Privacy policy
https://wks-textil.de/
Table of contents
- Name and contact details of the controller
- Contact details of the data protection officer
- Rights of data subjects
- Data transfer to third countries
- General data processing when visiting our website
- Use of cookies
- Consent Management Platform (CMP)
- Google General
- Cloudflare
- WordPress
- Use of contact forms
- Data processing in the context of business communication
- Application procedure
- Application and use of social networks & job boards
- Changes to our privacy policy
1. Name and contact details of the controller
WKS Textilveredlungs GmbH, Industriestrasse 1, 49849 Wilsum
Phone: +49 (0) 5945 89-0
E-mail: info@wks-textil.de
2. Contact details of the data protection officer
Meyer & Meyer Holding SE & Co KG
Attn: Data Protection Officer
Hettlicher Masch 15/17
49084 Osnabrück
E-mail: privacy@meyermeyer.com
3. Rights of data subjects
Every data subject has the right to
- Information (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Objection (Art. 21 GDPR)
- Data portability (Art. 20 GDPR)
Consent given to the processing of personal data can be revoked at any time.
You also have the right to lodge a complaint with a competent data protection supervisory authority. You can find an overview of the competent supervisory authorities at the following link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
4. Data transfer to third countries
When selecting our external services and service providers on our website, we pay attention to European companies wherever possible. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area in the context of using third-party services.
We only permit data processing in third countries if the special requirements of Art. 44 et seq. GDPR are fulfilled. As a rule, we will obtain consent from data subjects in accordance with Art. 49 GDPR prior to such data transfer.
Alternatively, data processing can be carried out on the basis of special guarantees, e.g. the EU Commission’s officially recognized determination of a level of data protection corresponding to the EU (e.g. EU-US Data Privacy Framework) or compliance with officially recognized special contractual obligations (e.g. standard data protection clauses).
We would like to point out that in countries outside the EU/EEA, a level of data protection comparable to that in the EU cannot be guaranteed. For example, US companies may be obliged to disclose personal data to security authorities without data subjects being able to take legal action against this. It can therefore not be ruled out that US authorities may process, evaluate and permanently store data on US servers for surveillance purposes.
5. General data processing when visiting our website
Purposes of data processing
When you visit our website, information of a general nature is automatically collected. This information from website visitors includes, for example, the type of web browser, the operating system used, the domain name of the Internet service provider, the IP address and similar.
They are processed for the following purposes in particular:
- Ensuring a smooth connection to the website,
- Ensuring the smooth use of our website and
- Ensuring and evaluating system security and stability, in particular to detect misuse, and
- for the technically error-free presentation and optimization of our website.
We do not use data to draw conclusions about individuals. However, we reserve the right to check server log files retrospectively if there are concrete indications of unlawful use.
Legal basis
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website as well as ensuring system security and detecting misuse.
Storage duration
In principle, we delete personal data when it is no longer required for the defined purpose of data processing and no statutory retention obligations prevent deletion.
IP addresses and names of Internet service providers used are stored by our external service provider, where our website is hosted, for a maximum period of seven days and then deleted.
Categories of recipients
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. Failure to provide data may mean that the functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.
6. Use of cookies
Purposes of data processing
When our website is accessed, cookies are stored on the end device of the website visitor. We make a fundamental distinction here between cookies that are necessary for us, which enable us to provide basic and flawless functions of the website, and cookies that may be used by third-party services.
Legal basis
The cookies necessary for us are processed on the basis of Section 25 (2) No. 2 TDDDG.
The processing of further cookies is based on your consent in accordance with § 25 para. 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR.
Criteria for determining the storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.
Categories of recipients
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.
Revocation of consent
Consent can be revoked at any time in our CMP. You can access our CMP via the icon at the bottom left of our website.
Profiling
With the help of web analysis tools, the behavior of visitors to our website can be evaluated and interests analyzed.
7. Consent Management Platform (CMP)
Purposes of data processing
We use a Consent Management Platform (CMP) on our website to manage the consents of our website visitors. This requires the use of cookies in order to store the selected consent options.
Legal basis
The use of CMP is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the fulfillment of our legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
Storage duration
The storage period for consent data is generally 12 months from the date of consent.
Categories of recipients
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.
Provision prescribed or required
The provision of personal data is voluntary. If you do not provide it, it will unfortunately not be possible to use our website.
8. Google General
8.1. Google Tag Manager
Description and purpose of data processing
We use Google Tag Manager on our website. Google Tag Manager is a tool with which website tags can be integrated and managed centrally via a user interface. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and deliver the tools integrated via it.
Legal basis
The processing is based on the consent of our website visitors in accordance with Art. 6 para. 1 lit. a GDPR.
Receiver
The Google Tag Manager stores IP addresses, which may also be transmitted to the provider acting as a processor for us. The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
It cannot be ruled out that the provider also processes the data in the USA. We would like to point out that the USA does not guarantee a level of data protection comparable to that of the EU. However, Google is certified in accordance with the “EU-US Data Privacy Framework”.
Criteria for determining the storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.
Provision prescribed or required
The provision of personal data is voluntary. Failure to provide it has no consequences for website visitors.
Revocation of consent
Consent can be revoked at any time in our CMP. You can access our CMP via the icon at the bottom left of our website.
8.2. Google Analytics
Description and purpose of data processing
We use the web analysis service Google Analytics on our website. The service uses cookies that enable us to analyze the use of our website.
IP anonymization is used on our website. The IP address of visitors is truncated within the member states of the EU and the European Economic Area. This truncation eliminates the personal reference of the IP address.
Legal basis
The processing is based on the consent of our website visitors in accordance with Art. 6 para. 1 lit. a GDPR.
Receiver
The data is transferred to the provider of the web analysis service, which acts as a processor for us. The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
It cannot be ruled out that the provider also processes data in the USA. We would like to point out that the USA does not guarantee a level of data protection equivalent to that of the EU. However, Google is certified under the “EU-US Data Privacy Framework”.
Criteria for determining the storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.
Provision prescribed or required
The provision of personal data is voluntary. Failure to provide it has no consequences for website visitors.
Revocation of consent
Consent can be revoked at any time in our CMP. You can access our CMP via the icon at the bottom left of our website.
In addition, website visitors can prevent storage by making the appropriate settings in their browser. This may mean that some functions of our website cannot be used to their full extent.
Furthermore, by installing a browser plugin under the processing by the provider of the web analysis service can be prevented.
Profiling
With the help of the web analysis service, the behavior of website visitors can be evaluated and interests analyzed. A pseudonymous user profile is created for this purpose.
8.3. Google Ads
Description and purpose of data processing
We use Google Ads on our website to place advertisements and analyze the effectiveness of our advertising measures. Personal data such as your IP address, information about your device (e.g. device type, operating system, browser) and interactions with our ads may be processed. The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
Legal basis
The processing is based on the consent of our website visitors in accordance with Art. 6 para. 1 lit. a GDPR.
Receiver
The data is transferred to the provider, which acts as a processor for us. The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
It cannot be ruled out that the provider also processes data in the USA. We would like to point out that the USA does not guarantee a level of data protection equivalent to that of the EU. However, Google is certified under the “EU-US Data Privacy Framework”.
Criteria for determining the storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.
Provision prescribed or required
The provision of your personal data is neither legally nor contractually required. However, Google Ads and targeted advertising cannot be used without your consent.
Revocation of consent
Consent can be revoked at any time in our CMP. You can access our CMP via the icon at the bottom left of our website.
In addition, website visitors can prevent the storage of cookies by selecting the appropriate settings in their browser. This may mean that some functions of our website cannot be used to their full extent.
Profiling
It can be assumed that a profile is created by the provider in this context, so that the provider can use the collected data to display personalized advertising based on your interests.
9. Cloudflare
Description and purpose of data processing
Our website uses the services of Cloudflare. When using the service, personal data such as IP addresses are processed to ensure a secure connection and fast transmission of content.
Legal basis
Data processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring the security and availability of our website.
Receiver
The data is transferred to the provider, which acts as a processor for us. The provider of the service is Cloudflare, Inc (Westminster Bridge Road, 6th Floor, Riverside Building, County Hall London SE1 7PB GB) to secure and optimize the loading times of our website. Cloudflare acts as a content delivery network (CDN).
It cannot be ruled out that the provider also processes data in the USA. We would like to point out that the USA does not guarantee a level of data protection equivalent to that of the EU. However, Cloudflare is certified under the “EU-US Data Privacy Framework”.
Criteria for determining the storage period
The data is only stored by Cloudflare for as long as is necessary to ensure the security and performance of the website. According to Cloudflare, log data is deleted after 24 hours at the latest.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required, but is necessary for the operation and security of the website. Without this data, the security and functionality of the website cannot be guaranteed.
Profiling
No profiling takes place when using Cloudflare.
10. WordPress
Purposes of data processing
We use the WordPress platform for the provision, operation and optimization of the user-friendliness of our website. WordPress uses various plugins for functionality that enable the processing of personal data.
Legal basis
The use of WordPress is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the provision of an online presence.
Storage duration
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Detailed information on the storage duration of cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the icon at the bottom left of our website.
Categories of recipients
The data is transferred to the provider, which acts as a processor for us. The provider of the platform is Automattic Inc (Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA).
It cannot be ruled out that the provider also processes the data in the USA. We would like to point out that the USA does not guarantee a level of data protection comparable to that of the EU. However, the provider is certified in accordance with the “EU-US Data Privacy Framework”.
Provision prescribed or required
The provision of personal data is voluntary. If you do not provide it, it will unfortunately not be possible to use our website.
11. Use of contact forms
Purposes of data processing
The data entered in our contact forms is stored for the purpose of individual communication with the person entering it. For this purpose, it is necessary to enter the data in the input fields marked with an asterisk. This data is used to assign an inquiry and subsequently answer it. The provision of further data is optional and voluntary.
Legal basis
The data entered in the contact form is processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. By providing the contact form, we want to make it easy for you to contact us. Information provided will be stored for a limited period of time for the purpose of processing the request and for possible follow-up questions.
Alternatively, processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (e.g. in the case of a request for a quote or similar).
Storage duration
The data collected will be deleted no later than six months after the request has been processed. If there is a contractual relationship, the storage period is based on the relevant legal requirements.
Categories of recipients
In principle, only those persons have access to personal data transmitted via our contact forms who need it to process contact inquiries.
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, contact inquiries can only be processed if the data in the input fields marked with an asterisk is provided.
12. Data processing in the context of business communication
Purposes of data processing
In the context of business communication, we process data in order to be able to communicate with our partners. This may be done to initiate business or to fulfill contractual and legal obligations, to offer products and to strengthen customer relationships and other purposes.
Legal basis
Depending on the phase of a contact, the following legal bases may be relevant for the processing of data in this context:
- For the implementation of pre-contractual measures or for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR
- To fulfill legal obligations to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR
- To safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR
Criteria for determining the storage period
Personal data is generally deleted or blocked as soon as the purpose of storage no longer applies. The purpose is determined by the content of the communication and the respective business transaction. Retention periods are determined for the respective business transactions on a case-by-case basis. As a rule, data is stored in order to comply with retention periods under commercial and tax law, unless longer storage is necessary for the defense of legal claims.
Categories of recipients
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.
Provision prescribed or required
The provision of personal data may be required on the basis of a contractual relationship. If the data is not provided, business communication is unfortunately not possible.
13. Application procedure
Purposes of data processing
We process your data if you have sent it to us in connection with an application. In this case, the processing is carried out for the purpose of deciding on the establishment of an employment relationship with us and generally for carrying out an application procedure.
Legal basis
The legal basis is Art. 88 GDPR i.V.m. § Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the establishment or performance of a contractual relationship. In addition, we may process your personal data insofar as this is necessary to fulfill legal obligations pursuant to Art. 6 para. 1 lit. c GDPR or pursuant to Art. 6 para. 1 lit. f GDPR to defend against legal claims asserted against us.
If you give us your express consent to process personal data for specific purposes, the legal basis for your consent is Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
Storage duration
If no employment contract is concluded with applicants, the application documents will be automatically deleted two months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). If your application is successful, we will transfer your application documents to your personnel file.
Categories of recipients
Your application data will be reviewed by our HR department upon receipt of your application. Suitable applications will then be forwarded internally to the relevant department managers for the respective open position. As a matter of principle, only those persons have access to your personal data who need it for the proper course of our application procedure.
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.
Provision prescribed or required
The provision of personal data is necessary for the lawful execution of the selection procedure. If your application does not contain all the personal data required for the decision, this may result in your application not being considered.
Revocation of consent
Consent given can be revoked at any time.
14. Application and use of social networks & job boards
Purposes of data processing
We maintain company profiles on various social networks, job boards and similar platforms. These appearances serve to present the company and create contact channels for interested parties, customers and third parties.
If our profiles in social networks or comparable platforms are used to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data provided to us will be used exclusively for the purpose of communication and processing concerns.
If an application procedure is opened as part of the job exchanges we use, we would like to refer to the information on application procedures in this data protection notice in addition to the information in this section.
We would also like to point out that when you visit our profiles on networks and comparable platforms, personal data may also be collected, used and stored by the operators of the respective network and comparable platforms. This happens even if visitors themselves do not have a profile on the respective social network. For a detailed description of the respective data processing of the platforms we use, please refer to the following links to the information provided by the respective providers:
LinkedIn (Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy policy: LinkedIn (Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy
XING & Kununu (Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Instagram (Provider: Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy policy: http://instagram.com/about/legal/privacy/
Facebook (Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Privacy policy: https://www.facebook.com/about/privacy/
Information on Insight data: https://www.facebook.com/legal/terms/information_about_page_insights_data
Indeed (Provider: Indeed Ireland Operations, Ltd, 124 St. Stephen’s Green, Dublin 2, Ireland)
Privacy policy: https://de.indeed.com/legal/gdpr_de?hl=de
Stepstone (Provider: The Stepstone Group Deutschland GmbH, Völklinger Straße 1, Düsseldorf, Germany)
Privacy policy: https://www.stepstone.de/e-recruiting/rechtliches/datenschutzerklarung/
finest jobs (Provider: rexx systems GmbH, Süderstrasse 75-79, Hamburg, Germany)
Privacy policy: https://www.finest-jobs.com/Datenschutz
JOBmenue (Provider: Raven51 AG, Reinhold-Frank-Straße 63, Karlsruhe, Germany)
Privacy policy: https://jobmenue.de/datenschutz/
Jobmensa (Provider: Studitemps GmbH, Im Mediapark 4a, Cologne, Germany)
Privacy policy: https://www.jobmensa.de/datenschutz
JOIN (Provider: JOIN Solutions GmbH, Schönhauser Allee 36, Berlin, Germany)
Privacy Policy: https://join.com/de/datenschutz
markt.de (Provider: markt.de GmbH & Co. KG, Nymphenburger Straße 14, Munich, Germany)
Privacy policy: https://www.markt.de/datenschutzerklaerung.htm
Legal basis
Depending on the phase of the contact, the following legal bases may be relevant for the processing of data in this context:
- For the implementation of pre-contractual measures or for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR
- To fulfill legal obligations to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR
- To safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR
Storage duration
We delete stored data as soon as its storage is no longer required or we are requested to delete it. As a rule, data is stored for the fulfillment of retention periods under commercial and tax law, unless longer storage is necessary for the defense of legal claims.
Receiver
We do not pass on collected data to third parties. However, we cannot rule out and have no influence on the extent to which the operators of the respective social networks and comparable platforms pass on data to third parties.
In order to handle our business processes, we may transfer personal data to third parties (e.g. IT service providers, cloud service providers, hosting providers, etc.) who act as our processors in accordance with our instructions. In these cases, all third parties are contractually obliged to treat the personal data confidentially.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. Failure to provide it will mean that you will not be able to contact us via our social networks and comparable platforms.
15. Changes to our privacy policy
We reserve the right to adapt this data protection notice so that it always complies with current legal requirements or in order to be able to make updates to our data processing on this website.
Status of data protection information: September 2024
Parts of the privacy policy were created with the help of activeMind AG (version #2020-09-30).