Home Privacy Policy

Data protection policy

Thank you for visiting our website. Compliance with data protection legislation is particularly important for us. The aim of this data protection policy is to inform you as a user of the website about the type, extent and purpose of processing your personal data and about your rights as a data subject within the meaning of Art. 4(1) General Data Protection Regulation. The following data protection policy reflects the changes made by the General Data Protection Regulation (GDPR) in effect as of 25.5.2018. At the same time this policy also meets the requirements of Section 13 German Telemedia Act (TMG) which applied until this date.

1. Controller

This website and the services offered are operated by
Possehl Erzkontor GmbH & Co. KG
Beckergrube 38-52
23552 Lübeck

PO Box 1633
23505 Lübeck

Phone: +49 (0) 451 148 0
Fax: +49 (0) 451 148 355
E-Mail: info@erzkontor.com
Website: www.erzkontor.com

Managing director: Peter Anthony Cremer

2. General remarks

We have designed the website to collect as little data from you as possible. Generally speaking, the website can be used without providing any personal data. Only when you decide to make use of certain services (e.g. to use the contact form) is it necessary to process personal data. When doing so, we always ensure that your personal data are only processed on an appropriate legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation in effect as of 25.5.2018 and applicable national legislation, such as the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and other specific data protection legislation.

3. Definitions

The terms used in this data protection policy have the following meanings, as defined in the GDPR.

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

4. Consent

When you visit our website there are some cases in which we require your consent to collect personal data. This is the case when you send us a message using the contact form, for example.

Declaration of consent By using the form we provide, you consent to our collection of the personal data you provide and their processing as described in this data protection policy. You can withdraw this consent at any time with future effect by sending us a corresponding statement. However, you are advised that it will no longer be possible to use our service without your consent. Please use the contact channels mentioned above to withdraw your consent (in this case please provide us with your name, email and postal address).

5. Purpose and legal basis for the processing of personal data

Purpose of data processing Legal basis for data processing (“Why is the data processing necessary?”)
To make contact and for related correspondence On the basis of your consent
To process your request and provide any further advice you may want On the basis of your consent
To arrange pre-contractual matters for the preparation of an offer On the basis of your consent
To process your application for a job vacancy advertised by us On the basis of your consent
To ensure that our website is presented to you in as effective and interesting a way as possible (e.g. by means of anonymised analysis) On the basis of our legitimate interests
For the technical implementation of our services On the basis of our legitimate interests

6. Personal data collected and processed

We only collect and process your personal data when you have provided it knowingly and freely. This is the case if you make contact with us and request information about our services and products. This contact is generally made by means of email. When you make contact by email you freely send us personal data and make them available for processing. We will only process your data for the purposes mentioned above. If a contract or business relationship does not come about we will erase your data when the purpose of their collection no longer applies.

The personal data and the contents you provide will remain solely with us and our affiliates. We will only store and process the data for the purposes mentioned in Point 5. Any further use requires your explicit consent. The same applies to the transfer and transmission of your data to third parties.

7. General logfiles

The webserver temporarily stores in logfiles the access request, the connection data of the requesting device (IP address), the pages that you visit, the date and duration of your visit, the type of browser and operating system being used and the website from which you visit us. The technical administration of the website and the anonymous statistical analytics make it possible to analyse the visits to the Possehl Erzkontor website with the aim of increasing data protection and data security in our company, ultimately in order to ensure optimal security for the personal data we process.

The data in the server logfiles are stored separately from all the personal data you provide. Subject to any record-keeping obligations, we delete your IP address seven days after you leave our website.

8. Job applications

You can find the names of contacts for applications and job vacancies advertised by us at https://www.erzkontor.com/en/company/job-offers-career.html.

If you apply for a job with Possehl Erzkontor by electronic means, your data is only used to process your application and is not forwarded to third parties. Please note that applications sent to Possehl Erzkontor by email are transmitted unencrypted. To this extent there is a risk that the data could be intercepted and used by unauthorised third parties.

We only collect and process the personal data that you send to us in the course of the application process, such as:

  • Surname,
  • Address,
  • Place of birth,
  • Date of birth,
  • Nationality,
  • Email address,
  • References

Data processing takes place in accordance with the applicable EU General Data Protection Regulation (DGPR) and the German Federal Data Protection Act as amended (BDSG-neu), and specific data protection rules for job applications, such as the German Social Code (SGB), Telecommunications Act (TKG) and the Works Constitution Act (BetrVerfG).

We process your data as necessary to protect our legitimate interests or those of third parties. This may relate to the assertion of legal claims, for instance, defending ourselves against litigation, company management and development activities.

The data collected are transferred within our company to the persons who have been appointed to administer the application procedure, who need them to fulfil their statutory duties. External processors working with the company may also receive your data for the purposes mentioned. In addition to other companies in the Group, this relates to IT service providers. We would like to point out that we also respect and apply data protection rules when data is forwarded to third parties in the circumstances described above.

Your data are only forwarded on the basis of statutory provisions, with your consent or when we are authorised to grant access to them. This may relate to data recipients, such as affiliated companies (application for other advertised vacancies) for which you have given us your consent to transfer the data.

Your personal data are processed and stored for the duration of the application process if necessary. We erase them once they have served their purpose, but no later than after 6 months. The data will be erased immediately if it is no longer necessary to store your data to administer the application procedure and there is no statutory retention period or we do not have your consent to a longer storage period.

Your data are not transferred to a third country, i.e. countries outside the European Economic Area (EEA).

No automatic decision-making takes place in the course of our job application process. We do not use data to form profiles for establishing and carrying out the application procedure.

8.1 Notice on right of objection:

You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data. An objection has no effect, however, if there are grounds, which we must demonstrate, that outweigh your interests, rights and liberties, or if further processing services serves to establish, exercise or defend legal claims.

Your objection can be made in any form and will be forwarded to the person responsible without delay.

9. Embedded services and third-party contents

Our website uses contents and services from other providers. That includes road maps provided by Google Maps, for example. The transmission of the IP address is absolutely necessary for these data to be retrieved and displayed in the user’s browser. The providers (hereafter known as ‘third-party providers’) therefore know the IP address of the respective user.
Even if we strive only to use third-party providers which only need the IP address to deliver content, we have no control over whether the IP address is stored. In this case the procedure also serves statistical purposes. To the extent that we become aware that the IP address is stored, we will notify you.

Use of Google Maps

Our website uses the Google Maps service to integrate and display road maps. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By retrieving a page with an integrated map from Google Maps, your IP address is recorded. This information is generally sent to a Google server in the USA and stored there. Google sees your IP address even if you are not logged in to a user account. If you have logged in to your user account, Google can link your websurfing activities directly with your personal profile. You can prevent this by logging out beforehand. The provider of this website has no control over the data transmission.
Google Maps is used in the interest of displaying our online services and making the locations indicated by us on the website easy to find. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Further information on the handling of user data can be found in Google’s data protection policy: www.google.de/intl/en/policies/privacy/.

10. Data security

Unfortunately the transmission of information via the internet is never 100% secure, which is why we cannot guarantee the security of data sent to our website via the internet.
However, we do take technical and organisational measures to secure our website against the loss, destruction, access, modification or dissemination of your data by unauthorised parties.
In particular, your personal data are transmitted to us in encrypted form. To do so we use the coding system SSL/TLS (Secure Sockets Layer/ Transport Layer Security). Our security measures are improved continuously in line with technological developments.

11. Rights of data subjects

To the extent that you are a data subject within the meaning of Art. 4(1) GDPR, you have the following rights under the GDPR in connection with the processing of your personal data.

Right of access
Subject to the conditions of Art. 15 GDPR, you have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data free of charge at any time and a copy of the personal data.

Right to rectification
Subject to the conditions of Art. 16 GDPR, you have the right to obtain the rectification without undue delay of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure
Subject to the conditions of Art. 17 GDPR, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the grounds mentioned in Art. 17 GDPR applies and the processing is not necessary.

Right to restriction of processing
Subject to the conditions of Art. 18 GDPR, you have the right to restriction of processing when one of the conditions mentioned in Art. 18 GDPR applies.

Right to data portability
Subject to the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the further conditions of Art. 20 GDPR apply.

Right to withdraw consent
You have the right to withdraw your consent to our processing of your personal data with future effect at any time. Please send your withdrawal notice to the contact details mentioned above.

Right to object
Subject to the conditions of Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. If the conditions for an effective objection apply, we may no longer process the data.

Right to lodge a compaint with a supervisory authority
Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

12. Transfer of your personal data

The website is hosted by an external service provider in Germany. We ensure that data processing only takes place in Germany. This is necessary for operating the website and for establishing, performing and implementing the existing licence and is possible without your consent.

Data is also transferred when we are entitled or obliged to do so by statutory provisions and/or an order of a public authority or law court. In particular this may constitute the provision of information for the purposes of law enforcement, or to avert a public danger or to assert intellectual property rights.

To the extent that your data are transferred to a service provider as necessary, they only have access to your personal data to the extent necessary to perform their responsibilities. These service providers are obliged to handle your personal data in accordance with applicable data protection legislation, in particular the GDPR.

Beyond the circumstances mentioned above, we do not transfer your data to third parties without your consent. In particular we do not transfer any personal data to a body in a third country or an international organisation.

13. Retention of personal data

We delete your personal data as soon as its storage is no longer required for its original purpose and no statutory record-keeping obligations apply. Statutory record-keeping obligations are ultimately the criterion for defining the retention period for personal data. Once the deadline expires, the data concerned are routinely erased. If record-keeping obligations exist, the processing is restricted by blocking the data.

14. References and links

When websites are retrieved to which links have been set on our website, information such as name, address, email address, browser characteristics etc. may be requested again. This data protection policy does not govern the collection, transfer or handling of personal data by third parties.

Third-party providers may have their own different rules for the collection, processing and use of personal data. Before providing any personal data to third-party websites, users are therefore advised to inform themselves about their handling of personal data.

15. Amendments to the data protection policy

We develop our website continuously in order to provide you with an ever better service. We will keep this data protection policy up to date at all times and amend it as necessary.

Of course we will notify you in good time of any changes to this data protection policy. We will do this e.g. by sending you an email to the address you have given us. To the extent that any further consent from you to our handling of your data should be required, we will of course obtain it before the relevant amendments take effect.
You can obtain the current version of our data protection policy at any time online from www.erzkontor.com/en/legal/privacy-policy.html.

16. Data protection officer

If you have any questions about data protection, please approach our data protection officer.
Herold Unternehmensberatung GmbH
Frau Carolin Leja
Hafenstraße 1a
23568 Lübeck

E-Mail: carolin.lejano@spam pleasehub24.de
Website: www.mein-datenschutzbeauftragter.de

Stand: May 2018

Contact

Possehl Erzkontor GmbH & Co. KG
Beckergrube 38-52
23552 Lübeck

Phone:  +49 - (0) 451 - 148 0
Fax:  +49 - (0) 451 - 148 355