Data privacy

When you visit our website, we collect various data. This data is primarily collected to provide you with convenient and secure access to our information and offerings. Evidently, we also use our website to pursue commercial interests in order to enhance both our image and revenue. In the interest of fairness and transparency, we are happy to inform you about this in detail below pursuant to the EU GDPR (European General Data Protection Regulation).

Who is responsible for data collection?

As the website operator (legal notice), we are responsible for data collection from your visit to this website since we are responsible for which technologies are used on our website for which purposes.

How do we collect your data?

Firstly, we collect data that you provide to us. This might include, for instance, data you enter on a contact form. Other data is collected automatically via our IT systems when you visit the website. This primarily includes technical data (e.g. internet browser, operating system and the time at which you visited the website).
This data is collected automatically as soon as you access our website.

How do we use your data?

Some data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour and to improve our website for you.

What rights do you have regarding your data?

You have the right at any time to obtain information free of charge regarding the origin, recipient and purpose of your saved personal data. You also have the right to request the correction, blocking or deletion of this data. You also have the right of complaint to the responsible regulatory authority. For further information on these matters and the subject of data protection, you can contact us at any time via the address provided in the legal notice.

TLS encryption

This website uses TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or enquiries you send to us as the website operator. You can identify an encrypted connection from the browser’s address bar, where the ‘http://’ changes to ‘https://’ and a padlock symbol appears. When TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

General information and mandatory information

The operator of this website takes the protection of your personal data very seriously. When you use this website, various personal data is collected that could be used to identify you personally. We treat your personal data (definition pursuant to article 4 (1) of the GDPR) confidentially and in accordance with legal data protection regulations. This data privacy statement explains which data we collect, what we used it for and how and to what end we use it. Please note that, even with optimal security, data transmission over the internet (e.g. communication by email) may not be completely secure. It is not possible to protect data completely against access by third parties.

Note on the responsible authority
The responsible authority (article 4 (7) of the GDPR) for data processing on this website can be found in the legal notice.

Your contact with our data protection officer

We have appointed www.mb-datenschutz.de as our data protection officer. For enquiries regarding data protection, please e-mail datenschutz@fap-group.com. For all other enquiries, please use contact@fap-group.com.

Data collection on our website

Cookies

Our website uses cookies. These help make our website more user-friendly, effective and secure. Cookies are small text files that are saved in the browser on your terminal device. Cookies do not damage your computer or contain any viruses.
We primarily use “session cookies,” which are automatically deleted at the end of your visit. Other cookies remain saved on your device until you delete them. These cookies enable us to recognize your browser the next time you visit and to use the settings previously applied by you.
You can configure your browser so that you are informed when cookies are saved and only allow these on an individual basis, block cookies entirely or in specific cases, and delete cookies automatically when you close your browser. Deactivating cookies may restrict the functionality of this website.
Cookies necessary to perform the electronic communication process are saved pursuant to article 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in saving cookies for the technically defect-free and optimised provision of its services. Where other cookies (e.g. for analysing your surfing behaviour) are saved, these will be treated separately in the data privacy statement.

Server log files

The provider of our website automatically collects and saves information that your browser automatically transmits to us in ‘server log files.’ The log files include:

• Referrer URL (the website you have come from)
• Browser type, browser version and language
• Operating system used and its interface
• IP address (anonymised)
• Time of server request
• Http status code – access status
• Data volume transmitted
• Storage duration of 7 days

This data is not linked to any other source of information.

The legal basis for data processing is article 6 para. 1 (f) of the GDPR, which permits the processing of data for optimal presentation and security of the website based upon our legitimate interest, unless this is outweighed by your interests in the exclusion of data collection.

Matomo

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the recognition of the user across pages for the analysis of user behaviour (e.g. cookies or device fingerprinting).
The information captured by Matomo about the use of this website is logged on our server. The IP address is anonymised before storage. With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

IP anonymisation
We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

Further information can be found at https://matomo.org/docs/privacy

What are your rights pursuant to the GDPR?

The objective of the GDPR is to ensure that you, as the data subject, have the most possible control over your personal data. Personal data means all data that can be related to you as a person directly or indirectly. To allow you to exercise control over your data effectively, you have the following rights towards us:

• The right to information pursuant to article 15 of the EU GDPR
• The right to correction pursuant to article 16 of the EU GDPR
• The right to deletion pursuant to article 17 of the EU GDPR
• The right to restriction of processing pursuant to article 18 of the EU GDPR
• The right to object pursuant to article 21 of the EU GDPR.

You also have a right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR if you are of the opinion that we are processing your data unlawfully. A list of all regulatory authorities can be found here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The right to data portability pursuant to article 20 is only relevant to visiting our website where you have the opportunity to create a profile (e.g. applicant profile, member profile or similar) or to enter corresponding information about yourself.

DATA PRIVACY INFORMATION\clients, interested parties and suppliers

Data privacy information for the collection of personal data in relation to the interested party/client/supplier relationship

Dear clients, interested parties and suppliers,

Pursuant to the EU General Data Protection Regulation (GDPR), we are subject to new information obligations as the responsible party for data processing of personal data. In accordance with article 13 and 14 of the GDPR, we therefore advise you as follows:

Responsible party:

FAP Group GmbH
Lietzenburger Str. 51, 10789 Berlin

Authorised representative:

Data protection officer:
datenschutz@fap-group.com
www.mb-datenschutz.de

Purposes of data processing of your personal data:

Responding to enquiries, processing contracts, sending relevant promotional offers, credit checks and customer service

Legal bases for the processing of your data:

• EU GDPR article 6 (1) a) enables us to process your data based upon your consent for certain purposes, e.g. subscription to our newsletter.
• EU GDPR article 6 (1) b) covers data processing, which is necessary for fulfilling a contract and for pre-contractual measures.
• EU GDPR article 6 (1) c) enables us to process your data based upon a legal obligation, e.g. storage obligations pursuant to financial and fiscal law.
• Article 6 (1) f) EU GDPR enables us to process your personal data if we or a third-party have a legitimate interest in such processing and this is not opposed by your interests, fundamental rights or fundamental freedoms, e.g.:
  • E-mail advertising pursuant to § 7 (3) UWG of the Unfair Competition Act (UWG)o
  • Avoidance of damages and/or liability of the company via appropriate measures
  • Assertion, exercising or defence or legal claimsDuration of data storage:General: Once the purpose of the data processing ceases to apply and following expiry of the statutory storage periods, your personal data will be deleted. Storage obligations of 6 and 10 years typically apply for companies.

Where the storage is based upon your consent, we will delete your personal data should you revoke your consent.

Recipients of your personal data:

In our company, personnel only obtain access to your personal data who require such data to fulfil their duties, and only then to the extent required. All personnel are obliged to maintain confidentiality and data protection.

Service providers instructed may receive your personal data to fulfil the purposes described if these fulfil the confidentiality requirements under data protection law. These may be companies in the categories: IT services, printing and mailing services, data destruction, credit checking service providers, banks / banking service providers. Such service providers are known as processing service providers (processors), which are particularly contractually obliged pursuant to legal requirements.

Public bodies, such as tax offices, will only receive your personal data if legal obligations apply.

Your data will not be forwarded outside of the EU/EEA.

Data we receive about your from third parties:

None

Your data protection rights:

You have the right to information pursuant to article 15 of the EU GDPR, the right to correction pursuant to article 16 of the EU GDPR, the right to deletion pursuant to article 17 of the EU GDPR, the right to restriction of processing pursuant to article 18 of the EU GDPR and the right to object pursuant to article 21 of the EU GDPR. You also have the right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR.

DATA PRIVACY INFORMATION\applicant management

Data privacy information for the collection of personal data in relation to applicant management

Pursuant to the EU General Data Protection Regulation (GDPR), we are subject to corresponding information obligations as the responsible party for data processing of personal data.

In accordance with article 13 and 14 of the EU GDPR, we advise you as follows:

Responsible party:

FAP Group GmbH
Lietzenburger Str. 51, 10789 Berlin

Authorised representative:

Data protection office / point of contact:
datenschutz@fap-group.com
www.mb-datenschutz.de

Purposes of data processing of your personal data:

Applicant management

Legal bases for the processing of personnel data:

§ 26 of the Federal Data Protection Act (BDSG) (1) covers the data processing necessary to establish, implement and terminate an employment relationship as well as to detect criminal offences in the employment contract relationship.

§ 26 of the Federal Data Protection Act (BDSG) (2) allows us to process your data based upon a voluntary written consent from you (revocable with future effect), which will not create any disadvantages for you in our employment relationship, e.g. inclusion of your application documents in our pool of applicants

§ 26 of the Federal Data Protection Act (BDSG) (3) allows us to process your sensitive data (e.g.: health-related data, union membership) if this is necessary to exercise rights or to fulfil legal obligations under employment law, social security law or social protection and this does not oppose your legitimate interests.

Article 6 (1) f) of the EU GDPR enables us to process your personal data if we or a third-party have a legitimate interest in such processing and this is not opposed by your interests, fundamental rights or fundamental freedoms, e.g.:

• Assertion, exercising or defence of legal claims

Duration of data storage:

General: Once the purpose of the data processing ceases to apply and following expiry of the statutory storage periods, your personal data will be deleted. Storage obligations (upon acceptance) of 6 and 10 years typically apply for companies.

Application documents will be deleted no later than 6 months following rejection.

Where the storage is based upon your consent, we will delete your personal data should you revoke your consent.

Recipients of your personal data:

In our company, personnel only obtain access to your personal data who require such data to fulfil their duties, and only then to the extent required.

Service providers instructed may receive your personal data to fulfil the purposes described if these fulfil the confidentiality requirements under data protection law. In this case, this is the applicant portal operator.

Public bodies for social security and tax offices will receive your personal data in connection with social security and tax contributions.

Your data will not be forwarded outside of the EU/EEA.

Data we receive about your from third parties:

In the event that you have been introduced to us as a potential employee by a recruitment firm, we will receive your application documents from them.

Your data protection rights:

You have the right to information pursuant to article 15 of the EU GDPR, the right to correction pursuant to article 16 of the EU GDPR, the right to deletion pursuant to article 17 of the EU GDPR, the right to restriction of processing pursuant to article 18 of the EU GDPR, the right to portability pursuant to article 20 and the right to object pursuant to article 21 of the EU GDPR. You also have the right of complaint to a data protection regulatory authority pursuant to article 77 of the EU GDPR.

FAP Group GmbH

Head Office Berlin
Lietzenburger Str. 51
10789 Berlin
Germany

Phone +49 30 84415949-0
contact@fap-group.com