Privacy Policy

SHL AG Data Privacy Policy

 

Privacy Policy for applicants  

 

§1 Information about the collection of personal data

 

(1)The information below will inform you about the collection of personal data when using our website. Personal data are all data that refer to a natural person, such as name, address, e-mail addresses and user behavior.

 

(2)The controller as defined by Art. 4(7) of the EU's General Data Protection Regulation (GDPR) is 

 

SHL AG

Spaichinger Weg 14

78583 Böttingen

Telephone: 0049 (0) 7429 99 304-0 

Telefax: 0049 (0) 74299304-50

E-Mail: info@shl.ag 

 

Either representatives board of managers:

Winfried Häring

Gerd Lehr 

 

 

You can reach our company's data protection officer at our address with the addition of "z. H. d. Datenschutzbeauftragten" (c/o the Data Protection Officer) or at datenschutz@shl.ag.

3)When you contact us by e-mail or through a contact form, the information you provide (your e-mail address and if necessary your name and telephone number) will be stored by us in order to answer your questions. We delete the data that is collected in this context once storage is no longer required or limit the processing if there are statutory data retention requirements.

 

(4)If we rely on contracted service providers for individual functions of our site or want to use your data for advertising purposes we will inform you about the individual processes in detail below. We will also name the specified criteria for the retention period.

(5) 

a)In addition to simply using the website for information, we also offer various services that might be of interest to you. To do this, you must usually give us additional personal data that we use to provide the respective service and for which the aforementioned principles of data processing apply.

 

b)We sometimes use external service providers to process your data. They have been carefully chosen and hired by us, are bound by our instructions and are monitored on a regular basis.

c)If our service providers or partners have their registered offices in a country outside the European Economic Area (EEA), we will inform you about the implications of this in the description of the offer.

 

§2 Your rights

 

(1) You have the following rights with respect to your personal data:

 

–          Right to information (Art. 15 of the GDPR) 

–          Right to rectification (Art. 16 of the GDPR) and right to erasure (Art. 17 of the GDPR)

–          Right to restrict processing (Art. 18 of the GDPR)

–          Right to withdraw previously granted consent (Art. 7(3) of the GDPR), see also paragraph 3 below,

–          Right to data portability (Art. 20 of the GDPR)

 

(2) You also have the right to lodge a complaint with a supervisory authority about the processing of your personal data (Art. 77 of the GDPR).

(3) If your personal data are going to be processed for the purposes of legitimate interests pursuant to sentence 1 of Art. 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 of the GDPR unless there are grounds relating to your particular situation or the objection is directed at direct marketing. In the latter case, you have a general right to object to the processing of personal data without stating a particular situation. If you would like to make use of your right to withdraw consent or object, you can notify us by sending an email to datenschutz@shl.ag

 

§3 Collection of personal data when visiting our website

 

If you are merely using the website for information (i.e. you do not register or otherwise provide us with information), we only collect the personal data that your browser needs to transmit to our server. If you wish to view our website, we collect the following information that is technically necessary for us to display our website and to ensure its stability and safety (the legal basis is the first sentence under item f) of Article 6(1) of the GDPR):

 

–          IP address

–          Date and time of the request

–          Time zone difference from Greenwich Mean Time (GMT)

–          Content of the request (specific page)

–          Access status / HTTP status code

–          Transmitted data volume

–          Website the request comes from

–          Browser

–          Operating system and its user interface

–          Language and version of the browser software

 

§4 Cookies

 

(1) In addition to the aforementioned data, cookies will be stored on your computer when you use our website. Cookies are small text files that are saved locally on your hard drive by your browser and send certain information to the site that sends the cookie (in this case, us). Cookies cannot be used to run programs or transmit viruses to your computer. They are used to make the website more user friendly and effective.

 

(2) The use of cookies:

 

a)This website uses the following kinds of cookies, and their scope and functionality will be explained below:

– Transient cookies (see b)

– Persistent cookies (see c)

 

b) Transient cookies are automatically deleted when you close the browser. They include, in particular, session cookies. Session cookies store a session identifier that can be used to assign various inquiries from your browser during the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

 

c) Persistent cookies are automatically deleted after a specified time period, which can vary depending on the cookie. You can delete these cookies in the security settings of your browser at any time.

 

d)You can configure your browser setting based on your wishes and refuse to accept third-party cookies or all cookies, for example, but please be aware that you might not be able to use all the functions of this website.

 

e) Most browsers allow you to change your cookie settings to your personal preferences. You can use your browser to refuse or erase certain cookies. Generally speaking, you can also use similar technologies this way by using your preferred browser.

 

The following links explain how you can manage cookie settings in the various browsers:

 

If you use Internet Explorer

If you use Firefox

If you use Google Chrome

If you use Safari

 

§5 Analysis tools

 

(1) Tracking tools

The tracking methods used by us that are listed below are carried out on the basis of sentence 1 of Art. 6(1)(f) of the GDPR. These tracking methods ensure the website is designed based on demand and continually optimized. On the other hand, we use the tracking methods to collect statistical data on the use of our website with the goal of optimizing our site for you. These interests are legitimate within the meaning of the aforementioned regulation.

The respective data processing purposes and data categories are stated in the corresponding tracking tools.

 

aa) Google Analytics

a) We use Google Analytics, the web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter: "Google") to design our website based on demand and continually optimized. We create pseudonymized user profiles and use cookies (see point 4) for this. The information generated by the cookie about the use of this website such as

 

•         The browser type/version,

•         The operating system used,

•         The referrer URL (the last visited site),

•         The host name of your computer (IP address),

•         Time of the server request

will be transmitted to a Google server in the United States and stored there. The information will be used to evaluate the use of the website, create reports on website activities and provide other services associated with Internet use for the purposes of market research and targeted offers on this website.This information may also be transferred to third parties where required to do so by law or if the third parties have been hired to process this data. Google will never use your IP address in connection with other data from Google. The IP addresses are anonymized so that they cannot be connected with the users (IP masking).

You can prevent the installation of cookies by selecting the appropriate settings on the browser, but please be aware that you might not be able to use all of the functions of this website.

You can also prevent the collection of the data concerning your use of the website (including your IP address) generated by the cookie as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout).

 

As an alternative to the browser add-on, particularly for browsers on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on this link. It will generate an opt-out cookie that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid for this browser and only for our website and is stored on your device. If you delete the cookies in this browser you will have to regenerate the opt-out cookie.

For more information about data privacy in connection with Google Analytics, go to Google Analytics Help (https://support.google.com/analytics/answer/6004245).

b) Google Adwords Conversion Tracking

We also use Google Conversion Tracking to collect statistical data on the use of our website and evaluate it for the purpose of optimizing our website. To do this, Google Adwords stores a cookie (see point 4) on your computer if you came to our website via a Google ad.

 

These cookies are only valid for 30 days and are not used for personal identification purposes. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

 

Every Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to create conversion statistics for Adwords customers who have opted to use conversion tracking. Adwords customers receive information on the total number of users who have clicked on their ad and were redirected to a site with a conversion tracking tag, however, they do not receive any information that personally identifies the users.

 

If you do not want to participate in the tracking process, you can also turn off the required setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com." Google's privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/en.html).

 

§6 Social media plug-ins

 

(1) We currently use the following social media plug-ins: Facebook, Twitter, LinkedIn, Xing and Instagram. We use the so-called "two-click solution." This means that no personal data is initially passed on to the providers of the plug-ins when you visit our site. The provider of the plug-in can be identified by the marking on the box above its initial letter or logo. We provide you with the opportunity to use the button to communicate directly with the provider of the plug-in. The plug-in provider will receive the information that you have accessed the corresponding website of our online service only if you click on the marked field and activate it. The data mentioned under §3 of this privacy policy will also be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after it is collected. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with providers in the United States). Since the plug-in provider collects the data, in particular via cookies, we recommend that you delete all cookies before clicking on the grayed-out box in the security settings of your browser.

 

(2) We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, the retention periods. We also have no information about whether the collected data are deleted by the plug-in provider.

 

(3) The plug-in provider stores the data collected about you as use profiles and uses them to design its website based on demand. This data analysis is used (even for users who are not logged in), in particular, to provide advertising based on demand and to inform other users in the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact the respective plug-in provider to exercise this right. We use the plug-ins to offer you the opportunity to interact with the social networks and other users so that we can improve our site and make it more interesting for you as a user. The legal basis for using the plug-ins is sentence 1 of Art. 6(1)(f) of the GDPR.

 

(4)The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in on the plug-in provider's site, the data we collect will be attributed directly to your account with the plug-in provider. If you press the activated button and, for example, link to the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button since this will prevent the plug-in provider from associating you with your profile.

 

(5)For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the providers' privacy policies provided below. You will also find more information about your rights and settings options to protect your privacy there.

 

(6)Addresses of the respective plug-in providers and the URL with their privacy policies:

 

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook participates in the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.

 

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter participates in the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.

 

Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn participates in the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.

 

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. 

Instagram's Privacy Policy can be found at http://instagram.com/about/legal/privacy/.

 

§7 Embedding YouTube videos

 

(1) We have embedded YouTube videos on our websites. The videos are stored at http://www.YouTube.com and can be played directly from our website. These videos are all embedded in "privacy-enhanced mode." This means that no personal data related to you as the user is sent to YouTube if you do not play the videos. If you do play the videos, the data specified in paragraph 2 will be sent to YouTube. We have no influence on this data transfer.

 

(2) When you visit the website, YouTube receives the information that you have accessed the corresponding page on our website. The data mentioned under §3 of this privacy policy will also be transmitted. The data is transmitted regardless of whether or not you have an account with YouTube that you are logged into. If you are logged in to Google, your data will be attributed directly to your account. If you do not want this attribution to your YouTube profile, you must log out before activating the button. YouTube stores this data as use profiles and uses them for the purposes of advertising, market research and/or designing its website based on demand. This data analysis is used (even for users who are not logged in), in particular, to provide advertising based on demand and to inform other users in the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.

 

(3)For more information on the purpose and scope of the data collection and its processing by YouTube, please refer to the YouTube privacy policy. You will also find more information about your rights and settings options to protect your privacy there: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and participates in the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.

 

§8 Embedding Google Maps

 

(1) We use Google Maps on this website. This allows us to display interactive maps directly in the website and allow you to conveniently use the map feature.

 

(2) When you visit the website, Google receives the information that you have accessed the corresponding page on our website. The data mentioned under §3 of this privacy policy will also be transmitted. The data is transmitted regardless of whether or not you have an account with Google that you are logged into. If you are logged in to Google, your data will be attributed directly to your account. If you do not want this attribution to your Google profile, you must log out before activating the button. Google stores these data as use profiles and uses them for the purposes of advertising, market research and/or designing its website based on demand. This data analysis is used (even for users who are not logged in), in particular, to provide advertising based on demand and to inform other users in the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.

 

(3)For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the provider's privacy policies. You will also find more information about your rights and settings options to protect your privacy there: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and participates in the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.

 

§9 Data privacy

 

We use the popular SSL (Secure Socket Layer) method on the site in conjunction with the highest level of encryption supported by your browser, usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can recognize if a single page of our website is encrypted by the closed key or lock icon at the very left in the address bar of your browser.

 

We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. We continuously improve our security measures to keep up with technological developments.

 

§10 Updating and changing this data privacy policy

 

This privacy statement is currently valid as of May 2018. We reserve the right to change this privacy policy due to the further development of our website and offers or due to changing legal or regulatory requirements. 

 

 

Information from SHL AG Regarding the Processing of Your

Data Collected During Your Application

 

1.The responsible party for the data processing is

SHL AG 

Spaichinger Weg 14

78583 Böttingen, Germany

represented by the Executive Board 

Mr. Winfried Häring and Mr. Gerd Lehr 

Telephone: +49 (0) 7429 9304 0

Fax: +49 (0) 7429 9304 50

Email: info@shl.ag

 

Personal Data

The categories of personal data (i.e. data that can be directly traced back to you) that are processed during the application process particularly include the core data that is necessary for the application procedure, such as first name, last name, address, and telecommunication information. 

 

We have received or collected this data from you in a proper manner as part of the application process. We may also, however, have received this data from third parties (e.g. employment agency) if you have provided your data for further communication.

 

Purpose of the Processing of Personal Data / Legal Basis

We process your personal data on the basis of the provisions of the General Data Protection Regulation (GDPR), the German Data Protection Act (BDSG), and all other applicable laws (e.g. BGB, AGG). 

 

The data collection and processing serves the execution of the application process, as well as the assessment of the extent to which applicants are suitable for the respective advertised position. The data processing is necessary in order to be able to make a decision regarding the establishment of an employment relationship. The legal basis for this is Art. 6 Para. 1 b GDPR in conjunction with Section 26 Para. 1 BDSG. Consent in accordance with Art. 6 Para. 1 a, Art. 7 GDPR in conjunction with Section 26 Para. 2 BDSG can also be considered a legal basis for data processing. 

 

Provided that special categories of personal data in accordance with Art. 9 Para. 1 GDPR are processed (in particular, health information), this is only done with your consent in accordance with Art. 9 Para. 2 a GDPR, to the extent that legal authorizations such as Art. 9 Para. 2 in conjunction Section 26 Para. 3 BDSG are not relevant.

 

If we wish to process your personal data for a purpose that is not mentioned above, we will inform you of this in due time beforehand.

 

Categories of Recipients of Personal Data

Your personal data will only be communicated to the people and units that require it as part of the application process (e.g. Human Resources department, Executive Board, Department Management) or that ensure compliance with legal or (pre)contractual obligations (e.g. Accounting, tax consultant if needed, tax authorities). 

 

Duration of Data Storage

We will delete your personal data as soon as it is no longer needed for the aforementioned purposes. This is usually done six months after the completion of the application process. This does not apply if legal provisions prevent the deletion or if continued storage is necessary for the purposes of documentation and record-keeping. In the event that an employment relationship has been established, we will transfer your data over to our human resources management systems. At your request or with your consent, we will also store your data if you were not chosen for the specific position opening, but could be a candidate for a potential later opening. 

 

No Automatic Decision-Making / Profiling

We do not carry out automated decision-making in individual cases or profiling (Art. 22 GDPR). 

 

Your Data Protection Rights:

In accordance with Art. 15 GDPR, you can request information on the data stored about you. Furthermore, you can, in accordance with Art. 16, Art. 17, and Art. 18 GDPR and under certain circumstances, request the rectification, the erasure, and the restriction of processing of your data. You have a right to receive the data you have provided in a structured, commonly used, and machine-readable format (Art. 20 GDPR). If your data is processed pursuant to Art. 6 Abs. 1 e and f GDPR (including processing in the public interest, to preserve legitimate interests), you can object to this processing in accordance with Art. 21 GDPR (for instance, sending an email to Datenschutz@shl.ag with the subject "Data Protection" is sufficient).

 

We will then cease to process your personal data unless there are compelling legitimate grounds for the processing that prevail over your interests, rights, and freedom, or if the processing serves to assert, exercise, or defend any and all legal rights and claims.

 

You have the right, in accordance with Art. 7 Para. 3 GDPR, to revoke any consent granted pursuant to Art. 6 Para. 1 a or Art. 9 Para. 2 for the processing of personal data at any time without providing a reason, in which case the legality of the processing done based on the consent until the revocation remains unaffected.

 

In accordance with Art. 77 GDPR, you have the right to file a complaint with a supervisory authority. The responsible data protection supervisory authority in Baden-Württemberg is:

State Officer for Data Protection and Freedom of Information in Baden‑Württemberg

Königstraße 10a

70173 Stuttgart, Germany

Tel.: 0711 / 61 55 41 -0

Fax: 0711 / 61 55 41 -15

Email: poststelle@lfdi.bwl.de

 

Böttingen, May 2018