1. Data privacy statement for this website

When you visit our website, we collect various data. This data is primarily collected to provide you with convenient and secure access to our information and offerings. Evidently, we also use our website to pursue commercial interests in order to enhance both our image and revenue. In the interest of fairness and transparency, we are happy to inform you about this in detail below pursuant to the EU GDPR (European General Data Protection Regulation).

Who is responsible for data collection?
As the website operator (legal notice), we are responsible for data collection from your visit to this website since we are responsible for which technologies are used on our website for which purposes.

How do we collect your data?
Firstly, we collect data that you provide to us. This might include, for instance, data you enter on a contact form. Other data is collected automatically via our IT systems when you visit the website. This primarily includes technical data (e.g. internet browser, operating system and the time at which you visited the website).
This data is collected automatically as soon as you access our website.

How do we use your data?
Some data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour and to improve our website for you.

What rights do you have regarding your data?
You have the right at any time to obtain information free of charge regarding the origin, recipient and purpose of your saved personal data. You also have the right to request the correction, blocking or deletion of this data. You also have the right of complaint to the responsible regulatory authority. For further information on these matters and the subject of data protection, you can contact us at any time via the address provided in the legal notice.

TLS encryption
This website uses TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or enquiries you send to us as the website operator. You can identify an encrypted connection from the browser’s address bar, where the ‘http://’ changes to ‘https://’ and a padlock symbol appears. When TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

2. General information and mandatory information

The operator of this website takes the protection of your personal data very seriously. When you use this website, various personal data is collected that could be used to identify you personally. We treat your personal data (definition pursuant to article 4 (1) of the GDPR) confidentially and in accordance with legal data protection regulations. This data privacy statement explains which data we collect, what we used it for and how and to what end we use it. Please note that, even with optimal security, data transmission over the internet (e.g. communication by email) may not be completely secure. It is not possible to protect data completely against access by third parties.

Note on the responsible authority
The responsible authority (article 4 (7) of the GDPR) for data processing on this website can be found in the legal notice.

3. Your contact with our data protection officer

We have appointed www.mb-datenschutz.de as our data protection officer. For enquiries regarding data protection, please e-mail datenschutz@fap-group.de. For all other enquiries, please use contact@fap-group.de.

4. Data collection on our website

Cookies
Our website uses cookies. These help make our website more user-friendly, effective and secure. Cookies are small text files that are saved in the browser on your terminal device. Cookies do not damage your computer or contain any viruses.
We primarily use “session cookies,” which are automatically deleted at the end of your visit. Other cookies remain saved on your device until you delete them. These cookies enable us to recognize your browser the next time you visit and to use the settings previously applied by you.
You can configure your browser so that you are informed when cookies are saved and only allow these on an individual basis, block cookies entirely or in specific cases, and delete cookies automatically when you close your browser. Deactivating cookies may restrict the functionality of this website.
Cookies necessary to perform the electronic communication process are saved pursuant to article 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in saving cookies for the technically defect-free and optimised provision of its services. Where other cookies (e.g. for analysing your surfing behaviour) are saved, these will be treated separately in the data privacy statement.

Server log files
The provider of our website automatically collects and saves information that your browser automatically transmits to us in ‘server log files.’ The log files include:

Referrer URL (the website you have come from)
Browser type, browser version and language
Operating system used and its interface
IP address (anonymised)
Time of server request
Http status code – access status
Data volume transmitted
Storage duration of 7 days

This data is not linked to any other source of information.

The legal basis for data processing is article 6 para. 1 (f) of the GDPR, which permits the processing of data for optimal presentation and security of the website based upon our legitimate interest, unless this is outweighed by your interests in the exclusion of data collection.

5. Company Pages on Social Media

Data privacy statement on our Facebook page
The objectives of our FAP Facebook page are

  • Direct contact with our online visitors with the aim of client acquisition and loyalty and the associated offering of contemporary communication channels,
  • Information on our contributions and offerings.
    Pursuant to article 6 (1) f of the GDPR, the use of the social media channel is in our legitimate interests. Nevertheless, it is important to us to inform you transparently here of the data protection-related issues for which we are jointly responsible.

When you visit our Facebook page, Facebook collects, inter alia, your IP address and further information available on your terminal device in the form of cookies. This information is used to provide statistical information to us as the operator of the Facebook page regarding the use of our page. If you would like to avoid this, log out of Facebook or block the ’stay logged in’ function and configure your browser to prevent cookies from being saved or to ensure that they are promptly deleted. Further information regarding the use of cookies by Facebook can be found in their cookie guidelines. You can also make slight changes to how Facebook uses your data in the advertising preferences and general settings.

We do not currently use anything more than the basic functions on our page. For more on the basic functions, please refer to Facebook’s data privacy statement here. The data collected about you in this regard is processed by Facebook Ltd. and may be transmitted to countries outside of the European Union. The information Facebook obtains and how this is used is described by Facebook in general form in its data usage guidelines.

6. What are your rights pursuant to the GDPR?

The objective of the GDPR is to ensure that you, as the data subject, have the most possible control over your personal data. Personal data means all data that can be related to you as a person directly or indirectly. To allow you to exercise control over your data effectively, you have the following rights towards us:
The right to information pursuant to article 15 of the EU GDPR
The right to correction pursuant to article 16 of the EU GDPR
The right to deletion pursuant to article 17 of the EU GDPR
The right to restriction of processing pursuant to article 18 of the EU GDPR
The right to object pursuant to article 21 of the EU GDPR.

You also have a right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR if you are of the opinion that we are processing your data unlawfully. A list of all regulatory authorities can be found here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The right to data portability pursuant to article 20 is only relevant to visiting our website where you have the opportunity to create a profile (e.g. applicant profile, member profile or similar) or to enter corresponding information about yourself.

DATA PRIVACY INFORMATION\clients, interested parties and suppliers

Data privacy information
for the collection of personal data
in relation to the interested party/client/supplier relationship

Dear clients, interested parties and suppliers,

Pursuant to the EU General Data Protection Regulation (GDPR), we are subject to new information obligations as the responsible party for data processing of personal data. In accordance with article 13 and 14 of the GDPR, we therefore advise you as follows:

Responsible party:

FAP-Group GmbH
Marburger Straße 17, 10789 Berlin

Authorised representative:

Data protection officer:

datenschutz@fap-group.de
www.mb-datenschutz.de

Purposes of data processing of your personal data:

Responding to enquiries, processing contracts, sending relevant promotional offers, credit checks and customer service

Legal bases for the processing of your data:

  • EU GDPR article 6 (1) a) enables us to process your data based upon your consent for certain purposes, e.g. subscription to our newsletter.
  • EU GDPR article 6 (1) b) covers data processing, which is necessary for fulfilling a contract and for pre-contractual measures.
  • EU GDPR article 6 (1) c) enables us to process your data based upon a legal obligation, e.g. storage obligations pursuant to financial and fiscal law.
  • Article 6 (1) f) EU GDPR enables us to process your personal data if we or a third-party have a legitimate interest in such processing and this is not opposed by your interests, fundamental rights or fundamental freedoms, e.g.:
    • E-mail advertising pursuant to § 7 (3) UWG of the Unfair Competition Act (UWG)o
    • Avoidance of damages and/or liability of the company via appropriate measures
    • Assertion, exercising or defence or legal claimsDuration of data storage:General: Once the purpose of the data processing ceases to apply and following expiry of the statutory storage periods, your personal data will be deleted. Storage obligations of 6 and 10 years typically apply for companies.

Where the storage is based upon your consent, we will delete your personal data should you revoke your consent.

Recipients of your personal data:

In our company, personnel only obtain access to your personal data who require such data to fulfil their duties, and only then to the extent required. All personnel are obliged to maintain confidentiality and data protection.

Service providers instructed may receive your personal data to fulfil the purposes described if these fulfil the confidentiality requirements under data protection law. These may be companies in the categories: IT services, printing and mailing services, data destruction, credit checking service providers, banks / banking service providers. Such service providers are known as processing service providers (processors), which are particularly contractually obliged pursuant to legal requirements.

Public bodies, such as tax offices, will only receive your personal data if legal obligations apply.

Your data will not be forwarded outside of the EU/EEA.

Data we receive about your from third parties:

None

Your data protection rights:

You have the right to information pursuant to article 15 of the EU GDPR, the right to correction pursuant to article 16 of the EU GDPR, the right to deletion pursuant to article 17 of the EU GDPR, the right to restriction of processing pursuant to article 18 of the EU GDPR and the right to object pursuant to article 21 of the EU GDPR. You also have the right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR.

DATA PRIVACY INFORMATION\applicant management

Data privacy information
for the collection of personal data
in relation to applicant management

Pursuant to the EU General Data Protection Regulation (GDPR), we are subject to corresponding information obligations as the responsible party for data processing of personal data.

In accordance with article 13 and 14 of the EU GDPR, we advise you as follows:

Responsible party:

FAP-Group GmbH
Marburger Straße 17, 10789 Berlin

Authorised representative:

Data protection office / point of contact:

datenschutz@fap-group.de
www.mb-datenschutz.de

Purposes of data processing of your personal data:

Applicant management

Legal bases for the processing of personnel data:

§ 26 of the Federal Data Protection Act (BDSG) (1) covers the data processing necessary to establish, implement and terminate an employment relationship as well as to detect criminal offences in the employment contract relationship.

§ 26 of the Federal Data Protection Act (BDSG) (2) allows us to process your data based upon a voluntary written consent from you (revocable with future effect), which will not create any disadvantages for you in our employment relationship, e.g. inclusion of your application documents in our pool of applicants

§ 26 of the Federal Data Protection Act (BDSG) (3) allows us to process your sensitive data (e.g.: health-related data, union membership) if this is necessary to exercise rights or to fulfil legal obligations under employment law, social security law or social protection and this does not oppose your legitimate interests.

Article 6 (1) f) of the EU GDPR enables us to process your personal data if we or a third-party have a legitimate interest in such processing and this is not opposed by your interests, fundamental rights or fundamental freedoms, e.g.:

  • Assertion, exercising or defence of legal claims

Duration of data storage:

General: Once the purpose of the data processing ceases to apply and following expiry of the statutory storage periods, your personal data will be deleted. Storage obligations (upon acceptance) of 6 and 10 years typically apply for companies.

Application documents will be deleted no later than 6 months following rejection.

Where the storage is based upon your consent, we will delete your personal data should you revoke your consent.

Recipients of your personal data:

In our company, personnel only obtain access to your personal data who require such data to fulfil their duties, and only then to the extent required.

Service providers instructed may receive your personal data to fulfil the purposes described if these fulfil the confidentiality requirements under data protection law. In this case, this is the applicant portal operator.

Public bodies for social security and tax offices will receive your personal data in connection with social security and tax contributions.

Your data will not be forwarded outside of the EU/EEA.

Data we receive about your from third parties:

In the event that you have been introduced to us as a potential employee by a recruitment firm, we will receive your application documents from them.

Your data protection rights:

You have the right to information pursuant to article 15 of the EU GDPR, the right to correction pursuant to article 16 of the EU GDPR, the right to deletion pursuant to article 17 of the EU GDPR, the right to restriction of processing pursuant to article 18 of the EU GDPR, the right to portability pursuant to article 20 and the right to object pursuant to article 21 of the EU GDPR. You also have the right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR.