Privacy policy

Thank you for visiting our website and for your interest in GP JOULE. It is not only supplying sustainable energy that is important to us, but also the data protection-compliant handling of your personal data. With this privacy policy, we inform you about how, to what extent and for what purposes we process personal data when you use our website and other features.

 

The subject of data protection are personal data. According to Art. 4 of the GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, details such as name, address, e-mail address or telephone number, but also usage data such as your IP address or content data such as the messages you have written that you send to us via forms. We process personal data only in accordance with the statutory regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

 

 

1.    Responsible body
The body responsible is:

 

GP JOULE GmbH
Cecilienkoog 16
25821 Reußenköge
Telephone: +49 (0) 4671 6074-0
Telefax: +49 (0) 4671 6074-199
E-mail: info(at)gp-joule.de

 

 

2.    Data Protection Officer
Our Data Protection Officer is:

 

Ann-Katrin Meißner
Meißner Datenschutz GmbH
Markt 31
25821 Bredstedt
Telephone: +49 (0) 4671 93 10 31
Fax: +49 (0) 4671 93 10 33
E-mail: dsb(at)mds.legal

 

 

3.    General
Insofar as we obtain your consent for processing operations of personal data, Art. 6 para. 1 p. 1 lit. a GDPR serves as the legal basis.

 

When processing your personal data that is required to fulfil a contract between you and GP JOULE GmbH, Art. 6 para. 1 p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for conducting pre-contractual measures.

 

Insofar as the processing of personal data is necessary for fulfilling a legal obligation to which GP JOULE GmbH is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

 

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis.

 

 

4.    Data collection on our website
Within the scope of the informational use of our website, e.g. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the technically error-free presentation and optimisation of our website - for this purpose, the following server log files must be collected:

 

  • IP address,
  • Date and time of the request,
  • Time zone difference from Greenwich Mean Time (GMT),
  • Content of the request (concrete page),
  • Access status/HTTP status code,
  • The amount of data transferred in each case,
  • Website from which the request comes,
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software.

 

 

4.1.    Cookies
This website uses cookies. Cookies are used to make our website more user-friendly and to enable the use of certain functions. Cookies are small text files that are stored on your terminal device and saved by your browser. Some of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (so-called "persistent cookies"). You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our website may be limited.

 

The legal basis for using cookies is Art. 6 para. 1 p. 1 lit. f GDPR. As the website operator, we have a legitimate interest in storing cookies for the technically error-free and optimised provision of our website. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are treated separately.

 

You have the right to change or to revoke your consent at any time.

 

 

4.2.    Cookiebot cookie consent tool
This website uses the cookie consent tool Cookiebot. This allows data subjects to control how cookies are used. In addition, as the website operator, we can obtain your consent to store certain cookies in your browser and document this in a data protection compliant manner. The service provider is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot shows the data subjects a list of cookies classified by function groups, explains the purpose of the function groups and the individual cookies as well as for how long they are stored. The use of Cookiebot makes it technically necessary to save a cookie in your browser.

 

The first time you visit our website, the website displays the cookie consent tool Cookiebot as a pop-up window. In it, you can activate or deactivate the cookies classified by function groups by clicking the corresponding checkbox. The technical (necessary) cookies are already stored when the website is called up. The corresponding checkbox is preset and thus activated. You can accept cookies either by clicking on the "Allow selected cookies" or "Allow all cookies" button. If technical cookies are deactivated, using the website or individual functions on the website may be restricted or impossible.

 

Cookiebot is used to obtain and document legally required consent for the use of cookies. The legal basis is Art. 6 para. 1 p. 1 lit. c GDPR.

 

 

4.3.    Google Analytics
This website uses functions of the web analysis service Google Analytics. The service provider is Google Ireland Limited (Google) Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies. The information generated by the cookie about your surfing behaviour is usually transmitted to a Google server in the USA and stored there. The legal basis for using cookies is Art. 6 para. 1 p. 1 lit. f GDPR. As the website operator, we have a legitimate interest in analysing surfing behaviour in order to optimise both our website and our advertising.  If corresponding consent has been obtained (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR.

 

 

4.3.1.    IP anonymisation
We have activated the IP anonymisation function on our website. This means that your IP address will be shortened by Google within member states of the European Union (EU) or in other contracting states of the Agreement on the European Economic Area (EEA) before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your surfing behaviour on our website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can find more information on data processing by Google at https://marketingplatform.google.com/about/analytics/terms/de/ as well as https://policies.google.com/?hl=de.

 

 

4.3.2.    Browser plugin
You can prevent cookies from being stored by adjusting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to how you use the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

 

4.3.3.    Objection to data collection
You can prevent your data being collected by Google Analytics by clicking on the following link. An opt-out cookie will be set which will prevent your data from being collected during future visits to our website: Deactivating Google Analytics.

 

You can find more information on how Google Analytics handles user data at: https://support.google.com/analytics/answer/6004245?hl=de.

 

 

4.3.4.    Order processing
We have concluded an order processing contract with Google.

 

 

4.3.5.    Demographic characteristics on Google Analytics
This website uses the "demographic characteristics" function. This allows reports to be generated that contain information on the age, gender and interests of website visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function via the ad settings in your Google account or generally prevent your data from being collected by Google Analytics, as shown in the item "Objection to data collection".

 

 

4.3.6.    Storage period
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. Android advertising ID) is anonymised or deleted after 14 months. You can find details here: https://support.google.com/analytics/answer/7667196?hl=de.

 

 

4.3.7.    Google Analytics Remarketing
This website uses the Google Remarketing function, which analyses your surfing behaviour on our website in order to assign you to specific advertising target groups and subsequently display suitable advertising messages to you when you visit other online offers (remarketing or retargeting). The advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. This means that interest-based, personalised advertising messages that have been adapted to you on one end device (e.g. smartphone) depending on your previous surfing behaviour can also be displayed on another of your end devices (e.g. tablet PC or desktop PC).

 

You can object to personalised advertising at the following link if you have your own Google account: https://www.google.com/settings/ads/onweb/.

 

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. As website operators, we have a legitimate interest in marketing our products and services as effectively as possible. If a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

 

For example, we use the customer matching function of Google Remarketing to create target groups. In this process, we transfer certain customer data (e.g. e-mail addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

 

You can find more information on data processing by Google at: policies.google.com/technologies/ads.

 

 

4.3.8.    Google Ads and Google Conversion Tracking
This website uses Google Ads and conversion tracking. If you click on an ad placed by Google, a cookie is set for conversion tracking. These cookies expire after 30 days and are not used to personally identify website visitors. If you visit certain pages of this website and the cookie is still valid, Google and we will be able to recognise that you have clicked on the ad and have been redirected to this page.
Each Google Ads client receives a different cookie. The cookies cannot be tracked through Google Ads clients' websites. The information obtained through the conversion cookie is used to create conversion statistics for Google Ads customers. We therefore receive the total number of website visitors who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that personally identifies website visitors. If you do not wish to participate in the tracking, you can object to this use by deactivating the Google conversion tracking cookie via your internet browser under user settings. Your data will then not be included in the conversion tracking statistics.
The storage of "conversion cookies" and the use of this tracking tool are based on Art. 6 para. 1 p. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been obtained (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.
You can find more information on data processing by Google at: https://policies.google.com/privacy?hl=de.

 

 

4.4.    Facebook Pixel
This website uses the visitor action pixel from Facebook for conversion measurement. The service provider is Facebook Ireland Limited (Facebook), 4 Grand Canal Square, Dublin 2, Ireland. The data collected is also transferred to the USA and other third countries. The behaviour of website visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. The effectiveness of Facebook ads can be evaluated in this way for statistical and market research purposes and future advertising measures can be optimised. For us as the operator of the website, the data collected is anonymous. We cannot draw any conclusions about the identity of the respective user. However, Facebook stores this data so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to serve ads on Facebook pages as well as outside of Facebook. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. We have no influence on this data processing. You can find more information on data processing by Facebook at: en-en.facebook.com/about/privacy/. We base the data transfer to the USA on the standard contractual clauses of the EU Commission. You can find more information here: www.facebook.com/legal/EU_data_transfer_addendum und de-de.facebook.com/help/566994660333381. In the Settings section, you can deactivate the "Custom Audiences" remarketing function in the Ad Settings section at www.facebook.com/ads/preferences/. For this, it is necessary that you are logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: www.youronlinechoices.com/de/praferenzmanagement/.

 

 

4.5.    MyFonts Counter
This website uses the service MyFonts Counter. The service provider is MyFonts, Inc, 600 Unicorn Park Drive Woburn, MA 01801 USA. With the service MyFonts Counter we can statistically evaluate the number of visitors to our website. MyFonts Counter uses cookies and other browser technologies to recognise website users and their website visits. This information provide insights about the activity of the website. The website processes your data as part of the MyFonts Counter service for the purpose of optimising the website and for marketing purposes. The legal basis is Art. 6 para p. 1 lit. a GDPR. We have no influence on this data processing. For more information on the data processing by MyFonts, Inc. see: www.myfonts.com/legal/website-use-privacy-policy/.

 

 

4.6.    OpenStreetMap
This website uses OpenStreetMap map service. The service provider is the Open Street Map Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. If you visit our website on which OpenStreetMap is integrated, your IP address and other information about your surfing behaviour on this website will be forwarded to the Open-Street-Map Foundation, among others. It is possible that OpenStreetMap stores cookies or similar recognition technologies in your browser for this purpose. If you have enabled location tracking in your device settings on your smartphone, your location can be recorded. We have no influence on this data processing. For more information on data processing by Open-Street-Map Foundation, see: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

 

The use of OpenStreetMap is in the interest of being able to present our online offers attractively and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. If a corresponding consent has been obtained (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

 

 

4.7.    Hosting
This website is hosted by an external service provider (hoster). Personal data collected on this website are stored on the hoster's servers. This may include, for example, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers in accordance with Art. 6 para. 1 p. 1 lit. b GDPR and in the interest of a secure, fast and efficient provision of our online offer by a professional provider. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. The hoster processes your data only insofar as this is necessary for the fulfilment of its duties and follows our instructions. We have concluded an order processing contract with the hoster.

 

 

4.8.    Contact form
If you send us enquiries via a contact form, your details and personal data from the contact form will be processed for the purpose of processing the enquiry and, if necessary, for follow-up enquiries. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR or on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR if this has been obtained.

 

 

4.9.    #GP JOULE LIVE
If you send us enquiries in connection with #GP JOULE LIVE via the contact form, your details and personal data from the contact form will be processed for the purpose of processing the enquiry or arranging an appointment. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR or on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR if this has been obtained.

 

 

4.10.    Registration on this website (login)
You can register on our website to use further functions on our website. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we have to refuse the registration. For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way. The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

 

 

4.11.    JAMES Magazine
If you send us your data in connection with the order via the "JAMES Magazine" form, your details and personal data will be stored by us for the purpose of processing the order. Further data is not collected or only collected on a voluntary basis. We will only use your data for the purpose of sending you the JAMES magazine. The mandatory information requested must be provided in full. Otherwise, we will not be able to take the order, as we will not be able to dispatch it without the mandatory information. The data entered in the form is processed for the conclusion of a contract. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR. If a corresponding consent has been obtained, the processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

 

 

4.12.    Newsletter (CleverReach)
If you would like to receive our newsletter, we need your e-mail address as well as information that allows us to verify that you are the owner of the specified e-mail address and have consented to receive the newsletter. We do not collect any other data or collect it on a voluntary basis. We use the collected data exclusively for sending the requested information. The data entered in the form is processed for the conclusion of a contract. The data entered in the registration form is processed exclusively on the basis of your consent. You can revoke your consent to your data being stored, the e-mail address and their use for sending the newsletter at any time, for example via the unsubscribe link in the newsletter. The legality of the data processing procedures already carried out remains unaffected by the revocation.

 

We store the data you provide for the purpose of receiving our newsletter until you unsubscribe from the newsletter. After unsubscribing from the newsletter, we delete your personal data from the newsletter distribution list.

 

After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored in a blacklist to prevent future e-mails. We use the data from the blacklist only for this purpose and do not combine it with other data. This is in your interest as well as ours in complying with the legal requirements when sending newsletters. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. The storage in the blacklist is not limited in time. If your interests outweigh our legitimate interest, you can object to the storage.

This website uses CleverReach to send newsletters. The service provider is CleverReach GmbH & Co. KG, Mühlenstr. 43 , 26180 57. CleverReach is a service that can be used to organise and analyse the sending of newsletters. Your data will be stored on CleverReach's servers in Germany or Ireland. The newsletters sent with CleverReach allow us to analyse the behaviour of the recipients of the newsletters. This concerns, for example, the information on how many recipients have opened the e-mail and how often which link in the e-mail was clicked. With so-called conversion tracking, it can also be analysed whether a previously defined action has taken place after clicking on the link in the newsletter. For more information on data analysis by CleverReach, please visit: www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data entered in the registration form is processed exclusively on the basis of your consent. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing procedures already carried out remains unaffected by the revocation. If you do not wish to have your data analysed by CleverReach, you must unsubscribe from the newsletter. You will find a link for this in every e-mail. Furthermore, you can also unsubscribe from the newsletter directly on the website. You can find more information on data processing by CleverReach at: www.cleverreach.com/de/datenschutz/. We have concluded an order processing contract with CleverReach.

 

 

4.13.    Powermail CAPTCHA
We use Powermail CAPTCHA on our website. Service provider is Powermail Development Team, TYPO3 Association, Sihlbruggstrasse 105, CH 6340 Baar, Switzerland. Powermail CAPTCHA is intended to check whether data entry on this website (e.g. in a contact form) is made by a human or by an automated programme. In order to analyse this, Powermail uses CAPTCHA cookies. The cookies are stored across devices for the purpose of analysing your surfing behaviour during your visit to our website. Powermail CAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the website user, etc.). As a rule, this data is not forwarded or stored to third parties.

 

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. As the website operator, we have a legitimate interest in protecting our website from abusive automated spying and from SPAM. If a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. You can find more information on data processing by Powermail CAPTCHA at: https://typo3.com/privacy-policy.

 

 

5.    Online conferencing tools
We use online conferencing tools (e.g. Microsoft Teams, Zoom, etc.) among others to communicate with you. The service provider of the respective online conference tool collects and processes personal data of the participants, in particular e-mail address, telephone number, duration, number of participants, other "context information" in connection with the communication process (metadata). Furthermore, the service provider processes technical data that are required for processing the communication as well as other service-related data. We have no influence over these processing activities.

 

We use the online conferencing tools in order to communicate with contractual partners for the execution of the contractual relationship or to be able to offer certain services to our customers. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR. In addition, the use of the online conference tools serves to optimise communication with us or our group of companies. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to be able to use functional online conferencing tools that are widely used in the business areas in order to communicate efficiently with external partners. Insofar as consent has been obtained, the tools in question are used exclusively on the basis of this consent. The data entered in the registration form is processed exclusively on the basis of your consent. We have no influence on the storage period of your data, which is stored by the service providers of the online conference tools for their own purposes.

 

We use the following online conference tools:

 

 

5.1.    Microsoft Teams
We use Microsoft Teams. The service provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We have engaged Microsoft as a processor and agreed to the EU Commission's model contracts for the transfer of personal data to third countries (standard contractual clauses). You can find more information on data processing by Microsoft at: https://privacy.microsoft.com/de-de/privacystatement.

 

 

5.2.    Zoom
We use zoom. The service provider is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. You can find more information on data processing at: https://zoom.us/de-de/privacy.html.

 

Insofar as we use another service provider, you will find further information on the purpose and scope of the data collection and the further processing and use of the data by the service provider as well as your rights in this regard and setting options for protecting your privacy in the data protection notices of the respective service provider.

 

 

6.    Visiting our social media sites
We operate social media sites with the aim of informing users about our products and services and communicating with them. If you visit social networks such as Facebook, Instagram, YouTube, Xing, LinkedIn etc. or websites with integrated social media content (e.g. like buttons or advertising banners), it is possible that social networks analyse your user behaviour. Social networks can, for example, assign your visit to our social media presence to your user account, provided you are logged into your social media account. Irrespective of this, your personal data may also be collected if you do not have a social media account. Data collection can take place via cookies that are stored on your terminal device or through the collection of your IP address. As a rule, your personal data will be processed for market research and advertising purposes. Social networks can create usage profiles from your usage behaviour and resulting interests, which are used, for example, to display corresponding advertisements within and outside the social network. Please note that your data may be processed outside the EU/EEA area, e.g. in the USA. This may result in risks for you, as it could, among other things, make it more difficult to enforce your data subject rights. See our information on data processing in third countries for data transfer in the USA. We cannot track all the processing activities of the social networks, in particular whether other processing activities are carried out. You can find more information on this in the terms of use or data protection provisions of the respective social network (see below).
With our social media presences, we want to ensure an extensive presence on the internet. Our legitimate interest is to effectively inform users and communicate with users. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. If a corresponding consent has been obtained (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

 

 

6.1.    Responsible party and assertion of data subject rights
We are jointly responsible with the operator of the social network for the data processing operations triggered during your visit. In principle, you can assert your data subject rights both against us and against the social network. However, we would like to point out that despite the joint responsibility with the social networks, we do not have any comprehensive influence on the data processing operations. Our opportunities to influence are based on the corporate guidelines of the respective social network.

 

 

6.2.    Storage period
We delete data directly collected by us via the social media site as soon as the purpose for storing it no longer applies, you request us to delete it or revoke your consent to store it. Mandatory legal provisions, e.g. retention periods, remain unaffected. We have no influence on the storage period of your data, which is stored by the social networks for their own purposes.

 

 

6.3.    Social networks in detail:

 

 

 

7.    CRM system
We store your personal data in a customer relationship management system (CRM system). The service provider is salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich. The purpose of the processing is to communicate with contractual partners or pre-contractual contacts, process contact requests, communicate, manage and respond to enquiries, maintain customer relationships and relationships with interested parties, and optimise and automate sales processes. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR insofar as the contact is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on your consent pursuant to Art. 6 para.1 p. 1 lit. a GDPR and/or on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, as we have a legitimate interest in effective communication with external parties and partners as well as in the effective processing of enquiries addressed to us. We have engaged salesforce.com inc. as a processor and agreed to the standard contractual clauses. Salesforce.com inc. undertakes with binding internal data protection rules in accordance with Art. 46 para. 2 b) GDPR and Art. 47 GDPR (so-called Binding Corporate Rules) to maintain an adequate level of data protection even when processing data outside the EU.

 

 

8.    Contact by e-mail, post, telephone, fax, social media etc.
When you contact us by e-mail, post, telephone, fax, social media, etc.), your personal data (e.g. name, enquiry) is stored and used for the purpose of processing your request or for contacting you and the associated processing. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as your contact is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on your consent pursuant to Art. 6 para.1 p. 1 lit. a GDPR and/or on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, as we have a legitimate interest in effective procecessing of the enquiries addressed to us.

 

 

9.    Processing of prospective customer, customer and contract data
We process your personal data for the fulfilment of a contract and the related implementation of pre-contractual measures (e.g. for the preparation and sending of an offer), or termination of our contract. The data processing is carried out at your request and is necessary for the stated purposes for the mutual fulfilment of obligations arising from the contract. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

 

 

10.    Data processing of contact details of contact persons etc.
We process contact data of contact persons, employees, service providers or vicarious agents of our contractual partners. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Processing pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR may only be carried out insofar as this is necessary to protect the legitimate interests of us or third parties and does not override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Business contacts (e.g. the name of a contact person, an employee, etc.) do not contain very sensitive data. It is therefore not apparent what legitimate interest contact persons, employees, etc. would have in not being contacted in the context of the business relationship. Our legitimate interest is the smooth processing of the business relationship and outweighs the interest of the contact persons, employees, service providers or vicarious agents.

 

 

11.    Data processing business contacts, trade fairs, events etc.
We process your personal data that we have received from you, e.g. in the context of business contacts, a trade fair, event, etc. (e.g. handing over your business card and other data) for the fulfilment of a contract and the related implementation of pre-contractual measures (e.g. preparation of an offer). The data processing is carried out at your request and is necessary for the stated purposes for the mutual fulfilment of obligations arising from the contract. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

 

 

12.    Data processing within the group of companies
We work closely within the "GP JOULE" group of companies (www.gp-joule.de) with the other companies (e.g. GP JOULE Connect GmbH, GP JOULE Service GmbH & Co. KG, GP JOULE Projects GmbH & Co. KG, GP JOULE Think GmbH & Co. KG, GP JOULE EPC GmbH & Co. KG, H-TEC SYSTEMS GmbH etc.). It may therefore be necessary for us to process your personal data within the existing or future group of companies. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to design business processes efficiently.

 

Your personal data will be processed within the existing or future group of companies insofar as this is necessary for the performance of a contract and the related implementation of pre-contractual measures. The data processing is carried out at your request and is necessary for the stated purposes for the mutual fulfilment of obligations arising from the contract. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

 

 

13.    Direct marketing
We process your personal data for marketing purposes, e.g. to inform you by e-mail, post, telephone (e.g. telemarketing), via social media using digital or printed media about products, services, events, trade fairs, etc. of the GP JOULE group of companies, if you have given your consent to the processing. The data entered in the registration form is processed exclusively on the basis of your consent.   

 

In addition, we process your personal data for promotional use within the scope of our legitimate interest (by post, by telephone, etc.). Our legitimate interest therefore consists in the implementation of advertising measures. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR.

 

In the case of telephone marketing, we naturally observe the requirements of Section 7 UWG (Fair Trade Practices Act) (e.g. existence of presumed consent, etc.).

 

As a rule, we record your data on so-called lead sheets, which we sometimes also fill out together at trade fairs or events.

 

 

14.    Competition
We process your personal data that we collect, e.g. in the context of a competition, for the purpose of conducting the competition. This serves to determine and notify the winner. If you do not provide us with the personal data, it will not be possible to participate in the competition or to contact you regarding a prize notification. The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO or Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest then lies in the proper implementation of the competition in which you voluntarily participate.

 

 

15.    "Greetings from GP JOULE" (Christmas or greeting card etc.)
We process your personal data in order to send you "Greetings from GP JOULE" by post or by e-mail (e.g. Christmas or greeting cards etc.). The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR, provided we have obtained your consent. In the other cases, the processing is based on our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR as we have a legitimate interest in maintaining contact with our contacts and business partners.

 

 

16.    Invitations to events, trade fairs, etc.
We process your personal data in order to invite you to events, trade fairs etc. by e-mail or by post. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR, provided we have obtained your consent. In the other cases, the processing is based on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR as we have a legitimate interest in maintaining contact with our contacts and business partners  and in carrying out advertising measures.

 

 

17.    Application procedure
This section serves to inform applicants at GP JOULE GmbH about the processing of personal data in accordance with data protection law. These are applications that either refer to a specific job offer or are speculative applications. GP JOULE GmbH supports the other companies of the "GP JOULE" group in the application process. Job advertisements from the companies in the group are published on our website.

 

We process the data you send us in connection with your application in order to assess your suitability for the position (or possible other vacancies in our company or within the group of companies) and to carry out the application procedure.

 

After receiving your application, the data will be viewed by the personnel department. Suitable applications are then forwarded internally to the department heads for the respective vacant position. Then the further procedure is coordinated. As a matter of principle, only those persons have access to your data who need it for the proper course of our application procedure.

 

Applicants are not obliged to provide their personal data. However, the provision of personal data is necessary for the decision on an application. However, applicants should only provide personal data as part of their application which is necessary for the acceptance and execution of the application. If applicants do not provide us with personal data as part of an application, we cannot make a selection. There are no further consequences for you.

 

The legal basis for the processing of your personal data in this application procedure is § 26 BDSG (Federal Data Protection Act). According to § 26 BDSG, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after completion of the application procedure, data processing may take place in accordance with Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f GDPR. The legitimate interest then consists of asserting or defending claims, for example, in proceedings under the General Equal Treatment Act (hereinafter "AGG"). Our interest then consists in asserting or defending claims. If a corresponding consent has been obtained (e.g. for the use of your data for subsequent vacancies), the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a GDPR.

 

 

18.    Corporate transaction
In the context of a corporate transaction, it may be necessary to transfer your personal data to a third party. This is at least the case in an asset deal. As a matter of principle, anonymised or pseudonymised data is processed within the scope of due diligence. If required, however, it may be necessary to process personal data without anonymisation or pseudonymisation in a specific individual case. The legal basis for the processing of your personal data in this case is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is in carrying out the corporate transaction.

 

 

19.    Categories of personal data and source
We process the following categories of personal data: Contact data (e.g. name, e-mail address, telephone number), employee data, job or function titles (e.g. graduate engineer, managing director, etc.), personal master data, communication data, contract master data, contract billing and payment data, supplier data, information data (from third parties, e.g. credit agencies or from publicly accessible sources), etc. The list is not exhaustive.

 

We process personal data that we receive from our contractual partner or directly from you within the framework of the contract with our contractual partner. We also process personal data that we have been permitted to obtain from publicly accessible sources, e.g. land registers, commercial and association registers, the Internet or social media, or that we receive from third parties, e.g. credit agencies.

 

 

20.    Transfer to third parties
In some cases, we use external service providers to process your data. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected. As a rule, this is done on the basis of commissioned processing pursuant to Art. 28 GDPR.

 

In addition, we only transfer personal data to third parties if this is permitted by law or if you have given your prior consent.

 

Your personal data will only be disclosed or transferred to the following recipients or categories of recipients within the scope of the aforementioned purposes:

 

  • IT service provider,
  • Companies within the "GP JOULE" group of companies or future group of companies,
  • Credit institutions for the processing of payments,
  • Companies in the insurance industry in the course of settling claims,
  • Collection service providers and lawyers, e.g. to collect debts and enforce claims in court,
  • Lawyers, notaries, banks, tax advisors etc.,
  • Corporate buyers/interested parties in corporate transactions,
  • Responsible persons, processors,
  • other authorised persons (e.g. authorities and courts), insofar as there is a legal obligation or authorisation to do so,
  • depending on the order, to further recipients, which we will coordinate with you if necessary.

 

 

21.    Transfer to countries outside the EU or the EEA
If we process data outside the EU or the EEA or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.

 

Furthermore, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and no other interests worthy of protection speak against the transfer of data. We use standard contractual clauses to ensure an appropriate level of data protection at the recipient of the data, base the transfer of data on so-called Binding Corporate Rules (internal data protection regulations) and check the existence of additional guarantees with regard to the transfer of personal data to a third country, such as the USA. The standard contractual clauses are in principle still effective even after the ECJ's ruling of 16 July 2020 (C-311/18) on the EU-US Privacy Shield. Furthermore, we check the existence of additional guarantees and obtain the consent of the data subjects to the data transfer in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR.  

 

We use tools and services from service providers based in the USA on our website and beyond. According to the case law of the European Court of Justice of 16 July 2020 (C-311/18) on the EU-US Privacy Shield, there is no adequate level of data protection in the USA. The USA is not a safe third country within the meaning of the GDPR. US service providers and their subsidiaries are subject to US laws and are obliged to disclose personal data to US authorities (e.g. intelligence agencies). Those affected cannot take legal action against this. This means that it is possible for US authorities to access, process, evaluate and store personal data, e.g. for surveillance purposes. In terms of the GDPR, this constitutes an unauthorised disclosure of personal data. We cannot influence these processing activities.

 

 

22.    Duration of storage
Your personal data will be stored for the aforementioned purposes for as long as is necessary to fulfil these purposes. Thereafter (e.g. after processing of your enquiry has been completed; when the matter in question has been conclusively clarified; after completion of the order or termination of the business relationship, etc.), your personal data will be deleted unless we are obliged to store it for a longer period of time due to legal requirements (e.g. commercial or tax law retention obligations). In this case, your personal data will initially be blocked and deleted upon expiry of the retention period.

 

In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject. Data will be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data. In addition, storage may take place if you have given your consent in accordance with Art. 6 para. 1 S. 1 lit. a GDPR.

 

For the purpose of direct advertising, your personal data will be stored for as long as there is an overriding legal interest on the part of our company in the processing in accordance with the relevant legal provisions, but for no longer than two years beyond the end of the contract.

 

In the event of obligations to permanently observe objections, we reserve the right to store your personal data (contact data e.g. e-mail address, telephone number, surname, first name, address etc.) in a blacklist for this purpose alone.

 

Your data will be deleted in connection with a JAMES Magazine order after final processing of your request (one-time order) or only after termination of the contract (free subscription). This applies if it is clear from the circumstances that the matter in question has been conclusively clarified and there are no statutory retention obligations to the contrary.

 

Data of applicants will be deleted after 6 months in case of rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data is deleted after two years. If you are accepted for a position as part of the application process, the data will be stored on our systems and transferred to your personnel file.

 

Further information on the duration of storage and deletion of your personal data can be found in the individual data protection notices of this data protection declaration.

 

 

23.    Data subject rights
Within the framework of the legal requirements, you have a claim against us for

 

  • Confirmation as to whether your personal data is being processed by us and to information about the circumstances of the processing (Art. 15 GDPR),
  • Correction if your personal data is incorrect (Art. 16 GDPR),
  • Deletion of your personal data, insofar as there is no justification for the processing and there is no (longer) an obligation to retain it (Art. 17 GDPR),
  • Restriction of processing if one of the conditions listed in Art. 18 para. 1 lit a to d of the GDPR is met (Art. 18 GDPR),
  • Data portability of your personal data in a structured, common and machine-readable format (Art. 20 GDPR),
  • Complaint to a supervisory authority (Art. 77 GDPR).

 

Insofar as the processing of your personal data is based on your consent, you have the right to revoke your consent at any time in accordance with Art. 7 para. 3 GDPR, with the consequence that the processing of your personal data becomes inadmissible for the future. However, this shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation. The revocation of consent can be communicated informally by e-mail to info@gp-joule.de or by post to our postal address listed at the beginning of this privacy policy.

 

In addition, pursuant to Art. 21 GDPR, in the event of processing on the basis of a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you may object to the processing, in which case, except in the case of direct marketing, you must provide a specific reason. The objection can be communicated informally by e-mail to ds-widerspruch@gp-joule.de or by post to our postal address listed at the beginning of this privacy policy.

 

 

24.    Obligation or duty to provide the data
In the context of the performance of a contract and the related implementation of pre-contractual measures of contracts with you, it is necessary that you provide those personal data that are required for the establishment or the implementation of the contract and thus for the performance of the contractual obligations. You are not obliged to provide your personal data, but if you do not provide it, the establishment and implementation of the contractual relationship is not possible.

 

 

25.    No automated decision-making including profiling
We do not process your personal data for the purpose of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR.

 

 

26.    Links to other websites
Our website contains links to other websites. Please note that our privacy policy does not apply to these other websites unless explicitly stated.

 

 

27.    Data security
We have taken the necessary technical and organisational measures to protect the personal data you have provided against loss, destruction, manipulation and unauthorised access. All our employees and all persons involved in data processing are obliged to comply with the GDPR, the Federal Data Protection Act (BDSG) and other laws relevant to data protection and to handle personal data confidentially. Our employees are trained accordingly. Both internal and external audits ensure compliance with all processes relevant to data protection.

 

To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) or "Transport Layer Security" (TSL) transmission. You can recognise this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed lock symbol is displayed in the browser. By clicking on the icon, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption ensures the secure and complete transmission of your data.

 

 

28.    Changes to the privacy policy
New legal requirements, corporate decisions or technical developments may require changes to our data protection statement. The privacy policy will then be adapted accordingly. You can find the latest version on our website.

 

 

29.    Video surveillance at the Reußenköge site

 

 

30. Privacy information of the GP JOULE group of companies

 

 

Last updated:  October 2020

Concept, text, design & programming

HOCHZWEI – büro für visuelle kommunikation gmbh & co. kg
Fördepromenade 16-18 - Sonwik
24944 Flensburg
E-Mail: info@hoch2.de
Internet: www.hochzwei.de