Private Policy 

Gruner AG would like to thank you for your visit on our webpages and your interest in our company and our services. The protection of your privacy in regard to processing is an important matter to us. Therefore, your data will exclusively be processed in accordance with the provisions of the German Data Protection Act as well as the General Data Protection Regulation of the European Union. We want you to feel safe during your visit on our pages.

Introduction
With this privacy policy, we attend to our duty of information towards our visitors and users according to art. 3 General Data Protection Regulation (GDPR). We specifically focus on protecting personal data. Personal Data are particulars about personal or material conditions of a specified or specifiable natural person. This includes information as for instance, name, address, e-mail address and phone number. The legal bases of data protection are to be found in the GDPR as well as the German Telemedia Act (TMG) and the EU ePrivacy regulation.

Your rights in regards to data protection as a user of this website (rights of the persons affected)
The data protection law views you as an affected person of our initiated collection of your personal data in the scope of your visit on our website. Accordingly, the legislator has made provisions for a number of rights of the persons affected that you can make use of as a user of this website. In particular, these rights are the following:

At any time, you have the right of information about your personal data, their origins and recipient and the reason for data processing free of charge and without giving reasons. Likewise, you have the right to adjustment, correction, blockage or deletion of this data. You may also restrict processing of your data or object to processing of your data (right of objection), just as well you generally have the right of data transferability. If you have provided us with your consent to processing of your data, you can revoke it at any time. Additionally, you have the right of appeal with the regulatory authorities according to art. 77 GDPR.

Contact Data: Responsible Person – Data Protection Coordinators – Data Protection Officer
If you have any questions regarding data protection at «Adresse_Name1» that cannot be answered with the information provided in this privacy policy or if you would like to put your rights as a person affected into practice, you have the following opportunities to contact us:

The management or executive board that you can find in the imprint on www.gruner.de ais responsible for data processing. However, given that the management has an abundance of other responsibilities, we recommend contacting our data protection coordinators (datenschutz@gruner.de) directly. You may also send your inquiry by mail; the corresponding address can be found in the imprint as well.

Furthermore, Gruner AG has commissioned an external data protection officer that is available under datenschutz@gruner.de . We would like to inform you that you may address any of our employees with your inquiries regarding your rights as a person affected. However, it would present a great relief to us if you would address your concerns directly to our data protection coordinators (datenschutz@gruner.de).

If you would like to make use of your right of appeal according to art. 77 GDPR, please contact the responsible supervisory authority.

Recipients of Personal Data
If you submit your personal data to us, the main recipients are the employees of Gruner AG that have been entrusted with it. Moreover, it is possible that we commission other companies or individuals with the fulfilment of tasks in our name, for instance services that you requested through the contact inquiry (e.g. a printed product brochure). In this case, it is possible that the companies commissioned by us get to process your data for the intended purpose. For more detailed information regarding this matter, please see the section “Obligations of Employees and external Service Providers” and “Cooperation with external Service Providers”.

Transmission of Personal Data in a Third Country
We do not have the intention to transmit personal data beyond the geographic scope of the GDPR. However, given that we occasionally use web services provided by Google (e.g. for the graphic layout of the slogans we use “fonts.gstatic.com”), data such as, for instance, IP addresses and/or so-called referral links or online identifiers might be transmitted, depending on your browser settings. Since we do not initiate the combination of that data, it cannot be ruled out that personal data is created and/or processed beyond the geographic scope of the GDPR.

Duration of Storage
Personal data that has been submitted over our own website will only be stored until its intended purpose is fulfilled. Taking retention periods in accordance with commercial and fiscal laws into consideration, the duration of storage of specific data can be up to 10 years.

Intention of Data Collection
The use of our page is generally possible without submitting personal data. In order to use particular services on our page, however, different regulations might apply that, in this case, will be individually elaborated and inform you especially about the nature, extent and purpose of the collection and processing of personal data. Nevertheless, we only generally only process personal data whenever it is necessary for providing a functional website as well as contents and services. In case of data collection, it is for the purpose of technical provision of our online presence, for informational purposes and for contractual purposes when providing services. Your personal data will be used exclusively for the aforementioned purposes and only within the scope and to the extent necessary to fulfil these purposes. If you apply for employment at Gruner AG, another purpose for data processing is the potential conclusion of an employment contract.

Legal Base of Data Collection
Personal data may only be processed in accordance with a legal base. Whenever we process personal data in the scope of our web presence, we generally do so due to legitimate interest of the person responsible, article 6, paragraph 1 GDPR.

The preservation of legitimate interests is a balance of interests and includes not only our interests as the company responsible for the processing but also the interests of the users of our websites. We as a company want to inform you about our company as well as our services. You as a user and potential customer, supplier, competitor, information seeker and/or applicant have an interest in informing yourself about is, our services and products in a technically accessible and comfortable way. Moreover, we give our visitors the opportunity to get into contact with us through our website. Respectively, the processing of data complies with the interests on both ends. At the same time, the processing of personal data is reduced to a minimal extent so that we come to the conclusion that the preservation of legitimate interest can act as the legal base for the processing.

In addition, we use the legal ground of consent in regard to the application process (article 6, paragraph 1 GDPR). This consent is voluntary and serves the purpose of staff recruitment and transmission of your data into an internal talent pool. For more information, see the section “Applications”. You can freely choose whether you would like to give consent or decline. There will be no negative consequences whatsoever in case of declination. You can revoke previously given consent partially or fully at any time. The legality of processing on the legal ground of consent will persist until the revocation. This means that even in case of revocation of consent, the processing that happened in the past will not become unlawful.

Cookies
Our web site makes use of so-called Cookies, which serve as a means of making our online presence as a whole more user-friendly, more effective as well as more secure – for example when it comes to accelerating navigation on our platform. Furthermore, cookies enable us to measure the frequency of page views and navigation in general.

Cookies are small text files that are stored on your computer system. Cookies are not harmful to your computer and do not contain viruses. Please note that some of these cookies will be transferred from our server to your computer system, which will be so-called “session cookies”. “Session cookies” are characterised by being automatically deleted from your hard drive when the browser session has ended. Other cookies remain on your computer system and enable us to recognise your computer system at your next visit (so-called permanent cookies). Naturally, you can decline cookies at any time, should your browser allow it. However, please be aware that in this case not all features on our website will be available to be used with full functionality. The help-function in the menu bar of most web browsers will explain how to keep your browser from accepting new cookies, how to make your browser notify you whenever you receive a new cookie or even how to turn off all received cookies. Naturally, you can subsequently delete all cookies. The procedure is dependent on your browser as well as your operating system. We kindly ask you to look up the correct procedure for subsequent deletion of cookies for your system.

Server Log
Every visit of the pages of this web presence is registered and stored in the so-called Server Log files. This data serves exclusively to analyse server utilisation. The collected data in this procedure specifically contains the following:

  • The requesting host address
  • Time and date of the request
  • Name of the requested file
  • HTTP status code
  • Amount of transmitted data
  • Internet page from which you visit us (referrer URL)
  • Browser / operating system / interface
  • Particulars about which server services were used
  • Protocol version

This anonymous data will be stored separately from your possibly submitted personal data and will not allow any inference to a specific person. It will only be transmitted to third parties when prescribed by law or court order. There will be no transmission for commercial or non-commercial purposes. We reserve the right to check this data, should there be concrete indications of unlawful use.

Contact Opportunity
We offer you the option on our page to contact us via e-mail and/or contact forms. Your submissions from the request form, including the contact data you submitted in order for us to process the request and for the case of further questions will be encrypted before they are transmitted to and stored with us. If you would like to contact us via e-mail, we would like to point out that the confidentiality of the transmitted information in unencrypted e-mails is not guaranteed. The content of unencrypted e-mails can be viewed by third parties (see section “Information Security).

Use and Transmission of Personal Data
If you commission us to provide a service, your personal data will only be used to the extent that is necessary for the execution of the commission (e.g. processing of information enquiries or requests for brochures). This especially includes the transmission of your data to transport companies, credit companies or other services used for service delivery or contract processing. A further transmission, especially sale of your personal data to third parties, does not take place. This procedure has the following exceptions: we disclose customer accounts and personal data of customers whenever we are legally obligated to do so or whenever such a transmission is necessary to protect our own rights, those of our customers and those of third parties, e.g. in the case of attacks on our network infrastructure. This can, for instance, include an exchange of data with companies that specialise in prevention or minimisation of abuse and credit card fraud and/or IT security. We explicitly point out that in this context there will be no transmission of data for commercial purposes that does not comply with this privacy policy.

Obligations of Employees and external Service Providers
As a matter of course, our employees and the service providing companies we commission are obligated to discretion and compliance with the provisions of GDPR.

Cooperation with external Service Providers
We commission other companies and individuals with the fulfilment of task on our account. This can include, for instance, package delivery, dispatch of letters or e-mails, analysis of our databases, IT services, advertising measures, payment transactions as well as customer service. These service providers have access to personal information that is necessary for the fulfilment of the given tasks. However, they may not use them for other purposes. Furthermore, they are obligated to handle the information in accordance with this privacy policy as well as GDPR. If these sub-companies are processors as per article 28 GDPR, we have concluded respective lawful contracts with them.

Information Security
«Adresse_Name1» uses technological and organisational security measures in accordance with the current state of knowledge to protect the data you provided us with from random or deliberate manipulation, loss, destruction or access by unauthorised individuals. Therefore, your data will be stored in a secure operating environment that is not accessible to the public. Our security measures will be reviewed periodically and constantly improved pursuant to the technological development. If you want to contact us via e-mail, please be aware that the confidentiality of the submitted information is not ensured for unencrypted e-mails. The content of unencrypted e-mails can be accessed by third parties. Hence, we recommend sending confidential information either in an encrypted manner or by mail. Your e-mail address will exclusively be used for our correspondence with you. There will be no deviating use or transmission to third parties.

Protection of your Data via TLS / SSL
To ensure safe data transmission on the internet we use the hybrid encryption protocol Transport Layer Security (TLS), more commonly known under its predecessor’s name Secure Sockets Layer Software (SSL). This software encrypts the information you submit. All information relevant to data protection are stored in a protected database in an encrypted state.

Consent, State and Change of this Privacy Policy
By using our website, you consent to the aforementioned data processing as of 22.05.2018. We explicitly reserve the right to take legal action in case of unrequested mailing of advertising information, for instance in the shape of spam e-mails.