I. Name and address of the person commissioned
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
ProGlass GmbH Michael-Becker-Str. 2
73235 Weilheim an der Teck
Germany
Telephone: 0 70 23/9 00 13-0
Fax: 0 70 23/9 00 13-23
Email: info [at] proglass.de
Website: https://www.proglass.de
II. Name and address of the data protection officer
The data protection officer of the commissioner is:
Silista GmbH
Silvaner Weg 24
73235 Weilheim an der Teck
Germany
Email: datenschutz [at] proglass.de
III. General information on data processing
Scope and type of processing of personal data As a matter of principle, we only process personal data of our users insofar as this is necessary to provide a functional website and our content and services.
These data are:
Inventory data (e.g. names, addresses).
Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates and other information about a specific position or voluntarily provided by applicants about their person or qualification).
Content data (e.g. text input, photographs, videos).
Contact details (e.g. email, telephone numbers).
Meta / communication data (e.g. device information, IP addresses).
Usage data (e.g. websites visited, interest in content, access times).
Contract data (e.g. subject of the contract, duration, customer category).
Payment data (e.g. bank details, invoices, payment history).
Categories of data subjects
Applicants.
Business and contractual partners.
Interested persons.
Communication partner.
Customers.
Users (e.g. website visitors, users of online services).
Purposes of processing
Application process (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship.).
Office and organizational procedures.
Contact requests and communication.
Contractual services and services.
Management and answering of inquiries.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
IV. Use of cookies
Cookies are used on our website. Cookies are small pieces of text information that are stored on your device via your browser. The cookies are required to enable certain functions of our website. We use both session cookies, which are automatically deleted from your browser immediately after you have finished visiting the website. In the area of web analysis, however, we also use so-called persistent cookies, which are not automatically deleted after you have finished visiting our website. You have the option of preventing cookies from being set by making the appropriate settings in your browser. However, we would like to point out that the use of our website may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.
V. Newsletter
Description and scope of data processing You can subscribe to an email newsletter on our website. In addition to the voluntary information in the respective form, we only process your e-mail address. However, this is also absolutely necessary in order to be able to send you the newsletter.
Double opt-in procedure: The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta / communication data (e.g. device information, IP addresses).
Affected persons: communication partner
Purposes of processing: direct marketing
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Opposition option (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail
VI. Registration
Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. A transfer of data to third parties does not take place.
Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta / communication data (e.g. device information, IP addresses).
Affected persons: customers.
Purposes of processing: Provision and use of the online shop
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Opposition and removal option
As a user, you can cancel your registration at any time. You can have the data stored about you changed at any time. With regard to the data that are required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations to prevent deletion.
VII. Contact form and email contact
Description and scope of data processing
We offer a contact form on our website which you can use to request information about our products or services or to contact us in general. We have marked the data you need to answer an inquiry as mandatory fields. Information on other data fields is voluntary. We need this information in order to process your request, to address you correctly and to send you an answer. The data processing takes place in the case of specific inquiries for the fulfillment of a contract or the initiation of a contract. In the case of general inquiries, processing takes place on the basis of a weighing of interests. Inquiries received via the contact form on our website are electronically processed by us in order to answer your request. In this context, other people or departments and possibly third parties may also receive knowledge of the form content that you have sent. The form data is transmitted over the Internet via encrypted connections. Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation. Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta / communication data (e.g. device information, IP addresses). Affected persons: interested parties Purposes of processing: contact Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
VIII. Web analysis
The web analysis tool “Google Analytics”, a service offered by Google Ireland Limited, is used on this website. The purpose of the use is the “needs-based design” of this website, which is carried out on the basis of a weighing of interests. The web analysis also enables us to identify and correct errors on the website, e.g. due to incorrect links. Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and that enable your use of the website to be analyzed. So-called “client IDs” are used, which are used to create pseudonymous usage profiles that collectively record the use of the Internet pages by desktop computers and mobile devices by a user. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Since we have activated the so-called IP anonymization on this website and have concluded a corresponding order processing contract with Google, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. Google in the USA is certified according to the so-called “Privacy Shield” (list entry). Google guarantees an adequate level of data protection. Google Analytics: online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Data protection declaration: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opposition option (opt-out): Opt-out plug-in: http://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements: https://adssettings.google.com/authenticated.
IX. Presence in social networks
We maintain an online presence within social networks in order to communicate with the users who are active there or to offer information about us there. We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because, for example, the enforcement of the users’ rights could be made more difficult. With regard to US providers who are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they undertake to comply with the EU data protection standards. For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. Device information, IP addresses). Affected persons: users (e.g. website visitors, users of online services). Purposes of processing: contact requests and communication, tracking (e.g. interest / behavior-related profiling, use of cookies), remarketing, range measurement (e.g. access statistics, recognition of returning visitors). Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers: Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Data protection declaration: http://instagram.com/about/legal/privacy. Facebook: social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/about/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opposition option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, data protection information for Facebook pages: https://www.facebook.com/legal/ terms / information_about_page_insights_data. LinkedIn: social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Data protection declaration: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opposition option (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. YouTube: social network; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Data protection declaration: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opposition option (opt-out): https://adssettings.google.com/authenticated.
X. Commercial and business services
Personal data is also processed for the operation of our online shop and the ordering of goods and / or services. With regard to the shop functions, this is basically done to initiate or fulfill contracts for the purchase or procurement of our goods and service providers. With regard to the display of suitable products in your device, we process data from the use of the online shop on the basis of a weighing of interests.
Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract, term, customer category), usage data (e.g. websites visited, interest in content , Access times), meta / communication data (e.g. device information, IP addresses). Affected persons: interested parties, business and contractual partners, customers. Purposes of processing: contractual services and services, contact inquiries and communication, office and organizational procedures, administration and answering of inquiries, security measures. Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit.b.GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. 1 S. 1 lit.f. GDPR).
XII. Use of online marketplaces for e-commerce
We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data protection notices of the respective platforms apply. This applies in particular with regard to the methods used on the platforms for range measurement and interest-based marketing. Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract, term, customer category), usage data (e.g. websites visited, interest in content , Access times), meta / communication data (e.g. device information, IP addresses). Affected persons: customers. Purposes of processing: contractual performance and service. Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Par. 1 S. 1 lit. f. GDPR). Used services and service providers: eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Website: https://www.ebay.de/; Data protection declaration: https://www.ebay.de/help/policies/member-behavior-policies/datenschutzerklrung?id=4260.Google
XIII. Payment service provider
As part of contractual and other legal relationships, we offer the persons concerned efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively, “payment service providers”). The data processed by the payment service providers include inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. Device information, IP addresses). Affected persons: customers. Purposes of processing: contractual performance and service. Legal basis: fulfillment of the contract (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers: PayPal: payment services; Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Worldline S.A., River Ouest 80, 95870 Bezons, France; Website: https://de.worldline.com; Data protection declaration: https://de.worldline.com/de/privacy.html
IV. Communication via Messenger
We use messenger services for the purpose of the quick transmission of your damage images and therefore ask you to observe the following information on the functionality of the messenger, on encryption, on the use of the metadata of communication and on your options for objection. You can also contact us in alternative ways, e.g. by phone or email. Please use the other contact options available to you. In the case of end-to-end encryption of the content of the messenger service, we point out that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use the latest version of the messenger with activated encryption to ensure that the message content is encrypted. However, we also point out to our communication partners that the messenger providers do not see the content, but can find out that and when communication partners are communicating with us as well as technical information about the device used by the communication partner and, depending on the settings of their device, location information ( so-called metadata). Notes on legal bases: If you contact us via a messenger service, we use messenger in relation to our contractual partners and as part of the contract initiation as a pre-contractual measure. In the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messengers. Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time.
Processed data types: contact data (e.g. e-mail, telephone numbers), usage data, meta / communication data (e.g. device information, IP addresses). Affected persons: prospects, customers. Purposes of processing: contact requests. Legal basis: Pre-contractual measure (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
Facebook Messenger: Facebook Messenger with end-to-end encryption (the end-to-end encryption of the Facebook Messenger requires activation if it is not activated by default); Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/about/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opposition option (opt-out): https://www.facebook.com/settings?tab=ads. WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; Website: https://www.whatsapp.com/; Privacy policy: https://www.whatsapp.com/legal; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active.
XI. Application process
The application process requires that applicants provide us with the data required for their assessment and selection. The information required can be found in the job description or, in the case of online forms, from the information provided there.
Processed data types: Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates and other information about their person with regard to a specific position or voluntarily provided by applicants or qualification).
Affected persons: applicants.
Purposes of processing: application procedure (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship.).
Legal basis: Art. 9 Para. 1 S. 1 lit. b GDPR (application procedure as a pre-contractual or contractual relationship).
XII. Rights of the data subject
You have the right to information about your personal data. You can contact us at any time for information. In the event of a request for information that is not made in writing, we ask for your understanding that we may request evidence from you that proves that you are the person you claim to be.
Furthermore, you have the right to correction or deletion or to restriction of processing, insofar as you are legally entitled to do so. Finally, you have the right to object to processing within the framework of the legal requirements. A right to data portability also exists within the framework of data protection regulations.
Deletion of data
We generally delete personal data if there is no need for further storage. A requirement can exist in particular if the data is still required to fulfill contractual services, to check warranty and, if applicable, guarantee claims and to be able to grant or defend them. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is against violates the GDPR. The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.