Privacy Policy

In the following, we inform you about the collection of personal data when using our website. Personal data in the sense of Art. 4 No. 1 of the EU General Data Protection Regulation (DSGVO) is all information that can be related to you personally, such as name, address, e-mail addresses, user behavior.

I. Name and contact details of the data controller and the data protection officer

The controller for the processing of personal data pursuant to Art. 4 No. 7 DSGVO is:

Gienanth Group GmbH
Ramsener Straße 1
67304 Eisenberg

Germany

Phone: +49 6351 408-0
E-mail: info@gienanth.com

 

Gienanth Group GmbH is the parent company of a german group of companies with numerous subsidiaries (hereinafter collectively: "we" or "us"). The company to which you provide your data is responsible for individual processing of your data, e.g. in connection with your contact or an application.

We have appointed a joint data protection officer. You can reach our data protection officer, Mr. Christian Krösch, Attorney at law, SLK Compliance Services GmbH, Königsbrücker Straße 76, 01099 Dresden, Germany, by phone: +49 351 89676360 or e-mail: datenschutz@slk-compliance.de.

II. General information on the collection, disclosure and storage period of personal data

Primarily, the data processing serves the provision of access to our website as well as the establishment and fulfillment of a contractual relationship with you. When you contact us by e-mail, via a contact form or by telephone, the data you provide (e.g. your e-mail address, name and telephone number, if applicable) will be stored by us in order to process your request. The primary legal basis for this is Art. 6 (1) b) GDPR. In addition, your separate consent pursuant to Art. 6 (1) a) GDPR may be used, if applicable. We also process your data in order to be able to fulfill our legal obligations, in particular in the area of commercial and tax law. This is done on the basis of Art. 6 (1) c) GDPR. As far as necessary, we also process your data on the basis of Art. 6 (1) f) GDPR in order to protect legitimate interests of us or of third parties. These interests may arise, for example, for advertising, as far as you have not objected to the use of your data, the assertion of legal claims and defense in legal disputes, ensuring the IT security of our company and for measures for business management and further development of services and products.

We will only disclose your personal data to third parties if you have given your consent in accordance with Art. 6 (1) a) GDPR, if the disclosure is necessary for the assertion, exercise or defense of legal claims or for the protection of our legitimate interests in accordance with Art. 6 (1) f) GDPR (e.g. affiliated companies, courts, tax advisors, lawyers) and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, in the event that there is a legal obligation for the disclosure pursuant to Art. 6 (1) c) GDPR (e.g. tax authorities) as well as this is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6 (1) b) GDPR (e.g. banks, logistics service providers, IT service providers).

Depending on which services you use on our website or request from us, your personal data may be transferred to a third country. If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place as far as the third country has been confirmed by the EU Commission to have an adequate level of data protection, other adequate data protection guarantees (e.g. binding corporate data protection rules or EU standard contractual clauses) are in place or an exception for the transfer according to Art. 49 GDPR applies.

We delete your personal data as soon as it is no longer necessary for the purposes stated in this privacy notice. After termination of the contractual relationship, your personal data will be stored as long as we are legally obliged to do so. This regularly results from legal obligations to provide proof and to retain data. The storage periods thereafter amount to up to ten years. In addition, personal data may be retained for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).

You only need to provide us with the personal data that is necessary for the provision and use of certain functions of our website or the establishment and performance of a contractual relationship and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will not be able to provide the website and certain functions of the website and to enter into and perform a contract with you.

III. Collection and processing of personal data on our website

In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server and that are technically necessary for the presentation of our website and the guarantee of stability and security. These are the IP address, the request of your browser and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. We also collect product and version information about the browser used and the operating system of your system. We further record from which website our page was accessed.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your browser. For this purpose, your IP address must remain stored for the duration of the session. The processing activities of the remaining data are carried out to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the stability and security of our systems. The legal basis is Art. 6 (1) f) GDPR, based on a weighing of our legitimate and overriding interests mentioned above.

We transfer the collected data to external service providers (hosting provider, IT service provider, web agency), which support us in data processing for the above-mentioned purposes.

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Otherwise, deletion takes place at the latest within 7 days after calling up the website.

IV. Further information on data processing within and outside our website

1. Contact and communication

We collect your personal data as a customer, business partner, interested third party or supplier if you provide it to us voluntarily by e-mail, via a contact form on our website, by mail or by telephone. We then collect the information that comes about as part of the contact and/or cooperation. This includes in particular names and transmitted contact data, date and reason for contact.

The personal data collected from you will be used for the purpose of providing you with the requested products or services and corresponding with you (legal basis Art. 6 (1) b) GDPR), for the fulfillment of legal obligations (legal basis Art. 6 (1) c) GDPR) or on the basis of legitimate interests of us or of third parties (legal basis Art. 6 (1) f) GDPR), which are described in this Privacy Policy.

You are not obliged to provide the aforementioned personal data. The data provided may be necessary for the conclusion of a contract. Without the provision of the data, communication, conclusion of a contract or contract processing may not be possible.

A transfer of the data relevant in the respective individual case takes place on the basis of the legal provisions or a contractual agreement to public bodies in the presence of overriding legal provisions, to external service providers or other contractors and to other external bodies, as far as you have given your consent or a transfer is permissible for predominant interest.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Insofar as the data disclosed is subject to retention obligations under tax and commercial law, it will be stored for the duration of the retention obligations of ten years and then deleted, as far as you have not consented to storage beyond this or the further processing of the data is necessary for the assertion, exercise or defense of legal claims (statutory limitation period of three or up to thirty years).

2. Privacy Policy for applicants

We collect your personal data as an applicant only if you provide it to us voluntarily by e-mail, by mail or by telephone. This applies both to applications in response to job offers and to unsolicited applications. In this case, we record the information provided in the application. This includes, in particular, name, date of birth, contact data, interests, qualification data as well as educational and professional background. The personal data collected from you will only be used for the purpose of performing the application process. The legal bases are Art. 6 (1) a), b) and f) GDPR.

You are not obliged to provide the aforementioned personal data. The data provided may be necessary for a future conclusion of a contract after completion of the application process. Without the provision of the data, communication, performance of the application procedure or conclusion of a contract may not be possible.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. We therefore retain your data after performance of the application procedure in the event of rejection for six months after you have been notified of the rejection decision. If you have consented to longer storage, the storage period is regularly two years. After that, we will either delete your data or obtain your consent again. You have the option of revoking your consent to the processing activities of personal data at any time.

3. Microsoft Teams

To conduct video conferences and online meetings ("online meetings"), we use the "Microsoft Teams" service of Microsoft Ireland Operations Limited, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland ("Teams"). The legal basis for data processing when conducting "online meetings" is Art. 6 (1) b) DSGVO, insofar as these are conducted in the context of contractual relationships. Insofar as personal data is processed by our employees, Section 26 BDSG is the legal basis. If no contractual relationship exists or no processing is required for the establishment, implementation or termination of the employment relationship, the legal basis is Art. 6 (1) f) DSGVO. Our legitimate interest in these cases is the effective implementation of "online meetings".

Various types of data are processed when using "Teams". The scope of the data also depends on the data you provide before or during participation in an "online meeting". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. That a recording is taking place will also be indicated to you in the "Teams" app. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case. In the case of webinars, we may also process questions asked by webinar participants for purposes of recording and following up on webinars. If you are registered as a user with "Teams", then reports of "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by "Teams" for up to one month. The following personal data are subject to processing: User details (first name, last name, phone (optional), email address, password (if "single sign-on" is not used), profile picture (optional), department (optional)), meeting metadata (topic, description (optional), participant IP addresses, device/hardware information), Recording data (optional) (MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat) when dialing in with the telephone Telephone data (information on incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device may be stored) and text, audio and video data. You may have the opportunity to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Teams" applications. To participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

Personal data processed in connection with participation in "online meetings" will not be disclosed to third parties as a matter of principle unless it is specifically intended for disclosure. Please note that the content of online meetings, as well as face-to-face meetings, is often used to communicate information to customers, prospects or third parties and is therefore intended for disclosure. In addition to Microsoft's processing of the above data, we transfer the collected data to external service providers (e.g., platform, hosting, support, and analytics service providers) for processing in accordance with the purposes set forth above (supporting the provision and execution of "Online Meetings").

In cases where Personal Data is transferred under Microsoft's own responsibility from Microsoft Ireland Operations Limited to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. The Microsoft Products and Services Data Protection Addendum (DPA) with reference to the standard contractual clauses is available here: www.aka.ms/dpa

As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed in order to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

4. Social Media

We also process your personal data when you visit us on our social media accounts. We maintain these social media accounts primarily to communicate with customers, interested parties and users, to increase our brand awareness and to promote our products and services. The respective provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research, and/or the needs-based design of its network. Such an evaluation is carried out in particular (also for non-logged-in users) for the display of needs-based advertising. For the respective data processing purposes and data categories, we refer to the individual social media accounts, which are explained in more detail below.

The legal basis for the use of these social media accounts is Art. 6 (1) f) DSGVO, as we have a legitimate interest in communicating with and informing customers and interested parties via these accounts. Insofar as you wish to enter into a contractual relationship with us with your request, the legal basis for this processing is Art. 6 (1) b) DSGVO.

In addition to the processing of the above data by the respective providers, we transfer the collected data to external service providers (e.g. platform, hosting, support and analysis service providers) for processing in accordance with the above-mentioned purposes (implementation and support of communication and information as well as advertising).

The personal data collected will be deleted as soon as they are no longer needed for the processing purposes.

4.1 Facebook

We operate a social media account on Facebook ("Fanpage"), an online service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). When you visit our Fanpage, Facebook processes your personal data in accordance with Facebook's privacy policy. For more information, please visit: de-de.facebook.com/policy.php.

We process your personal data depending on your interaction with our Fan Page, including your Facebook username as well as comments you have posted on our Fan Page and your activity on our Fan Page via the Facebook Page Insights service. Page Insights are aggregate statistics created based on certain events logged by Facebook's servers when people interact with Pages and their associated content, such as visits to our Fan Page, the volume of interactions, visits and average duration of video plays, information about what countries and cities you are from, and statistics about our visitors' general relationships ("Events") and other information necessary to respond to your potential inquiries. For more information about such Events, please visit: www.facebook.com/legal/terms/page_controller_addendum. Facebook provides Page Insights to us so that we can gain insights about how visitors interact with our Fan Page and with content associated with them. We do not have access to the personal data processed as part of events, only to the aggregated Page Insights.

We are jointly responsible with Facebook for some of the processing of this personal data into Page Insights events ("Insights Data") in connection with the Fan Page within the meaning of Article 26 GDPR. The joint responsibility includes the creation of the events and their aggregation into Page Insights, which are then made available to us. We have entered into an agreement with Facebook for this purpose ("Page Insights Supplement", www.facebook.com/legal/terms/page_controller_addendum), which sets out the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing. Facebook provides the essence of this Page Insights Supplement to data subjects (Art. 26 (2) GDPR). This is currently done via the Page Insights data information available here: www.facebook.com/legal/terms/information_about_page_insights_data. We are responsible for providing information on the joint processing of personal data. Facebook is responsible for enabling the rights of data subjects under Art. 15-20 GDPR with respect to personal data stored by Facebook after joint processing. The contact details of the data controller as well as the data protection officer of Facebook are available here: www.facebook.com/about/privacy.

In cases where personal data is transferred under Facebook's own responsibility to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 DSGVO. The Facebook EU Data Transfer Addendum with reference to the standard contractual clauses is available here: www.facebook.com/legal/EU_data_transfer_addendum.

4.2 LinkedIn

We operate a social media account on LinkedIn, an online service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). When you visit us on our LinkedIn page, LinkedIn processes your personal data in accordance with LinkedIn's privacy policy. For more information, please visit: www.linkedin.com/legal/privacy-policy.

We process your personal data depending on your interaction with us on our LinkedIn page, including your LinkedIn username as well as comments you have posted on our LinkedIn page and your activity on our LinkedIn page via the LinkedIn "Page Insights" service. "Page Insights" are aggregate statistics created based on certain interactions logged by LinkedIn servers when people interact on our LinkedIn Page and related content, such as visits to our LinkedIn Page, the volume of interactions, information about what countries and cities you are from, and statistics about our visitors' area of work and other information necessary to respond to your potential inquiries. LinkedIn provides Page Insights to us so that we can gain insights about how visitors interact with our LinkedIn Page and with content associated with it. We do not have access to the personal data in this process, only to the aggregate statistics.

For some of the processing of this personal data for Page Insights that takes place in connection with the LinkedIn Page, we are jointly responsible with LinkedIn within the meaning of Art. 26 DSGVO. The joint responsibility includes the processing of personal data for the creation of Page Insights, which are then made available to us. We have entered into an agreement with LinkedIn for this purpose ("Page Insights Joint Controller Addendum", legal.linkedin.com/pages-joint-controller-addendum), which sets out the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing. LinkedIn provides the essence of this Page Insights Joint Controller Addendum to data subjects at the link above (Art. 26 (2) GDPR). LinkedIn has thereafter committed to assume responsibility under the GDPR for the provision of Page Insights and will comply with all applicable obligations under the GDPR with respect to the processing of Page Insights (including, but not limited to, Art. 12-22 and Art. 32-34 of the GDPR). This means that LinkedIn will, among other things, ensure that users are informed about the data being processed and assist members with their rights of access and erasure. The contact details of the data controller as well as LinkedIn's data protection officer are available here: www.linkedin.com/legal/privacy-policy.

In cases where personal data is transferred under our own responsibility from LinkedIn to LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 DSGVO. You can request a copy of these standard contractual clauses from LinkedIn via www.linkedin.com/legal/privacy-policy.

4.3 XING

We operate a social media account on XING, an online service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany ("XING"). When you visit us on our XING page, XING processes your personal data in accordance with XING's privacy policy. For more information, please visit: privacy.xing.com/de.

We process your personal data depending on your interaction with us on our XING Page, including your XING username as well as comments you have posted on our XING Page and your activity on our XING Page. We receive aggregate statistics based on certain interactions when people interact on our XING Page and related content, such as visits to our XING Page, the volume of interactions, information about which countries and cities you are from, and statistics about our visitors' area of work and other information necessary to respond to your potential inquiries. XING provides us with these statistics so that we can gain insights into how visitors interact with our XING site and with the content associated with them. We do not have access to the personal data in this process, only to the aggregated statistics.

4.4 YouTube

We operate a social media account on YouTube, an online service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). When you visit us on our YouTube channel, YouTube processes your personal data in accordance with YouTube's privacy policy. For more information, please visit: policies.google.com/privacy.

We process your personal data depending on your interaction with us on our YouTube channel, including your YouTube username as well as comments you have posted on our YouTube channel and your activity on our YouTube channel via the YouTube Analytics service. We receive aggregate statistics based on certain interactions when people interact on our YouTube channel and related content, such as visits to our YouTube channel, the volume of interactions, visits and average duration of video plays, information about what countries and cities you are from, and statistics about the general relationships of our visitors and other information necessary to respond to your potential requests. YouTube provides these statistics to us so that we can gain insights into how visitors interact with our YouTube channel and with content associated with them. We do not have access to the personal data in this process, only to the aggregate statistics.

In cases where personal data is transferred under Google's own responsibility to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 DSGVO. The YouTube order data processing terms and conditions with reference to the standard contractual clauses are available here: www.youtube.com/t/terms_dataprocessing

4.5 Instagram

We operate a social media account on Instagram, an online service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Instagram"). When you visit our Instagram page, Instagram processes your personal data in accordance with Instagram's privacy policy. For more information, please visit: www.instagram.com/legal/privacy/.

We process your personal data depending on your interaction with our Instagram page, including your Instagram username as well as comments you have posted on our Instagram page and your activity on our Instagram page via the Instagram "Insights" service. Insights are aggregate statistics created based on certain events logged by Instagram servers when people interact with pages and their associated content, such as visits to our Instagram page, the volume of interactions, visits and average duration of video plays, information about what countries and cities you are from, and statistics about our visitors' general relationships and other information necessary to respond to your potential inquiries. Instagram provides Insights to us so that we can gain insights about how visitors interact with our Instagram page and content associated with it. We do not have access to the Personal Data in this process, only the aggregated Insights.

In cases where personal data is transferred under our own responsibility from Instagram to Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, these transfers are subject to the standard contractual clauses pursuant to Art. 46 GDPR. The Facebook EU Data Transfer Addendum with reference to the standard contractual clauses is available here: www.facebook.com/legal/EU_data_transfer_addendum.

V. Objection or revocation against the processing activities of your data

If you have given your consent to the processing activities of your data, you may revoke it at any time. Such revocation will affect the permissibility of the processing activities of your personal data after you have expressed it to us.

As far as we base the processing of your personal data on the balance of interests, you may object to the processing activities. This is the case if the processing activities are not necessary, in particular, for the performance of a contract with you, which will be presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as performed by us. In the event of your justified objection, we will review the situation and either discontinue or adjust the processing activities or show you our compelling legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to advertising by using the contact details provided in section I above.

VI. Your rights

In accordance with Article 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected from us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

Pursuant to Art. 16 GDPR, you may request the correction of incorrect or incomplete personal data stored by us without undue delay. In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, as far as the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller.

In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.

You also have the right under Article 77 GDPR to lodge a complaint about the processing of your personal data by us with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you believe that the processing activities of the personal data concerning you violate the GDPR.