Privacy Policy

The protection of your data is very important to us!

We at Friedrich Graepel AG handle your personal data in a sensitive and responsible way. How we do it will be explained to you in the following.

In principle, your consent or a legal permission constitutes the basis for the storage and use of your data. Everything we do with your data depends on this.

1. Prologue to understanding

“GDPR” is used here as an abbreviation of the EU General Data Protection Regulation. The following information is transparent and serves to meet the information obligations in areas in which Graepel as the data controller collects, processes or uses personal data.

In accordance with Section 13 and 14 GDPR, Graepel informs those concerned about the circumstances of the collection of personal data.

The information below will be structured in the form of

  • some general information, regardless of the target group to which you as a person concerned belong.
  • Information that Graepel provides in a targeted way, depending on the target group to which you as a person concerned belong. You will find below a separate section for each target group.

2. General information for all target groups

Company name of the data controller:
Friedrich Graepel Aktiengesellschaft

Managing Directors of the company:
Dipl.-Wirt.-Ing. Felix Graepel, Dipl.-Wirt.-Ing. Carlo Graepel

Head of data processing:
Uwe Schone

Data Protection Officer:
Jannes Fischer, Contact: datenschutz@graepel.de

Address of the responsible office/data controller:
Friedrich Graepel AG, Zeisigweg 2, 49624 Löningen

Rights of the person concerned:
In order to ensure fair and transparent processing, we would like to point out that the person concerned has, inter alia, the following rights:

  • gemäß Art. 15 DSGVO Auskunft über Ihre von uns verarbeiteten personenbezogenen Daten zu verlangen. Insbesondere können Sie Auskunft über die Verarbeitungszwecke, die Kategorie der personenbezogenen Daten, die Kategorien von Empfängern, gegenüber denen Ihre Daten offengelegt wurden oder werden, die geplante Speicherdauer, das Bestehen eines Rechts auf Berichtigung, Löschung, Einschränkung der Verarbeitung oder Widerspruch, das Bestehen eines Beschwerderechts, die Herkunft ihrer Daten, sofern diese nicht bei uns erhoben wurden, sowie über das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling und ggf. aussagekräftigen Informationen zu deren Einzelheiten verlangen;
  • gemäß Art. 16 DSGVO unverzüglich die Berichtigung unrichtiger oder Vervollständigung Ihrer bei uns gespeicherten personenbezogenen Daten zu verlangen;
  • gemäß Art. 17 DSGVO die Löschung Ihrer bei uns gespeicherten personenbezogenen Daten zu verlangen, soweit nicht die Verarbeitung zur Ausübung des Rechts auf freie Meinungsäußerung und Information, zur Erfüllung einer rechtlichen Verpflichtung, aus Gründen des öffentlichen Interesses oder zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich ist;
  • gemäß Art. 18 DSGVO die Einschränkung der Verarbeitung Ihrer personenbezogenen Daten zu verlangen, soweit Sie die Richtigkeit der Daten bestreiten, die Verarbeitung unrechtmäßig ist, Sie aber deren Löschung ablehnen und wir die Daten nicht mehr benötigen, Sie jedoch diese zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen benötigen oder Sie gemäß Art. 21 DSGVO Widerspruch gegen die Verarbeitung eingelegt haben;
  • gemäß Art. 20 DSGVO Ihre personenbezogenen Daten, die Sie uns bereitgestellt haben, in einem strukturierten, gängigen und maschinenlesebaren Format zu erhalten oder die Übermittlung an einen anderen Verantwortlichen zu verlangen;
  • gemäß Art. 7 Abs. 3 DSGVO Ihre einmal erteilte Einwilligung jederzeit gegenüber Graepel zu widerrufen. Dies hat zur Folge, dass wir die Datenverarbeitung, die auf dieser Einwilligung beruhte, für die Zukunft nicht mehr fortführen dürfen und
  • gemäß Art. 77 DSGVO sich bei einer Aufsichtsbehörde zu beschweren. In der Regel können Sie sich hierfür an die Aufsichtsbehörde Ihres üblichen Aufenthaltsortes oder Arbeitsplatzes oder des Firmensitzes wenden.

Please contact for the purposes of the exercise of these rights when necessary datenschutz@graepel.de.

You can find information on exercising your right of complaint to the competent supervisory authority at these Web addresses: www.datenschutz-wiki.de or www.lfd.niedersachsen.de

The competent supervisory authority for Graepel AG is:

State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover

Phone: +49 511 120-4500
Fax: +49 511 120-4599
E-Mail:  poststelle@lfd.niedersachsen.de

2.1 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Section 6 (1) sentence 1 lit. f GDPR, you have the right, in accordance with Section 21 GDPR, to make an objection to the processing of your personal data insofar as reasons exist for it, which arise from your specific situation, or if the objection is directed against direct advertising. In the latter case, you have a general right of objection – without specifying a particular situation – that will be implemented by us.

If you want to make use of your right of revocation or right of objection, please send an e-mail to datenschutz@graepel.de

 

2.2 Data security

Within the Web site, we use SSL (secure socket layer) encryption in conjunction with the highest level of encryption supported by your browser. Usually, it is a 256-bit encryption. If your browser does not support 256-bit encryption, we fall back upon on 128-bit v3 technology. Whether a single page of our Web site is transmitted in encrypted form, you can recognize by the depiction of the locked key or padlock icon in the bottom status bar of your browser.

As for the rest, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction and against access by unauthorized third parties. Our security measures are continuously improved in line with the state-of-the-art technological development.

3. Target groups

3.1 Online

You are currently on our Web site. We store the following data temporarily here in order to discover technical faults and to pursue and prevent misuse as well as to optimize the user experience on the Web site:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the accessed file,
  • Web site from which our site was accessed (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data will be processed by us for the following purposes:

  • for ensuring a smooth connection establishment of the Web site,
  • for ensuring a comfortable use of our Web site,
  • for the evaluation of the system security and stability as well as
  • for other administrative purposes.

Everything else is up to you to decide, in other words: what information you wish to provide us with. Refer to the appropriate settings for cookies in your Internet browser.

3.2 Legal basis of data processing

The processing is done to safeguard our legitimate interests or the interests of a third party (Section 6 [1] lit. f GDPR).

3.3 Analysis by WiredMinds

Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist. An IP address is not stored in LeadLab under any circumstances.

While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person.
WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website.

By clicking following Opt-Out link you disable tracking of this site by WiredMinds, therefore a functionally necessary cookie will be set to permanently ensure no tracking by WiredMinds LeadLab occurs on this website.

Exclude from tracking

3.4 Use of cookies

We don't use cookies on our website.

4. Applicants

You are in the right place here if you are an applicant and wish for more information.

4.1 Purpose of the collection, processing and use of the data

Processing the application; checking for suitability; making contact.

4.2 Legal basis for the processing (Section 6 GDPR)

Implementation of measures, including pre-contractual ones, taken at the request of the person concerned (Section 6 [1] lit b).

The person concerned agrees on a voluntary basis. This is done by means of a corresponding declaration of consent (Section 6 [1] lit f).

Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.

4.3 Description of the group of persons concerned and the related data or data categories

Group of persons concerned: Applicants to Graepel Group
Usual and necessary information provided by the applicants for the application procedure.

4.4 Recipients or categories of recipients to whom the data may be communicated

All employees who are authorized to fulfill specific in-house tasks. In the case of payment transactions, banks are provided with the relevant information. External contractors that are sub-contractors within the meaning of Section 11 of the German Federal Data Protection Act (BDSG, order data processing) or Section 28 GDPR. Usually, access to personal data in this context is not the purpose of the order but cannot be ruled out.

4.5 Data transmission to third countries

Data transmission to third countries only ensues in the context of contract fulfillment, required communication as well as other exceptions provided by the BDSG (new) and the GDPR.

If Graepel subsidiaries are active in the third country, suitable guarantees (standard data protection clauses) are in place.

If Graepel itself hires sub-contractors when processing an order, guarantees on the part of the sub-contractors are obtained in the form of data protection contracts. Appropriate monitoring is carried out on a regular basis. On request, more information can be obtained by contacting datenschutz@graepel.de.

4.6 Storage period or prescribed periods for the deletion of the data

The law specifies various retention obligations and retention periods.  Upon expiration of these periods, the relevant data will be deleted on a routine basis when it is not needed any more for fulfillment of the contract. For example: In accordance with legal provisions, data relating to commercial law or financial data of a completed fiscal year is deleted after another ten years unless longer retention periods are prescribed or required for legitimate reasons. Shorter periods of deletion are applied in special areas (e.g. HR management, for instance, rejected applications or written warnings). If data is affected by such activities, it is deleted once the purposes for which it was stored cease to exist.

5. Business contacts of Graepel Group

5.1 Purpose of the collection, processing and use of the data

Maintaining contact. In order to be able to contact you for business purposes.

5.2 Legal basis for the processing (Section 6 GDPR)

Depending on the phase of the contact, different legal bases are conceivable:

  • Implementation of measures, including pre-contractual ones, taken at the request of the person concerned (Section 6 [1] lit b).
  • The person concerned agrees on a voluntary basis. This is done by means of a corresponding declaration of consent (Section 6 [1] lit a).
  • Processing is required to fulfill contractual obligations and to protect the legitimate interests of Graepel Group (Section 6 [1] lit b and lit f).

Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.

5.3 Description of the group of persons concerned and the related data or data categories

Group of persons concerned: Business contacts of Graepel; e.g. contact persons of customers, suppliers, service providers, partners.

Usual and necessary information about the contacts (last name, first name, title, company affiliation, department, if needed, telephone no., e-mail address).

5.4 Recipients or categories of recipients to whom the data may be communicated

All employees who are authorized to fulfill specific in-house tasks. In the case of payment transactions, banks are provided with the relevant information. External contractors, i.e. sub-contractors within the meaning of Section 28 GDPR, are, for example, transport companies, tax consultants and IT service providers.

In addition, data is transmitted for specific purposes to companies in the Graepel Group. They include:

  • Friedrich Graepel Aktiengesellschaft | Germany
  • Graepel Löningen GmbH & Co. KG | Germany
  • Graepel Seehausen GmbH & Co. KG | Germany
  • Graepel North America | Omaha, NE | United States
  • Graepel Oberflächentechnik GmbH & Co. KG | Germany
  • Graepel Perforations India Pvt. Ltd. | India

These transmissions are made to process our contract with you (Section 6 [1] lit f GDPR).

5.5 Data transmission to third countries

Data transmissions to third countries are carried out as part of contract fulfillment (Section 6 [1] lit a b), due to a legitimate interest (Section 6 [1] lit f) as well as on the basis of exceptions expressly provided by the BDSG and the GDPR.

If Graepel subsidiaries are active in the third country, suitable guarantees (standard data protection clauses) are in place.

5.6 Storage period or prescribed periods for the deletion of the data

The law specifies various retention obligations and retention periods.  Upon expiration of these periods, the relevant data will be deleted on a routine basis when it is not needed any more for fulfillment of the contract. For example: In accordance with legal provisions, data relating to commercial law or financial data of a completed fiscal year is deleted after another ten years unless longer retention periods are prescribed or required for legitimate reasons. If data is affected by such activities, it is deleted once the purposes for which it was stored cease to exist. Contacts of persons about whom the companies learn that they have left are set to inactive, so they no longer appear in normal searches.

6. Visitors and guests

6.1 Purpose of the collection, processing and use of the data

We collect your data for reasons of industrial and occupational safety.

6.2 Legal basis for the processing (Section 6 GDPR)

Different legal bases apply to the collection of the data:

  • The person concerned agrees on a voluntary basis. This is done by means of a corresponding consent (Section 6 [1] lit a).
  • The protection of a legitimate interest of Graepel Group (Section 6 [1] lit f).

Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.

6.3 Description of the group of persons concerned and the related data or data categories

Group of persons concerned: Visitors and guests

Usual and necessary information about the contacts (last name, first name, title, company affiliation, department, if needed, telephone no., e-mail address, license plate number).

6.4 Recipients or categories of recipients to whom the data may be communicated

All employees who are assigned to fulfill specific in-house tasks.

6.5 Data transmission to third countries

Transmission to third countries for this purpose does not take place.

6.6 Storage period or prescribed periods for the deletion of the data

The data is deleted after a retention period of 14 days.

 

Löningen in April 2019

The Data Protection Officer

We will be glad to advise you.

Our employees look forward to hearing from you.

Contact us