Data Privacy Policy
Data Protection Declaration:
Thom Metall‐ und Maschinenbau GmbH is pleased at your visit to our website https://www.thom.gmbh/ and your interest in our Company. Data protection and the security of personal data entrusted to us are of particularly high priority, if you want to use special services offered by our Company via our website. At any rate, we consider your informal right of self‐determination in compliance with Article 2 I GG (German Constitutional Law), in connection with Article 1 I GG, as an essential right.
So it is of particular importance to us, too that you know which of your personal data will be collected and processed when using our offers and services.
1. Purposes of Data Processing:
As far as we process personal data, this is carried out in accordance with the purposes stipulated in this Data Protection Declaration and based upon relevant admissible data protection purposes referred to in the GDPR (German Basic Orders on Data Protection).
2. Processing of Personal Data:
2.1. Calling our website:
We collect and record your Internet Protocol (IP) address in order to transmit the contents of our website to your computer, e.g. text, pictures and files ready for download, etc. Here, processing is carried out for the performance of a contract or the execution of preliminary contractual measures, in accordance with Article 6 subpara. 1 lit. b GDPR. Furthermore, we process this data in order to identify and trace any misuse of data, referred to in Art. 6 subpara. 1 lit. f GDPR.
In addition, we record the following data, and, in principle, we store it until the automated deletion:
- Date and time of access,
- Name and URL of selected file,
- Website, from which our website is reached (Referrer‐URL),
- Browser types and versions used and, if required, the operating system of your computer and the name of your Access Provider.
So far, the legal basis is Article 6 subpara. 1 lit. f GDPR. Our legitimate interest of the processing of data is, in particular, to ensure the proper functionality of our website and to carry out our business referred to in it.
2.2. E‐Mail/telephone/ FAX/contact form:
If you want to send us inquiries by e‐mail/telephone/FAX/contact form, your data will be automatically stored and correspondingly processed for possible further inquiries (Article 6 subpara. 1 lit. a GDPR). This data will not be transferred to third parties without your prior consent unless explicitly required by statutory provisions (Article 6 subpara. 1 lit. c GDPR).
2.3. Other purposes:
Personal data will be continuously processed by us, if freely given by you, for example, for the fulfilment of our services carried‐out for you. The legal basis of this procedure is our legitimate interest as referred to in Article 6 subpara. 1 lit. b GDPR Therefore, data processed by us will include any personal data required within the framework of this Data Protection Declaration and in connection with the purposes referred to in the GDPR.
If we – as stated above – process your data for the purpose of the receiving of your particular inquiry, you shall be obligated to make this data available to us, for without this data we will not be able to carry out an appropriate processing requested by you.
If you have given your consent to the processing of personal data in accordance with Article 6 subpara. 1 lit. a GDPR, you shall have the right to object, at any time, to the processing of your personal data. This will not affect the legality of processing until the objection carried out due to your given consent.
3. Transmission to Third Parties/Processor:
As a rule, your data will be processed only internally.
The transfer of data to external processors shall only be carried out in compliance with Article 28 subpara. 1 GDPR. Should it become necessary to transfer your personal data to a commissioned Processor we will inform you correspondingly prior to the said transfer. It is understood, that you will be entitled to revoke your consent at any time, if you do not want that your personal data is transferred to the Processor. The legality of processing carried out until your revocation, due to your given consent, shall not be affected by this procedure.
Furthermore, your personal data will be transmitted without your express consent, to law enforcement authorities or, if required, to injuriously affected Third Parties, if necessary for the clarification of an illegal use of our services or for other prosecution purposes. However, this will only be done, if definite points are available indicating an illegal or abusive behaviour. A transfer shall also be allowed, if useful for the enforcement of conditions of use or other agreements.
In addition we are legally bound to supply information to paricular public authorities upon request. This will include law enforcement authorities, official authorities prosecuting regulatory offences penalized with a fine and revenue authorities, in accordance with Article 6 subpara. 1 lit. c GDPR.
The transfer of this data is based upon our legitimate interest in the fight against data misuse, the prosecution of criminal offences and enforcement of claims, unless and until your rights and interests in your personal data override these grounds acc to Article 6 subpara. 1 lit. f GDPR.
4. Transmission of Data in Application Documents:
In the course of your written application, including online application, we will collect and process your application data in an admissible manner as referred to in the relevant DS‐GVO. This particularly will include your:
Contact data (name, forename, date/place of birth, address, telephone number, e‐mail etc.), application documents (letter of application, curriculum vitae, credentials, further training certificates, qualifications etc.).
The collection and processing of your personal application data will be carried out exclusively with regard to a specific purpose, i.e. to fill a post in our company. In general, your data will be transferred only to internal departments of our company responsible for the respective application process. This is necessary for the realization of your possible employment relationship in our company. A transfer of your personal application data to other companies/facilities will be effected only with your prior express consent. Further use or transfer of your application data to third parties will not take place. Your personal application data will be automatically deleted six months after the completion of the application process. This shall not apply, if legal provisions prohibit to do so, of if a further storage would become necessary for the purpose of the production of evidence, or if you will have given your express consent for a longer storage period, e.g. for possible future advertisements of vacancy. If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of handling the employment relationship in compliance with the legal requirements.
5. Sale, Marketing and/or Publicity Purposes:
We do not sell or transmit your personal data for the purpose of marketing and/or publicity.
6. Transmission of data to Third Countries:
There is no transmission to third countries. By the way, § 3 of this Data Protection Declaration shall apply in this case.
7. Security / Technical and Organizational Measures:
We use technical and organizational security measures, in order to protect your personal data against accidental or intentional manipulations, loss, damage, destruction, or the access of unauthorized persons. This will also apply, if external services are included. The effectiveness of our security measures are regularly checked and, in compliance with the latest technological developments, continuously improved. Furthermore, we will keep your personal data in a controlled and monitored secure server environment, where unauthorized access and publication are prevented.
7.1. Secure‐Socket‐Layer‐ (SSL) or Transport‐Layer‐Security (TLS) -Codification:
Our website is secured by the SSL‐ or TLS‐process, i.e. our website uses a coded connection for security reasons and to protect confidential contents. You can see that the address lines of the browser of “http://” changes to “https://” and by the lock symbol in your browser line. As soon as the SSL‐ or TLS‐codification is activated, it will be impossible that your data transmitted to us can be read by any third party or unauthorized persons.
7.2. Cookies:
In order to make our website user‐friendly and optimally adapted to your needs, we can use so‐called cookies in some areas of our website, which are activated from the beginning. A so‐called cookie is a small text file that is stored locally on your computer as soon as you visit a web site. If you visit the web site again with the same terminal, the so‐called cookie indicates, e.g. that it is a repeated visit. In addition, cookies allow us to anonymously analyze the use of our web site. You can use the settings in your browser to allow and disable so‐called cookies or delete them via your browser history. In addition, we do not use tracking cookies, i.e. we cannot allocate and track you by using cookies.
8. Statutory Periods for the Erasure of Data:
The Legislator has issued diverse time‐limits / retention periods and obligations related to the storage of data. If a storage period legally prescribed expires, the personal data are routinely and automatically blocked or erased. Data which is not affected by this, will be erased or anonymously stored, if its use has become no longer necessary for the specified purposes referred to in this Data Protection Declaration. If there are no different or deviating provisions in this Data Protection Declaration with reference to the storage of data, data collected by us will be stored only as long as necessary for the said intended purposes. For this, we have established suitable technical and organizational security measures.
9. Further Use and Erasure of Data:
Further processing or use of your personal data are generally carried out only if permitted by law, or if you will have agreed to this data processing or use. In the event of a further data use for different purposes that those originally collected, we will inform you about the deviating purpose prior to the start of this further processing.
10. Identification and Prosecution or Misuse:
Misuse detection and tracking information, especially your IP address, is stored for legitimate business purposes. The legal basis in this respect is Art. 6 para. 1 lit. f GDPR. Our legitimate corporate interest in data preservation is to ensure the proper functioning of our web site and its operations as well as being able to ward off cyber‐attacks and the like. If necessary, we will use anonymous usage information to customize our website.
11. Rights related to the Processing of Personal Data:
11.1. Right to be informed:
At request, you shall have the right to obtain from us free information about your personal data processed at any time to the extent referred to in Article 15 GDPR.
11.2. Right to rectification of inaccurate data:
You shall have the right to obtain without undue delay the rectification of inaccurate personal data (Article 16 GDPR). If you wish to avail yourself of this right to rectification, you may, at any time, contact our data protection officer and/or the competent Commissioner of Data Protection.
11.3. Right to erasure (Right to be forgotten):
You shall have the right to obtain from us without undue delay the erasure of your personal data (Right to be forgotten), if legal grounds apply acc. to Article 17 GDPR. This will apply, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or if you will withdraw your consent to which processing is based, and where there is no other legal ground for the processing. This shall not apply to objections to direct publicity purposes. In order to assert your aforesaid right, please contact the responsible persons and/or the Commissioner of Data Protection named below.
11.4. Right of restriction of processing:
You shall have the right to obtain from us the restriction of processing as referred to in Article 18 GDPR. According to these requirements, a restriction of processing will particularly be necessary, if the processing is unlawful and the affected person opposes the erasure of personal data and requests instead the restriction of its use, or the said person has objected to processing pursuant to Article 21 subpara. 1 GDPR pending the verification whether our legitimate grounds override those of you.
11.5. Right to data portability:
You shall have the right to data portability pursuant to Article 20 GDPR, to receive your personal data which was provided to us, in a structured, commonly used and machine‐readable format. And you shall also have the right to transmit this data to a different responsible person, as long as processing is based upon a consent or contract, and the processing is carried out by automated means. In order to assert your aforesaid right, please contact the responsible person and/or the Commissioner of Data Protection named below.
11.6. Right to object:
You shall have the right to object on grounds relating to your particular situation, at any time, to the processing of your personal data, pursuant to Article 6 subpara. 1 lit. e or f GDPR and Article 21 GDPR In this case, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. In order to assert your aforesaid right, please contact the responsible person and/or the Commissioner of Data Protection named below.
11.7. Right to lodge a complaint with a regulatory authority:
If you are of the opinion that our processing of your personal data has been inadmissible, you shall have the right to lodge a complaint with the competent regulatory authority which you may contact as follows:
Die Landesbeauftragte für den Datenschutz Niedersachsen
(The Land Commissioner for the Data Protection in Lower Saxony)
Prinzenstraße 5, 30159 Hannover
Telefon: +49 (0511) 120 45 00, Telefax: +49 (0511) 120 45 99
E‐Mail: poststelle@lfd.niedersachsen.de
12. Responsible for the Data Protection:
Mr Burkhard Volbert, Mr Ferdinand Volbert, Mr Klaus Huber
Thom Metall‐ und Maschinenbau GmbH
Justus‐von‐Liebig‐Straße 2, D‐27283 Verden
Telefon +49 4231 9646 0, Fax +49 4231 9646 26
E‐Mail: info@thom.gmbh
13. The Commissioner of Data Protection:
Should you have any further queries concerning the processing of your personal data, you may directly contact our Commissioner of Data Protection. He will give advice to you, even in cases of requests for information, applications or complaints:
Mr Yilmaz Özdemir
Datenschutzbeauftragter (Data Protection Commissioner)
MisterData® Datenschutz & Consulting UG (haftungsbeschränkt)
Schwalbenweg 61/1
69123 Heidelberg
Tel.: +49 (0) 6221–7271238
Email: ra_yilmaz.oezdemir@t-online.de
As of: August 2023