1. Data privacy statement for this website

When you visit our website, we collect various data. This data is primarily collected to provide you with convenient and secure access to our information and offerings. Evidently, we also use our website to pursue commercial interests in order to enhance both our image and revenue. In the interest of fairness and transparency, we are happy to inform you about this in detail below pursuant to the EU GDPR (European General Data Protection Regulation).

Who is responsible for data collection?
As the website operator (legal notice), we are responsible for data collection from your visit to this website since we are responsible for which technologies are used on our website for which purposes.

How do we collect your data?
Firstly, we collect data that you provide to us. This might include, for instance, data you enter on a contact form. Other data is collected automatically via our IT systems when you visit the website. This primarily includes technical data (e.g. internet browser, operating system and the time at which you visited the website).
This data is collected automatically as soon as you access our website.

How do we use your data?
Some data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour and to improve our website for you.

What rights do you have regarding your data?
You have the right at any time to obtain information free of charge regarding the origin, recipient and purpose of your saved personal data. You also have the right to request the correction, blocking or deletion of this data. You also have the right of complaint to the responsible regulatory authority. For further information on these matters and the subject of data protection, you can contact us at any time via the address provided in the legal notice.

SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or enquiries you send to us as the website operator. You can identify an encrypted connection from the browser’s address bar, where the ‘http://’ changes to ‘https://’ and a padlock symbol appears. When SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Analysis tools and tools of third-party providers
When you visit our website, your surfing behaviour can also be evaluated statistically. This is done primarily using cookies with analysis programmes. Your surfing behaviour is normally analysed anonymously; surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. We will inform you of the details of this analysis and options to object to it in this data privacy statement.

2. General information and mandatory information

The operator of this website takes the protection of your personal data very seriously. When you use this website, various personal data is collected that could be used to identify you personally. We treat your personal data (definition pursuant to article 4 (1) of the GDPR) confidentially and in accordance with legal data protection regulations. This data privacy statement explains which data we collect, what we used it for and how and to what end we use it. Please note that, even with optimal security, data transmission over the internet (e.g. communication by email) may not be completely secure. It is not possible to protect data completely against access by third parties.

Note on the responsible authority
The responsible authority (article 4 (7) of the GDPR) for data processing on this website can be found in the legal notice.

3. Your contact with our data protection officer

We have appointed www.mb-datenschutz.de as our data protection officer. For enquiries regarding data protection, please e-mail datenschutz@fap-group.de. For all other enquiries, please use contact@fap-group.de.

4. Data collection on our website

Cookies
Our website uses cookies. These help make our website more user-friendly, effective and secure. Cookies are small text files that are saved in the browser on your terminal device. Cookies do not damage your computer or contain any viruses.
We primarily use “session cookies,” which are automatically deleted at the end of your visit. Other cookies remain saved on your device until you delete them. These cookies enable us to recognize your browser the next time you visit and to use the settings previously applied by you.
You can configure your browser so that you are informed when cookies are saved and only allow these on an individual basis, block cookies entirely or in specific cases, and delete cookies automatically when you close your browser. Deactivating cookies may restrict the functionality of this website.
Cookies necessary to perform the electronic communication process are saved pursuant to article 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in saving cookies for the technically defect-free and optimised provision of its services. Where other cookies (e.g. for analysing your surfing behaviour) are saved, these will be treated separately in the data privacy statement.

Server log files
The provider of our website automatically collects and saves information that your browser automatically transmits to us in ‘server log files.’ The log files include:

Referrer URL (the website you have come from)
Browser type, browser version and language
Operating system used and its interface
IP address (anonymised)
Time of server request
Http status code – access status
Data volume transmitted
Storage duration of 7 days

This data is not linked to any other source of information.

The legal basis for data processing is article 6 para. 1 (f) of the GDPR, which permits the processing of data for optimal presentation and security of the website based upon our legitimate interest, unless this is outweighed by your interests in the exclusion of data collection.

5. Plugins

Google Web Fonts
This site uses web fonts provided by Google for standardised presentation of fonts. When you access a site, your browser downloads the necessary web fonts into your browser cache in to order display text and fonts correctly. These fonts are saved there for 1 year to improve loading times. Furthermore, administrative costs and sources of error with font updates are lower with Google.
To this end, your browser must connect to the Google servers. Consequently, Google gains knowledge that our website has been accessed via your IP address (with browser and device data). Google Web Fonts are used in the interest of a standardised and attractive presentation of our online offerings. This represents a legitimate interest pursuant to article 6 para. 1 (f) of the GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
For further information on Google Web Fonts, please refer to https://developers.google.com/fonts/faq and the Google data privacy statement: https://www.google.com/policies/privacy/.

Google Maps
Our website uses map material from Google Maps via an API. This is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To use the Google Maps functions, your IP address must be sent to a Google server.
Google Maps is used in the interest of the attractive presentation of our online offerings and for the easy location of places indicated by us on the website. This represents a legitimate interest pursuant to article 6 para. 1 (f) of the GDPR.
For further information on the handling of user data, please refer to the Google data privacy statement: https://www.google.de/intl/de/policies/privacy/.

6. Analysis tools and advertising

Google Universal Analytics
This website uses web analytics services with Google Universal Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Use of the website is analysed under the criteria of “location”, “internet browser”, “orders”, “movement behaviour”, “prior website” and “time of server request”. Google Universal Analytics is an extension of Google Analytics. This now enables analysis across all devices. This changes the nature of the saved ID. With Google Analytics, this is the Client ID and with Universal Analytics it is the User ID.

Google Universal Analytics saves cookies for this purpose in your internet browser with a random User ID. This means that, when you visit the site again, you can be recognised and advertising measures can be optimised in your interest.  The information generated via the cookie about your use of this website is normally passed on to a Google server in Ireland and possibly transmitted to the USA, where it will be saved for 14 months. Google Universal Analytics cookies are saved pursuant to article 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise its website and advertising. A pseudonymised evaluation will be undertaken using randomly generated User IDs.
Google Analytics is subject to the “EU-US Privacy Shield” in this regard. See also: https://support.google.com/analytics/answer/7105316?hl=de
For further information on the handling of user data via Google Analytics, please refer to the Google data privacy statement: https://support.google.com/analytics/answer/6004245?hl=de.

IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google in a member state of the European Union or other signatories to the Agreement on the European Economic Area prior to transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and masked there. The IP address forwarded from your browser as part of the Google Analytics service will not be combined with other data by Google.

Deactivate via browser plugin
You can prevent the use of cookies by selecting the appropriate settings in your browser. However, please note that if you do this you may not be able to use the full functionality of this website. You can prevent Google from collecting and processing the data created by the cookie which relates to your use of the websites (including your anonymised IP address) by downloading and installing a browser plug-in that can be found at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objecting to data collection
You can prevent your data from being collected by Google Universal Analytics by clicking on the following link. https://tools.google.com/dlpage/gaoptout?hl=de An opt-out cookie will be saved, which will prevent your data from being collected on future visits to this website. For deactivation on mobile devices, please use the following link:

Order processing
We have concluded an agreement with Google for processing order data and implement the strict requirements of the German data protection authorities entirely in our use of Google Universal Analytics.

Demographic characteristics with Google Universal Analytics

This website uses the “demographic characteristics” function of Google Universal Analytics. This allows us to generate reports that contain information on the age, gender and interests of website visitors. This data originates from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the display settings in your Google account or generally prohibit the collection of your data via Google Analytics as explained in the point “Objecting to data collection”.

7. What are your rights pursuant to the GDPR?

The objective of the GDPR is to ensure that you, as the data subject, have the most possible control over your personal data. Personal data means all data that can be related to you as a person directly or indirectly. To allow you to exercise control over your data effectively, you have the following rights towards us:
The right to information pursuant to article 15 of the EU GDPR
The right to correction pursuant to article 16 of the EU GDPR
The right to deletion pursuant to article 17 of the EU GDPR
The right to restriction of processing pursuant to article 18 of the EU GDPR
The right to object pursuant to article 21 of the EU GDPR.

You also have a right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR if you are of the opinion that we are processing your data unlawfully. A list of all regulatory authorities can be found here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The right to data portability pursuant to article 20 is only relevant to visiting our website where you have the opportunity to create a profile (e.g. applicant profile, member profile or similar) or to enter corresponding information about yourself.

DATA PRIVACY INFORMATION\clients, interested parties and suppliers

Data privacy information
for the collection of personal data
in relation to the interested party/client/supplier relationship

Dear clients, interested parties and suppliers,

Pursuant to the EU General Data Protection Regulation (GDPR), we are subject to new information obligations as the responsible party for data processing of personal data. In accordance with article 13 and 14 of the GDPR, we therefore advise you as follows:

Responsible party:

FAP-Group GmbH
Marburger Straße 17, 10789 Berlin

Authorised representative:

Data protection officer:

datenschutz@fap-group.de
www.mb-datenschutz.de
Purposes of data processing of your personal data:

Responding to enquiries, processing contracts, sending relevant promotional offers, credit checks and customer service

Legal bases for the processing of your data:

  • EU GDPR article 6 (1) a) enables us to process your data based upon your consent for certain purposes, e.g. subscription to our newsletter.
  • EU GDPR article 6 (1) b) covers data processing, which is necessary for fulfilling a contract and for pre-contractual measures.
  • EU GDPR article 6 (1) c) enables us to process your data based upon a legal obligation, e.g. storage obligations pursuant to financial and fiscal law.
  • Article 6 (1) f) EU GDPR enables us to process your personal data if we or a third-party have a legitimate interest in such processing and this is not opposed by your interests, fundamental rights or fundamental freedoms, e.g.:
    • E-mail advertising pursuant to § 7 (3) UWG of the Unfair Competition Act (UWG)o
    • Avoidance of damages and/or liability of the company via appropriate measures
    • Assertion, exercising or defence or legal claimsDuration of data storage:General: Once the purpose of the data processing ceases to apply and following expiry of the statutory storage periods, your personal data will be deleted. Storage obligations of 6 and 10 years typically apply for companies.

Where the storage is based upon your consent, we will delete your personal data should you revoke your consent.

Recipients of your personal data:

In our company, personnel only obtain access to your personal data who require such data to fulfil their duties, and only then to the extent required. All personnel are obliged to maintain confidentiality and data protection.

Service providers instructed may receive your personal data to fulfil the purposes described if these fulfil the confidentiality requirements under data protection law. These may be companies in the categories: IT services, printing and mailing services, data destruction, credit checking service providers, banks / banking service providers. Such service providers are known as processing service providers (processors), which are particularly contractually obliged pursuant to legal requirements.

Public bodies, such as tax offices, will only receive your personal data if legal obligations apply.

Your data will not be forwarded outside of the EU/EEA.

Data we receive about your from third parties:

None

Your data protection rights:

You have the right to information pursuant to article 15 of the EU GDPR, the right to correction pursuant to article 16 of the EU GDPR, the right to deletion pursuant to article 17 of the EU GDPR, the right to restriction of processing pursuant to article 18 of the EU GDPR and the right to object pursuant to article 21 of the EU GDPR. You also have the right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR.

DATA PRIVACY INFORMATION\applicant management

Data privacy information
for the collection of personal data
in relation to applicant management

Pursuant to the EU General Data Protection Regulation (GDPR), we are subject to corresponding information obligations as the responsible party for data processing of personal data.

In accordance with article 13 and 14 of the EU GDPR, we advise you as follows:

Responsible party:

FAP-Group GmbH
Marburger Straße 17, 10789 Berlin

Authorised representative:

Data protection office / point of contact:

datenschutz@fap-group.de
www.mb-datenschutz.de
Purposes of data processing of your personal data:

Applicant management

Legal bases for the processing of personnel data:

§ 26 of the Federal Data Protection Act (BDSG) (1) covers the data processing necessary to establish, implement and terminate an employment relationship as well as to detect criminal offences in the employment contract relationship.

§ 26 of the Federal Data Protection Act (BDSG) (2) allows us to process your data based upon a voluntary written consent from you (revocable with future effect), which will not create any disadvantages for you in our employment relationship, e.g. inclusion of your application documents in our pool of applicants

§ 26 of the Federal Data Protection Act (BDSG) (3) allows us to process your sensitive data (e.g.: health-related data, union membership) if this is necessary to exercise rights or to fulfil legal obligations under employment law, social security law or social protection and this does not oppose your legitimate interests.

Article 6 (1) f) of the EU GDPR enables us to process your personal data if we or a third-party have a legitimate interest in such processing and this is not opposed by your interests, fundamental rights or fundamental freedoms, e.g.:

  • Assertion, exercising or defence of legal claims

Duration of data storage:

General: Once the purpose of the data processing ceases to apply and following expiry of the statutory storage periods, your personal data will be deleted. Storage obligations (upon acceptance) of 6 and 10 years typically apply for companies.

Application documents will be deleted no later than 6 months following rejection.

Where the storage is based upon your consent, we will delete your personal data should you revoke your consent.

Recipients of your personal data:

In our company, personnel only obtain access to your personal data who require such data to fulfil their duties, and only then to the extent required.

Service providers instructed may receive your personal data to fulfil the purposes described if these fulfil the confidentiality requirements under data protection law. In this case, this is the applicant portal operator.

Public bodies for social security and tax offices will receive your personal data in connection with social security and tax contributions.

Your data will not be forwarded outside of the EU/EEA.

Data we receive about your from third parties:

In the event that you have been introduced to us as a potential employee by a recruitment firm, we will receive your application documents from them.

Your data protection rights:

You have the right to information pursuant to article 15 of the EU GDPR, the right to correction pursuant to article 16 of the EU GDPR, the right to deletion pursuant to article 17 of the EU GDPR, the right to restriction of processing pursuant to article 18 of the EU GDPR, the right to portability pursuant to article 20 and the right to object pursuant to article 21 of the EU GDPR. You also have the right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR.