Job
offers
Apply

Data Protection Statement

1. General

Data protection

We take the protection and security of any personal data you entrust us with very seriously and want you to feel comfortable and safe when visiting our web pages and taking advantage of our offers.

It is important to us that you are aware of what personal data is collected when you use our offers and services and how we use this data afterwards.

Purpose of data processing

Edelweiss will process personal data exclusively for the purposes provided in this data protection statement.

2. Processing of personal data

Scope of the processing of personal data

We generally only collect and use personal data to the extent that this is necessary for the provision of a functional website and to deliver our contents and services. The collection and use of personal data only routinely takes place once you have given your consent for this. An exception to this applies in cases where obtaining prior consent is not possible for genuine reasons and the processing of data is permitted by law.

Legal basis for the processing of personal data

In cases where we obtain consent for the processing of personal data from the person concerned, Article 6, paragraph 1, point (a) of the General Data Protection Regulation (GDPR) serves as the basis for the processing of personal data. For the processing of personal data required to fulfil a contract to which the person concerned is party, Article 6, paragraph 1, point (b) of the GDPR serves as the legal basis. This also applies to processing required to conduct pre-contractual measures. Where the processing of personal data is required to fulfil a legal obligation required of our company, Article 6, paragraph 1, point (c) of the GDPR serves as the legal basis for this. Where the processing of personal data is necessary to protect the vital interests of the person concerned or those of another natural person, Article 6, paragraph 1, point (d) of the GDPR serves as the legal basis for this. If the processing is required to safeguard the legitimate interests of our business or those of a third party, and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh these interests, Article 6, paragraph 1, point (f) of the GDPR serves as the legal basis for processing.

Accessing our website

When you access content on our website, we capture and record the IP address assigned to your computer in order to transmit this content to your computer (e.g. texts, images and files made available for download) (cf. Article 6, paragraph 1, point (b) of the GDPR). We also process this data to help us detect and prosecute abuse. The legal basis for this is Article 6, paragraph 1, point (f) of the GDPR. Our legitimate interest in data processing in this regard lies in ensuring the proper functioning of our website and the commercial transactions conducted through it.

To the extent that we process your data for the purpose of providing the functions of our website as described above, you are contractually obligated to make this data available to us.

Server data

For technical reasons, and in particular to guarantee the stability and security of the website, your internet browser transmits data to us and our web hosting provider. These server log files record (among other things) the type and version of your internet browser; your operating system; the web page via which you accessed our website (the referrer URL); which pages of our website you visited; the date and time of each access; and the IP address of the internet connection used to access our website. The data collected this way is temporarily recorded. However, it is not stored alongside your other personal data. The legal basis for this storage is Article 6, paragraph 1, point (f) of the GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our internet presence.

This data will be deleted after a maximum of seven days, provided that no further retention for evidence purposes is required. Should such retention be necessary, the data will be partially or fully excluded from deletion until the situation has been fully resolved.

Use of our contact form and email address

A contact form that can be used to make contact electronically is provided on our website. Should a user take advantage of this option, the data entered in the form will be transmitted to us and recorded. This data is as follows:

  • Name
  • Email
  • Subject
  • Message

In addition to this, the following data is recorded when the message is sent:

  • The user’s IP address
  • The date and time of the submission

The provision of this data is required to process and answer your query. If this data is not provided, we will not be able to answer your query or will only be able to answer it in a limited fashion. As part of the submission process, we obtain your consent for processing this data and refer you to this data protection statement.

The legal basis for this processing is Article 6, paragraph 1, points (a) and (b) of the GDPR. Alternatively, it is possible to contact us using the email address provided. If we are contacted via email, the personal data of the user transmitted with the email will be recorded. In this case there will be no further transmission of data to third parties.

If you contact us via the contact form or via email, the data you provide will be used to process your query. The provision of this data is required to process and answer your query. If this data is not provided, we will not be able to answer your query or will only be able to answer it in a limited fashion. The data will be used exclusively to process our interaction with you.

Your data will be deleted once your query has been conclusively answered, provided that the deletion is not prevented by a legal duty to preserve the records, such as for example in the case of the subsequent processing of a contract.

SSL/TLS encryption

For security purposes and to protect the transmission of any confidential information you may send to us, the website operator, our website uses SSL and/or TLS encryption. This ensures that data you transmit via this website cannot be read by third parties. You can identify a secure connection by the URL in your browser’s address bar beginning with ‘https://’ and by the presence of a lock symbol.

Other purposes

Personal data will be additionally processed if you have volunteered it yourself, for example in order to subscribe to a newsletter. The legal basis for this is Article 6, paragraph 1, point (b) of the GDPR. The data we process includes customer details, employee details and supplier details, to the extent that these are required for the purposes given in this data protection statement.

Insofar as we process your data as described above for the purposes of receiving and processing your individual queries, (newsletter) subscription requests, orders and so on, you are obligated to make this data available to us. We are unable to carry out the processes required for these enquiries without this data.

If you have consented to the processing of personal data (cf. Article 6, paragraph 1, point (a) of the GDPR), you are able to revoke your consent at any time without affecting the legality of processing carried out between the giving and revoking of consent.

Newsletter distribution

We use our newsletter to inform you about our current offers, services, products and partners. If you would like to receive the newsletter, you need to provide us with a valid email address. The data you provide in the entry form when registering will be recorded. In order to allow us to address you personally, we request that you provide us with your name and email address and enter a subject line. This data will only be used to send you our newsletter. In addition to this data, we also record the date of registration. This is only recorded as evidence in case a third party abuses your email address and registers for the newsletter using your email address without your knowledge.

Cancelling the newsletter/revoking your consent: You can revoke your consent for us to record your personal data and use it to send you our newsletter at any time. In doing so, you will simultaneously revoke your consent to be sent the newsletter and to be included in its associated statistical analyses. Every newsletter includes a link you can use to unsubscribe.

3. Planned data transmission to third parties

Transfer to third parties

Where appropriate, information may be processed by other members of the Savencia group of companies, provided that this is necessary for the purposes named in this data protection statement or that the other company becomes active as a processor/service provider bound to comply with instructions from Edelweiss. We also sometimes use service providers, based in Germany, who process data on our instructions (e.g. for software development). In the cases described here, information is passed on to these third parties in order to enable further processing. We carefully choose and regularly monitor our external service providers in order to ensure that your privacy is safeguarded.

These service providers are processors/service providers bound to comply with our instructions. They are accordingly obligated by us, amongst other things, to use your data exclusively as we direct them to and in accordance with the relevant data protection regulations. In particular, they are obligated to treat your data as strictly confidential. They are also forbidden to use the data for any purposes other than those agreed upon.

Die Service Provider sind weisungsgebundene Dienstleister / Auftragsverarbeiter und werden dementsprechend von uns u.a. verpflichtet, Ihre Daten ausschließlich entsprechend unseren Weisungen sowie den jeweils geltenden Datenschutzgesetzen zu behandeln. Insbesondere werden sie verpflichtet, Ihre Daten streng vertraulich zu behandeln. Es ist ihnen auch untersagt, die Daten für andere Zwecke als vereinbart zu verarbeiten.

The transmission of data to processors is covered by Article 28, paragraph 1 of the GDPR.

We do not sell your data to third parties or market them in any other way.

Your personal data will also be transmitted to law enforcement authorities and if appropriate to injured third parties without your explicit consent if this is required to investigate unlawful use of our services or for the purposes of prosecution. However, this will only occur if there are concrete indications of unlawful and/or improper behaviour. Your data may also be transmitted if this serves the enforcement of the terms of use or other agreements. In addition to this, we are legally required to provide information when requested to do so by certain public authorities. These are the law enforcement authorities, revenue authorities and authorities that prosecute administrative offences punishable by fines.

The transmission of this data is based on our legitimate interest in combating misuse, the prosecution of criminal offences and the protection, assertion and enforcement of claims, provided your rights and interests in the protection of your personal data do not outweigh this (Article 6, paragraph 1, point (f) of the GDPR). 

Planned data transmission to third countries

There are currently no plans to transmit collected data to third countries. The requisite legal provisions will be drawn up if this becomes necessary. In particular, you will be informed about the recipient(s) or category of recipient(s) in question in accordance with legal requirements.

4. Security

Edelweiss implements technical and organisational security measures in order to protect the data you have provided from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. This also applies where external service providers are involved. The effectiveness of our security measures is reviewed and the measures are continuously improved in line with technological developments. Any personal data entered is always strongly encrypted for transmission.

5. Cookies

In order to make our website more user-friendly and to tailor it to your needs, some areas of our website use cookies. Cookies are small files that are stored locally on your computer when you visit a website. If you visit the site again on the same device, the cookie (for example) indicates that this is a repeat visit. In addition to this, cookies allow us to analyse the way our website is used. Cookies do not contain any personal data and are unable to identify you on the websites of third parties, including on the websites of our analytics provider.

We use the following types of cookies:

  • Strictly necessary cookies

These cookies are necessary to make our website work correctly. For example, this includes assigning anonymous session IDs to group multiple requests to a web server or to enable logins and orders to work properly.

  • Functionality cookies

These cookies help us save settings you have selected or support other functions while you are navigating our website. They allow us to remember your preferred settings for your next visit or to save your login details for specific areas of our website.

  • Performance/statistics cookies

These cookies collect information on how you use our website (for example, which internet browser you use, how often you have visited the site, which pages you have looked at and the amount of time you have spent on the site). These cookies do not store any information that can be used to personally identify the user. The information collected with these cookies is aggregated and therefore anonymised.

You can refuse or consent to the use of cookies, including for web tracking, via the settings of your internet browser. You can configure your browser in such a way that the use of cookies is always refused, or that you are notified ahead of time every time a cookie will be stored. However, this may affect the functionality of the website (e.g. for orders). Your browser also provides a functionality for deleting cookies (e.g. by clearing the browsing data). You can find further information on this in your internet browser’s user guide, which in most cases can be found under the Settings menu.

6. Social media presence

YouTube

Our website uses YouTube plug-ins in order to embed and display video content. The video portal provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a web page with an embedded YouTube plug-in, a connection will be established with the YouTube servers. This tells YouTube which of our pages you have accessed. If you are logged into your YouTube account, YouTube will be able to link your surfing habits to your personal profile. You can prevent this by logging out of YouTube before accessing any pages containing YouTube plug-ins. We use YouTube in the interest of attractively representing our online offerings. This represents a legitimate interest as covered by Article 6, paragraph 1, point (f) of the General Data Protection Regulation (GDPR)

You can find out further details on how YouTube handles user data in their Privacy Policy at: https://policies.google.com/privacy?hl=en.

7. Use of Google Maps

This website uses Google Maps, a map service from Google Ireland Limited (hereafter called ‘Google’) to display an interactive map. The use of Google Maps may mean that information about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there.

Google may transmit the information obtained through Maps to third parties if this is required by law or if such third parties have been instructed to process this data by Google.

Under no circumstances will Google link your IP address to other Google data. Nevertheless, it would be technically possible for Google to identify at least some individual users on the basis of the data obtained. In such a situation, it would be possible for Google to process personal data and user profiles belonging to the users of this website for other purposes over which we do not and cannot have any control. This is problematic for data protection reasons, as is the fact that data is transmitted to the USA.

You have the option of easily deactivating the Google Maps service, thereby preventing the transmission of data to Google. You can do this by deactivating JavaScript in your browser. However, please note that you will not be able to use the map view if you choose to do this. By using this website and by not deactivating your browser’s JavaScript functionality, you explicitly confirm that you are aware of the data protection issues and consent to the processing of your personal details by Google in the manner and for the purposes described above.

You can find further information on Google’s terms of service and data protection policy at https://policies.google.com/?hl=en.

8. Time limits for the deletion of data

The legislator has mandated various retention periods and obligations. After these time limits have passed, the data in question is routinely deleted. Data that is not covered by these regulations is deleted or anonymised once it is no longer needed for the purposes provided in this data protection statement. Unless this data protection statement includes alternative provisions for the storage of data, we will store the data we collect for as long as it is necessary for the purposes it was recorded for as described above.

9. Other uses of data and data deletion

Further processing or use of your personal data will generally only be carried out if this is permitted by a legal provision or if you have consented to this processing or use of data. In the case of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to the further processing and provide you with any relevant further information.

10. Detection and prosecution of misuse

We will retain information for the detection and prosecution of misuse, in particular your IP address, for a maximum of seven days. The legal basis for this is Article 6, paragraph 1, point (f) of the GDPR. Our legitimate interest in retaining data for seven days here lies in ensuring the proper functioning of our website and the commercial transactions conducted through it, as well as in our ability to defend against cyberattacks and similar. We may use anonymous usage information for the purposes of tailoring our website to our and our customers’ needs.

11. Rights related to the processing of personal data

Right of access

At any time, you have the right to request information about the personal data concerning you processed by us as covered by Article 15 of the GDPR. To do this, please send a request by post or by email to one of the addresses provided below.

Right to rectification

You have the right to demand the prompt correction of personal data concerning you if this data is inaccurate (Article 16 of the GDPR). In order to do this, please use the contact details provided below.

Right to erasure

You have the right to the prompt deletion (the ‘right to be forgotten’) of personal data concerning you if any of the legal grounds described in Article 17 of the GDPR apply. These apply, for example, if the personal data is no longer required for the purposes for which it was originally processed; if you have revoked your consent and there is no other legal basis for processing; if the person concerned objects to the processing and there are no overriding grounds for processing (this does not apply to objections to direct marketing). In order to invoke this right, please use the contact details provided below.

Right to the restriction of processing

You have the right to the restriction of processing in accordance with Article 18 of the GDPR if one of the conditions stipulated there applies. In particular, the restriction of processing may be required if the processing is unlawful and the person concerned opposes the deletion of the personal data and requests that its use be restricted instead, or if the person concerned has objected to the processing in accordance with Article 21, paragraph 1 of the GDPR and it has not yet been confirmed whether our legitimate interests outweigh those of the person concerned. In order to invoke this right, please use the contact details provided below.

Right to data portability

Article 20 of the GDPR gives you the right to data portability. This provision gives you the right to receive the personal data you have provided us with in a commonly used, structured and machine-readable format, and to transfer this data to another controller, such as a different service provider. The prerequisite for this is that the processing is conducted based on the consent of or a contract with the person concerned and is carried out by automated means. In order to invoke this right, please use the contact details provided below.

12. Right to object

Article 21 of the GDPR gives you the right to object at any time, on the grounds of your particular situation, to the processing of personal data concerning you carried out on basis of Article 6, paragraph 1, point (e) or (f) (amongst others). We will cease the processing of your personal data unless we can demonstrate compelling, legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal rights. In order to invoke this right, please use the contact details provided below.

13. Right to lodge a complaint with a supervisory authority

If you believe that our processing of personal data concerning you is unlawful, you have the right to complain to the relevant supervisory authority responsible for us, which you can contact as follows:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach

Postal address
Postfach 606
91511 Ansbach
Deutschland

Telefon: +49 (0) 981 180093-0
Telefax: +49 (0) 981 180093-800
E-Mail: poststelle@lda.bayern.de 

14. Data protection officer

If you have further questions regarding the processing of your personal data, you can contact our data protection officer directly, who can also be contacted for requests for information, claims and complaints:

Datenschutzbeauftragter des TÜV Hessen
Robert-Bosch-Str. 16
64293 Darmstadt
E-Mail: datenschutz@edelweiss-gmbh.com

15. Contact details for the controller responsible for data processing

The controller for the purposes of data protection is:

Edelweiss GmbH & Co. KG
Oberstdorfer Straße 7
87435 Kempten
Telephone: +49 (0) 8 31 / 25 39 - 0
Fax: +49 (0) 8 31 / 25 39 - 212
E-Mail: datenschutz@edelweiss-gmbh.com

Changes

We reserve the right to change this data protection statement at any time. Any changes will be announced by the changed data protection statement being published on our website. Unless otherwise specified, such changes will be effective immediately. Please check this data protection statement regularly in order to ensure that you are aware of the current version.

16. Revoking consent for etracker

The provider of this website uses the services of etracker GmbH, based in Hamburg, Germany (www.etracker.com), for the analysis of usage data. Once users have given us their explicit consent, we use cookies that enable statistical analysis of the way this website is used by its visitors as well as cookies that enable the display of usage-related content or advertising. Cookies are small text files that are saved on the end user’s computer by their internet browser. etracker cookies do not contain any information that allow a user to be identified.

The data produced using etracker will be processed and stored exclusively in Germany by etracker on behalf of the provider of this website. As such, it is subject to strict German and European data protection regulations and standards. With reference to this, etracker has been independently audited, certified and awarded the ePrivacyseal data protection seal of approval.

Data processing is carried out on the legal basis of Article 6, paragraph 1, point (a) (consent) of the EU General Data Protection Regulation (GDPR) in order to optimise our online offering and website. As the privacy of our visitors is extremely important to us, etracker anonymises your IP address as soon as possible and converts login details and device identifiers to a unique key that is not associated with an individual. etracker does not otherwise use your data, combine it with other information or pass it on to third parties.

Once given, you can revoke your consent at any time. Revoking your consent does not have any negative consequences for you.

I object to the processing of my personal data using etracker on this website.

You can find further information on data protection at etracker here.