Privacy Policy

The protection of your data is very important to us!

We at Friedrich Graepel AG handle your personal data in a sensitive and responsible way. How we do it will be explained to you in the following.

In principle, your consent or a legal permission constitutes the basis for the storage and use of your data. Everything we do with your data depends on this.

1. Prologue to understanding

“GDPR” is used here as an abbreviation of the EU General Data Protection Regulation. The following information is transparent and serves to meet the information obligations in areas in which Graepel as the data controller collects, processes or uses personal data.

In accordance with Section 13 and 14 GDPR, Graepel informs those concerned about the circumstances of the collection of personal data.

The information below will be structured in the form of

  • some general information, regardless of the target group to which you as a person concerned belong.
  • Information that Graepel provides in a targeted way, depending on the target group to which you as a person concerned belong. You will find below a separate section for each target group.

 

2. General information for all target groups

Company name of the data controller
Friedrich Graepel Aktiengesellschaft

Managing Directors of the company:
Dipl.-Wirt.-Ing. Felix Graepel, Dipl.-Wirt.-Ing. Carlo Graepel

Head of data processing
Uwe Schone

Data Protection Officer:
Jannes Fischer, Contact: datenschutz@graepel.de

Address of the responsible office/data controller:
Friedrich Graepel AG, Zeisigweg 2, 49624 Löningen

Rights of the person concerned:
In order to ensure fair and transparent processing, we would like to point out that the person concerned has, inter alia, the following rights:

  • in accordance with Section 15 GDPR, you have the right to demand information concerning your personal data processed by us. In particular, you are entitled to demand information about the processing purposes; the category of personal data; the categories of recipients to whom your data has been or will be disclosed; the planned storage period; the existence of a right to correction, deletion, restriction of processing or a right to objection; the existence of a right to file a complaint; the origin of the data, provided that this data is not collected by us; as well as about the existence of an automated decision-making, including profiling and, if necessary, about the right to obtain meaningful information about its details;
  • in accordance with Section 16 GDPR, the right to demand the immediate correction of incorrect data or completion of your personal data stored by us;
  • in accordance with Section 17 GDPR, the right to demand the deletion of your personal data stored with us, unless the processing is required for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Section 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data; if the processing is unlawful, but you reject its deletion; and if we no longer need the data, but you need the data for the assertion, exercise or defense of legal claims; or if you have made an objection to the processing according to Section 21 GDPR;
  • in accordance with Section 20 GDPR, you have the right to receive your personal data you have provided to us in a structured, common and machine-readable format or to demand its transmission to another data controller;
  • in accordance with Section 7 (3) GDPR, you have the right to revoke your once-given consent to Graepel at any time. This has the consequence that we are no longer allowed to continue the data processing that was based on this consent in the future and that you are entitled;
  • in accordance with Section 77 GDPR, to file a complaint with a supervisory authority. In general, to do so, you can contact the supervisory authority competent for your usual residence or workplace or for the company headquarters.

Please contact for the purposes of the exercise of these rights when necessary datenschutz@graepel.de.

You can find information on exercising your right of complaint to the competent supervisory authority at these Web addresses:  

www.datenschutz-wiki.de or www.lfd.niedersachsen.de. 

 

The competent supervisory authority for Graepel AG is:

State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover

Phone: +49 511 120-4500
Fax: +49 511 120-4599
E-Mail:  poststelle@lfd.niedersachsen.de

 

Other information

  • There is no automated decision-making, including profiling, at present.
  • If Friedrich Graepel AG has the intention of further processing the personal data for any other purpose than that for which the personal data was collected, then Friedrich Graepel AG will make available to the person concerned information about this other purpose and all other relevant information prior to this further processing. If the other purpose has been agreed upon together with the previous purposes for which legitimacy was given or if the legitimate interests of Friedrich Graepel AG predominate, separate information is not necessary. This change of purpose can be objected to at any time. Contact datenschutz@graepel.de for this purpose.

 

2.1 Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Section 6 (1) sentence 1 lit. f GDPR, you have the right, in accordance with Section 21 GDPR, to make an objection to the processing of your personal data insofar as reasons exist for it, which arise from your specific situation, or if the objection is directed against direct advertising. In the latter case, you have a general right of objection – without specifying a particular situation – that will be implemented by us.

If you want to make use of your right of revocation or right of objection, please send an e-mail to datenschutz@graepel.de

 

2.2 Data security

Within the Web site, we use SSL (secure socket layer) encryption in conjunction with the highest level of encryption supported by your browser. Usually, it is a 256-bit encryption. If your browser does not support 256-bit encryption, we fall back upon on 128-bit v3 technology. Whether a single page of our Web site is transmitted in encrypted form, you can recognize by the depiction of the locked key or padlock icon in the bottom status bar of your browser.

As for the rest, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction and against access by unauthorized third parties. Our security measures are continuously improved in line with the state-of-the-art technological development.

 

Target groups
3. Online

You are currently on our Web site. We store the following data temporarily here in order to discover technical faults and to pursue and prevent misuse as well as to optimize the user experience on the Web site:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the accessed file,
  • Web site from which our site was accessed (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data will be processed by us for the following purposes:

  • for ensuring a smooth connection establishment of the Web site,
  • for ensuring a comfortable use of our Web site,
  • for the evaluation of the system security and stability as well as
  • for other administrative purposes.

Everything else is up to you to decide, in other words: what information you wish to provide us with. Refer to the appropriate settings for cookies in your Internet browser.

 

3.1 Legal basis of data processing

The processing is done to safeguard our legitimate interests or the interests of a third party (Section 6 [1] lit. f GDPR).

 

3.2 Use of cookies

Basic cookies

We use basic cookies, so that everything works correctly on our Web site. Cookies are small text files that we store on your computer or smartphone. They help you to navigate easily, comfortably and without delay on the Web site. For this purpose, only anonymous data is used, and it is not possible for us to identify you as the person behind it.

You don’t want basic cookies? Some things then won’t work properly anymore when you surf. You still want to be rid of them? Then you can disable cookies by changing the settings of your browser. First delete all previously stored cookies, then disable their storage for the future.

 

Online marketing cookies & pixels

Do you see advertising on our Web site or any other Web site, which fits your surfing behavior? The reason may be an online marketing cookie. We or our advertising partner saved it on your computer or smartphone. We give only anonymous or pseudonymous data to our advertising partners.

On our Web site, you will find the following links to addresses of the respective privacy statements:

You can unsubscribe at any time from online marketing cookies & pixels. To do so, you can unsubscribe from the respective cookies directly via the specified links. As an alternative, you can disable the storage of cookies in the browser you use. 

 

Performance cookies

We use performance cookies to measure the use of our Web site. It helps us to assess where we can improve the site. We determine, for example, how many visitors we had to a particular page or whether error messages are displayed on our pages.

Performance cookies do not collect any information that could identify you – all the information collected is anonymous and is only used to improve our Web site. This means we are not able to identify you as the person behind it.

Within the scope of the use of performance cookies on this Web site, the data is transmitted to the “etracker” tool of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, where it is analyzed.

 

Disabling cookies

You yourself determine in your browser whether cookies are placed and can be retrieved. In your browser, you can disable the storage of cookies completely, restrict it to some Web sites; or you can configure your browser such that it automatically notifies you when a cookie is to be stored and requests your response. You can block or delete individual cookies. For technical reasons, this may impair some functions of our Web site so that they do not fully work any longer.

 

Social Media

Our privacy policy also applies to our social media accounts:

 

4. Applicants        

You are in the right place here if you are an applicant and wish for more information.

 

4.1 Purpose of the collection, processing and use of the data

Processing the application; checking for suitability; making contact.

 

4.2 Legal basis for the processing (Section 6 GDPR)

Implementation of measures, including pre-contractual ones, taken at the request of the person concerned (Section 6 [1] lit b).

The person concerned agrees on a voluntary basis. This is done by means of a corresponding declaration of consent (Section 6 [1] lit f).

Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.

 

4.3 Description of the group of persons concerned and the related data or data categories

Group of persons concerned: Applicants to Graepel Group

Usual and necessary information provided by the applicants for the application procedure.

 

4.4 Recipients or categories of recipients to whom the data may be communicated

All employees who are authorized to fulfill specific in-house tasks. In the case of payment transactions, banks are provided with the relevant information. External contractors that are sub-contractors within the meaning of Section 11 of the German Federal Data Protection Act (BDSG, order data processing) or Section 28 GDPR. Usually, access to personal data in this context is not the purpose of the order but cannot be ruled out.

 

4.5 Data transmission to third countries

Data transmission to third countries only ensues in the context of contract fulfillment, required communication as well as other exceptions provided by the BDSG (new) and the GDPR.

If Graepel subsidiaries are active in the third country, suitable guarantees (standard data protection clauses) are in place.

If Graepel itself hires sub-contractors when processing an order, guarantees on the part of the sub-contractors are obtained in the form of data protection contracts. Appropriate monitoring is carried out on a regular basis. On request, more information can be obtained by contacting datenschutz@graepel.de.

 

4.6 Storage period or prescribed periods for the deletion of the data

The law specifies various retention obligations and retention periods.  Upon expiration of these periods, the relevant data will be deleted on a routine basis when it is not needed any more for fulfillment of the contract. For example: In accordance with legal provisions, data relating to commercial law or financial data of a completed fiscal year is deleted after another ten years unless longer retention periods are prescribed or required for legitimate reasons. Shorter periods of deletion are applied in special areas (e.g. HR management, for instance, rejected applications or written warnings). If data is affected by such activities, it is deleted once the purposes for which it was stored cease to exist.

 

5. Business contacts of Graepel Group

5.1 Purpose of the collection, processing and use of the data

Maintaining contact. In order to be able to contact you for business purposes.

 

5.2 Legal basis for the processing (Section 6 GDPR)

Depending on the phase of the contact, different legal bases are conceivable:

  • Implementation of measures, including pre-contractual ones, taken at the request of the person concerned (Section 6 [1] lit b).
  • The person concerned agrees on a voluntary basis. This is done by means of a corresponding declaration of consent (Section 6 [1] lit a).
  • Processing is required to fulfill contractual obligations and to protect the legitimate interests of Graepel Group (Section 6 [1] lit b and lit f).

    Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.

     

    5.3 Description of the group of persons concerned and the related data or data categories

    Group of persons concerned: Business contacts of Graepel; e.g. contact persons of customers, suppliers, service providers, partners.

    Usual and necessary information about the contacts (last name, first name, title, company affiliation, department, if needed, telephone no., e-mail address).

     

    5.4 Recipients or categories of recipients to whom the data may be communicated

    All employees who are authorized to fulfill specific in-house tasks. In the case of payment transactions, banks are provided with the relevant information. External contractors, i.e. sub-contractors within the meaning of Section 28 GDPR, are, for example, transport companies, tax consultants and IT service providers.

    In addition, data is transmitted for specific purposes to companies in the Graepel Group. They include:

    • Friedrich Graepel Aktiengesellschaft | Germany
    • Graepel Löningen GmbH & Co. KG | Germany
    • Graepel Seehausen GmbH & Co. KG | Germany
    • Graepel North America | Omaha, NE | United States
    • Oberflächentechnik Löningen GmbH & Co. KG | Germany
    • Graepel Perforations India Pvt. Ltd. | India

     
    These transmissions are made to process our contract with you (Section 6 [1] lit f GDPR).

     

    5.5 Data transmission to third countries

    Data transmissions to third countries are carried out as part of contract fulfillment (Section 6 [1] lit a b), due to a legitimate interest (Section 6 [1] lit f) as well as on the basis of exceptions expressly provided by the BDSG and the GDPR.

    If Graepel subsidiaries are active in the third country, suitable guarantees (standard data protection clauses) are in place.

     

    5.6 Storage period or prescribed periods for the deletion of the data

    The law specifies various retention obligations and retention periods.  Upon expiration of these periods, the relevant data will be deleted on a routine basis when it is not needed any more for fulfillment of the contract. For example: In accordance with legal provisions, data relating to commercial law or financial data of a completed fiscal year is deleted after another ten years unless longer retention periods are prescribed or required for legitimate reasons. If data is affected by such activities, it is deleted once the purposes for which it was stored cease to exist. Contacts of persons about whom the companies learn that they have left are set to inactive, so they no longer appear in normal searches.

     

    6. Visitors and guests

    6.1 Purpose of the collection, processing and use of the data

    We collect your data for reasons of industrial and occupational safety.

     

    6.2 Legal basis for the processing (Section 6 GDPR)

    Different legal bases apply to the collection of the data:

    • The person concerned agrees on a voluntary basis. This is done by means of a corresponding consent (Section 6 [1] lit a).
    • The protection of a legitimate interest of Graepel Group (Section 6 [1] lit f).

    Graepel always complies with rules of data avoidance and data minimization with regard to the intended purposes of the processing and always takes the legitimate interests of the person concerned in due consideration.

     

    6.3 Description of the group of persons concerned and the related data or data categories

    Group of persons concerned: Visitors and guests

    Usual and necessary information about the contacts (last name, first name, title, company affiliation, department, if needed, telephone no., e-mail address, license plate number).

     

    6.4 Recipients or categories of recipients to whom the data may be communicated

    All employees who are assigned to fulfill specific in-house tasks.

     

    6.5 Data transmission to third countries

    Transmission to third countries for this purpose does not take place.

     

    6.6 Storage period or prescribed periods for the deletion of the data

    The data is deleted after a retention period of 14 days.

     

    Löningen in April 2018

    The Data Protection Officer

    Choose your language

    Please note that this is an automated translation.