Data Protection
Thank you for your interest in our website, www.career.cascoauto.com. The protection of personal data is of great importance to us. The processing of your personal data by Casco Schoeller GmbH is based on a legal basis and, if necessary, on the basis of your consent. The most important legal foundation as of 25/05/2018 is the so-called EU General Data Protection Regulation (GDPR).
The following will inform you about the processing of your personal data when you visit our website, www.career.cascoauto.com.
1. Controller
The controller in the context of your use of the website is Casco Schoeller GmbH (hereinafter: “CASCO SCHOELLER”) unless other companies of the Casco Schoeller Group are expressly named as the controller.
2. Surfing CascoAuto.com
For what purposes do we process your data?
If you visit our website, your browser will contact our web server to retrieve the pages you want. In principle, you don’t have to sign up or identify yourself to use this feature. However, the assignment of requests and feedback from our server is based on your IP address, which may create a reference to your person.
In particular, personal data such as your IP address will be used as part of a HTTPS retrieval to our web server. These connection data are processed by our web server to allow access to the website. If necessary, it is also possible to process form data that you enter.
In addition, the respective HTTPS request is recorded in a logfile. We use this for technical troubleshooting and to be able to defend against and resolve attacks on our systems. In addition, we create analyses from the logfiles that are already stored in order to optimise our websites. The analysis as such takes place in an anonymous form, i.e. by summary of retrieval data, so that the results no longer have a personal reference.
On what legal basis do we process your data?
The legal basis for the processing of your data depends on the specific purpose of your visit:
- When you visit our website to create contracts or business relations with us, the legal basis for processing your data is Article 6 (1) Lit. b GDPR (initiation or execution of a contract).
- The processing is also usually carried out on the basis of our legitimate interests pursuant to Article 6 (1) Lit. f GDPR. Our legitimate interest is to provide a website for general information and communication purposes and for the presentation of our company.
The processing of logfiles is usually done on the basis of our legitimate interests pursuant to Article 6 (1) Lit. f GDPR. Our legitimate interest is to protect our systems from attacks and, if necessary, to take legal action against attackers and to further develop our websites for economic purposes.
Do you have an obligation to provide your data and what happens if you decide not to do so?
Use of the website or, if applicable, of forms on the website, is not possible without the processing of your connection and, where applicable, form data.
To whom will your data be shared and/or who is involved in the processing of your data?
In principle, processing is fully automatic. Our website is operated on our behalf by Symbio in The Netherlands via cloud-based servers from Rackspace in London who are acting on our behalf (Art. 28 GDPR) as service providers for hosting services. Our IT department has access to the logfiles. These are used by the responsible internal departments for the above-mentioned purposes and are also transferred where necessary to external recipients (in particular prosecuting authorities for tracking attacks).
How long will your data be stored?
The logfile data are stored for 24 days. All other data will be deleted immediately after the HTTPS request has been completed.
3. Contact forms, email communications
For what purposes do we process your data?
Our website offers you the possibility to contact us by email and/or via a contact form. In particular, we offer applicants the opportunity to apply for job vacancies on the website and to upload additional documents (e.g. their CV). In this case, the information you provide will be stored for the purpose of processing your contact request or application, as well as for possible follow-up questions. If you contact us with a request or we contact you, we will of course also process your personal data such as name, address, telephone number as well as the contents of the communication for the purpose of carrying out the exchange with you.
On what legal basis do we process your data?
The processing of your data within the framework of communications via the contact form or email takes place based on Article 6 (1) lit. b GDPR to the extent that the exchange is related to the initiation or fulfilment of a contract with you.
Furthermore, the legal basis depends on the specific purpose of the exchange, in most cases Article 6 (1) Lit. f GDPR (our legitimate interest to conduct business correspondence or, for example, to answer inquiries regarding data protection).
Is there an obligation to provide your data and what happens if you decide not to do so?
You are not obligated to provide your data. Communications via email or the contact form, or the submission of an application, however, is not possible without the processing of your personal data.
To whom will your data be shared and/or who is involved in the processing of your data?
We will only pass on your data internally to the department responsible for your request. This may include forwarding to other companies in the CASCO SCHOELLER Group.
How long will your data be stored?
Your personal data will be deleted, as far as they are no longer necessary for the exchange with you. The data may be extended on the basis of Article 6 (1) Lit. c GDPR in conjunction with the relevant statutory retention periods (in particular according to trade and tax law). With business correspondence this usually applies six years after the end of the year in which the data was received.
4. Use of Google Analytics and cookies
4.1 Processing
For what purposes do we process your data?
We use the service “Google Analytics”. This allows a data traffic analysis for our website (web analytics). This helps us to constantly improve the information and structure of our website. Using Google Analytics, we can, inter alia, evaluate which sections and subpages of our site are visited, and for how often and for how long, and which other websites users find us from.
To use the Google Analytics services, we use so-called cookies and similar technologies. A cookie is a small text file consisting of letters and numbers that is stored on your device when you visit a website. When you visit this website on your computer or mobile device, a cookie contains information that is stored for the duration of your visit (called session cookies) or for a longer period of time (so-called permanent cookies). When browsing the website, our system, or other websites that recognise this cookie, can query it. This makes it possible to distinguish your device from other visitors’ devices while browsing the website.
For the Google Analytics services, the company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States) processes on our behalf various usage data of the users of our website (such as, in addition to the above, also which sites are visited on CascoAuto.com, how long you visit these pages, how often you revisit our site) and assigns it to an anonymous reference number. Additionally, certain information will be processed that saved in the _utmz cookie on the website operator from whom you reached us (in particular the URL of the previous site, and, if applicable, the search engine and search terms used). These usage data are used for non-personalised analyses of the use of our website.
On what legal basis do we process your data?
Data processing is carried out on the basis of Article 6 (1) Lit. f GDPR. The processing serves the legitimate interest of our users to get the best possible user experience. It also serves our legitimate business interests to optimise our website, to further improve its reach, usability and content, and thus ultimately to promote our business.
Is there an obligation to provide your data and what happens if you decide not to do so?
There is no obligation to provide your usage data for the above-mentioned purposes. You can also use the features of the site if you choose not to do so. You may object to the use of your personal information by installing the Google Analytics’ “opt-out” browser plugins (cf. 4.2).
To whom will your data be shared and/or who is involved in the processing of your data?
User data will be sent to Google and automated and processed there on our behalf. In principle, the analysis options of CASCO SCHOELLER are only used internally by our IT and online marketing departments.
Will your data be sent to a third country or an international organisation?
In individual cases, usage data is sent to Google servers in the United States of America. Google is certified per the so-called EU-US Privacy Shield, which ensures an adequate level of data protection.
How long will your data be stored?
Your user data will be stored by us for 18 months and then automatically deleted.
4.2 Use of cookies
As part of the use of Google Analytics, the following cookies are used:
| COOKIES USED | |||
| Name | Type | Purpose/content | Expiration after |
| _utma | Permanent | This Cookie keeps track of how often a user visits our site, and when the first and last visit was. Google Analytics uses this cookie to calculate user statistics. | 2 years |
| _utmb | Session | These cookies work together to calculate how long a visit lasts. _utmb records when a user enters a page. utmc records when a user leaves the page, and expires at the end of each session. | 30 min. |
| _utmz | Permanent | This cookie contains information about which sites and from which parts of the world users come to our site, as well as which search engine and search terms were used, if any. | 6 months |
| _utmv | Permanent | This cookie contains user-defined information and allows us to better classify visitors into groups. | 2 years after the last visit |
| _ga | Permanent | This cookie allows us to distinguish between our users. | 2 years after the last visit |
| _gat | Permanent | This cookie is used to curb the query rate and improve performance of the site. | After 10 minutes |
| _gid | Permanent | This cookie allows us to distinguish between our users. | 24 hours |
LEGAL NOTICES
Revocation of consent/right to object
You have different options on how you can prevent the storage of cookies and/or data processing by Google Analytics:
- You can change the settings of your browser to prevent the setting of cookies by our website. As a result, however, in individual cases other functions (for example the online shop) may be impaired.
- You can download and install the Google “opt-out” add-on for your browser. Opt-out cookies prevent the future collection of your data when visiting this and other websites. To prevent detection across different devices, you must install the opt-out add-on for all systems in use.
- If you click here, an opt-out cookie will be set by our site – the further collection of data or storage of cookies will be omitted. Please note: if you delete your browser’s cookies, you will need to opt out again.
To review your cookie preferences, please click here.
5. Use of the LinkedIn social media plugin
Who is responsible for LinkedIn?
We use a social media plugin from LinkedIn on our website. LinkedIn Ireland Unlimited Company(Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland) is responsible for the data under data protection law. We do not have access to the data collected by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland as part of the social media plugin. Every processing of the data is determined by LinkedIn alone.
In the interests of the best possible transparency, we would like to give you some information on data processing in connection with LinkedIn.
For more information, see the LinkedIn privacy statement (available at linkedin.com/legal/privacy-policy).
For what purposes Is LinkedIn used?
We use LinkedIn’s social media plugin on our website to make our website more attractive by providing a quick link to LinkedIn’s social network. In addition, we promote the presence of CASCO SCHOELLER on LinkedIn, which we use for business contacts with potential and existing customers and employees.
On what legal basis do we process your data?
The processing of your personal data in connection with the LinkedIn social media plugin serves the legitimate interests of CASCO SCHOELLER according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to optimise our website and strengthen our presence on LinkedIn’s social network to further our business purposes.
For more information on the legal basis for the processing of your personal information, please refer to the LinkedIn Privacy Policy (available at linkedin.com/legal/privacy-policy).
To whom will your data be transmitted and/or who is involved in the processing of my data?
We do not have access to your personal information in connection with the LinkedIn social media plugin, and we do not share information with third parties.
For more information about LinkedIn’s disclosure of personally identifiable information, see LinkedIn’s Privacy Policy (available at linkedin.com/legal/privacy-policy).
Will your data be transmitted to a third country or an international organisation?
We do not transmit your personal information to a third country or international organisation in connection with the LinkedIn social media plugin.
If LinkedIn’s social media plug-in connects to servers owned by LinkedIn, and personal information is shared, you will find information pertaining to this in LinkedIn’s privacy policy (available at linkedin.com/legal/privacy-policy)
How long will your data be stored?
We do not store any personal information in connection with the map service LinkedIn.
For more information about LinkedIn’s storage of your personal information, please see LinkedIn’s Privacy Policy (available at linkedin.com/legal/privacy-policy).
6. Applications
Who is responsible?
Our site offers you the opportunity to apply for open positions at CASCO SCHOELLER Group company.
The controller(s) responsible for processing your personal data are, in addition to the Casco Schoeller GmbH, which receives all applications first, the companies responsible for your application within the CASCO SCHOELLER Group.
For what purposes do we process your data?
Your personal data, which you share with us as part of your application, are treated confidentially and are used exclusively for the purpose of processing your application and, if necessary, are stored electronically to carry out the subsequent employment relationship.
We need the data processed during the application process for the possible conclusion of an employment relationship or to reach a decision on your employment. We process these personal data in order to check your suitability for the respective position, for the purpose of processing the application as well as for establishing your identity and contacting you.
By means of a separate declaration, you can consent to us adding your unsuccessful application to our pool of applicants for a maximum of 24 months following completion of the respective application process. In that case, we may contact you again if suitable job advertisements match your profile.
On what legal basis do we process your data?
The processing of your personal data within the scope of the application procedure is carried out on the basis of Article 6 (1) Lit. b GDPR (initiation or execution of a contract) and, where applicable, national provisions on employee data protection (e.g. in Germany: § 26 para 1 p. 1 of the Federal Data Protection Act).
Your data will be stored in the applicant pool on the basis of your consent pursuant to Article 6 (1) Lit. a GDPR.
Do you have an obligation to provide your data or is it necessary to conclude a contract, and what happens if you decide not to do so?
Please note that you are not obligated to provide your data as part of the application process. However, the execution of the application process and the basis of an employment relationship are not possible without the processing of your data, i.e. your application cannot be taken into consideration without providing the data.
If you do not give your consent for the inclusion of your application in our pool of applicants, this does not result in any disadvantages for the specific application procedure. However, we cannot contact you for any other vacancies.
To whom are your data shared with, and/or who is involved in the processing of your data?
We share your data within the CASCO SCHOELLER Group to the company responsible for your application or to the responsible department within the company.
Will your data be sent to a third country or an international organisation?
Depending on which company within the CASCO SCHOELLER Group is responsible for your application, it may be forwarded to a third country outside of the EU. In this case we guarantee that suitable safeguards exist for the protection of your personal data, in particular through the conclusion of standard data protection clauses in accordance with Art. 46 (1) lit. c GDPR.
How long will your data be stored?
The deletion of your personal data takes place as soon as they are no longer required for the application process (for example, in the case of rejection or negative decision of your application).
If you have consented to the inclusion of your application in our pool of applicants, your application will be stored for a maximum of 24 months, after which we will delete your data there automatically. Even before the end of these 24 months, you can always contact our data protection officer at the contact details below and request the deletion of your data from the pool of applicants. The data will then be deleted immediately.
If your application is followed by the conclusion of a contract, your data will continue to be stored and used for the purpose of normal organisational and administrative processes and the employment relationship in compliance with the relevant legal provisions.
7. Your rights
If our companies have processed data about you, in the respective legal scope you have a right to:
- Information, in particular on data stored by the controller and their processing purposes (Art. 15 GDPR)
- Correction of incorrect or the completion of incomplete data (Art. 16 GDPR)
- Deletion of data that has been improperly processed or is no longer required (Art. 17 GDPR)
- Restriction of the processing (Art. 18 GDPR)
- Objection to the processing, in particular if this is done to protect the legitimate interests of the controller (Art. 21 GDPR), and
- Data transmission, provided that the processing is based on your consent or takes place for the execution of a contract or with the help of an automated procedure (Art. 20 GDPR)
To the extent that processing is done based on your consent (Article 6 (1) Lit. a) or Article 9 (2) Lit. a) GDPR), you have the right to revoke your consent at any time. The legality of the processing carried out on the basis of the consent up until your revocations is not affected by this.
You also have the right to object to the use of cookies by us that are not required for the functionality of the website at any time.
You also have the opportunity to lodge complaints:
- With our Data Protection Officer Mr Marco Hansen, e-mail: m.hansen@dpoint.de , with our company directly, e-mail: datenschutz@cascoauto.com or with the competent supervisory authorities. For Casco Schoeller GmbH, this is the Hessian Officer for Data Protection and Freedom of Information, Prof. Dr. Michael Ronellenfitsch, Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Version: January 2019
