Data protection information INTERTEC website

(Version: DSGVO_1.5_WEB Date: March 30, 2021)

The protection of your personal data is very important to INTERTEC-Hess GmbH. Below, we will inform you about data protection and privacy in our company.

This information applies only to this website. Please note that we use different software for this website and for our documentation portal. That’s why different privacy information is necessary for each of them. For information about data privacy on our documentation portal please visit https://cds.intertec.info/cds/online/#appinfo.

1. Controller

Responsible body according to GDPR:

INTERTEC-Hess GmbH
Raffineriestraße 8
93333 Neustadt an der Donau
Germany
Phone: +49 9445 9532-0
Fax: +49 9445 9532-32
Email: nfntrtcnf

2. Definition of terms

2.1 What is GDPR and BDSG?

GDPR stands for General Data Protection Regulation. The GDPR is European law and regulates the handling of personal data. It applies to people living in the EU as well as to companies located in the EU. However, the GDPR also applies to companies outside Europe if they process personal data of EU citizens.

BDSG stands for the German Federal Data Protection Law (“Bundesdatenschutzgesetz”). The GDPR has opening clauses which allow each country to regulate items in addition to or (if allowed) in deviation of the GDPR. Those regulations, especially for Germany, can be found in the BDSG.
In the event of differing statements, the GDPR takes precedence over the BDSG.
Please note that INTERTEC-Hess, with its headquarters in Germany, is subject to the rules of the GDPR and the BDSG.

2.2 What is Personal Data?

According to the General Data Protection Regulation (GDPR) Art. 4,
… ‘personal data’ means any information relating to an identified or identifiable natural person.

What does “identified” mean?
This refers to individual information that can be directly assigned to a person. This is information such as surname, first name, address, telephone number, personal facts and circumstances...

What does “identifiable” mean?
This refers to individual information that can only be assigned to a person with the help of a third party.

What does “natural person” mean?
A natural person is a living person. In contrast, there are legal persons. E.g. a public limited company, an association or a sports club can be considered as a legal person.

Example:
Your Internet provider assigns you an IP address so that you can access this page with your device. This is done automatically in the background. Your Internet provider logs WHEN you have received WHICH IP address.
Knowing your IP-address and the time of your visit on a website and with the help of the Internet provider (= third party), it is possible to determine the owner of the digital subscriber line.
Therefore, information such as IP addresses are considered personal data.

2.3 What are “Cookies”?

A cookie is a file stored on your device, the content of which may have different information created for certain reasons. This information can be evaluated by web pages.

There are 2 types of cookies – session cookies and persistent cookies.
Persistent cookies will be stored on your device for an extended amount of time. The period of time depends on the settings of the visited website that creates the cookie.
Session cookies are only stored on your device as long as you are visiting the website. When you leave the website, the session cookies associated with it will be deleted.
You can delete cookies yourself. You can learn how to do this in the help section of your Internet browser.

Example:
If you visit an online shop and pick some products you want to order, the information about what is in your shopping basket is stored in a cookie.

2.4 What is “Local Storage”?

As the name suggests, "Local Storage" allows your internet browser to store information locally on your device. The memory area used is also called "cache".
The data stored in Local Storage can either be stored persistently or for the duration of a session. Session-dependent information is automatically deleted when you leave the website.
This technology was introduced with HTML 5. It is more recent than cookies.
You can delete data stored in Local Storage yourself. You can learn how to do this in the help section of your Internet browser.

2.5 What is Google Analytics and what is it used for?

Wikipedia describes Google Analytics as such:
„Google Analytics is used to track website activity such as session duration, pages per session, bounce rate etc. of individuals using the site, along with the information on the source of the traffic.“
(Source: https://en.wikipedia.org/wiki/Google_Analytics; Access date: 28. Sep. 2020, 15:55h MEST)

In summary: Google tracks user activity on a web page. The operator of this web page then receives an anonymized, aggregated evaluation of how their website or online service was used. INTERTEC utilizes this information to improve the usability of the website.

Important: Please read section 3 for more detailed information about data processing by Google LLC.

A so called “Cookie Banner” or “Cookie Consent Banner” is a dialog box shown during the very first visit on our internet presence. In this dialog box, you determine which cookies you allow to be stored on your device.
Technically necessary cookies – also called functional cookies – cannot be deselected. These cookies are absolutely necessary for the correct functionality of the website and are therefore not shown in the cookie banner.

Your selection will be stored for 90 days.

2.7 What is a content management system (CMS)?

A content management system is a software framework which ensures the correct handling of the content of a website. E.g. this includes the arrangement of text and images depending of screen resolution and size, or the consistent display of the selected language throughout all pages.

3. Data processing by Google

3.1 General

No data will be transferred to Google when you visit the website of INTERTEC-Hess GmbH for the first time.
This happens only after you give us your consent by making the respective selection in our cookie banner. You can find the corresponding dialog “Set privacy settings” at the top of this Privacy page. The privacy page can be found in the footer of our website.

3.2 Where does Google get my data from?

Apart from analytics services like Google Analytics, which is integrated into this website, data is transmitted by other Google services when you use them, such as YouTube or Google Maps.
Even if you are logged in into a Google service like Gmail, Google can track your online behavior. The kind of data that is transferred to Google depends on various factors – e.g. the privacy settings in your Google account.

When you visit our website, only data from the services you selected in the cookie banner is transferred to Google.

3.3 Why can the processing by Google be a problem?

Google LLC processes data to create user profiles to improve their services and distribute targeted advertising. The servers that process this data are located in the USA. Through the Cloud Act and other legislation, governmental authorities in the USA may access that data. This also applies to data that is collected and maintained outside the USA, like Google’s European subsidiary. It is possible that this data is processed by private/commercial services.

Please note: If you have an account at any online service of Google LLC and are logged in, Google can track you across all its services and explicitly assign data to your user profile.

3.4 Google Analytics

If you have consented to the respective cookies, this website uses Google Analytics – a web analytics service provided by Google LLC. Our responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Scope of processing
Google Analytics uses cookies which track your behavior during your visit on our website for analytical purposes. The information collected about the use of our website can be transferred to and stored on Google servers in the USA.

We use the function ‘anonymizeIP’ (so-called IP masking): Through IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

During your visit to our website, the following data, among others, is collected:

  • the pages you visit and your "click path”
  • achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, use of contact forms)
  • your user behavior (e.g. clicks, dwell time, bounce rates)
  • your approximate location (region)
  • your IP-address (shortened)
  • technical information about your browser and your devices (e.g. language settings, screen resolution)
  • your internet provider
  • the referrer URL (website/ad that led you to this website, if applicable)

Purposes of processing
On behalf of INTERTEC, Google will use this information for the purpose of evaluating your (pseudonymous) use of the website and to create reports about website activities. The reports provided by Google Analytics serve to analyze the performance (e.g. usability) of our website.

Receiver
Receiver of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as processor. For this purpose, we have concluded a contract with Google for processing data. Google LLC with its headquarters in California, USA, and potentially governmental authorities in the USA can access the stored data (see section 3.3).

Transfer to third countries
A transfer of data to the USA cannot be excluded.

Storage period
The data sent from our website and linked to cookies is automatically deleted after 14 months. If data reaches the end of its retention period, it is automatically deleted once a month.
You can prevent the collection of user data generated by a cookie (including your IP address) to Google, as well as the processing of this data by Google, by not giving your consent for the cookie to be stored. You do this by not activating the switch for "Google Analytics" in the cookie banner.

You can also prevent the storage of cookies by adjusting your browser software accordingly. However, if you configure your browser to reject all cookies, it may impede the functionality of this website and other websites.
You can learn how to do this in the help section of your Internet browser.

Basis for processing
The basis for processing your data is your consent according to GDPR art. 6 para. 1 letter a.

Possibility of withdrawal
You can withdraw your consent at any time with effect for the future by changing the cookie settings. You can find the corresponding dialog “Set privacy settings” at the top of this Privacy page. The privacy page can be found in the footer of our website.

For more information on the terms of use of Google Analytics and Google's privacy policy, please visit https://www.google.com/analytics/terms and https://policies.google.com.

3.5 YouTube

We have embedded videos from our YouTube channel on this website. If you rejected the corresponding cookies in the cookie banner, the videos are embedded in an extended privacy mode. This means that no cookie is stored when you visit our site and no data is transferred to Google.
Only if you start a video, a cookie is stored on your device and data is transferred to YouTube/Google.
Google will track which pages you visit, and which videos were viewed. If you have a YouTube account and are logged in, Google can assign your browsing behavior to your profile.
If you want to prevent this, you have to log out of YouTube beforehand.

Receiver
Receiver of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google LLC with its headquarters in California, USA, and eventually governmental authorities in the USA can access the stored data (see section 3.3).

Transfer to third countries
A transfer of data to the USA cannot be excluded.

Basis for processing
The basis for processing is your consent according to GDPR art. 6 para. 1 letter a.

3.6 Google Maps

We have embedded Google Maps on our website. This makes it easier to find our branch offices and partner locations.
If you rejected the corresponding cookies in the cookie banner, Google Maps is embedded in an advanced privacy mode. This means that no cookies are stored, and no data is transferred to Google.
Only when you use Google Maps, a connection to Google is established. Cookies are stored on your device by Google and data is transferred to Google.

For more information, please visit https://policies.google.com/technologies/types.

Receiver
Receiver of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google LLC with its headquarters in California, USA, and eventually governmental authorities in the USA can access the stored data (see section 3.3).

Transfer to third countries
A transfer of data to the USA cannot be excluded.

Basis for processing
The basis for processing is your consent according to GDPR art. 6 para. 1 letter a.

3.7 Which kind of data does INTERTEC receive from Google?

Google provides us with an anonymized, aggregated overview. INTERTEC can therefore not draw any conclusions about you as a person. The evaluation/overview includes the following metrics:

  • pages that were visited on our website
  • session duration
  • pages where sessions ended
  • device (desktop, mobile, tablet)
  • browser
  • operating system
  • anonymized IP address (which pinpoints the approximate region)
  • source (Google, Bing, other websites)
  • information on how you got to our website. E.g. via ads, links in other social media platforms, …
  • address of the referrer site, if applicable

4. Job applications at INTERTEC

Among other things, our website offers an overview of vacant positions in our company. If you apply to any of them or use the contact(s) given for unsolicited applications, the following applies:

Relevant information for a particular position is processed by us. This includes, for example, surname, first name, address, qualifications, certificates (especially for apprentices).

Procedure for an application for an open position:
In this case, applications are reviewed by a member of the management and the HR manager. Applications from suitable candidates are submitted to the head of the department.
The heads of the department are selected as follows:

  • If you have applied for a department or a specific position, your application will be submitted to the head of this department only.
  • If, when reviewing your application, we get the impression that your qualifications/work experience/skills make you suitable for other positions as well, the number of department managers expands accordingly.

The further procedure will be coordinated according to the feedback.

Procedure for "unsolicited applications":
In the case of unsolicited applications, your documents will be reviewed by a member of management and the HR manager. Possible departments are selected based on your qualification/work experience/skills. The respective heads of the department will then be given an opportunity to review your application.
The further procedure will be coordinated according to the feedback.

Your application remains in our company in Neustadt. We do not work with external service providers.
Only the above-mentioned groups of people will be allowed to view your application. All parties involved are obliged to maintain confidentiality.
There is no statistical analysis.
Please note that the procedures described above are only valid for applicants within the European Union. We will take local legal regulations (in countries other than Germany) into consideration, if applicable.

Basis for processing:
The legal basis for processing your personal data in this application procedure is primarily § 26 BDSG. According to this, processing of the data is legal as it is required for the decision to establish an employment relationship.
Should the data be necessary for legal prosecution after completion of the application procedure, data processing may be required based on Art. 6 GDPR, in particular to protect legitimate interests according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest then lies in the enforcement or defense of claims.
Please note that the legal basis (§ 26 BDSG) results from the location of the headquarters in Germany, to which we are bound to.

5. Note on contacting us

To be able to provide adequate data protection / data privacy in accordance with the legal requirements, we ask you to use the e-mail address on our Career page for your job application.

For all other purposes, please use the e-mail addresses listed under Locations.

7. Security

7.1 Technical organizational measures

INTERTEC-Hess takes all necessary technical and organizational measures according to GDPR art. 32 and – especially - to BDSG § 64 to protect personal data.

7.2 Important note when using email

Please note that confidentiality is not guaranteed for emails. The content of emails can be read and manipulated by third parties. We recommend sending confidential information by post.

8. Storage periods

8.1 Cookies

8.1.1 Cookies set by out content management system (CMS)

Our website operates with a software (= content management system) which stores technical cookies. They are necessary for the correct operation of our website or for saving the settings made in the cookie banner.

Cookie name

Storage period

Description

WSESSIONID

Session

Necessary session cookie (PHP functionality)

hideCookieNotice

90 days

Saves that the cookie notice/data protection notice is not displayed again each time you access the website.

allowLoadYoutube

90 days

Remembers the user selection whether YouTube videos may be loaded automatically.

allowLoadGoogleMaps

90 days

Remembers the user selection whether Google Maps applications may be loaded automatically.

allowTracking

90 days

Remembers the user selection that user behavior may be tracked with Google Analytics.

8.1.2 Cookies from the hosting service of this website

Our hosting service stores a cookie. It is a technically necessary cookie to ensure proper functionality, rights management and IT security. It is a so-called session cookie. After closing our website, this cookie will be automatically deleted.

8.1.3 Google Analytics cookies

If you consented to cookies for Google Analytics, the following cookies will be stored on your device:

cookie name

storage duration

Description

_ga

2 years

Used to differentiate individual users.

_gid

24 hours

Used to differentiate individual users.

_gat

1 minute

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

Storage duration, function as well the names are provided by Google LLC.

8.1.4 Cookies when using YouTube

If you disabled the storage of cookies for the Google-Ad-Program you won’t have to expect such cookies when viewing YouTube videos. YouTube also stores non-personal usage information in other cookies. Further information about privacy at „YouTube“ can be found in the Google privacy policy at https://policies.google.com/privacy.

8.1.5 Cookies when using Google Maps

Information about this can be found in the Google privacy policy at https://policies.google.com/privacy.

8.2 Local Storage

Information stored in Local Storage is only active for a session.

8.3 Log-files (hosting service of our website)

Our web hosting service logs the following information:

  • IP address
  • access time
  • files that where accessed
  • “status code” when pages are called up
  • source page that visitors come from
  • user agent (e.g. web browser, email program)
  • programming errors

In case of cyber-attacks, this information is used for analysis and defense. In case of malfunctions during operation, we use the stored information for troubleshooting. This information is not used for statistical purposes. The information is automatically deleted after 7 days.
For data processing by our hosting service, we concluded a contract for processing.

Basis for processing:
Processing is necessary for the purposes of the legitimate interests pursued by the controller according to GDPR Art. 6 para. 1 letter f.
The information is used to guarantee a high-performance, and above all, secure operation of the platform. Log files are analyzed to defend against cyber-attacks. In the event of an error, the information is used to solve the problem.

Receiver:
Receiver of this data is DomainFactory GmbH, Oskar-Messter-Straße 33, 85737 Ismaning.

8.4 Emails

INTERTEC-Hess GmbH with its headquarter in Germany is subject to the rules of the German Commercial Code (HGB) for storage periods.

The German Commercial Code (HGB) requires for documents listed under HGB § 257, paragraph 1, No. 1 und No. 4 a storage period of 10 years.
For the "other" documents listed under HGB § 257 paragraph 1, a storage period of 6 years is requested. These "other" documents include commercial letters, to which emails belong.

Communication with us takes place to a very high degree via email. Emails can contain information and documents that must be stored for ten years according to HGB § 257. Therefore, INTERTEC-Hess decided to introduce a general storage period of 10 years in order to keep the technical and personnel efforts within a reasonable range.
Emails are automatically deleted after a period of 10 years.

Please note – INTERTEC manufactures very durable products. The manufacturer is obliged to observe products in the field (product observation obligation). In order to be able to comply with this obligation, corresponding documents are kept for more than 10 years. The storage period depends on the maximum life span of the individual product groups.

8.5 Job applications

In case of a cancelation, the data of applicants will be deleted after 6 months. The period starts with the date of the cancelation.

If you have agreed to further storage, your data will be transferred to our applicant pool. In this case, the data will be deleted after 12 months at the end of the respective month. The decisive date for this period is the date of receipt of your application.

8.6 Contact form

Messages via the contact form are intended for initial contact for pre-contractual measures in accordance with GDPR art. 6 para. 1 letter b. The storage periods correspond to those for regular correspondence (see 8.4 Emails)

8.7 Google Analytics data at Google

Only if you have agreed to the collection and processing of your data by Google Analytics, personal data will be collected by Google. We have set the currently shortest possible storage period of 14 months for this data at Google.

We receive reports from Google exclusively in anonymized form - we cannot trace back to individual persons based on these evaluations.

For complete information on data processing by Google, please see section 3.4 Google Analytics .

8.8 Negative information

The personal data associated with a negative report will be stored for a period of 3 years. The period results from § 31 OWiG (“Ordnungswidrigkeitsgesetz” – German Regulatory Offences Act) - statute of limitations for administrative offenses - and begins with the date of our report.

Legal basis:
The legal basis is DSGVO Art. 6, Para. 1, lit. f - legitimate self-interest - for the defense of legal claims.

9. Rights of the data subject

  • Right of access by the data subject (Art. 15 GDPR)
    You can ask us which personal data we have about you. If you wish, you can receive a copy of your personal data.
    An explanation what personal data is can be found under 2.2 What is Personal Data?

  • Right to rectification (Art. 16 GDPR)
    If we have incorrect/outdated information about you, you may request to have it corrected.

  • Right to erasure (Art. 17 GDPR)
    Right to erasure is also known as ‘right to be forgotten’. At your request, we will delete the personal data we have about you.
    Important:
    There are situations in which we cannot delete your data. Examples:
    The German Commercial Code (Handelsgesetzbuch § 257) requires that commercial letters – including emails – must be stored at least 6 years. This legal regulation takes precedence over your rights.
    A further reason may be the defense against legal claims (GDPR Art. 6 No. 1 lit f – legitimate self-interest).

    Should we not be able to comply with your request for deletion of your personal data, we will inform you of this. You will also receive information from us about which data is affected, when they can be deleted and the reasons why they cannot be deleted at the desired time..

  • Right to restriction of processing (Art. 18 GDPR)
    A ‘Right to restriction of processing’ means that you may request that your personal data is not to be used. This may affect parts or all of your personal data.
    Important:
    (as already mentioned under ‘Right to erasure’) We are bound by corresponding rules and regulations which in certain cases prevent the blocking of your personal data.

  • Right to data portability (Art. 20 GDPR)
    You can request to transfer your personal data to a third party. A transfer does not include a deletion of your data on our side.

  • Right to object (Art. 21 GDPR)
    You can object to the processing of your data. This means that we retain your personal data, but may not use it for certain purposes.
    In the case of direct advertising, you can object without giving reasons.
    In all other cases you must give plausible reasons for your objection.
    Note:
    The difference between ‘Right to object’ (Art. 21 GDPR) and ‘Right to restriction of processing’ (Art. 18 GDPR) is as follows:
    Art. 18 GDPR refers to your personal data such as name and address.
    Art. 21 GDPR refers to the purpose for which we use your data. The purpose of use can be service support, complaint management, advertising, etc.

Please contact our data protection officer in the cases mentioned above. You will find the contact details under 10 Contact for data protection issues.

Please understand that in certain cases we will require proof of your identity in order to prevent misuse by third parties

10. Contact for data protection issues

INTERTEC-Hess GmbH
Data Protection Officer
Raffineriestraße 8
93333 Neustadt an der Donau
Germany
Phone: +49 9445 9532-0
Fax: +49 9445 9532-32
Email: prvcyntrtc-hsscm

11. Right to lodge a complaint

Should our data protection officer not be able to answer your request to your satisfaction, you have the right of complaint at your data protection supervisory authority.

12. Changes of this document

In the event of changes to our offer, technical innovations and changes in legislation/current jurisdiction, it may be necessary to adapt this data protection information accordingly. You will find the current version with date at the beginning of this document.

Data processing of your user data by third parties

This site uses Google services to collect personal data. These services include Google Analytics to analyze website traffic, Google Maps to display an interactive map with INTERTEC locations and partners, and YouTube to display videos from our YouTube channel. Information collected via these services is processed by Google and, if applicable, combined with other data by Google. The transmitted data is not anonymous.

Your consent to allow Google to store cookies is voluntary and not necessary for the use of the website. You can revoke the processing at any time by deactivating the services. To do so, select "Privacy" in the footer and change the settings by using the button "Set privacy settings".

For information on which data is transmitted or processed by Google, as well as further information, please refer to our privacy information.

By selecting these services, you consent to the transmission and processing by Google. You confirm that you have read and understood the privacy information.