With regard to the terminology used, e.g. “processing” or “responsible person”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
PPS Pipeline Systems GmbH
Tel: +49 (0) 5431 14-0
Fax: +49 (0) 5431 14-203
E-Mail: info pipelinesystems.de
Peter Heyer, Ansgar Kortbus
District Court Osnabrück, Germany; Commercial Register 19727
VAT ID No: DE 812791417
Data Protection Officer
Tel: +49 (0) 5431 14-269
Fax: +49 (0) 5431 14-209
Types of processed data:
– Person-related data (e.g., names, addresses)
– Contact data: (e.g., e-mail, telephone numbers)
– Content data (e.g., text, photos, videos)
– Usage data: (e.g., websites visited, interest in content, access times)
– Meta / communication data (e.g., device information, IP addresses
Categories of affected persons
Visitors and users of the online offering, hereinafter we refer to the affected persons as “users”.
Purpose of processing
– Providing the online offering, its functions and contents
– Answering contact requests and communicating with users
– Security measures
– Measurement of reach / marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “affected person”). A natural person is considered as identifiable, who can be identified directly or indirectly, especially through the assignment of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing” means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term is far-reaching and includes virtually every handling of data.
“Pseudo-anonymisation” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
“Profiling” means any kind of automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to job performance, financial situation, health, personal preferences, interests, reliability, behavior, location or relocation of that natural person.
“Responsible person” means the natural or legal person, public official, institution or authority that decides, alone or in concert with others, on the purposes and means of processing personal data.
“Processor” means a natural or legal person, public official, agency or other body that processes personal data on the instruction of the responsible person.
Relevant legal bases
In accordance to Art. 13 of the GDPR, we inform you concerning the legal basis of our data processing. As long as the legal basis in the data protection declaration is not mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the processing for fulfilling our services and executing contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, then Art. 6 Paragraph 1 lit. d GDPR serves as the legal basis.
We implement in accordance with Art 32 GDPR — while taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different likelihoods and severity of the risk to the rights and freedoms of natural persons — the appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
Among these measures are, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. We have also set up procedures to ensure the perception of person’s rights, data deletion and data vulnerability. Furthermore, we take the protection of personal data into account already at the time of development, or during the selection of hardware, software and procedures, according to the principle of data protection through technology design and privacy-friendly default settings (Article 25 GDPR).
Cooperation with order processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit the data to them, or otherwise grant them access to the data, this will only be done based on: a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, as to Art. 6 Paragraph (1) lit. (b) GDPR, for fulfilling the contract is necessary), you agreed to it, a legal obligation, or based on our legitimate interests (e.g. the use of agents, web-hosters),
If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
Transmission to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this is done in the context of the use of third party services or by disclosing or transmitting data to third parties, this will be done only if it is to fulfill our (pre)contractual obligations and based on your consent, based on a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process, or have the data processed in a third country, only in the presence of the special requirements of Art. 44 et seq. GDPR. That means the processing is done e.g. on the basis of specific guarantees, such as the officially recognized determination of an EU corresponding data protection level (e.g. for the US through the Privacy Shield) or in compliance with officially recognized special contractual obligations (so-called standard contractual clauses).
Rights of affected persons
You have the right to ask for confirmation as to whether the data in question is being processed, and for information about this data, as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to request the completion of the data concerning yourself or the correction of incorrect data about you.
In accordance to Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to request the limiting of the processing of the data in accordance with Art. 18 GDPR.
You have the right to demand that data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other responsible persons.
As to Art. 77 GDPR, you have the right to file a complaint with the responsible monitoring authority.
Right to revoke
You have the right to revoke granted consent in accordance to Art. 7 Para. 3 GDPR with effect for the future.
Right to object
You can object to the future processing of your data at any time in accordance with Art. 21 GDPR. The objection may especially be made against processing for direct marketing purposes.
Cookies and right to object in case of direct marketing
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie e.g. the contents of a shopping cart in an online shop or a login status are saved. “Permanent” or “persistent” cookies are those that remain stored even after the browser has been closed. For example the login status will be saved if users visit it after several days. Likewise in such a cookie the interests of the users can be stored, which are used for measuring reach or for marketing purposes. “Third-party cookies” refer to cookies that are offered by providers other than the person who manages the online offering (otherwise, if it is only their own cookies, they are called “first-party cookies”).
If users do not wish to have cookies stored on their computer, then they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offering.
Deletion of data
As long as the data are not deleted because they are required for other and legitimate purposes, its processing will be restricted. That means the data are blocked and not processed for other purposes. This applies, for example, for data that must be kept for commercial or tax reasons.
According to the legal requirements in Germany, the storage takes place in particular for 10 years as to §§ 147 Sect. 1 AO, 257 Sect. 1 No. 1 and 4, Sect. 4 German Commercial Code (books, records, management reports, accounting documents, trading books, relevant for taxation documents, etc.) and 6 years in accordance to § 257 para. 1 no. 2 and 3, para. 4 German Commercial Code (trade letters).
In accordance to legal regulations in Austria, storage takes place especially for 7 years according to § 132 paragraph 1 BAO (accounting documents, receipts / invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years in the case of documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
We process the job applicant data only for the purpose and in the context of the application process in accordance to the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre-) contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR as long as it is necessary for us, e.g. in the context of legal proceedings (in Germany, § 26 BDSG).
The application process requires that applicants provide us with the job applicant data. The necessary applicant data otherwise result, unless we offer an online marked form, from the job descriptions and basically include the information on the person, postal and contact addresses and the application documents such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us additional information.
Insofar as special categories of personal data within the meaning of Art 9 (1) GDPR are voluntarily communicated within the framework of the application procedure, their processing is additionally carried out in accordance to Art. 9 (2) lit. b GDPR (e.g., health information such as severe disability or ethnic origin). Insofar as special categories of personal data within the meaning of Art 9 (1) GDPR are requested from applicants in the context of the job application procedure, their processing is additionally carried out in accordance to Art. 9 para. 2 lit. a GDPR (for example health data, if necessary for the profession).
If it is provided, applicants can submit their applications to us via an online form on our website. The data will be encrypted and transmitted to us according to the state of the art technology.
Furthermore, applicants can send us their applications via e-mail. However, please note that e-mails are generally not sent in encrypted form and that applicants themselves must provide encryption. We can therefore take no responsibility for the transmission of the application between the sender and the reception on our server, and so therefore recommend using instead an online form or the postal delivery. In place of applying via the online form and e-mail, applicants still have the opportunity to send us the application by regular postal service.
The data provided by the applicants may be further processed by us for employment purposes in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. An applicant’s data also will be deleted if an application is withdrawn by the applicant, which the applicant is entitled to do at any time.
Deletion is done, subject to a justified objection by the candidate, after the expiration of a period of six months. This allows us to answer any follow-up questions concerning the application and meet our obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance to the tax regulations.
Within the scope of the job application, we offer applicants the opportunity to be taken into our “Talent Pool” for a period of two years on the basis of consent in the sense of Art. 6 para. 1 lit. b. and Art. 7 GDPR.
The application documents in the Talent Pool are processed solely as part of future job advertisements and job search, and will be destroyed at the latest right after the deadline. Candidates are informed that their consent to be admitted to the talent pool is voluntary, has no influence on the current application process, and that they can revoke this consent at any time in the future and declare an objection within the meaning of Art. 21 GDPR.
When contacting us (for example, by contact form, e-mail, telephone or via social media) the user’s information for processing the contact request and carrying out the requested task is done in accordance with. Art. 6 Para. 1 lit. b) GDPR. User information can be stored in a customer relationship management system (CRM system) or comparable organisation of enquiries.
We delete the requests if they are no longer required. We check the necessity every two years, and the legal archiving obligations apply.
Hosting and sending e-mails
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mailing, security and technical maintenance services that we use to operate this online service.
Here we, or our hosting provider, process person-related data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offering that is on the basis of our legitimate interests in order to provide an efficient and secure online offering according to Art. 6 para. 1 lit. f GDPR in connection with Art. 28 GDPR (finalising of contract processing agreement).
Collection of access data and log files
We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests in the sense of Art. 6 para. 1 lit. f. GDPR. The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the enquiring provider.
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 30 days and then deleted. Data whose further retention are required for evidential purposes shall be exempted from the cancellation until final clarification of the incident https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). For more information about Google’s data usage, hiring and opt-out options, please refer to Google’s data privacy declaration (https://policies.google.com/technologies/ads) as well as the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).