Data Privacy Policy

Data Pro­tec­tion Decla­ra­ti­on:

Thom Metall‐ und Maschi­nen­bau GmbH is plea­sed at your visit to our web­site https://www.thom.gmbh/ and your inte­rest in our Com­pa­ny.  Data pro­tec­tion and the secu­ri­ty of per­so­nal data ent­rusted to us are of par­ti­cu­lar­ly high prio­ri­ty, if you want to use spe­cial ser­vices offe­red by our Com­pa­ny via our web­site.  At any rate, we con­si­der your infor­mal right of self‐determination in com­pli­an­ce with Arti­cle 2 I GG (Ger­man Con­sti­tu­tio­nal Law), in con­nec­tion with Arti­cle 1 I GG, as an essen­ti­al right.

So it is of par­ti­cu­lar impor­t­an­ce to us, too that you know which of your per­so­nal data will be collec­ted and pro­ces­sed when using our offers and ser­vices.

  • 1 Pur­po­ses of Data Pro­ces­sing:

As far as we pro­cess per­so­nal data, this is car­ri­ed out in accordance with the pur­po­ses sti­pu­la­ted in this Data Pro­tec­tion Decla­ra­ti­on and based upon rele­vant admis­si­ble data pro­tec­tion pur­po­ses refer­red to in the GDPR (Ger­man Basic Orders on Data Pro­tec­tion).

  • 2 Pro­ces­sing of Per­so­nal Data:
  1. Cal­ling our web­site:

We collect and record your Inter­net Pro­to­col (IP) address in order to trans­mit the con­tents of our web­site to your com­pu­ter, e.g. text, pic­tures and files rea­dy for down­load, etc.  Here, pro­ces­sing is car­ri­ed out for the per­for­mance of a con­tract or the exe­cu­ti­on of preli­mi­na­ry con­trac­tu­al mea­su­res, in accordance with Arti­cle 6 sub­pa­ra. 1 lit. b GDPR.  Fur­ther­mo­re, we pro­cess this data in order to iden­ti­fy and trace any misu­se of data, refer­red to in Art. 6 sub­pa­ra. 1 lit. f GDPR.

In addi­ti­on, we record the fol­lo­wing data, and, in princip­le, we store it until the auto­ma­ted dele­ti­on:

  • Date and time of access,
  • Name and URL of selec­ted file,
  • Web­site, from which our web­site is reached (Referrer‐URL),
  • Brow­ser types and ver­si­ons used and, if requi­red, the ope­ra­ting sys­tem of your com­pu­ter and the name of your Access Pro­vi­der.

So far, the legal basis is Arti­cle 6 sub­pa­ra. 1 lit. f GDPR.  Our legi­ti­ma­te inte­rest of the pro­ces­sing of data is, in par­ti­cu­lar, to ensu­re the pro­per func­tio­n­a­li­ty of our web­site and to car­ry out our busi­ness refer­red to in it.

  1. E‐Mail/telephone/ FAX/contact form:

If you want to send us inqui­ries by e‐mail/telephone/FAX/contact form, your data will be auto­ma­ti­cal­ly stored and cor­re­spon­din­gly pro­ces­sed for pos­si­ble fur­ther inqui­ries (Arti­cle 6 sub­pa­ra. 1 lit. a GDPR).  This data will not be trans­fer­red to third par­ties wit­hout your pri­or con­sent unless expli­citly requi­red by sta­tuto­ry pro­vi­si­ons (Arti­cle 6 sub­pa­ra. 1 lit. c GDPR).

  1. Other pur­po­ses:

Per­so­nal data will be con­ti­nuous­ly pro­ces­sed by us, if free­ly given by you, for examp­le, for the ful­filment of our ser­vices carried‐out for you.  The legal basis of this pro­ce­du­re is our legi­ti­ma­te inte­rest as refer­red to in Arti­cle 6 sub­pa­ra. 1 lit. b GDPR  The­re­fo­re, data pro­ces­sed by us will inclu­de any per­so­nal data requi­red wit­hin the frame­work of this Data Pro­tec­tion Decla­ra­ti­on and in con­nec­tion with the pur­po­ses refer­red to in the GDPR.

If we – as sta­ted above – pro­cess your data for the pur­po­se of the recei­ving of your par­ti­cu­lar inqui­ry, you shall be obli­ga­ted to make this data avail­ab­le to us, for wit­hout this data we will not be able to car­ry out an appro­pria­te pro­ces­sing requested by you.

If you have given your con­sent to the pro­ces­sing of per­so­nal data in accordance with Arti­cle 6 sub­pa­ra. 1 lit. a GDPR, you shall have the right to object, at any time, to the pro­ces­sing of your per­so­nal data.  This will not affect the lega­li­ty of pro­ces­sing until the objec­tion car­ri­ed out due to your given con­sent.

  • 3 Trans­mis­si­on to Third Parties/Processor:

As a rule, your data will be pro­ces­sed only intern­al­ly.

The trans­fer of data to exter­nal pro­ces­sors shall only be car­ri­ed out in com­pli­an­ce with Arti­cle 28 sub­pa­ra. 1 GDPR.  Should it beco­me necessa­ry to trans­fer your per­so­nal data to a com­mis­sio­ned  Pro­ces­sor we will inform you cor­re­spon­din­gly pri­or to the said trans­fer.  It is unders­tood, that you will be ent­it­led to revo­ke your con­sent at any time, if you do not want that your per­so­nal data is trans­fer­red to the Pro­ces­sor.  The lega­li­ty of pro­ces­sing car­ri­ed out until your revo­ca­ti­on, due to your given con­sent, shall not be affec­ted by this pro­ce­du­re.

Fur­ther­mo­re, your per­so­nal data will be trans­mit­ted wit­hout your express con­sent, to law enforce­ment aut­ho­ri­ties or, if requi­red, to inju­rious­ly affec­ted Third Par­ties, if necessa­ry for the cla­ri­fi­ca­ti­on of an ille­gal use of our ser­vices or for other pro­se­cu­ti­on pur­po­ses.  Howe­ver, this will only be done, if defi­ni­te points are avail­ab­le indi­ca­ting an ille­gal or abu­si­ve beha­viour.  A trans­fer shall also be allo­wed, if use­ful for the enforce­ment of con­di­ti­ons of use or other agree­ments.

In addi­ti­on we are legal­ly bound to sup­ply infor­ma­ti­on to pari­cu­lar public aut­ho­ri­ties upon request.  This will inclu­de law enforce­ment aut­ho­ri­ties, offi­ci­al aut­ho­ri­ties pro­se­cu­ting regu­lato­ry offen­ces pena­li­zed with a fine and reve­nue aut­ho­ri­ties, in accordance with Arti­cle 6 sub­pa­ra. 1 lit. c GDPR.

The trans­fer of this data is based upon our legi­ti­ma­te inte­rest in the fight against data misu­se, the pro­se­cu­ti­on of cri­mi­nal offen­ces and enforce­ment of claims, unless and until your rights and inte­rests in your per­so­nal data over­ri­de the­se grounds acc to Arti­cle 6 sub­pa­ra. 1 lit. f GDPR.

  • 4 Trans­mis­si­on of Data in App­li­ca­ti­on Docu­ments:

In the cour­se of your writ­ten app­li­ca­ti­on, inclu­ding online app­li­ca­ti­on, we will collect and pro­cess your app­li­ca­ti­on data in an admis­si­ble man­ner as refer­red to in the rele­vant DS‐GVO.  This par­ti­cu­lar­ly will inclu­de your:

Con­tact data (name, fore­na­me, date/place of birth, address, tele­pho­ne num­ber, e‐mail etc.), app­li­ca­ti­on docu­ments (let­ter of app­li­ca­ti­on, cur­ri­cu­lum vitae, creden­ti­als, fur­ther trai­ning cer­ti­fi­ca­tes, qua­li­fi­ca­ti­ons etc.).

The collec­tion and pro­ces­sing of your per­so­nal app­li­ca­ti­on data will be car­ri­ed out exclu­si­ve­ly with regard to a spe­ci­fic pur­po­se, i.e. to fill a post in our com­pa­ny.  In gene­ral, your data will be trans­fer­red only to inter­nal depart­ments of our com­pa­ny respon­si­ble for the respec­tive app­li­ca­ti­on pro­cess.  This is necessa­ry for the rea­li­za­ti­on of your pos­si­ble employ­ment rela­ti­ons­hip in our com­pa­ny.  A trans­fer of your per­so­nal app­li­ca­ti­on data to other companies/facilities will be effec­ted only with your pri­or express con­sent.  Fur­ther use or trans­fer of your app­li­ca­ti­on data to third par­ties will not take place.  Your per­so­nal app­li­ca­ti­on data will be auto­ma­ti­cal­ly dele­ted six mon­ths after the com­ple­ti­on of the app­li­ca­ti­on pro­cess.  This shall not app­ly, if legal pro­vi­si­ons pro­hi­bit to do so, of if a fur­ther sto­rage would beco­me necessa­ry for the pur­po­se of the pro­duc­tion of evi­dence, or if you will have given your express con­sent for a lon­ger sto­rage peri­od, e.g. for pos­si­ble future adver­ti­se­ments of vacan­cy. If we con­clu­de a con­tract of employ­ment with an app­li­cant, the trans­mit­ted data will be stored for the pur­po­se of hand­ling the employ­ment rela­ti­ons­hip in com­pli­an­ce with the legal requi­re­ments.

  • 5 Sale, Mar­ke­ting and/or Publi­ci­ty Pur­po­ses:

We do not sell or trans­mit your per­so­nal data for the pur­po­se of mar­ke­ting and/or publi­ci­ty.

  • 6 Trans­mis­si­on of data to Third Coun­tries:

The­re is no trans­mis­si­on to third coun­tries.  By the way, § 3 of this Data Pro­tec­tion Decla­ra­ti­on shall app­ly in this case.

  • 7 Secu­ri­ty / Tech­ni­cal and Orga­ni­za­tio­nal Mea­su­res:

We use tech­ni­cal and orga­ni­za­tio­nal secu­ri­ty mea­su­res, in order to pro­tect your per­so­nal data against acci­den­tal or inten­tio­nal mani­pu­la­ti­ons, loss, dama­ge, dest­ruc­tion, or the access of unaut­ho­ri­zed per­sons.  This will also app­ly, if exter­nal ser­vices are inclu­ded.  The effec­tiveness of our secu­ri­ty mea­su­res are regu­lar­ly che­cked and, in com­pli­an­ce with the latest tech­no­lo­gi­cal deve­lop­ments, con­ti­nuous­ly impro­ved.  Fur­ther­mo­re, we will keep your per­so­nal data in a con­trol­led and moni­to­red secu­re ser­ver envi­ron­ment, whe­re unaut­ho­ri­zed access and publi­ca­ti­on are pre­ven­ted.

  1. Secure‐Socket‐Layer‐ (SSL) or Transport‐Layer‐Security (TLS) -Codi­fi­ca­ti­on:

Our web­site is secu­red by the SSL‐ or TLS‐process, i.e. our web­site uses a coded con­nec­tion for secu­ri­ty rea­sons and to pro­tect con­fi­den­ti­al con­tents.  You can see that the address lines of the brow­ser of http://” chan­ges to https://” and by the lock sym­bol in your brow­ser line.  As soon as the SSL‐ or TLS‐codification is activa­ted, it will be impos­si­ble that your data trans­mit­ted to us can be read by any third par­ty or unaut­ho­ri­zed per­sons.

  1. Coo­kies:

To design our Inter­net pages as user fri­end­ly as pos­si­ble and to pro­vi­de it tailor‐made to your needs, we use so‐called Coo­kies in par­ti­cu­lar are­as. Coo­kies are small text files that are stored in your com­pu­ter as soon as you are visi­t­ing a web­site.  If you visit a web­site again using the same ter­mi­nal unit, the Coo­kie will show, for examp­le, that this is a repeated visit.  Fur­ther­mo­re, Coo­kies will enab­le us to car­ry on an anony­mous ana­ly­sis of the use of our web­site.  A Coo­kie does not con­tain any per­so­nal data, and it is impos­si­ble that you can be iden­ti­fied by third par­ty web­sites, or the web­site of the ana­ly­tic pro­vi­der.

  1. Goog­le Maps:

In this web­site we use the offer of Google‐Maps (Con­tact infor­ma­ti­on: Goog­le Inc.,1600 Amphi­thea­t­re Park­way, Moun­tain View, CA 94043, USA, E‐Mail: support-de@google.com; Ger­man Goog­le Mar­ke­ting Office: Goog­le Ger­ma­ny GmbH, ABC‐Strasse 19, 20354 Ham­burg, Tel.: +49 40808179000, Fax: +49 4049219194).  This way, we will be able to dis­play inter­ac­tive maps direc­t­ly in the web­site enab­ling you to use the Goog­le Maps func­tion easi­ly.

Through your visit to the web­site, Goog­le will recei­ve the infor­ma­ti­on that you are cal­led the cor­re­spon­ding sub‐website.  In addi­ti­on, data sta­ted in this Data Pro­tec­tion Decla­ra­ti­on will be trans­mit­ted.  This will be effec­ted, regard­less of whe­ther Goog­le pro­vi­des a user account via which you are log­ged in, or whe­ther the­re is no user account avail­ab­le for you.  If you are log­ged in with Goog­le, your data will be assi­gned direc­t­ly to your account.  If you do not want to be assi­gned with your pro­fi­le with Goog­le, you must logout befo­re activat­ing the but­ton.  Goog­le will store your data as pro­files of use, for examp­le, for publi­ci­ty pur­po­ses, mar­ket rese­arch and/or need‐oriented design of their web­site.  Such an eva­lua­ti­on is par­ti­cu­lar­ly carried‐out (even for users not log­ged in) to crea­te need‐oriented publi­ci­ty, and to inform other users of the soci­al net­work on your activi­ties in our web­site.  It is unders­tood, that you will have the right to object to the crea­ti­on of the­se user pro­files.  In order to exer­ci­se this right, you should con­tact Goog­le.  Fur­ther infor­ma­ti­on for the pur­po­se and to the extent of the data collec­ted and its pro­ces­sing by the plug‐in‐provider are spe­ci­fied in the Data Pro­tec­tion Decla­ra­ti­on of the pro­vi­der.  Here you can also get fur­ther infor­ma­ti­on about your rights rela­ting to this and to the pro­tec­tion of your pri­va­cy: https://policies.google.com/privacy.

Goog­le will pro­cess your per­so­nal data also in the USA and have sub­mit­ted them­sel­ves to the EU‐US Pri­va­cy Shield: https://www.privacyshield.gov/EU-US-Framework.”

  • 8 Sta­tuto­ry Peri­ods for the Era­su­re of Data:

The Legis­la­tor has issued diver­se time‐limits / reten­ti­on peri­ods and obli­ga­ti­ons rela­ted to the sto­rage of data.  If a sto­rage peri­od legal­ly pre­scri­bed expi­res, the per­so­nal data are rou­ti­ne­ly and auto­ma­ti­cal­ly blo­cked or era­sed.  Data which is not affec­ted by this, will be era­sed or anony­mously stored, if its use has beco­me no lon­ger necessa­ry for the spe­ci­fied pur­po­ses refer­red to in this Data Pro­tec­tion Decla­ra­ti­on.  If the­re are no dif­fe­rent or devia­ting pro­vi­si­ons in this Data Pro­tec­tion Decla­ra­ti­on with refe­rence to the sto­rage of data, data collec­ted by us will be stored only as long as necessa­ry for the said inten­ded pur­po­ses.  For this, we have estab­lished sui­ta­ble tech­ni­cal and orga­ni­za­tio­nal secu­ri­ty mea­su­res.

  • 9 Fur­ther Use and Era­su­re of Data:

Fur­ther pro­ces­sing or use of your per­so­nal data are gene­ral­ly car­ri­ed out only if per­mit­ted by law, or if you will have agreed to this data pro­ces­sing or use.  In the event of a fur­ther data use for dif­fe­rent pur­po­ses that tho­se ori­gi­nal­ly collec­ted, we will inform you about the devia­ting pur­po­se pri­or to the start of this fur­ther pro­ces­sing.

  • 10 Iden­ti­fi­ca­ti­on and Pro­se­cu­ti­on or Misu­se:

Infor­ma­ti­on on the iden­ti­fi­ca­ti­on of misu­se and pro­se­cu­ti­on, par­ti­cu­lar­ly your IP address, are stored for maxi­mum 7 days.  Legal basis is, in this case, Arti­cle 6 sub­pa­ra. 1 lit. f GDPR.  Our legi­ti­ma­te inte­rest in this tem­pora­ry data sto­rage of 7 days is to ensu­re that our web­site can pro­per­ly ope­ra­te, pro­ces­ses car­ri­ed out via the web­site run in a problem‐free man­ner, and cyber attacks and the like be effec­tively fen­ded.  Anony­mous data is used by us only if necessa­ry for the need‐oriented, tailor‐made design of our web­site.

  • 11 Rights rela­ted to the Pro­ces­sing of Per­so­nal Data:
  1. Right to be infor­med:

At request, you shall have the right to obtain from us free infor­ma­ti­on about your per­so­nal data pro­ces­sed at any time to the extent refer­red to in Arti­cle 15 GDPR.

  1. Right to rec­tifi­ca­ti­on of inac­cu­ra­te data:

You shall have the right to obtain wit­hout undue delay the rec­tifi­ca­ti­on of inac­cu­ra­te per­so­nal data (Arti­cle 16 GDPR).  If you wish to avail yours­elf of  this right to rec­tifi­ca­ti­on, you may, at any time, con­tact our data pro­tec­tion offi­cer and/or the com­pe­tent Com­mis­sio­ner of Data Pro­tec­tion.

  1. Right to era­su­re (Right to be for­got­ten):

You shall have the right to obtain from us wit­hout undue delay the era­su­re of your per­so­nal data (Right to be for­got­ten), if legal grounds app­ly acc. to Arti­cle 17 GDPR.  This will app­ly, if per­so­nal data are no lon­ger necessa­ry in rela­ti­on to the pur­po­ses for which they were collec­ted or other­wi­se pro­ces­sed, or if you will with­draw your con­sent to which pro­ces­sing is based, and whe­re the­re is no other legal ground for the pro­ces­sing.  This shall not app­ly to objec­tions to direct publi­ci­ty pur­po­ses.  In order to assert your afo­re­said right, plea­se con­tact the respon­si­ble per­sons and/or the Com­mis­sio­ner of Data Pro­tec­tion named below.

  1. Right of restric­tion of pro­ces­sing:

You shall have the right to obtain from us the restric­tion of pro­ces­sing as refer­red to in Arti­cle 18 GDPR.  Accord­ing to the­se requi­re­ments, a restric­tion of pro­ces­sing will par­ti­cu­lar­ly be necessa­ry, if the pro­ces­sing is unlaw­ful and the affec­ted per­son oppo­ses the era­su­re of per­so­nal data and requests ins­tead the restric­tion of its use, or the said per­son has objec­ted to pro­ces­sing pur­suant to Arti­cle 21 sub­pa­ra. 1 GDPR pen­ding the veri­fi­ca­ti­on whe­ther our legi­ti­ma­te grounds over­ri­de tho­se of you.

  1. Right to data por­ta­bi­li­ty:

You shall have the right to data por­ta­bi­li­ty pur­suant to Arti­cle 20 GDPR, to recei­ve your per­so­nal data which was pro­vi­ded to us, in a struc­tu­red, com­mon­ly used and machine‐readable for­mat.  And you shall also have the right to trans­mit this data to a dif­fe­rent respon­si­ble per­son, as long as pro­ces­sing is based upon a con­sent or con­tract, and the pro­ces­sing is car­ri­ed out by auto­ma­ted means.  In order to assert your afo­re­said right, plea­se con­tact the respon­si­ble per­son and/or the Com­mis­sio­ner of Data Pro­tec­tion named below.

  1. Right to object:

You shall have the right to object on grounds rela­ting to your par­ti­cu­lar situa­ti­on, at any time, to the pro­ces­sing of your per­so­nal data, pur­suant to Arti­cle 6 sub­pa­ra. 1 lit. e or f GDPR and Arti­cle 21 GDPR  In this case, we shall no lon­ger pro­cess your per­so­nal data, unless we can demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de your inte­rests, rights and free­doms, or for the estab­lish­ment, exer­ci­se or defence of legal claims.  In order to assert your afo­re­said right, plea­se con­tact the respon­si­ble per­son and/or the Com­mis­sio­ner of Data Pro­tec­tion named below.

  1. Right to lodge a com­p­laint with a regu­lato­ry aut­ho­ri­ty:

If you are of the opi­ni­on that our pro­ces­sing of your per­so­nal data has been inad­mis­si­ble, you shall have the right to lodge a com­p­laint with the com­pe­tent regu­lato­ry aut­ho­ri­ty which you may con­tact as fol­lows:

Die Lan­des­be­auf­trag­te für den Daten­schutz Nie­der­sach­sen
(The Land Com­mis­sio­ner for the Data Pro­tec­tion in Lower Sax­o­ny)

Prin­zen­stra­ße 5, 30159 Han­no­ver

Tele­fon: +49 (0511) 120 45 00, Tele­fax: +49 (0511) 120 45 99

E‐Mail: poststelle@lfd.niedersachsen.de

  • 12 Respon­si­ble for the Data Pro­tec­tion:

Mr Tors­ten Thom, Mr Klaus Huber

Thom Metall‐ und Maschi­nen­bau GmbH

Justus‐von‐Liebig‐Straße 2, D‐27283 Ver­den

Tele­fon +49 4231  9646 0, Fax +49 4231 9646 26

E‐Mail:  info@thom.gmbh

  • 13 The Com­mis­sio­ner of Data Pro­tec­tion:

Should you have any fur­ther que­ries con­cer­ning the pro­ces­sing of your per­so­nal data, you may direc­t­ly con­tact our Com­mis­sio­ner of Data Pro­tec­tion.  He will give advice to you, even in cases of requests for infor­ma­ti­on, app­li­ca­ti­ons or com­p­laints:

Mr Hans‐Jürgen Rehaag

Daten­schutz­be­auf­trag­ter (Data Pro­tec­tion Com­mis­sio­ner)

ASUMED ARBEITSSCHUTZ GMBH & Co. KG

Von‐Hausen‐Strasse 35, 64653 Lorsch
Tel.: +49 (0) 6251 17529 0, Fax: +49 (0) 6251 17529 29

Email: h.rehaag@asumed.de

As of: Novem­ber 2018