The controller within the meaning of data protection law is:

Reiling GmbH & Co. KG
Bussemasstraße 49
D-33428 Marienfeld.

You can find further information on our company, details of the persons authorised to represent us, as well as further contact options in our imprint on our website: https://www.reiling.de

We process the data you have sent to us in connection with your application in order to assess your suitability for the position (or other vacancies in our companies, if applicable) and to perform the application process.

The primary legal basis for the processing of your personal data in this application procedure is § 26 BDSG in the version applicable as of 25/05/2018. Processing of data required in connection with the decision on the establishment of an employment is permissible accordingly. If the data may be required for legal prosecution after completion of the application process, data processing may be performed on the basis of the requirements of Article 6 GDPR, in particular for the purpose of safeguarding legitimate interests in accordance with point (f) of Article 6 (1) GDPR. In this case, our interest consists in asserting or defending claims.

Data of applicants will be erased 6 months after their submission in case of rejection. If you have agreed to further storage of your personal data, we will add your data to our applicant pool. The data will be erased from there two years after they were submitted. If you have been awarded a position within the scope of the application process, the data will be transferred from the applicant data system to our HR information system.

We use a specialised software provider for the application process. This company acts as a service provider for us and may also obtain knowledge of your personal data in connection with maintenance and care of the systems. We have entered into a data processing contract with this provider to ensure performance of data processing in a permissible manner and absolute secrecy towards any third parties. Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department managers for the respective vacancy. Then the further procedure is coordinated. Only such persons within the company who need it for proper performance of our application process in order to be able to check and assess your suitability for the advertised position will have access to your data.

Your data will be processed exclusively in data centres in the Federal Republic of Germany.

You have the right to demand information on your personal data processed by us. If you request information in any other manner than in writing, please understand that we may require you to provide evidence that proves your identity. Furthermore, you have the right to rectification or erasure or to restriction of processing, as far as you are legally due these rights. You also have the right to object to the processing within the framework of the legal requirements. This applies accordingly to a right to data portability.

We have appointed a data protection officer in our company. You may contact them under the following contact details:

Reiling GmbH & Co. KG
Data Protection Officer
Bussemasstraße 49, D-33428 Marienfeld
Germany

Email: datenschutzbeauftragter [at] reiling.de (datenschutzbeauftragter[at]reiling[dot]de)

You have the right to lodge a complaint regarding the processing of personal data by us with a data protection supervisory authority. However, please lodge your complaint with us in advance so that we can offer you a remedy or perform it.

The document with the entire content is available here.

The controller is: 
Reiling GmbH & Co. KG
Bussemasstraße 49
D-33428 Marienfeld
Phone: +49 5247 9803 0
Fax: +49 5247 9803 33
Email: info [at] reiling.de (info[at]reiling[dot]de)

You may contact our data protection officer at:
Data protection officer
Reiling Group
Bussemasstraße 49
D-33428 Marienfeld
Phone: +49 5247 9803 0
Fax: +49 5247 9803 33
Email: datenschutz [at] reiling.de (datenschutz[at]reiling[dot]de)

We process personal data that we receive directly from you within the context of our business relationship. To the extent necessary for the provision of our services, we will process data permissibly obtained from third parties (e.g.: Creditreform). We will also process personal data that we have permissibly acquired from publicly accessible sources (e.g. debtor registers, land registers, commercial and association registers, press, and other media) and are allowed to process.
Relevant personal data may be, in particular:

• Personal data (name, date of birth, place of birth, nationality, profession/industry, and similar data)
• Contact details (address, email address, phone number, and similar data)
• Legitimation data (ID, reporting, and similar data)
• Account information (IBAN, BIC)
• Data from your information within the context of consulting interviews

We process personal data in coordination with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG):

3.1 For compliance with contractual obligations, point (b) of Article 6 (1) GDPR

• Personal data (Article 4 (2) GDPR) are processed to initiate or perform our contracts with you or to perform your orders.
• Processing serves in particular the provision of commercial transactions as well as the contractual services related to it (e.g. rental transactions, services, etc.).
• The purpose of processing activities is targeted mainly at the products chosen by you and comprises the services necessary for this.
• The further details for the purpose of processing activities can be taken from the respective contract documents and terms and conditions.

3.2 Within the scope of consideration of interests in accordance with point (f) of Article 6 (1) GDPR)
We will process your data beyond the actual compliance with the contract if this is necessary to protect our legitimate interests or those of third parties, e.g.:

• consultation of and data exchange with rating agencies (e.g. Creditreform) and acquisition of bank information for investigation of creditworthiness or default risks;
• Establishment of claims and defences in legal disputes;
• Ensuring IT security and IT operation of the companies of Reiling group;
• Preventing and investigating criminal offences;
• Video monitoring for perception of house right to secure evidence in criminal offences;
• Measures for building and system security (e.g. access controls);
• Measures to ensure house rights;
• Communicating with our direct interlocutors at your site;
• Communicating with sales partners.

3.3 Based on your consent, point (a) of Article 6 (1) GDPR
As far as you have consented to processing of personal data for certain purposes, may can withdraw this consent at any time. Please note that the withdrawal will only be effective for the future. Processing that took place before the revocation is not affected by this and remain lawful.

Your data will be disclosed to those departments that need it to fulfil our contractual and legal obligations within the companies of Reiling group. Your data will only be passed on to external parties in connection with the processing of contracts (e.g. suppliers, etc.); as far as a company of Reiling group is obligated by law to provide information or to report (e.g. to tax authorities due to tax regulations, etc.); if applicable, to lawyers or tax consultants who are legally obligated to maintain confidentiality; or if you have consented to us passing on your data to third parties. We will not pass on your data to any third parties beyond this. If we use service providers, your data will be subject to the same security standards as we do.

As far as necessary, we will process and store your personal data for the duration of our business relationship, including the preparation and processing of a contract. Beyond this, we are subject to different storage and documentation obligations that result, inter alia, from the Commercial Code (Handelsgesetzbuch; HGB) and the Tax Code (Abgabenordnung; AO). The time limits stipulated there for archiving or documentation are between two and ten years. Finally, the storage duration may also be according to the statutory expiration periods, e.g. three years according to Sections 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch; BGB), or up to thirty years.

Data are not transferred to any third countries (countries outside the European Economic Area – EEA).

You have the following rights towards us:

• Information about your personal data according to Article 15 GDPR;

and, subject to specific conditions

• a right to rectification in accordance with Article 16 GDPR if your personal data are incorrect;
• a right to erasure in accordance with Article 17 GDPR if erasure is not opposed by, among other things, any legal retention obligations;
• a right to restriction of processing of the data to specific purposes according to Article 18 GDPR;
• a right to objection to processing of your personal data in accordance with Article 21 GDPR;
• a right to data portability in accordance with Article 20 GDPR, i.e. the right to receive your data in a structured, commonly used and machine-readable format.

Furthermore, you are due

• a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). Your competent supervisory authority is the one for your place of residence. A list of supervisory authorities can be found on the homepage of the Federal Commissioner for Data Protection and Freedom of Information (https://www.bfdi.bund.de).

Within the framework of our business relationships, you only need to provide such personal data that are necessary to initiate, take up and carry out the business relationship or the collection of which is required by law (e.g. your personal data, see above). Without these data, we will usually have to refuse conclusion of a contract or execution of the order or will be unable to carry out an existing contract or we may have to terminate it.

There is no automated decision making. We hope that this information has helped you exercise your rights.  If you would like any more detailed information on data protection regulations, please read our data protection policy or ask your supervisory authority. Our data protection officer will also be happy to answer any questions you may have regarding data protection.

The document with the entire content is available here.

The controller for data processing is your employer, who is named in writing in your employment contract. You may contact our data protection officer at: datenschutzbeauftragter [at] reiling.de (datenschutzbeauftragter[at]reiling[dot]de). Contact details are also available on the Internet at www.reiling.de.

Data categoriesThe processed categories of personal data in particular include your master data (such as first name, last name, name additions, nationality, dates of birth, and clothes size, etc.), family details (e.g.: marital status, information on your children), religious affiliation, health data (if relevant to the employment, e.g. in case of a severe disability), any criminal record (police clearance certificate), legitimation data (e.g.: ID data), contact data (such as: private address, mobile phone, phone number, email address), curriculum vitae data, information on qualifications as well as information from previous employers, log data arising from the use of the IT systems as well as other data from the employment (e.g.: timekeeping data, leave times, periods of inability to work, bank details, social security number, pension insurance number, salary data, and tax identification number).

Your personal data will generally be collected directly from you as part of the hiring process or during the employment. In specific constellations, your personal data are also collected from other bodies due to legal requirements. This includes, in particular, incident-based queries of tax-relevant information at the responsible tax office as well as information on periods of inability to work at the respective health insurance company. In addition, we may have received data from third parties (e.g.: job placement). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g.: professional networks).

We process your personal data under observation of the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG), and any other relevant laws (e.g.: BetrVG, ArbZG, etc.). Data processing mainly serves establishing, performance, and termination of the employment. The primary legal basis for this is point (b) of Article 6 (1) GDPR in conjunction with § 26 (1) BDSG-New. Where you have given your consent to process personal data for specific purposes (e.g.: extended storage of application documents, employee sports, photographs as part of publications, etc.), the lawfulness of such processing is based on your consent.

Consent once given may be revoked at any time. This shall also apply to revocation of declarations of consent that were given to us before the application of the GDPR, i.e. before 25 May 2018. Revocation of consent shall only by effective for the future and shall not affect lawfulness of the data processed until the revocation. We will also process your data in order to meet our legal obligations as employer in particular in the area of tax and social security law. This is done on the basis of point (c) of Article 6 (1) GDPR in conjunction with § 26 BDSG-New. As far as necessary, we will also process your data on the basis of point (f) of Article 6 (1) GDPR, in order to preserve legitimate interests of ours or of third parties (e.g. authorities). This applies in particular to the investigation of criminal acts (please refer to Section 26 (1) sentence 2 BDSG-New). We also process your data to enable performance appraisals, if applicable, in the scope of the determination of bonus payments (evaluation criteria are published in a separate document), within the group for purposes of group management, internal communication, or other necessary administrative purposes.

As far as any special categories of personal data are processed in accordance with Article 9 (1) GDPR, this serves the exercise of rights or the fulfilment of legal obligations under labour law, social security law, and social protection law (e.g.: providing health data to the health insurance company, recording the severe disability due to additional leave, and determining the severe disability levy). This is done based on point (b) of Article 9 (2) GDPR in conjunction with § 26 (3) BDSG-New. Apart from this, processing of data concerning health may be necessary for the assessment of your working capacity in accordance with point (h) of Article 9 (2) in conjunction with point (b) of § 22 (1) BDSG-New. In addition, the processing of special categories of personal data may be based on consent according to point (a) of Article 9 (2) GDPR in conjunction with § 26 (2) BDSG-New (e.g.: occupational health management). If we want to process your personal data for a purpose not mentioned above, we will inform you of this in advance.

In the course of your employment, you must provide such personal data as is necessary for the establishment, performance, and termination of the employment and the fulfilment of the related contractual obligations, or as we are required to collect by law. Without these data, we will not be able to perform the employment contract with you.

Within our company, only such persons and positions (e.g.: departments) who need them to perform our contractual and legal obligations will receive your personal data. Within our group, your data will be transferred to specific companies if they perform data processing tasks centrally for the companies affiliated in the group (e.g.: payroll, disposal of files). Additionally, we use various service providers to comply with our contractual and legal obligations. Furthermore, we may transfer your personal data to other recipients outside the company to the extent necessary to comply with our contractual and legal obligations as an employer.

These may be, e.g.: authorities (e.g.: pension insurance institutions, professional pension institutions, social insurance institutions, tax authorities, courts), the employee’s bank (SEPA payment institution), acceptance offices of health insurance funds, tax advisors and auditors, offices in order to be able to guarantee claims from the company pension scheme, offices required for payment of capital-forming benefits, third-party debtors in case of wage and salary garnishments, insolvency administrators in case of private insolvency. Your data will never be transferred to a third country or an international organisation. If you wish that your data be transferred to a third country or an international organisation in an individual case, we will only do so with your written consent.

We will process and store your personal data as long as this is necessary for compliance with the purposes of the data processing or of legal, contractual, or statutory obligations (e.g.: Proof and retention periods according to HGB or AO) is required. After that, the data will be erased, or their processing will be restricted.

You have the following rights towards us:

• Information about your personal data according to Article 15 GDPR;

and, subject to specific conditions:

• a right to rectification in accordance with Article 16 GDPR if your personal data are incorrect;
• a right to erasure in accordance with Article 17 GDPR if erasure is not opposed by, among other things, any legal retention obligations;
• a right to restriction of processing of the data to specific purposes according to Article 18 GDPR;
• a right to objection to processing of your personal data in accordance with Article 21 GDPR;
• a right to data portability in accordance with Article 20 GDPR, i.e. the right to receive your data in a structured, commonly used and machine-readable format.

Furthermore, you are due

• a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). Your competent supervisory authority is the one for your place of residence. A list of supervisory authorities can be found on the homepage of the Federal Commissioner for Data Protection and Freedom of Information (https://www.bfdi.bund.de).

The document with the entire content is available here.

The controller within the meaning of data protection law is: 

Reiling GmbH & Co. KG
Bussemasstraße 49
D-33428 Marienfeld

You can find further information on our company, details of the persons authorised to represent us, as well as further contact options in our imprint on our website: https://www.reiling.de

We process the data that you have provided to us in connection with your request for information in order to be able to follow up on your request.

The legal basis for the processing of your personal data is primarily Article 15 (1). In addition, we process your data on the basis of Article 6 GDPR, in particular to safeguard legitimate interests in accordance with point (f) of Article 6 (1) GDPR. In this case, our interest consists in asserting or defending claims.

The purpose of storing your data is that of documenting the regulated process of providing information in accordance with Article 15 GDPR and to defend against the assertion of claims. Since there is no confirmed statute of limitations yet regarding violations of the General Data Protection Regulation, we will retain your data for 10 years until further notice.

Your data will not be passed on. We may have to disclose your data to the authority in case of an inspection by the data protection supervisory authority.

The data will be processed exclusively on servers of Reiling group.

You have the right to demand information on your personal data processed by us. If you request information in any other manner than in writing, please understand that we may require you to provide evidence that proves your identity. Furthermore, you have the right to rectification or erasure or to restriction of processing, as far as you are legally due these rights. You also have the right to object to the processing within the framework of the legal requirements. This applies accordingly to a right to data portability.

We have appointed a data protection officer in our company. You may contact them under the following contact details:

Reiling GmbH & Co. KG
Data Protection Officer
Bussemasstraße 49
D-33428 Marienfeld, Germany

Email: datenschutzbeauftragter [at] reiling.de (datenschutzbeauftragter[at]reiling[dot]de)

You have the right to lodge a complaint regarding the processing of personal data by us with a data protection supervisory authority. However, please lodge your complaint with us in advance so that we can offer you a remedy or perform it.

The document with the entire content is available here.

The controller within the meaning of data protection law is stated on the sign at the factory gate. You can find further information on our company, details of the persons authorised to represent us, as well as further contact options in our imprint on our website: https://www.reiling.de.

We process image data collected through our video surveillance. First and foremost, the data processing serves to safeguard our house rights, but also to clarify criminal offences or to assert or defend claims.

The legal basis for the processing of your personal data is primarily point (f) of Article 6 (1) GDPR. Our interest consists in the protection of the house right and the assertion or defence of claims and the solving of criminal offences in this case.

The purpose of storing your data is to document: infringements of our house rules or the commission of criminal offences. We will erase your data after the purpose has ceased to exist. This is usually the case after 72 hours. We will store your data until the case has been solved if there is any documented criminal offence or an infringement of our house rules.

Your data will not be passed on. We may have to disclose your data to the investigating authorities in case of a criminal offence or an infringement of our house rules.

The data will be stored exclusively on servers of Reiling group.

You have the right to demand information on your personal data processed by us. If you request information in any other manner than in writing, please understand that we may require you to provide evidence that proves your identity. Furthermore, you have the right to rectification or erasure or to restriction of processing, as far as you are legally due these rights. You also have the right to object to the processing within the framework of the legal requirements. This applies accordingly to a right to data portability.

We have appointed a data protection officer in our company. You may contact them under the following contact details:

Reiling GmbH & Co. KG
Data Protection Officer
Bussemasstraße 49
D-33428 Marienfeld, Germany

Email: datenschutzbeauftragter [at] reiling.de (datenschutzbeauftragter[at]reiling[dot]de)

You have the right to lodge a complaint regarding the processing of personal data by us with a data protection supervisory authority. However, please lodge your complaint with us in advance so that we can offer you a remedy or perform it.

The document with the entire content is available here.