Data Privacy Policy

Data Protection Declaration:

Thom Metall‐ und Maschi­nen­bau GmbH is plea­sed at your visit to our web­site https://www.thom.gmbh/ and your inte­rest in our Com­pa­ny.  Data pro­tec­tion and the secu­ri­ty of per­so­nal data ent­rusted to us are of par­ti­cu­lar­ly high prio­ri­ty, if you want to use spe­cial ser­vices offe­red by our Com­pa­ny via our web­site.  At any rate, we con­si­der your infor­mal right of self‐determination in com­pli­an­ce with Arti­cle 2 I GG (Ger­man Con­sti­tu­tio­nal Law), in con­nec­tion with Arti­cle 1 I GG, as an essen­ti­al right.

So it is of par­ti­cu­lar impor­t­an­ce to us, too that you know which of your per­so­nal data will be collec­ted and pro­ces­sed when using our offers and ser­vices.

1. Purposes of Data Processing:

As far as we pro­cess per­so­nal data, this is car­ri­ed out in accordance with the pur­po­ses sti­pu­la­ted in this Data Pro­tec­tion Decla­ra­ti­on and based upon rele­vant admis­si­ble data pro­tec­tion pur­po­ses refer­red to in the GDPR (Ger­man Basic Orders on Data Pro­tec­tion).

2. Processing of Personal Data:

2.1. Cal­ling our web­site:

We collect and record your Inter­net Pro­to­col (IP) address in order to trans­mit the con­tents of our web­site to your com­pu­ter, e.g. text, pic­tures and files rea­dy for down­load, etc.  Here, pro­ces­sing is car­ri­ed out for the per­for­mance of a con­tract or the exe­cu­ti­on of preli­mi­na­ry con­trac­tu­al mea­su­res, in accordance with Arti­cle 6 sub­pa­ra. 1 lit. b GDPR.  Fur­ther­mo­re, we pro­cess this data in order to iden­ti­fy and trace any misu­se of data, refer­red to in Art. 6 sub­pa­ra. 1 lit. f GDPR.

In addi­ti­on, we record the fol­lo­wing data, and, in princip­le, we store it until the auto­ma­ted dele­ti­on:

  • Date and time of access,
  • Name and URL of selec­ted file,
  • Web­site, from which our web­site is reached (Referrer‐URL),
  • Brow­ser types and ver­si­ons used and, if requi­red, the ope­ra­ting sys­tem of your com­pu­ter and the name of your Access Pro­vi­der.

So far, the legal basis is Arti­cle 6 sub­pa­ra. 1 lit. f GDPR.  Our legi­ti­ma­te inte­rest of the pro­ces­sing of data is, in par­ti­cu­lar, to ensu­re the pro­per func­tio­n­a­li­ty of our web­site and to car­ry out our busi­ness refer­red to in it.

2.2. E‐Mail/telephone/ FAX/contact form:

If you want to send us inqui­ries by e‐mail/telephone/FAX/contact form, your data will be auto­ma­ti­cal­ly stored and cor­re­spon­din­gly pro­ces­sed for pos­si­ble fur­ther inqui­ries (Arti­cle 6 sub­pa­ra. 1 lit. a GDPR).  This data will not be trans­fer­red to third par­ties wit­hout your pri­or con­sent unless expli­citly requi­red by sta­tuto­ry pro­vi­si­ons (Arti­cle 6 sub­pa­ra. 1 lit. c GDPR).

2.3. Other pur­po­ses:

Per­so­nal data will be con­ti­nuous­ly pro­ces­sed by us, if free­ly given by you, for examp­le, for the ful­filment of our ser­vices carried‐out for you.  The legal basis of this pro­ce­du­re is our legi­ti­ma­te inte­rest as refer­red to in Arti­cle 6 sub­pa­ra. 1 lit. b GDPR  The­re­fo­re, data pro­ces­sed by us will inclu­de any per­so­nal data requi­red wit­hin the frame­work of this Data Pro­tec­tion Decla­ra­ti­on and in con­nec­tion with the pur­po­ses refer­red to in the GDPR.

If we – as sta­ted above – pro­cess your data for the pur­po­se of the recei­ving of your par­ti­cu­lar inqui­ry, you shall be obli­ga­ted to make this data avail­ab­le to us, for wit­hout this data we will not be able to car­ry out an appro­pria­te pro­ces­sing requested by you.

If you have given your con­sent to the pro­ces­sing of per­so­nal data in accordance with Arti­cle 6 sub­pa­ra. 1 lit. a GDPR, you shall have the right to object, at any time, to the pro­ces­sing of your per­so­nal data.  This will not affect the lega­li­ty of pro­ces­sing until the objec­tion car­ri­ed out due to your given con­sent.

3. Transmission to Third Parties/Processor:

As a rule, your data will be pro­ces­sed only intern­al­ly.

The trans­fer of data to exter­nal pro­ces­sors shall only be car­ri­ed out in com­pli­an­ce with Arti­cle 28 sub­pa­ra. 1 GDPR.  Should it beco­me necessa­ry to trans­fer your per­so­nal data to a com­mis­sio­ned  Pro­ces­sor we will inform you cor­re­spon­din­gly pri­or to the said trans­fer.  It is unders­tood, that you will be ent­it­led to revo­ke your con­sent at any time, if you do not want that your per­so­nal data is trans­fer­red to the Pro­ces­sor.  The lega­li­ty of pro­ces­sing car­ri­ed out until your revo­ca­ti­on, due to your given con­sent, shall not be affec­ted by this pro­ce­du­re.

Fur­ther­mo­re, your per­so­nal data will be trans­mit­ted wit­hout your express con­sent, to law enforce­ment aut­ho­ri­ties or, if requi­red, to inju­rious­ly affec­ted Third Par­ties, if necessa­ry for the cla­ri­fi­ca­ti­on of an ille­gal use of our ser­vices or for other pro­se­cu­ti­on pur­po­ses.  Howe­ver, this will only be done, if defi­ni­te points are avail­ab­le indi­ca­ting an ille­gal or abu­si­ve beha­viour.  A trans­fer shall also be allo­wed, if use­ful for the enforce­ment of con­di­ti­ons of use or other agree­ments.

In addi­ti­on we are legal­ly bound to sup­ply infor­ma­ti­on to pari­cu­lar public aut­ho­ri­ties upon request.  This will inclu­de law enforce­ment aut­ho­ri­ties, offi­ci­al aut­ho­ri­ties pro­se­cu­ting regu­lato­ry offen­ces pena­li­zed with a fine and reve­nue aut­ho­ri­ties, in accordance with Arti­cle 6 sub­pa­ra. 1 lit. c GDPR.

The trans­fer of this data is based upon our legi­ti­ma­te inte­rest in the fight against data misu­se, the pro­se­cu­ti­on of cri­mi­nal offen­ces and enforce­ment of claims, unless and until your rights and inte­rests in your per­so­nal data over­ri­de the­se grounds acc to Arti­cle 6 sub­pa­ra. 1 lit. f GDPR.

4. Transmission of Data in Application Documents:

In the cour­se of your writ­ten app­li­ca­ti­on, inclu­ding online app­li­ca­ti­on, we will collect and pro­cess your app­li­ca­ti­on data in an admis­si­ble man­ner as refer­red to in the rele­vant DS‐GVO.  This par­ti­cu­lar­ly will inclu­de your:

Con­tact data (name, fore­na­me, date/place of birth, address, tele­pho­ne num­ber, e‐mail etc.), app­li­ca­ti­on docu­ments (let­ter of app­li­ca­ti­on, cur­ri­cu­lum vitae, creden­ti­als, fur­ther trai­ning cer­ti­fi­ca­tes, qua­li­fi­ca­ti­ons etc.).

The collec­tion and pro­ces­sing of your per­so­nal app­li­ca­ti­on data will be car­ri­ed out exclu­si­ve­ly with regard to a spe­ci­fic pur­po­se, i.e. to fill a post in our com­pa­ny.  In gene­ral, your data will be trans­fer­red only to inter­nal depart­ments of our com­pa­ny respon­si­ble for the respec­tive app­li­ca­ti­on pro­cess.  This is necessa­ry for the rea­li­za­ti­on of your pos­si­ble employ­ment rela­ti­ons­hip in our com­pa­ny.  A trans­fer of your per­so­nal app­li­ca­ti­on data to other companies/facilities will be effec­ted only with your pri­or express con­sent.  Fur­ther use or trans­fer of your app­li­ca­ti­on data to third par­ties will not take place.  Your per­so­nal app­li­ca­ti­on data will be auto­ma­ti­cal­ly dele­ted six mon­ths after the com­ple­ti­on of the app­li­ca­ti­on pro­cess.  This shall not app­ly, if legal pro­vi­si­ons pro­hi­bit to do so, of if a fur­ther sto­rage would beco­me necessa­ry for the pur­po­se of the pro­duc­tion of evi­dence, or if you will have given your express con­sent for a lon­ger sto­rage peri­od, e.g. for pos­si­ble future adver­ti­se­ments of vacan­cy. If we con­clu­de a con­tract of employ­ment with an app­li­cant, the trans­mit­ted data will be stored for the pur­po­se of hand­ling the employ­ment rela­ti­ons­hip in com­pli­an­ce with the legal requi­re­ments.

5. Sale, Marketing and/or Publicity Purposes:

We do not sell or trans­mit your per­so­nal data for the pur­po­se of mar­ke­ting and/or publi­ci­ty.

6. Transmission of data to Third Countries:

The­re is no trans­mis­si­on to third coun­tries.  By the way, § 3 of this Data Pro­tec­tion Decla­ra­ti­on shall app­ly in this case.

7. Security / Technical and Organizational Measures:

We use tech­ni­cal and orga­ni­za­tio­nal secu­ri­ty mea­su­res, in order to pro­tect your per­so­nal data against acci­den­tal or inten­tio­nal mani­pu­la­ti­ons, loss, dama­ge, dest­ruc­tion, or the access of unaut­ho­ri­zed per­sons.  This will also app­ly, if exter­nal ser­vices are inclu­ded.  The effec­tiveness of our secu­ri­ty mea­su­res are regu­lar­ly che­cked and, in com­pli­an­ce with the latest tech­no­lo­gi­cal deve­lop­ments, con­ti­nuous­ly impro­ved.  Fur­ther­mo­re, we will keep your per­so­nal data in a con­trol­led and moni­to­red secu­re ser­ver envi­ron­ment, whe­re unaut­ho­ri­zed access and publi­ca­ti­on are pre­ven­ted.

7.1. Secure‐Socket‐Layer‐ (SSL) or Transport‐Layer‐Security (TLS) -Codi­fi­ca­ti­on:

Our web­site is secu­red by the SSL‐ or TLS‐process, i.e. our web­site uses a coded con­nec­tion for secu­ri­ty rea­sons and to pro­tect con­fi­den­ti­al con­tents.  You can see that the address lines of the brow­ser of http://” chan­ges to https://” and by the lock sym­bol in your brow­ser line.  As soon as the SSL‐ or TLS‐codification is activa­ted, it will be impos­si­ble that your data trans­mit­ted to us can be read by any third par­ty or unaut­ho­ri­zed per­sons.

7.2. Coo­kies:

In order to make our web­site user‐friendly and opti­mal­ly adap­ted to your needs, we can use so‐called coo­kies in some are­as of our web­site, which are activa­ted from the begin­ning. A so‐called coo­kie is a small text file that is stored local­ly on your com­pu­ter as soon as you visit a web site. If you visit the web site again with the same ter­mi­nal, the so‐called coo­kie indi­ca­tes, e.g. that it is a repeated visit. In addi­ti­on, coo­kies allow us to anony­mously ana­ly­ze the use of our web site. You can use the set­tings in your brow­ser to allow and dis­able so‐called coo­kies or dele­te them via your brow­ser histo­ry. In addi­ti­on, we do not use tracking coo­kies, i.e. we can­not allo­ca­te and track you by using coo­kies.

8. Statutory Periods for the Erasure of Data:

The Legis­la­tor has issued diver­se time‐limits / reten­ti­on peri­ods and obli­ga­ti­ons rela­ted to the sto­rage of data.  If a sto­rage peri­od legal­ly pre­scri­bed expi­res, the per­so­nal data are rou­ti­ne­ly and auto­ma­ti­cal­ly blo­cked or era­sed.  Data which is not affec­ted by this, will be era­sed or anony­mously stored, if its use has beco­me no lon­ger necessa­ry for the spe­ci­fied pur­po­ses refer­red to in this Data Pro­tec­tion Decla­ra­ti­on.  If the­re are no dif­fe­rent or devia­ting pro­vi­si­ons in this Data Pro­tec­tion Decla­ra­ti­on with refe­rence to the sto­rage of data, data collec­ted by us will be stored only as long as necessa­ry for the said inten­ded pur­po­ses.  For this, we have estab­lished sui­ta­ble tech­ni­cal and orga­ni­za­tio­nal secu­ri­ty mea­su­res.

9. Further Use and Erasure of Data:

Fur­ther pro­ces­sing or use of your per­so­nal data are gene­ral­ly car­ri­ed out only if per­mit­ted by law, or if you will have agreed to this data pro­ces­sing or use.  In the event of a fur­ther data use for dif­fe­rent pur­po­ses that tho­se ori­gi­nal­ly collec­ted, we will inform you about the devia­ting pur­po­se pri­or to the start of this fur­ther pro­ces­sing.

10. Identification and Prosecution or Misuse:

Misu­se detec­tion and tracking infor­ma­ti­on, espe­ci­al­ly your IP address, is stored for legi­ti­ma­te busi­ness pur­po­ses. The legal basis in this respect is Art. 6 para. 1 lit. f GDPR. Our legi­ti­ma­te cor­po­ra­te inte­rest in data pre­ser­va­ti­on is to ensu­re the pro­per func­tio­n­ing of our web site and its ope­ra­ti­ons as well as being able to ward off cyber‐attacks and the like. If necessa­ry, we will use anony­mous usa­ge infor­ma­ti­on to cus­to­mi­ze our web­site.

11. Rights related to the Processing of Personal Data:

11.1. Right to be infor­med:

At request, you shall have the right to obtain from us free infor­ma­ti­on about your per­so­nal data pro­ces­sed at any time to the extent refer­red to in Arti­cle 15 GDPR.

11.2. Right to rec­tifi­ca­ti­on of inac­cu­ra­te data:

You shall have the right to obtain wit­hout undue delay the rec­tifi­ca­ti­on of inac­cu­ra­te per­so­nal data (Arti­cle 16 GDPR).  If you wish to avail yours­elf of  this right to rec­tifi­ca­ti­on, you may, at any time, con­tact our data pro­tec­tion offi­cer and/or the com­pe­tent Com­mis­sio­ner of Data Pro­tec­tion.

11.3. Right to era­su­re (Right to be for­got­ten):

You shall have the right to obtain from us wit­hout undue delay the era­su­re of your per­so­nal data (Right to be for­got­ten), if legal grounds app­ly acc. to Arti­cle 17 GDPR.  This will app­ly, if per­so­nal data are no lon­ger necessa­ry in rela­ti­on to the pur­po­ses for which they were collec­ted or other­wi­se pro­ces­sed, or if you will with­draw your con­sent to which pro­ces­sing is based, and whe­re the­re is no other legal ground for the pro­ces­sing.  This shall not app­ly to objec­tions to direct publi­ci­ty pur­po­ses.  In order to assert your afo­re­said right, plea­se con­tact the respon­si­ble per­sons and/or the Com­mis­sio­ner of Data Pro­tec­tion named below.

11.4. Right of restric­tion of pro­ces­sing:

You shall have the right to obtain from us the restric­tion of pro­ces­sing as refer­red to in Arti­cle 18 GDPR.  Accord­ing to the­se requi­re­ments, a restric­tion of pro­ces­sing will par­ti­cu­lar­ly be necessa­ry, if the pro­ces­sing is unlaw­ful and the affec­ted per­son oppo­ses the era­su­re of per­so­nal data and requests ins­tead the restric­tion of its use, or the said per­son has objec­ted to pro­ces­sing pur­suant to Arti­cle 21 sub­pa­ra. 1 GDPR pen­ding the veri­fi­ca­ti­on whe­ther our legi­ti­ma­te grounds over­ri­de tho­se of you.

11.5. Right to data por­ta­bi­li­ty:

You shall have the right to data por­ta­bi­li­ty pur­suant to Arti­cle 20 GDPR, to recei­ve your per­so­nal data which was pro­vi­ded to us, in a struc­tu­red, com­mon­ly used and machine‐readable for­mat.  And you shall also have the right to trans­mit this data to a dif­fe­rent respon­si­ble per­son, as long as pro­ces­sing is based upon a con­sent or con­tract, and the pro­ces­sing is car­ri­ed out by auto­ma­ted means.  In order to assert your afo­re­said right, plea­se con­tact the respon­si­ble per­son and/or the Com­mis­sio­ner of Data Pro­tec­tion named below.

11.6. Right to object:

You shall have the right to object on grounds rela­ting to your par­ti­cu­lar situa­ti­on, at any time, to the pro­ces­sing of your per­so­nal data, pur­suant to Arti­cle 6 sub­pa­ra. 1 lit. e or f GDPR and Arti­cle 21 GDPR  In this case, we shall no lon­ger pro­cess your per­so­nal data, unless we can demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de your inte­rests, rights and free­doms, or for the estab­lish­ment, exer­ci­se or defence of legal claims.  In order to assert your afo­re­said right, plea­se con­tact the respon­si­ble per­son and/or the Com­mis­sio­ner of Data Pro­tec­tion named below.

11.7. Right to lodge a com­p­laint with a regu­lato­ry aut­ho­ri­ty:

If you are of the opi­ni­on that our pro­ces­sing of your per­so­nal data has been inad­mis­si­ble, you shall have the right to lodge a com­p­laint with the com­pe­tent regu­lato­ry aut­ho­ri­ty which you may con­tact as fol­lows:

Die Lan­des­be­auf­trag­te für den Daten­schutz Nie­der­sach­sen
(The Land Com­mis­sio­ner for the Data Pro­tec­tion in Lower Sax­o­ny)

Prin­zen­stra­ße 5, 30159 Han­no­ver

Tele­fon: +49 (0511) 120 45 00, Tele­fax: +49 (0511) 120 45 99

E‐Mail: poststelle@lfd.niedersachsen.de

12. Responsible for the Data Protection:

Mr Burk­hard Vol­bert, Mr Fer­di­nand Vol­bert, Mr Klaus Huber

Thom Metall‐ und Maschi­nen­bau GmbH

Justus‐von‐Liebig‐Straße 2, D‐27283 Ver­den

Tele­fon +49 4231  9646 0, Fax +49 4231 9646 26

E‐Mail:  info@thom.gmbh

13. The Commissioner of Data Protection:

Should you have any fur­ther que­ries con­cer­ning the pro­ces­sing of your per­so­nal data, you may direc­t­ly con­tact our Com­mis­sio­ner of Data Pro­tec­tion.  He will give advice to you, even in cases of requests for infor­ma­ti­on, app­li­ca­ti­ons or com­p­laints:

Mr Yil­maz Özde­mir

Daten­schutz­be­auf­trag­ter (Data Pro­tec­tion Com­mis­sio­ner)

Mis­ter­Da­ta® Daten­schutz & Con­sul­ting UG (haf­tungs­be­schränkt)
Schwal­ben­weg 61/1
69123  Hei­del­berg

Tel.: +49 (0) 6221–7271238

Email: ra_yilmaz.oezdemir@t-online.de

As of: August 2023

Infor­ma­ti­on 13 GDPR.pdf