Data protection

DATA PROTECTION DECLARATION

Data protection policy for the website www.debag.com

Our handling of data protection

Data protection law is part of our personality law. In our constantly developing and networked world, the significance of these laws cannot be underestimated. For DEBAG Deutsche Backofenbau GmbH, data protection law in all its forms and requirements is considered to be extremely important. Therefore, we also take the protection of your data very seriously and always endeavour to provide a corresponding level of protection on our website, www.debag.com.

You are free to use our website without providing your personal data. However, it may be the case that the gathering and processing of your data will be necessary, should you wish to use one of our services or get in touch with us via our website. Should this be the case and should there be no legal basis for this processing, we will always obtain your consent for the respective process.

As the processing controller, we have implemented numerous technical and organisational measures, in order to ensure the greatest possible level of protection of the personal data which is processed via this Internet site. However, as absolute protection during data transfer cannot be fully guaranteed despite all technical precautions, you are free to provide us with your personal data via other channels, for example by telephone.

1. Data protection law specifics

It is intended that our data protection policy will be easily readable and understandable both for the public and for you as a customer and business partner. In order to guarantee this, we wish to explain some of the terms used by us which you will come across in this data protection policy. Terms which require a more detailed explanation concerning their nature and use are dealt with in their own paragraphs (for example cookies).

Personal data

Personal data is all information which relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by means of assignment to a label such as a name, identification number, location data, online profile or one or more special characteristics which express the physical, physiological, genetic, psychic, economic, cultural or social identity of such a natural person.

Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller. Therefore, in case of doubt, you are a data subject.

Processing

Processing is any procedure which is carried out with or without the assistance of automated procedures or any series of processing in connection with personal data. The term “processing” includes any interaction with data, be this its gathering, evaluation, saving, transfer or erasure.

Profiling

Profiling is any type of automated processing of personal data with the objective of using this personal data in order to evaluate, analyse or forecast certain personal aspects which relate to a natural person.

In order to protect your personal data, we do not use profiling on our website.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without using additional information, provided that this additional information is stored separately and subject to technical and organisational measures which guarantee that the personal data is not assigned to an identified or identifiable natural person.

Controller or body responsible for the processing

The controller or body responsible for the processing is the natural or legal person, authority, institution or other location which takes a decision alone or with others concerning the purposes and means of the processing of personal data.

Order processor

An order processor is a natural or legal person, authority, institution or other location which processes personal data on behalf of the controller.

Recipient

A recipient is a natural or legal person, authority, institution or other location to whom personal data is disclosed, regardless of whether this is a third-party or not.

Third-party

A third-party is a natural or legal person, authority, institution or other location apart from the data subject, controller, order processor and the persons who are authorised under the direct responsibility of the controller or order processor to process the personal data.

Consent

Consent is any statement of will submitted voluntarily by the data subject for the specific case in an informed manner with no misunderstandings in the form of a declaration of other clear confirmatory action, whereby the data subject makes it clear that he or she agrees to the processing of the personal data relating to him or her.

Tracking In the area of online marketing,

tracking means the recording of the user behaviour of a website visitor. With the assistance of the tracking, it is possible to trace the websites from which a visitor accessed one’s own website, how long the visitor remained on the website, which pages were accessed and the IP address of the visitor. In order to access this data, cookies are used amongst others and evaluations take place with tools, for example Google Analytics. This allows the success of marketing campaigns to be considered and measures to be taken in order to optimise and adjust these. By means of these measures, the website can be made more user friendly and be better tailored to the customers.

Bandwidth measurement

The primary purpose of bandwidth measurement is to determine the use intensity, number of visitors and users of a website and their surfing behaviour in statistical terms on the basis of a unified standard procedure. With the assistance of various tools, the website operators can see in an exact manner how many people are reached with a contribution. It is also possible to precisely determine how often a person clicks on an advert and from which websites, adverts or articles a person accesses one’s own website as examples.

The necessary data for this purpose is gathered and processed in accordance with the GDPR and German data protection laws. By means of technical and organisational measures, it is ensured that individual users cannot be identified at any time. Data which may relate to a specified, identifiable person is anonymised as quickly as possible.

2. Who we are

The controller of this website in accordance with the GDPR is:

DEBAG Deutsche Backofenbau GmbH

Managing directors: Jost Straube, Johannes Wilhelm
Dresdner Straße 88
02625 Bautzen, Germany
Tel: +49 (0) 3591 / 360 – 0
Email: info@debag.com
Website: www.debag.com

3. The data and information which we record

Each time our Internet site is accessed, it records various general data and information from you. This general data and information is saved in the logfiles of the server. The following may be recorded:

(1) Browser types and versions used

(2) The operating system used by the accessing system

(3) The Internet site from which an accessing system is redirected to our Internet site (so-called referrer)

(4) The sub-websites via which an accessing system is directed to our Internet site

(5) The date and time of accessing the Internet site

(6) An IP address

(7) The Internet service provider of the accessing system

(8) And other similar data and information which serves the purpose of defending against danger in case of attacks against our IT systems

When using this general data and information, it is not possible for our company to trace you. Rather, this information is required in order to correctly display the contents of our Internet site and other content, as well as to optimise the advertising for the content.

We also require the information referred to above for the continued functionality of our IT infrastructure and for the Internet site technology. Last but not least, it may be the case that we require the information in order to provide the criminal prosecution authorities with the necessary data in case that charges are brought.

Therefore, this data and information which is gathered anonymously is used by us for obtaining statistical knowledge on the one hand, but also in order to optimise data protection and data security at our company, in order to ultimately ensure an optimal level of protection for the personal data which is processed by us. The anonymous data of the server logfiles is saved separately from all of the personal data which you have provided.

The concrete purposes of the data processing on our website include:

Provision of our online server and attendant user friendliness
Office and organisational procedures
Performance of contractual services
Administration of and response to queries
Bandwidth measurement
Tracking
Security measures

4. What rights do you have?

Under the GDPR, the European legislator has provided you with various options for claiming your rights, also in relation to us. In order to properly comply with our information obligation, we are setting these rights out below:

a) Right of confirmation

You have the right to request confirmation from us as to whether your personal data is being processed.

b) Right of information

You have the right to receive free-of-charge information from us at any time concerning your personal data which is saved by us (for example the purpose of the processing or the categories of data which are being processed), as well as a copy of this information.

c) Right of rectification

You have the right to request the immediate rectification by us of the incorrect personal data which relates to you. Taking the purposes of the processing into account, you also have the right to request the completion of incomplete personal data, also by means of a supplementary declaration.

d) Right of erasure (right to be forgotten)

You have the right to request that we immediately erase the personal data relating to you. We are also obliged to immediately erase personal data, should a reason be present which does not justify the processing of the data.

e) Right to have the processing restricted

You have the right to request that we restrict the processing of your data.

f) Right of data portability

You have the right to receive the personal data relating to you which you have provided to us in a structured, up-to-date and machine-readable format. You also have the right to transfer this data to another controller without being hindered by us to whom the personal data has been provided.

g) Right of objection

You have the right to raise an objection at any time against the processing of personal data for reasons connected to your specific situation, where this takes place in accordance with Article 6 Paragraph 1 Letters e) or f) GDPR.

We will no longer process the personal data, unless we can prove mandatory protectable reasons for the processing which outweigh your interests, rights and freedoms or unless the purpose of the processing is the assertion, exercising or defence of legal claims.

h) Right of information and right to complain to a supervisory authority

You have the right to contact a supervisory authority at any time, should you have any queries relating to data protection.

Should you be of the opinion that the processing of personal data relating to you breaches data protection laws, you also have the right to submit a complaint to a competent supervisory authority.

However, in order to prevent the above becoming necessary, we would appreciate you working together with us to find a solution in case of any irregularities.

i) Right to revoke consent given under data protection laws

You have the right to revoke at any time consent which you have given to the processing of personal data.

Should you wish to claim your right to revoke consent, you can contact us at any time via the following address for this purpose:

DEBAG Deutsche Backofenbau GmbH

Sabine Petermann
Dresdner Straße 88
02625 Bautzen, Germany
Tel: +49 (0) 3591 / 360 – 0
Email: sabine.petermann@debag.com
Website: www.debag.com

5. Provision of the online service and web hosting:

So that we can provide our website in a secure and efficient manner, we use the services of one or more web hosting providers, from whose servers (or the servers administered by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computer capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed on our website can include any information which is collected during use and communication. This regularly includes the IP address, which is necessary to display the content of our online services and all entries which are made within our online services or from websites.

Email sending and hosting: We use web hosting services, which include the sending, receipt and saving of emails. For this purpose, the addresses of the sender and recipient, as well as further information concerning the sending of the email (for example the involved providers) and the content of the respective emails are processed.

Please bear in mind that it is not generally possible to send encrypted emails over the Internet. In most cases, whilst emails are encrypted during the transportation phase, they are not encrypted on the servers from which they are sent and on which they are received (unless so-called end to end encryption is used). Therefore, we cannot assume any responsibility for the transportation of emails between the sender and receipt on our server.

Gathering of access data and logfiles: We gather data in relation to each server access (so-called logfiles). The server logfiles can include the address and name of the accessed websites and files, the date and time of access, the transferred data quantities, a report concerning the successful access, the browser type and version, the operating system of the user, the referrer URL (previously visited site) and, as a rule the IP addresses and requesting provider. In brief, server logfiles record all processes which take place on a website.

Amongst others, the purpose of the server logfiles is security, by means of which attacks are recognised and defended against or to guarantee server capacity and its security.

Types of data processed: Content data (for example text entries, photos, videos), use data (for example websites visited, interest in content, access times), meta / communication data (for example device information, IP addresses).
Data subjects: Users (for example website visitors, users of online services)
Legal basis: Legitimate interests (Article 6 Paragraph 1 Sentence 1 Letter f) GDPR)

6. Erasure and blocking of personal data

We only process and save your personal data for the period of time which is necessary in order to attain the purpose of the saving or should this be provided for by the issuer of European directives and regulations or by another legislator in laws or regulations to which we are subject. Accordingly, the criteria for the duration of the saving of personal data is the respective statutory retention period.

Should the purpose of the saving no longer apply or should a saving period provided for by the issuer of European directives and regulations or another competent legislator expire, the personal data will be routinely blocked or erased in accordance with the statutory regulations, once it is no longer required in order to fulfil or negotiate the contract.

7. Protection of minors

Consent to the processing of personal data can only be issued by an adult. In accordance with Article 8 GDPR, the consent of a child over the age of sixteen is lawful for services of the information company.

8. How we handle cookies

Our website is operated in part by means of the use of cookies. Cookies are text files which are deposited and saved on your computer system via your Internet browser.

Numerous Internet sites and servers use cookies. In simple terms, the purpose of cookies is to provide the website with “memory”. These are essential for many website operators in order to provide you as the website visitor with a seamless and technically flawless experience.

Many cookies contain a so-called cookie ID. A cookie ID is a clear identification of the cookie. It consists of a character sequence, by means of which Internet sites and servers can be assigned to the concrete Internet browser in which the cookie was saved. This enables the visited Internet sites and servers to distinguish your individual browser from other Internet browsers which contain other cookies. A specific Internet browser can be recognised once again and identified via the clear cookie ID.

By using cookies, our website can provide you with more user-friendly services, which would not be possible without the setting of cookies. There is a difference between the following cookie types and functions:

Cookies which differ according to the duration of their saving

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest once you have left an online service and closed the browser.
Permanent cookies: Permanent cookies remain saved after the browser has been closed. For example, the purpose of these is to save your login status or to display content which you have often or gladly viewed.

Cookies which differ according to their origin

First party cookies: First party cookies are set by us ourselves.
Third-party cookies (also: Third-party provider cookies): Third-party provider cookies are generally placed by advertisers (so-called third parties) in order to process user information.

Cookies which differ according to their purpose

Necessary cookies: On the one hand, cookies may be necessary for the operation of a website (for example in order to save logins or other user information or for security reasons).
Statistical, marketing and personalisation cookies: It may be the case that cookies are used in the course of bandwidth measurement (web analysis), in particular if your interests or behaviour (for example evaluation of specific content, use of functions) on individual websites are saved in a user profile. As an example, the purpose of such profiles is to display content to the users which corresponds to their potential interests. This procedure is also known as “tracking”, i.e. determining the potential interests of the users. Should we use such cookies or other “tracking” technologies”, we will inform you of such separately in our data protection policy or by obtaining your consent directly when you launch our website (cookie banner).

At any time, you can prevent the setting of cookies by our Internet site by setting your Internet browser accordingly and by means of this, permanently objecting to the setting of cookies. Furthermore, cookies which have already been set can be deleted at any time via your Internet browser or by using other software programs. This is possible in all current Internet browsers. Should you de-activate the setting of cookies in the Internet browser which you are using, then under certain circumstances, it may not be possible to fully use all of the functions of our Internet site.

What to expect on our website

We provide various content on our website, in order to provide you as a user with an interesting surfing experience, so that we make a lasting and positive impression on you of us and our company. In order to do so, we use various programs, tools and a large selection of additional content. Below, we wish to explain the above in individual terms.

9. Getting in touch via the Internet site

Due to statutory regulations, our website contains information which enables speedy electronic contact initiation with our company, as well as direct communication with us, which also includes a general email address.

Should you get in touch with us by email or via our contact form, the personal data which you provide will be saved automatically. Such personal data which is transmitted to us voluntarily will be saved for the purposes of processing or getting in touch with you. This personal data will not be passed on to third parties.

Concrete data processing:

Types of data processed: Core data (for example name, address), contact data (for example email address, telephone number), content data (for example text entry, photographs, videos).

Data subjects: Communication partner:

Purposes of the processing Contact queries and communication

Legal basis: Fulfilment of the contract and pre-contractual queries (Article 6 Paragraph 1 Sentence 1 Letter b) GDPR), legitimate interests (Article 6 Paragraph 1 Sentence 1 Letter f) GDPR)

10. We provide a commercial service

We provide a commercial service on our website. By means of this, you will become our business partner where possible. In such a case, it may be such that we process your data in the course of the communication with us within the framework of the contractual or comparable legal relationship, for example in order to respond to queries.

We process this data in order to fulfil our contractual obligations, in order to safeguard our rights, in order to carry out the administrative tasks connected to this information, as well as for internal company organisational purposes. Within the framework of applicable laws, we only pass your data on to third parties if this is necessary for the purposes named by us or in order to fulfil statutory obligations or if this takes place with your consent (for example to involved telecommunications, transportation and other service providers, as well as to subcontractors, banks,, tax and legal advisers, payment service providers or tax authorities). It goes without saying that we will inform you in our data protection policy of other data processing, for example for marketing purposes.

We will inform you before or during the data gathering process of which data is necessary for our commercial purposes, for example in online forms, by means of special labelling (for example colours), symbols (for example stars or similar) or personally.

We will delete the data after the expiry of statutory warranty obligations and comparable obligations, i.e. generally after the expiry of a period of 4 years, unless the data is saved in a customer account, for example for as long as it must be retained for legal reasons (for example for 10 years as a rule for tax purposes). Data which is disclosed to us by the contracting partner within the framework of an order will be deleted by us in accordance with the instructions of the order, as a rule following its completion.

Should we use third-party providers or platforms in order to provide our services, the terms and conditions of business and data protection notices of the respective third-parties or platforms will apply to the relationship between the users and the providers.

Sale of goods: We process your data and data of customers in order to enable you to select, purchase and engage the selected services or goods and associated activities, as well as to pay for these services and goods and have them carried out or provided.

The required information is identified as such within the scope of the order, contract or comparable contract conclusion and includes the information required for delivery and invoicing as well as contact information in order to be able to carry out any follow up.

Concrete data processing:

Types of data processed: Core data (for example name, address), contact data (for example email, telephone number)

Data subjects: Prospective customers, business and contracting partners.

Purposes of the processing Contractual services, contact queries and communication, office and organisational procedures, administration of and response to questions.

Legal basis: Fulfilment of the contract and pre-contractual queries (Article 6 Paragraph 1 Sentence 1 Letter b) GDPR), legitimate interests (Article 6 Paragraph 1 Sentence 1 Letter f) GDPR)

11. You can find us on social media

You can also find ourselves and our company on social media. For this purpose, we have integrated links to these sites on our website. When you click on the link, you will be redirected directly to our company site in the respective network. In order to communicate with you or to provide you with information about us, we will process your data, if you are active on the respective platform or logged in at the same time.

It may be the case that your data is processed outside the territory of the European Union. This may lead to risks on your part, for example due to the claiming of user rights being made more difficult. In relation to US providers, it is necessary for us to inform you that according to the current situation, under certain circumstances your data may be processed by US authorities for control and monitoring purposes and that it may not be possible to intervene.

In addition, your data is processed within social networks, generally for market research and advertising purposes. By means of this, it is possible for example to create use profiles based on the use behaviour and resulting interests of the users. The use profiles can be used in turn, for example in order to display adverts within and outside the networks which are believed to correspond to your interests. In such a case, cookies are generally saved on the computers of the users, in which the use behaviour and interests of the users are saved. Furthermore, regardless of the devices being used by the users, data can also be saved in the use profiles (in particular if the users are members of the respective platforms and are logged in to these).

The respective processing forms and options for raising objections (opt-out) are stated in detail in the data protection policies and information provided by the operators of the respective networks.

Should you wish to claim your right of information or other rights to which you are entitled as a data subject in relation to the above, we would kindly refer you to the respective provider, as the providers have access to the data of the users and can take corresponding measures directly and provide information.

However, should you still require assistance, you can get in touch with us.

Facebook: Social network; service provider Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA;

Website: https://www.facebook.com;

Data protection policy: https://www.facebook.com/about/privacy;

Opt-out: Settings for adverts: https://www.facebook.com/settings?tab=ads;

Additional data protection information: Agreement concerning joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum,

Data protection notice for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Instagram: Social network; service provider Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA;

Website: https://www.instagram.com;

Data protection policy: https://instagram.com/about/legal/privacy.

LinkedIn: Social network; service provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;

Website: https://www.linkedin.com;

Data protection policy: https://www.linkedin.com/legal/privacy-policy;

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

XING: Social network; service provider XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany;

Website: https://www.xing.de;

Data protection policy: https://privacy.xing.com/de/datenschutzerklaerung.

YouTube: Social network; service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Data protection policy: https://policies.google.com/privacy;

Opt-out: https://adssettings.google.com/authenticated .

Concrete data processing:

Types of data processed: Core data (for example name, address), contact data (for example email address, telephone number), content data (for example text entry, photographs, videos), use data (for example visited websites, interest in content, access times)

Meta / communication data (for example device information, IP addresses)

Data subjects: Users (for example website visitors, users of online services)

Purposes of the processing Contact queries and communication, tracking (for example interest and behaviour related profiling, use of cookies), remarketing, bandwidth measurement (for example access statistics, recognition of returning visitors).

Legal basis: Legitimate interests (Article 6 Paragraph 1 Sentence 1 Letter f) GDPR)

12. We use online marketing tools

We process personal data on our website for the purpose of online marketing. This includes the selling of advertising space or the display of promotional and other content by means of your potential interests and their measuring of their effectiveness.

In the course of this web analysis, user profiles are created and saved in a file (“cookie”) or similar procedures are used, by means of which the information relating to you which is of relevance to the display of the above-mentioned content is saved. For example, this includes viewed content, websites visited, used online networks or communication partners and technical information, such as the browser and operating system used, as well as information concerning times of use. Should you have consented to the gathering of your location data, this may also be processed.

Your IP address will also be saved. However, for your protection we used IP masking procedures (i.e. pseudonymisation by shortening the IP address). In the course of the online marketing process, we will not save any clear data relating to you (such as email addresses or your name), rather only pseudonymns. Therefore, both ourselves and the providers of the online marketing process do not know your actual identity, rather only the information which is saved in their profiles. The saving in the profiles generally takes place by means of cookies, which then generally use the same online marketing procedure on other websites.

It may be the case that clear data is assigned to the profiles. This is most likely to be the case if, for example, you are a member of a social network whose online marketing procedure is used by us and the network combines the profiles of the users with the information referred to above. Please bear in mind that you can conclude supplementary agreements with the respective providers, for example by means of separate consent in the course of the registration process.

The purpose of our online marketing is for us to be able to assess, by means of success measurement, which of our online marketing strategies have led to a so-called conversion. This means, how many prospective purchasers have actually become customers of ours. This form of success measurement or also visit action measurement is only used in order to analyse the success of our marketing measures.

Unless otherwise stated, please proceed on the assumption that cookies which are used will be saved for a period of two years.

Google Analytics: Google Analytics: Online marketing and web analysis; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Website: https://marketingplatform.google.com/intl/de/about/analytics/;

Data protection policy: https://policies.google.com/privacy;

Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.

Google Tag Manager: Google Tag Manager is a solution, by means of which we administer website tags via an interface, which allows us to integrate other services into our online service.

The tag manager itself (which implements the tags) does not process and personal data of the users. In relation to the processing of the personal data of the user, we would kindly refer to the following information relating to the Google services.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Website: https://marketingplatform.google.com;

Data protection policy: https://policies.google.com/privacy;

Concrete data processing:

Types of data processed: Use data (for example websites visited, interest in content, access times), meta / communication data (for example device information, IP addresses).

Data subjects: Users (for example website visitors, users of online services)

Purposes of the processing Tracking (for example interest and behaviour-related profiling, use of cookies), remarketing, visit action evaluation, interest and behaviour-based marketing, profiling (creation of user profiles), conversion measurement (measuring the effectiveness of marketing measures).

Security measures: IP masking (pseudonymisation of the IP address)

Legal basis: Consent (Article 6 Paragraph 1 Sentence 1 Letter a) GDPR), legitimate interests (Article 6 Paragraph 1 Sentence 1 Letter f) GDPR).

Opt-out: We wish to refer to the data protection notices of the respective providers and the possibilities of objection (so-called opt-out) indicated for the providers. Should no specific opt-option have been specified, it is possible to switch of cookies in your browser settings. However, should you do so, certain functions of our online service may be restricted. Therefore, we would also recommend the following opt-out options, which are offered in summary form for the respective territories:

a) Europe: www.youronlinechoices.eu.

b) Canada: www.youradchoices.ca/choices.

c) USA: www.aboutads.info/choices.

d) Transnational: optout.aboutads.info.

13. We use plugins and integrated functions

We integrate function and content elements into our website. These are obtained from the servers of third-party providers. For example, these include graphics, videos or social media buttons, as well as other contributions.

This connection always requires the third-party providers of the content to process your IP address, as without the IP address, it would not be possible for them to send the content to your browser. Therefore, the IP address is necessary in order to display this content or these functions. We prefer to only use such contents whose respective providers only use the IP address in order to deliver the content.

For this purpose, the respective providers can use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. By means of the pixel tags, information such as visitor traffic on the websites can be evaluated. The pseudonymised information can also be saved in cookies on your device and may include amongst others technical information concerning the browser and operating system, referring websites, visiting times, as well as other information concerning the use of our online service and can also be connected with such information from other sources.

Should we request your consent to the use of the third-party providers, the legal basis of the processing of the data is your consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in providing efficient, cost effective and user-friendly services). In this context, we would also refer you to the information concerning the use of cookies in this data protection policy (Point 8).

ReCaptcha: We integrate the “ReCaptcha” function in order to recognise bots, for example when entries are made in online forms. The behavioural data of the users (e.g. mouse movements or queries) is evaluated in order to distinguish people from bots.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: www.google.com/recaptcha/;

Data protection policy: https://policies.google.com/privacy;

Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,

Settings for the display of adverts: https://adssettings.google.com/authenticated.

MyFonts: Fonts: when accessing the font, your data will be processed in the form of identification numbers of the web font project (anonymised). The following are also processed: the URL of the licensed website which is connected to a customer number, in order to identify the licensee and the licensed web fonts and the referrer URL website (the website from which you were redirected to our website). The anonymised web font project identification is saved in encrypted protocol files with such data for 30 days, in order to calculate the number of site accesses in a month. Following such a combination and saving the number of site accesses, the protocol files will be deleted; service provider: Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA;

Website: https://www.myfonts.co;

Data protection policy: https://www.myfonts.com/info/legal/#Privacy.

Concrete data processing:

Types of data processed: Use data (for example websites visited, interest in content, access times), meta / communication data (for example device information, IP addresses), contact data (for example email address, telephone number), content data (for example text entries, photographs, videos), core data (for example name, address)

Data subjects: Users (for example website visitors, users of online services), communication partners.

Purposes of the processing Provision of our online service and user friendliness, contractual services, contact queries and communication, direct marketing (for example by email or post), tracking (for example interest / behaviour related profiling, use of cookies), interest and behaviour-based marketing, profiling (creation of user profiles), feedback (for example collection of feedback via online form), bandwidth measurement (for example access statistics, recognition of returning visitors), security measures, administration of and response to queries.

Legal basis: Legitimate interests (Article 6 Paragraph 1 Sentence 1 Letter f) GDPR), consent (Article 6 Paragraph 1 Sentence 1 Letter a) GDPR), contractual fulfilment and pre-contractual queries (Article 6 Paragraph 1 Sentence 1 Letter b) GDPR).

14. You can apply to us

You have the option of applying for open positions via our website. You make the application by email and enclose your application documents. We only process the applicant data for the purpose of the application process and during it in accordance with the statutory regulations. The processing of the application data takes place in order to fulfil our (pre) contractual obligations in the course of the application process in accordance with Article 6 Paragraph 1 Letter b) GDPR and Article 6 Paragraph 1 Letter f) GDPR, should the data processing become necessary in the course of legal procedures as an example (in Germany, § 26 of the German Federal Data Protection Act - BDSG also applies).

The applicant data generally includes the information relating to your person, postal and contact addresses and the documents connected to the application, such as letter of application, CV and references. Applicants can also voluntarily provide us with additional information.

By sending the application to us, you are declaring your agreement to the processing of your data for the purpose of the application process in accordance with the type and scope set out in this data protection policy.

Should special categories of personal data be provided voluntarily in the course of the application process in accordance with Article 9 Paragraph 1 GDPR, the processing of this will also take place in accordance with Article 9 Paragraph 2 Letter b) GDPR (for example health data, such as disability or ethnic origin). Should special categories of personal data be requested from applicants in the course of the application process in accordance with Article 9 Paragraph 1 GDPR, the processing of this will also take place in accordance with Article 9 Paragraph 2 Letter a) GDPR (for example health data if this is necessary in order to perform the role).

Should your application be successful, the data which you have provided can be further processed by us for the purpose of the employment relationship. Otherwise, should the application be unsuccessful, the data of the applicants will be deleted. The data of the applicants will also be deleted if an application is withdrawn, which you can do at any time.

The deletion takes place in reservation of a legitimate revocation by the applicants, following the expiry of a period of six months, so that we can respond to any follow up queries in connection with the application and can comply with our proof obligations under the German Law relating to Equal Treatment (Gleichbehandlungsgesetz).

Concrete data processing:

Types of data processed: Core data (for example name, address), contact data (for example email address, telephone number), applicant data (for example letter of application, CV, references, as well as other information provided in relation to a concrete role or voluntarily by the applicant concerning his or her person or qualifications).

Special categories of personal data: Health data (Article 1 Paragraph 1 GDPR), data concerning sex life or sexual orientation (Article 9 Paragraph 1 GDPR), religious views or worldview (Article 9 Paragraph 1 GDPR), data which states racial and ethnic origin, biometric data (Article 9 Paragraph 1 GDPR), genetic data (Article 9 Paragraph 1 GDPR).

Data subjects: Prospective customers, applicant, customer, user

Purposes of the processing Application management, in particular the initiation and performance of the application process, entering into and performance of the employment relationship, as well as its possible termination in the future, administration of and response to queries

Legal basis: Consent (Article 6 Paragraph 1 Sentence 1 Letter a) GDPR)

15. Legal authorisation for the data processing

The legal basis for the processing procedures on the part of DEBAG Deutsche Backofenbau GmbH referred to above is

Article 6 Paragraph 1 Letter a) GDPR, where we obtain your consent to a specific processing purpose.
Should the processing of personal data be necessary in order to fulfil a contract between you and ourselves as an example, this processing is legitimised by Article 6 Paragraph 1 Letter b) GDPR.
The same applies to such processing procedures which are necessary in order to carry out pre-contractual measures, such as in case of queries concerning our products or services.
Should our company be subject to a legal obligation due to which processing of personal data becomes necessary, such as in order to fulfil tax obligations as an example, the processing is based on Article 6 Paragraph 1 Letter c) GDPR.
It may be the case that the processing of personal data becomes necessary in order to protect your vital interests or those of another natural person (Article 6 Paragraph 1 Letter d) GDPR).
Finally, processing procedures can be based on Article 6 Paragraph 1 Letter f) GDPR. Processing procedures are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or of a third-party, provided that your interests, fundamental rights and freedoms do not prevail. Our legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR is the carrying out of our business activities to the benefit of all of our employees and shareholders in particular.

16. Obligation to provide the personal data

We wish to make clear that the provision of personal data is required in part by law (for example tax regulations) or that such a requirement can arise under contractual provisions (for example information concerning the contracting partner). Also, in order to conclude a contract, it may be necessary for you to provide us with personal data, which must then be processed by us. For example, you are obliged to provide us with personal data if our company concludes a contract with you. Failure to provide the personal data would mean that the contract cannot be concluded.

Prior to providing your personal data, you should get in touch with one of our employees. Our employees will provide you with clarification in the individual case whether the provision of your personal data is required by law or by contract or whether this is necessary in order to conclude the contract, whether an obligation to provide the personal data exists and the consequences of failure to provide the personal data.

17. Your contact person at our company

Should you have any queries relating to the subject of data protection and the handling of your data on our website and by our company, you can contact us or our data protection officer at any time:

DEBAG Deutsche Backofenbau GmbH

Sabine Petermann
Dresdner Straße 88
02625 Bautzen, Germany
Tel: +49 (0) 3591 / 360 – 0
Email: sabine.petermann@debag.com
Website: www.debag.com

Data protection officer for our company:

Alexander Weidenhammer

Email: a.weidenhammer@dids.de

Telephone: +49 (0) 351 / 655 772 – 0

This data protection policy was drawn up by:

Bastanier & Schmelzer
Rechtsanwälte PartmbB