Privacy Policy
We at Friedrich Graepel AG handle your personal data in a sensitive and responsible way. How we do it will be explained to you in the following.
In principle, your consent or a legal permission constitutes the basis for the storage and use of your data. Everything we do with your data depends on this.
“GDPR” is used here as an abbreviation of the EU General Data Protection Regulation. The following information is transparent and serves to meet the information obligations in areas in which Graepel as the data controller collects, processes or uses personal data.
In accordance with Section 13 and 14 GDPR, Graepel informs those concerned about the circumstances of the collection of personal data.
The information below will be structured in the form of
Company name of the data controller:
Friedrich Graepel Aktiengesellschaft
Managing Directors of the company:
Dipl.-Wirt.-Ing. Felix Graepel, Dipl.-Wirt.-Ing. Carlo Graepel
Head of data processing:
Uwe Schone
Data Protection Officer:
Bastian Spille, Contact: datenschutz@graepel.de
Address of the responsible office/data controller:
Friedrich Graepel AG, Zeisigweg 2, 49624 Löningen
Rights of the person concerned:
In order to ensure fair and transparent processing, we would like to point out that the person concerned has, inter alia, the following rights:
Please contact for the purposes of the exercise of these rights when necessary datenschutz@graepel.de.
You can find information on exercising your right of complaint to the competent supervisory authority at these Web addresses: www.datenschutz-wiki.de or www.lfd.niedersachsen.de.
The competent supervisory authority for Graepel AG is:
State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover
Phone: +49 511 120-4500
Fax: +49 511 120-4599
E-Mail: poststelle@lfd.niedersachsen.de
If your personal data is processed on the basis of legitimate interests in accordance with Section 6 (1) sentence 1 lit. f GDPR, you have the right, in accordance with Section 21 GDPR, to make an objection to the processing of your personal data insofar as reasons exist for it, which arise from your specific situation, or if the objection is directed against direct advertising. In the latter case, you have a general right of objection – without specifying a particular situation – that will be implemented by us.
If you want to make use of your right of revocation or right of objection, please send an e-mail to datenschutz@graepel.de
Within the Web site, we use SSL (secure socket layer) encryption in conjunction with the highest level of encryption supported by your browser. Usually, it is a 256-bit encryption. If your browser does not support 256-bit encryption, we fall back upon on 128-bit v3 technology. Whether a single page of our Web site is transmitted in encrypted form, you can recognize by the depiction of the locked key or padlock icon in the bottom status bar of your browser.
As for the rest, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction and against access by unauthorized third parties. Our security measures are continuously improved in line with the state-of-the-art technological development.
You are currently on our Web site. We store the following data temporarily here in order to discover technical faults and to pursue and prevent misuse as well as to optimize the user experience on the Web site:
The aforementioned data will be processed by us for the following purposes:
Everything else is up to you to decide, in other words: what information you wish to provide us with. Refer to the appropriate settings for cookies in your Internet browser.
The processing is done to safeguard our legitimate interests or the interests of a third party (Section 6 [1] lit. f GDPR).
Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist. An IP address is not stored in LeadLab under any circumstances.
While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person.
WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website.
By clicking following Opt-Out link you disable tracking of this site by WiredMinds, therefore a functionally necessary cookie will be set to permanently ensure no tracking by WiredMinds LeadLab occurs on this website.
Exclude from trackingWe don't use cookies on our website.
You are in the right place here if you are an applicant and wish for more information.
Processing the application; checking for suitability; making contact.
Implementation of measures, including pre-contractual ones, taken at the request of the person concerned (Section 6 [1] lit b).
The person concerned agrees on a voluntary basis. This is done by means of a corresponding declaration of consent (Section 6 [1] lit f).
Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.
Group of persons concerned: Applicants to Graepel Group
Usual and necessary information provided by the applicants for the application procedure.
All employees who are authorized to fulfill specific in-house tasks. In the case of payment transactions, banks are provided with the relevant information. External contractors that are sub-contractors within the meaning of Section 11 of the German Federal Data Protection Act (BDSG, order data processing) or Section 28 GDPR. Usually, access to personal data in this context is not the purpose of the order but cannot be ruled out.
Data transmission to third countries only ensues in the context of contract fulfillment, required communication as well as other exceptions provided by the BDSG (new) and the GDPR.
If Graepel subsidiaries are active in the third country, suitable guarantees (standard data protection clauses) are in place.
If Graepel itself hires sub-contractors when processing an order, guarantees on the part of the sub-contractors are obtained in the form of data protection contracts. Appropriate monitoring is carried out on a regular basis. On request, more information can be obtained by contacting datenschutz@graepel.de.
The law specifies various retention obligations and retention periods. Upon expiration of these periods, the relevant data will be deleted on a routine basis when it is not needed any more for fulfillment of the contract. For example: In accordance with legal provisions, data relating to commercial law or financial data of a completed fiscal year is deleted after another ten years unless longer retention periods are prescribed or required for legitimate reasons. Shorter periods of deletion are applied in special areas (e.g. HR management, for instance, rejected applications or written warnings). If data is affected by such activities, it is deleted once the purposes for which it was stored cease to exist.
Maintaining contact. In order to be able to contact you for business purposes.
Depending on the phase of the contact, different legal bases are conceivable:
Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.
Group of persons concerned: Business contacts of Graepel; e.g. contact persons of customers, suppliers, service providers, partners.
Usual and necessary information about the contacts (last name, first name, title, company affiliation, department, if needed, telephone no., e-mail address).
All employees who are authorized to fulfill specific in-house tasks. In the case of payment transactions, banks are provided with the relevant information. External contractors, i.e. sub-contractors within the meaning of Section 28 GDPR, are, for example, transport companies, tax consultants and IT service providers.
In addition, data is transmitted for specific purposes to companies in the Graepel Group. They include:
These transmissions are made to process our contract with you (Section 6 [1] lit f GDPR).
Data transmissions to third countries are carried out as part of contract fulfillment (Section 6 [1] lit a b), due to a legitimate interest (Section 6 [1] lit f) as well as on the basis of exceptions expressly provided by the BDSG and the GDPR.
If Graepel subsidiaries are active in the third country, suitable guarantees (standard data protection clauses) are in place.
The law specifies various retention obligations and retention periods. Upon expiration of these periods, the relevant data will be deleted on a routine basis when it is not needed any more for fulfillment of the contract. For example: In accordance with legal provisions, data relating to commercial law or financial data of a completed fiscal year is deleted after another ten years unless longer retention periods are prescribed or required for legitimate reasons. If data is affected by such activities, it is deleted once the purposes for which it was stored cease to exist. Contacts of persons about whom the companies learn that they have left are set to inactive, so they no longer appear in normal searches.
We collect your data for reasons of industrial and occupational safety.
Different legal bases apply to the collection of the data:
Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.
Group of persons concerned: Visitors and guests
Usual and necessary information about the contacts (last name, first name, title, company affiliation, department, if needed, telephone no., e-mail address, license plate number).
All employees who are assigned to fulfill specific in-house tasks.
Transmission to third countries for this purpose does not take place.
The data is deleted after a retention period of 14 days.
Löningen in April 2024
The Data Protection Officer