusively for the purpose of determining and notifying the winners and for the transmission of the prize.
Sources and categories of personal data processed
In the event of a win, the following data will necessarily be processed
First and last name
Address
E-mail address
Facebook profile info
Duration for which the personal data are stored and the criteria for determining the duration
The data collected in the competition will be deleted by Terhalle Holzbau as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected as part of the sweepstakes when the processing of the sweepstakes has been completed. Due to legal retention periods, we have to store data of winners until their expiration.
VI. Information on the rights of data subjects
This part of the Privacy Policy provides additional information on how to exercise your rights as a data subject against Terhalle.
You have the right
- pursuant to Article 15 DS-GVO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- pursuant to Article 16 DS-GVO to demand the correction of inaccurate or incomplete personal data stored by us without undue delay;
- pursuant to Article 17 DS-GVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- to request the restriction of the processing of your personal data in accordance with Article 18 DS-GVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Article 21 DS-GVO;
- in accordance with Article 21 of the GDPR, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them which is carried out on the basis of Article 6(1)lit. f is carried out;
- pursuant to Article 20 DS-GVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- in accordance with Article 7(3) DS-GVO to revoke your consent once given at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. This has the consequence that we may no longer continue the data processing based on this consent for the future. You can revoke the consent via: datenschutz@terhalle.de
- complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or our company headquarters for this purpose.
- information as to whether the provision of the personal data is required by law or by contract or is necessary for a pre-contractual or contractual conclusion and whether the data subject is obliged to provide the personal data and what the possible consequences of not providing it would be. Without the data, we will generally no longer be able to carry out pre-contractual or contractual measures or may have to terminate them.
Separate information about your right to object according to Article 21 DS-GVO
According to Art. 21 para. 1 DS-GVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) DS-GVO. 1 lit. f of the DS-GVO (data processing on the basis of a balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the processing is carried out for the purpose of direct marketing, you have the right to withdraw your consent pursuant to Art. 21 Para. 2 DS-GVO the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
If you wish to exercise your right of objection or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.
To exercise the rights listed, to ask questions in connection with the privacy policy or for further information, please contactTerhalle’s data protection officer at :
DSB Münster GmbH
Martin Luther King Way 42
48155 Münster
Phone: +49 0251 71879-0
datenschutz@terhalle.de
Safety note
We strive to store your personal data by taking technical and organizational possibilities so that they are not accessible to third parties. When communicating by e-mail, complete data security cannot be guaranteed, so we recommend that you send confidential information by post.
Privacy policy app
Privacy policy
We welcome you to our app and appreciate your interest. The protection of your personal data is an important concern for us. Therefore, we conduct our activities in compliance with applicable laws on personal data protection and data security. In the following, we would like to inform you about which data is used in the context of the use, for which purposes.
Responsible party for processing according to DSGVO
The responsible party within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Terhalle Holding GmbH & Co KG
Solmsstrasse 46
48683 Ahaus-Ottenstein
Data Protection Officer
DSB Münster GmbH
Martin Luther King Way 42-44
48155 Münster
+49 251 718790
Scope of data collection and data processing
Unless otherwise stated in the following sections, personal data is generally collected, processed or used when using our apps so that we can meet our quality standards. Therefore, within the registration process, the user’s master data is collected first:
- First and last name
- Language and country
- E-mail address
We additionally learn about the use of web-based structures certain technical information based on the data transmitted by your browser (for example, browser type/version, operating system used). The following data may be collected in the process:
- Information about the browser type and version used;
- the operating system of the user;
- Device ID of the terminal device;
- the IP address of the user;
- Date and time of access;
- Web pages accessed by the user’s system via our app, if additional data must be obtained from Community Connect Server
Relevant legal bases for the processing of personal data
In order to be in line with our legitimate interests as per. Art. 6 par. 1 lit. f) GDPR to provide effective and dynamic apps, we may use your data for the following:
- to ensure your safety and security, including reviewing user content, messages, and related metadata for violations of our Community Guidelines and our Terms of Use;
- to ensure that content is presented in the most effective way for you and your device;
- to understand how users use the apps so we can improve, promote, and develop them;
When we process your data to fulfill our legitimate interests, we conduct a balancing test to determine whether the use of personal data is truly necessary to achieve our business purpose. When we conduct this balancing test, we also consider the privacy rights of our users and take appropriate precautions to protect their personal information.
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) DS-GVO as legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) DS-GVO as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) DS-GVO as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f) DS-GVO as the legal basis for the processing.
Duration of the storage of personal data
Personal data is stored for the duration of the respective statutory retention period. After expiry of the deadline, the data is routinely deleted, unless it is necessary for the initiation or fulfillment of a contract.
Registration in our app
If the data subject uses the option to register via d.velop postbox with the app of the controller by providing personal data, the data in the respective input mask will be transmitted to the controller. The data is stored exclusively for internal use by the controller. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. During registration, the user’s IP address and the date and time of registration are stored (d.velop postbox). This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to disclose. The registration of the data is necessary for the provision of content or services. Registered persons have the possibility to have the stored data deleted or modified at any time. The data subject shall receive information about his/her stored personal data at any time.
Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for as long as necessary to achieve the purpose of storage. Furthermore, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.
Security
We have extensive technical and operational safeguards in place to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, data protection is continuously guaranteed at our company through constant auditing and optimization of the data protection organization.
Close
Terhalle Holding GmbH & Co KG reserves all rights to make changes and updates to this privacy policy.