The topic of data protection is very important to us. Therefore, we will inform you below about how we process your personal information and what rights you have in this regard.
1. Name and contact data of the data controller for processing as well as the company protection officer.
This privacy information applies for data processing services carried out by:
FLOCERT GmbH (hereinafter: FLOCERT)
Bonner Talweg 177
T: +49/ (0)228-2493-0
F: + 49/ (0)228-2493-120
The data protection officer is available at the following address:
dhpg IT-Services GmbH
2. Rights of data subjects
You have the right:
- pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. Insofar as we process your data you may request information especially about the processing purpose, the categories of personal data, the recipients of your disclosed personal data, especially recipients in third countries, the planned storage period or the criteria of determination, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if it was not collected by us as well as the existence of an automated decision-making including profiling and, if applicable, meaningful detailed information.
- pursuant to Art. 16 GDPR, to obtain the immediate rectification of incorrect or incomplete of your personal data stored with us;
- pursuant to Art. 17 GDPR, to obtain the erasure of the personal data stored with us, unless the processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to obtain the restriction of processing of your personal data, if the correctness of data is disputable, the processing is unlawful, but you refuse its erasure and we do not need the data any more. On the other hand, you might need it to assert, exercise or defend legal claims or you have lodged an objection against the processing pursuant to art. 21 GDPR and it is not yet clear whether our legitimate reasons prevail your interests.
- pursuant to Art. 20 GDPR, to obtain your personal data which you provided us, in a structured, common and machine-readable format or to demand the transfer to any other responsible person, insofar as the processing is based on your consent or a contract and the processing is made by means of automated procedures;
- pursuant to Art. 7 seq. 3 GDPR, to revoke your uniquely given consent at any time. This entails that a continued processing of your personal data is prohibited and
- pursuant to Art. 77 GDPR, to lodge a complaint with the supervisory authority. As a rule, you can address to the supervisory authority at your usual place of residence or workplace or at our company headquarter.
3. Right of objection
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 seq. 1 sent. 1 lit. e or f GDPR, you have the right, pursuant to Art. 21 GDPR, to appeal against processing your personal data insofar as there are reasons resulting from your particular situation or which are directed against direct advertising.
In the first case, we will no longer process your data unless we can prove compelling reasons that prevail your interests, liberties and rights or our processing serves to assert, exercise or defend legal claims.
In the latter case you have a general right of objection which is realized by us without indicating a particular situation. If you want to make use of your right of revocation or objection, an email to email@example.com will be sufficient.
4. Data Transfer
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
- you have expressly given your consent pursuant to Art. 6 seq. 1 sent. 1 lit. a GDPR
- the transfer pursuant to Art. 6 seq. 1 sent. 1 lit. f GDPR is required for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a prevailing legitimate interest in not transferring your data,
- in the event that there is a legal obligation to transfer data pursuant to Art. 6 seq. 1 sent. 1 lit. c GDPR, and
- this is required by law and pursuant to Art. 6 seq. 1 sent. 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, your personal data are processed by our order processors in compliance with instructions, insofar as this is necessary for the fulfilment of the order. Our contract processors do not have an own right to use your data.
5. Data Security
We use the common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the representation of the closed bowl or lock symbol or by the use of “https” in front of the address of our (sub)website. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological development.
6. Third countries
Data will be transmitted by us to third countries exclusively in accordance with the statutory regulations.
Insofar as we fulfil our contract with you, data are made available to third parties. Appropriate safeguards pursuant to Art. 46 GDPR or an adequacy decision pursuant to Art. 45 GDPR are not necessary.
If you have not consented to the data transfer, if the data transfer does not serve the fulfilment of the contract or if the transfer is necessary for the assertion, exercise or defence of legal claims, the data are only transferred by us if there are suitable safeguards or an adequacy decision.
A suitable safeguard exists, for example, if the EU standard contractual clauses issued by the EU Commission have been concluded or if certification by means of a “Privacy Shield” has been obtained.
The legal basis is Art. 45 and 46 GDPR.
SPECIFIC PRIVACY INFORMATION FOR DATA PROCESSING OPERATIONS ON THE WEBSITE
1. When visiting the website
When visiting our website https://www.flocert.net/, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file
- website allowing the access (referrer-URL),
- used browser and the operating system of the computer as well as the name of your access provider.
The mentioned data are processed by us for the following purposes:
- to ensure a smooth connection to our website,
- to ensure a comfortable use of our website,
- assessment of the system security and stability as well as
- for further administrative purposes.
The legal basis for data processing is laid down in Art. 6 seq. 1 sent. 1 lit. f GDPR. Our legitimate interest lies in the operation of our website and the related presentation of our company.
Your data will be deleted as soon as they are no longer required for the stated purposes, after 6 months at the latest.
2. When using one of our contact forms
You can pose questions of any kind through our contact forms which are available on our website. The indication of your valid email address is required enabling us to trace the sender of the enquiry and to respond to it. Depending on the contact form, further information may be required to answer your request or to make you an offer.
Data processing for the purpose of entering into contact with us is made pursuant to Art. 6 seq. 1 sent. 1 lit. a GDPR and is based on your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically erased after you have completed your request.
If your request is directed to the conclusion of a contract, Art. 6 seq. 1 sent. 1 lit. b) GDPR serves as the legal basis. In this case, we store your data for the duration of the statutory retention periods.
3. When using our applicant portal
We process your personal data only in order to assess your suitability for the position (or, if applicable, other vacancies at FLOCERT) and to carry out the application process. Only those persons in the company involved in the application process have access to your data. All of our employees are bound to maintain confidentiality.
The legal basis for the processing of your personal data in this application process is § 26 BDSG, Art. 6 seq. 1 sent. 1 lit. b) GDPR. Thereafter, the processing of the data needed in connection with the intention to establish an employment relationship is permitted. If you provide information that goes beyond this required information, you voluntarily provide it to us and consent to its processing. The legal basis for the processing is Art. 6 seq. 1 sent. 1 lit. a GDPR. Withdrawal of consent is possible at any time. You can send your withdrawal at any time to firstname.lastname@example.org by email.
Data of applicants will be deleted in case of cancellation after 6 months. In the event that you have consented to further storage of your personal data, we will take over your data in our applicant pool until revoked on your part. If you would like to subsequently withdraw your consent, send an email to email@example.com indicating withdrawal of your consent.
If you will be offered the job position and the respective employee contract as part of the application process, the data will be transferred to our HR system “rexx-hr”, which is provided by the company rexx-systems GmbH. The company acts as software service provider for our purposes, and a respective service provider contract that ensures secure processing of data has been concluded.
4. When registering for our newsletter or our "job offers"-emails
If you have expressly consented in accordance with Art. 6 seq. 1 sent. 1 lit. a GDPR, we will use your email address to send you our newsletter or the "job offers"-email regularly.
To receive the newsletter or the "job offers"-email, it is sufficient to provide an email address. Cancellation is possible at any time, for example via a link at the end of each newsletter or "job offers"-email. Alternatively, you can also send your cancellation to firstname.lastname@example.org by email at any time.
We store your data until revocation of your data.
Analysis of the newsletter
By opening the first automatically generated confirmation e‐mail to receive the newsletter, and by opening each newsletter e‐mail, further data will be collected and transferred to us to manage the newsletter dispatch. This includes, for ex.,
– the subscriber who has opened the newsletter or clicked on links (incl. number of clicks),
– the registration time and, if applicable, whether subscribers have unsubscribed from the newsletter,
– any occurring returns (e.g. if e‐mail accounts are overfilled or do not exist).
We evaluate such data only for statistical purposes in order to further optimise our offerings. By subscribing to the newsletter, you consent to the use of such data. Your data will not be used for any other purposes.
We will use the personal data collected from you as part of the e‐mail newsletter only internally to optimise and send the newsletter expressly requested by you. We will neither sell nor forward your personal data to third parties for advertising, market or opinion research processes.
Tracking will only take place with your consent in accordance with Art. 6 seq. 1 sent. 1 lit. a GDPR, which you give us by registering for the newsletter. You can revoke this consent at any time, for example by unsubscribing from the newsletter via a link at the end of each newsletter. Alternatively, you can also send your cancellation to email@example.com by email at any time.
When cancelling our newsletter your data will be erased.
5. Cookies, analysis tools, plugins and other elements of third parties
The analysis tools used by us evaluate the user behaviour of the website visitors and enable us to optimize the website and adapt marketing measures.
We use plugins and other elements from third parties to integrate the content of these providers into our website.
a) Required first-party cookies
The use of our necessary first-party cookies serves on the one hand to make the use of our range more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically erased after leaving our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain period of time. If you visit our site again in order to use our services, it automatically recognizes that you have already visited us and which entries and settings you have made so that you do not have to enter them again.
These data will be erased after 6 months at the latest.
We process your data on the basis of our legitimate interest in the external presentation of our company via the website you have called up and to promote user friendliness. The legal basis for the processing is Art. 6 seq. 1 sent. 1 lit. f GDPR.
Most browsers automatically accept these cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before such a cookie is generated. However, if cookies are completely deactivated, the website may not be displayed correctly, or you may not be able to use all the functions of our website.
b) Third-Party-Cookies, analysis tools, plugins and other third-party elements
The following indicated and used third-party cookies, analysis tools, plugins and elements of third parties are used only after receipt of your expressly given consent based on Art. 6 para. 1 sentence 1 lit. a) GDPR. You can withdraw your given consents at any time and for the future by changing your settings here:
The withdraw of your consent or not giving your consent may lead to an incorrect display of the website or the website does not allow to use all functions.
With the Third-Party-Cookies analysis tools, plugins and other elements of third parties we want to ensure a need-based design, marketing measures and the continuous optimization of our website. In addition, we use the tracking measures in order to statistically record the use of our website and evaluate it for the purpose of optimizing our services for you.
The respective functional descriptions, possible recipients of the data, information on possible transfers to a third country, and the storage duration can be found in the following notes on the individual processing steps with third-party cookies, analysis tools, plug-ins, and other third-party elements.
(1) Google Maps
This site uses the maps service Google Maps through API. Providers of the maps service is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
The implementation of this plug-in is made through the so-called two-click method in order to protect visitors of our website in the best possible way. This means that your personal data (in particular, your IP address) will not be transmitted to Google when you visit the website. First, you have to activate the integrated map by clicking on it. With this click, you give your consent for loading the map with our company location and transferring the data to Google.
Your information is generally not anonymized before it is transferred to a Google server in the U.S.A. and stored there.
Google LLC is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
In order to promote our company, we use social plugins of YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA) a subsidiary of Google LLC on our website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
The plugins are marked with a YouTube logo in the form of a “YouTube camera” or a “Play” button, for example.
The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way. This means that your personal data (in particular your IP address) will not be transmitted to YouTube when you call up the website. Rather, you have to activate the integrated “buttons” and videos by clicking on them. With this click you give your consent for a connection to the YouTube servers.
Through this integration, YouTube receives the information that your browser has called up the corresponding page of our website, even if you do not have a YouTube profile or are not currently logged in to YouTube.
This information (including your IP address) is transmitted directly from your browser to a YouTube server in the USA and stored there. If you are logged in to YouTube, YouTube can assign your visit to our website directly to your YouTube account. If you interact with the plugins, for example by pressing the “YouTube” button, this information is also transmitted directly to a YouTube server and stored there. The information is also published on your YouTube account and displayed to your contacts there.
If you do not want YouTube to associate the data collected via our website directly with your YouTube account, you must log out of YouTube before activating the plugins.
Google LLC as parent company of YouTube LLC is certified according to the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
(3) Google Doubleclick
For the purpose of optimizing our online marketing, we use Google Doubleclick, a service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website are transmitted to a Google server in the USA and stored there. This information is used to display advertising on the Google advertising network that is relevant to your interests. Under no circumstances will your IP address be merged with other Google data. The IP addresses are made anonymous, so that an assignment is not possible (IP masking).
You can find further information on data protection for data processing by Google in the Google data protection declaration (https://policies.google.com/privacy).
Google LLC is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
(4) Twitter Plugins
On our website you will find plugins for the short message network of Twitter, Inc. (1355 Market Street, San Francisco, CA 94103) that are integrated. You can recognize the Twitter plugins by the Twitter logo, for example a bird on our site.
The integration of this plug-in by us is done in a way to protect visitors of our website in the best possible way. This means that your personal data (especially your IP address) is not already transmitted to Twitter when you open the website. Rather, you must interact with the plugins by clicking them. With this click, you give your consent for a connection to be established with the Twitter servers.
Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter plugin while you are logged in to your Twitter account, Twitter can link the contents of our pages on your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.
If you do not want Twitter to be able to link your visit to our pages, please log out before activating the button.
Twitter, Inc. is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO
(5) WhatsUp Messages
To process your message submitted via the messenger “WhatsApp”, we will process your name and surname, telephone number, messenger ID, profile picture (if applicable) and our message history. The legal basis for processing personal data with your prior consent is Art. 6 (1) lit. (a) GDPR. To provide this service we use the service of MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany. Pursuant to Art. 28 (3 ) GDRP, we have completed a contract with the company. We remain responsible for data processing. We only store your personal data for as long as it is necessary to process the complaint, but for no longer than 12 months.
Your consent to the processing of your personal data can be withdrawn at any time with effect for the future by sending an e-mail to firstname.lastname@example.org. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
6. Currency and amendment of the data protection declaration
This data protection declaration is currently valid as of January 2020. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can call up and print out the current data protection declaration at any time on the website at https://www.flocert.net/privacy-policy/.
NEED AN EXPLANATION? CHECK OUR GLOSSARY!Glossary
QUESTIONS? CHECK OUR FAQ SECTION!FAQ