Privacy Policy
Thank you for your interest in our website. The protection of your personal data is important to us. We comply with the legal requirements for data protection and data security.
We are in particular subject to the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) in the version in force since 25 May 2018, the German Digital Services Act (DDG) and the German Telecommunications Digital Services Data Protection Act (TDDDG). Accordingly, we are permitted, in particular, to collect and use personal data to the extent required to enable you to use our website at www.advance-holding.de, including all services and functions contained therein.
Below you will find information about what personal data we collect when you use our website and the services and functions it contains, and how we use this data and for what purposes.
I. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:
Advance Holding GmbH
An der Bleiche 51
47638 Straelen
Phone: +49(0)2834-7060
Email: info@advance-holding.de
Website: www.advance-holding.de
II. Name and address of the data protection officer
The data protection officer of the data controller is:
Johannes Schwiegk
Datenzeit GmbH
Friedrich-Engels-Allee 200
D-42285 Wuppertal
Phone: +49-202-94794940
Email: datenschutz@datenzeit.de
Website: https://www.datenzeit.de/
III. General information on data processing
1. Scope of personal data processing
We will generally only process the personal data of our users where this is required to provide a functional website as well as our content and services. As a rule, the personal data of our users are only processed based on their prior consent. An exception applies in such cases where for factual reasons, consent cannot be obtained in advance and the law allows the processing of data.
2. Legal basis for the processing of personal data
Article 6 sentence 1 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis in cases where we obtain the consent of the data subject for the processing of its personal data.
Where the processing of data is necessary for the performance of a contract to which the data subject is party, this is based on Article 6 sentence 1 para. 1 lit. b GDPR. The same applies for data processing operations required for the implementation of measures in advance of a contract.
Article 6 sentence 1 para. 1 lit. c GDPR serves as the legal basis in cases where our company requires the processing of personal data for compliance with its legal obligations.
Article 6 sentence 1 para. 1 lit. d GDPR applies where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.
If the data processing is required to protect a legitimate interest of our company or a third party, and if such legitimate interest overrides the interests, fundamental rights and freedoms of the data subject, then Art. 6 sentence 1 para. 1 lit. f GDPR is the applicable legal basis for such processing.
3. Data storage period and data erasure
The personal data of the data subject are erased as soon as the purpose for which the data is stored no longer applies. Data may be stored beyond this period if such longer storage is regulated by European or national legislation in EU regulations, laws or other provisions applicable to the data controller. Data are also blocked or erased once the storage period required by the above-mentioned provisions expires, unless further storage of the data is required for the purpose of the conclusion or performance of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of the data processing
Every time our Internet website is accessed, our system automatically collects data and information from the accessing computer system.
The following data are collected:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software
This data cannot be used to identify specific persons. We do not combine these data with other data sources.
The legal basis for the temporary storage of the data is Article 6 sentence 1 para. 1 lit. f GDPR.
2. Purpose of the data processing
The system has to store the IP address temporarily in order to transmit the website to the computer of the user. This requires storing the IP address of the user until the end of the session. The storage also serves to ensure the functionality of the website. In addition, the data help us to optimize our website and to maintain the security of our IT systems. The data are not evaluated for marketing purposes in this context.
These purposes also constitute our legitimate interest in the data processing pursuant to Article 6 sentence 1 para. 1 lit f GDPR.
3. Storage period
The data are erased as soon as they are no longer required for the purpose for which they were collected. In the event that the data are collected to provide the website, the data are erased once the relevant session ends. In addition, the data will be erased after seven days at the latest, though the data may be retained for longer periods. In this case, the users’ IP addresses will be erased or altered so that they can no longer be used to identify the accessing client.
4. Objection and deletion
The collection of data for providing the website and the storage of data in log files is an unavoidable requirement for the operation of the website, and the user therefore has no right of objection.
V. Use of cookies
1. Description and scope of the data processing
In addition to the aforementioned data, when you use this website, cookies will be stored on your computer. Cookies are small text files that are stored on your hard drive in association with the browser you are using and through which we gain certain information. Cookies cannot run programmes or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall. This website currently only uses cookies which are required for technical reasons, which is why we do not use a consent management tool or cookie banner.
2. Legal basis for the processing of these data
The legal basis for the processing of personal data through the use of cookies is Art. 6 sentence 1 para. 1 sentence 1 lit. a, c and f GDPR.
3. Purpose of the data processing
Where the use of cookies is required for technical reasons, the purpose is to simplify the users’ use of the website. Some features of our website cannot be provided without the use of cookies. We must also use cookies in order to fulfil our legal obligations and accountability requirements under the GDPR. They require identifying the browser after the user navigates from one webpage to the other. The user data collected by cookies required for technical reasons are not used to create user profiles. The analytic cookies are used in order to improve the quality of our website and its contents. They are only set with the user’s consent (Art. 6 sentence 1 para. 1 sentence 1 lit.a GDPR). Through the analytic cookies, we learn how the website is used, which enables us to continuously improve our offerings. These purposes also constitute our legitimate interest in the processing of the personal data pursuant to Article 6 sentence 1 para. 1 sentence 1 lit. f GDPR.
4. Period of storage, objection and deletion
Cookies are stored on the computer of the user and transferred to our website. You as the user therefore have full control over the use of cookies. You can delete existing cookies at any time. This can also be done automatically.
VI. Contact form and email contact
1. Description and scope of the data processing
Our website provides a contact form, which can be used to contact us by electronic means. If the user uses this contact form, the data entered into the input form will be transferred to us and stored.
Your consent to the processing of the data with reference to this data protection declaration is documented as part of the submission process.
You can alternatively contact us via the provided email address. In this case, the personal user data provided with the email will be stored.
No data shall be disclosed to third parties in this context. The data are used exclusively for processing the conversation.
2. Legal basis for the processing of these data
The legal basis for the processing of the data is your consent in accordance with Art. 6 sentence 1 para. 1 lit. a GDPR.
If the contact is aimed at the conclusion of a contract, Article 6 sentence 1 para. 1 lit. b GDPR also serves as a legal basis for the processing.
3. Purpose of the data processing
Our sole purpose in processing the personal data from the input mask is to process the establishment of contact. Where contact is established via email, this also serves as the required legitimate interest for the processing of the data.
The other personal data processed during the submission process serve to prevent the abuse of the contact form and to ensure the security of our IT systems.
4. Storage period
The data are erased as soon as they are no longer required for the purpose for which they were collected. For the personal data from the input mask of the contact form and the personal data sent by email, this is the case once the relevant conversation with the user is ended. The conversation is ended once circumstances show that the relevant subject matter has been fully resolved.
5. Objection and deletion
The user is able to withdraw his consent to the processing of the personal data at any time. If the user contact us by email, he can object to the storage of his personal data at any time; however, this makes it impossible to continue the conversation.
All personal data stored in the context of the establishment of contact will be erased in this case.
VII. Applications
1. Description and scope of the data processing
Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications shall then be forwarded internally to the heads of department for the respective open position. The next steps will then be coordinated. Within the Company, as a matter of principle, only those persons who require access to your data for the proper conduct of our application process will have access to it. The data are processed exclusively in data centres in the Federal Republic of Germany or the European Union.
2. Legal basis for the processing of these data
The legal basis for the processing of your personal data in the application process is primarily § 26 of the German Federal Data Protection Act (BDSG) in the version applicable since 25 May 2018 or Art. 6 sentence 1 para. 1 lit. b of the GDPR. Accordingly, the processing of data is permissible if it is required in connection with the decision about whether to establish an employment relationship.
Should the data be required after the application process has been completed, for example for the purposes of litigation, data processing may be carried out on the basis of Art. 6 GDPR, in particular for the purposes of legitimate interests in accordance with Art. 6 sentence 1 para. 1 lit. f GDPR. Our interest then lies in the assertion of or defence against claims.
3. Purpose of the data processing
We process the data that you have sent to us in connection with your application in order to check your suitability for the position (or, if applicable, other open positions in our company) and to carry out the application process.
4. Storage period
Applicants’ data will be deleted after 6 months in the event of rejection.
If you have consented to the continued storage of your personal data, we will transfer your data to our applicant pool, where the data is usually erased after two years.
If you are offered a job as part of the application process, the data shall be transferred from the applicant data system to our human resources information system.
VIII. Rights of the data subject
If your personal data are processed, you are considered a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.
If such processing has taken place, you can request the following information from the controller:
(1) The purposes for which the personal data are processed;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipients to whom personal data concerning you have been or will be disclosed;
(4) the envisaged period for which personal data concerning you will be stored, or, if specific information cannot be provided on that matter, the criteria used to determine the storage period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or the right to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to demand information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to rectification
You have the right, vis-à-vis the controller, to have your processed personal data rectified and/or completed insofar as they are inaccurate or incomplete. The controller shall carry out such rectification without undue delay.
3. Right to restriction of processing
You have the right to restrict the processing of your personal data, where the following conditions apply:
(1) If you contest the accuracy of personal data concerning you for a period, enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
(4) if you have objected to processing pursuant to Article 21 para. 1 GDPR, pending the verification whether the legitimate grounds of the controller override your legitimate grounds.
Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing was restricted pursuant to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Article 6 sentence 1 para. 1 lit. a, or Article 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 para. 2 GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8 para. 1 GDPR.
b) Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17 para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers, which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
There should be no right to erasure, if the processing is required
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject; or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9 para. 2 lit. h and i as well as Article 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 para. 1 GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to be informed
If you have exercised your right to rectification, erasure or restriction of processing towards the controller, the controller shall be obligated to notify all recipients to whom personal data concerning you have been disclosed, of the rectification or erasure of the data or the restriction of processing, unless this proves impossible or would involve disproportionate effort.
You are entitled to require the controller to inform you about these recipients.
6. Right to data portability
You have the right to receive personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You are also entitled to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Article 6 sentence 1 para. 1 lit. a GDPR or Article 9 para. 2 lit. a GDPR or on a contract pursuant to Article 6 sentence 1 para. 1 lit. b GDPR and
(2) the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not give rise to any infringement of the rights and freedoms of other persons.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you, which is based on Article 6 sentence 1 para. 1 lit. e or f GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing purposes; this includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent under data privacy law
You may withdraw your consent under data privacy law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you significantly in a similar way. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9 para. 1 GDPR, unless Article 9 para. 2 lit a. or g GDPR applies and suitable measures are in place to safeguard your rights and freedoms and legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
IX. Changes to this privacy policy
The ongoing development of the internet and our website may also have an impact on how we handle personal data. We therefore reserve the right to amend this data protection notice in the future in line with the applicable data protection laws and, if necessary, to adapt it to changes in data processing. The current version of the privacy policy is always available under the heading “Data protection” or “Privacy policy”.