Data protection
Privacy policy
Data protection
Privacy policy Terhalle Holding GmbH
Basic information
We, Terhalle Holding GmbH (hereinafter referred to as Terhalle), take the protection of your personal data very seriously and adhere strictly to the rules of the currently applicable data protection laws. This includes above all the General Data Protection Regulation (hereinafter referred to as GDPR) and the Federal Data Protection Act (BDSG).
Personal data is only collected on our websites and when using our services to the extent necessary and processed for a specific purpose. Personal data is data by which you can be personally identified or other data linked to you.
Responsible body within the meaning of the GDPR:
Terhalle Holding GmbH
Solmsstraße 46
48683 Ahaus-Ottenstein
Phone: (+49) 02561 9823-0
Fax: (+49) 02561 9823-87
Processing within Terhalle Holding GmbH
Below we inform you in accordance with Art. 13, 14 of the EU General Data Protection Regulation (EU GDPR) about the processing of your personal data by us and about your rights under data protection law. Data collection and processing is carried out in accordance with the basic principles, legality and rights of data subjects of the GDPR and the BDSG.
Scope of application of the privacy policy
It applies to all websites for which Terhalle is responsible or if you contact us via other communication channels.
This privacy policy consists of nine parts:
- The first part (provisions for business partners) applies to Terhalle’s business partners.
- The second part (provisions for applicants) applies to private users of Terhalle’s services with regard to applications.
- The third part (General information and provisions for the Terhalle website) applies to all users who use Terhalle’s services or website.
- The fourth part refers to data processing via our social media channels
- The fifth part applies to all users of our online meeting tool “Microsoft Teams”.
- The sixth part applies to the organization of competitions.
- The seventh part (information on data subject rights) applies to all users whose data is subject to data protection law, but not to legal entities.
- The eighth part contains information about our analysis tools and advertising
- The ninth part applies to all users of our Terhalle app
Furthermore, our websites may contain links to websites of other providers to which this data protection declaration does not extend.
I. Provisions for business partners
the purposes for which the personal data are processed and the legal basis for the processing
We process personal data insofar as this is necessary for the establishment, execution and fulfillment of a contract and for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR, e.g. in connection with the initiation, execution and administration of orders), to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR, e.g. compliance with commercial and tax retention obligations pursuant to § 257 HGB and § 147 AO), to safeguard the legitimate interests of the controller or a third party (Art. 6 para. 1 lit. f GDPR, e.g. storage of data for a reasonable period of time for acquisition efforts or for the assertion of legal claims and defense in legal disputes) and on the basis of the consent of the data subjects (Art. 6 para. 1 lit. a GDPR, e.g. disclosure of data to third parties, evaluation for marketing purposes or advertising by e-mail).
Sources and categories of personal data processed
We process personal data that we receive from you or from public sources such as commercial registers, the Internet and directories or from third parties such as credit or credit agencies or business partners in the course of establishing contact and our business relationship, e.g. for processing an inquiry or an order.
Relevant personal data includes in particular personal data (e.g. surname, first name, address, bank details, invoice address, tax number or VAT ID number) and other contact data (e.g. telephone number, e-mail address). In addition, this may also include contract or order data (e.g. sales data, order volume), information about your financial situation (e.g. creditworthiness data) and personal data (e.g. profession, position, tasks and powers) as well as other data comparable to the categories mentioned.
Recipients or categories of recipients of the personal data
Within the company, only those departments that require the data to fulfill contractual and legal obligations or to implement our legitimate interest (e.g. sales) will have access to the data. We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out in section 3 of this data protection information sheet. Processors used by us in accordance with Art. 28 GDPR may also process data for these purposes, such as IT service providers, cloud providers and data destruction service providers. All service providers are contractually obliged to treat your data confidentially.
Data is only passed on to recipients outside the company in compliance with the applicable data protection regulations. Recipients of personal data may be, for example, companies in the logistics sector, service providers, suppliers, subcontractors, tax consultants, auditors, credit and financial service providers, credit agencies, debt collection agencies, lawyers and authorities. In such cases, information is passed on to these companies or individuals to enable further processing.
Transfer to a third country (outside the EU/EEA) or to an international organization
The transfer to a third country does not take place and is not planned.
Duration for which the personal data is stored and the criteria for determining this duration
The required personal data is stored for the duration of the existence of warranty and guarantee claims. In addition, the personal data is stored in accordance with the legally prescribed periods. Corresponding proof and retention obligations arise from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are up to ten years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted.
In addition to the above-mentioned information, the following is an overview of your other data protection rights:
– Right of access to the personal data concerned (Art. 15 GDPR)
– Right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR)
– Right to object to processing (Art. 21 GDPR)
– Right to data portability (Art. 20 GDPR)
– Right to withdraw consent to processing (Art. 7 (3) GDPR)
– Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfill or implement the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.
Is there an obligation to provide data?
As part of the contractual relationship or contract initiation, you must provide the personal data that is required for the commencement, execution and termination of the contract and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to carry out the necessary pre-contractual measures or the contractual relationship with you.
Separate information about your right to object in accordance with Article 21 GDPR
According to Art. 21 para. 1 DS-GVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) DS-GVO. 1 lit. f of the DS-GVO (data processing on the basis of the balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
If the processing is carried out for the purpose of direct advertising, you have the right under Art. 21 (2) GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
If you wish to make use of your right to object or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.
II Provisions for applicants
the purposes for which the personal data are processed and the legal basis for the processing
We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process.
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. This permits the processing of data required in connection with the decision on the establishment of an employment relationship.
Furthermore, we may process personal data about you if this is necessary to fulfill legal obligations (Art. 6 para. 1 lit. c GDPR, e.g. reimbursement of travel expenses) and to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 lit. f GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). If there is a need for longer-term storage (e.g. for other vacant positions or positions that become vacant), this is done on the basis of your consent in written form (pursuant to Art. 6 para. 1 lit. a GDPR). The same applies to the forwarding of your application data to other companies in our group of companies.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DS-GVO are communicated, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. b DS-GVO in connection with § 26 para. 3 BDSG (e.g. severely disabled status). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DS-GVO are requested from applicants, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a DS-GVO in connection with § 26 para. 2 and para. 3 sentence 2 BDSG (e.g. health data if this is necessary for the exercise of the profession).
Sources and categories of personal data processed
We process personal data that we receive from you or recruitment agencies as part of the application process, in particular personal master data (name, address and other contact details, date and place of birth, nationality), bank details (for the purpose of reimbursing travel expenses), qualification documents (e.g. certificates, assessments and other proof of training), IP addresses and photographs.
Recipients or categories of recipients of the personal data
If provided, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their documents by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending by post.
Your data will be reviewed by the HR department once your application has been received. Suitable applications will then be made available internally to the specialist responsible for the respective open position and, if necessary, to the works council. Within the company, only those persons have access to your data who need it for the proper course of the application process.
We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out in section 3. In addition, personal data is processed on our behalf on the basis of contracts in accordance with Art. 28 GDPR; this applies in particular to IT service providers, cloud computing and applicant management systems and software. Recruitment agencies may also be commissioned as part of the application process. All service providers are contractually obliged to treat your data confidentially.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations or if we have your consent.
Transfer to a third country (outside the EU/EEA) or to an international organization
The data is processed exclusively in data centers in the Federal Republic of Germany. A transfer to a third country does not take place and is not planned.
Duration for which the personal data will be stored and the criteria for determining this duration
If no employment relationship is established following your application, we will retain applicant data for a maximum of six months from receipt of the rejection decision so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act (AGG). This does not apply if statutory provisions prevent deletion (e.g. archiving of travel expense reimbursements in accordance with tax law requirements of up to 10 years), if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. In the event that you have consented to your personal data being stored for a longer period, we will transfer your data to our applicant pool. There the data will be deleted after one year
If you are accepted for a position as part of the application process, the relevant and necessary data will be transferred from the applicant data system to our personnel data system.
In addition to the above-mentioned information, the following is an overview of your other data protection rights:
– Right of access to the personal data concerned (Art. 15 GDPR)
– Right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR)
– Right to object to processing (Art. 21 GDPR)
– Right to data portability (Art. 20 GDPR)
– Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7 (3) GDPR)
– Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
The decision on your application is not based exclusively on automated processing. Therefore, there is no automated decision in individual cases within the meaning of Art. 22 GDPR.
Is there an obligation to provide data?
As part of the application process, you only need to provide the personal data that is required for the application process. There is no obligation to provide this data. Without this data, we will generally not be able to carry out the application process and make a decision on the establishment of the employment relationship.
Separate information on your right to object pursuant to Article 21 GDPR
According to Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
If you wish to make use of your right to object or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.
III General information and provisions for the Terhalle website
These provisions apply in addition to the provisions for all affected groups for the Terhalle website.
(1) In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/https status code
– Amount of data transferred in each case
– Website from which the request originates
– browser
– Operating system and its interface
– Language and version of the browser software.
IV. Data processing via social media
We have a fan page on several social media platforms. In this way, we would like to offer further opportunities to provide information about our company and to attract employees.
We have a presence on the following social media platforms:
-
- Youtube
When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data. If you have consented to your data being processed and stored, this consent is deemed to be
Legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Under certain circumstances, your data may also be processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). The legitimate interest pursued by us lies in establishing contact with (potential) interested parties and applicants as well as the external presentation of the company.
Most social media platforms place cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.
Below we inform you about the processing of your personal data and about your rights as a data subject in the area of our social media pages.
Visiting a social media page
a. Instagram
Instagram privacy policy summary
” Data subjects: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as user behavior data, information about your device and your IP address.
” More details can be found below in the privacy policy
” Storage period: until no longer useful for Meta and our purposes
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
We have integrated Instagram functions on our website. Instagram is a social media platform of the company Instagram
LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is one of the
Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as
buttons, photos or videos from Instagram directly on our website. When you visit web pages on our website that have an
Instagram function integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.
In the following, we want to give you a more detailed insight into why Instagram collects data, what data is involved and how you can largely control
data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information from the Instagram guidelines on the one hand, but also from the Meta privacy policy itself on the other.
How long and where is the data stored?
Instagram shares the information you provide with other companies within the Facebook group of companies and with
external partners and people with whom you are connected worldwide.
This data processing is carried out in accordance with the provisions of our
Privacy Policy.
For security reasons, your data is distributed on Facebook servers worldwide, with the majority of these servers
located in the USA. The data is deleted when it is no longer required for our and Meta purposes.
How can I delete my data or prevent data storage?
Thanks to the General Data Protection Regulation, you have the right to information, portability, correction and deletion of your data. You can manage your data in the
Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.
And this is how deleting your Instagram account works:
First open the Instagram app. Go to the bottom of your profile page and click on “Help section”. You will now be taken to the company’s website. On the website, click on “Manage your account” and then on “Delete your account”.
If you delete your account completely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and is therefore not deleted.
As mentioned above, Instagram stores your data primarily via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, the management always works a little differently. Under the section “Cookies”
you will find the corresponding links to the respective instructions for the most popular browsers.
You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.
Legal basis
If you have consented to your data being processed and stored by integrated social media elements,
will use this consent as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR).
In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other
customers and business partners.
Nevertheless, we only use the integrated social media elements if you have given your consent to
. Most social media platforms also place cookies in your browser to store data. Therefore,
recommends that you read our privacy policy about cookies carefully and consult the privacy policy or cookie policy of the respective
service provider.
Instagram and Facebook also process data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice
, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and
security of data processing.
Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).
We have tried to provide you with the most important information about data processing by Instagram. You can find out more about Instagram’s data policy at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
b. LinkedIn
LinkedIn privacy policy summary
” Data subjects: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as user behavior data, information about your device and your IP address.
” More details can be found below in the privacy policy
” Storage duration: no longer useful for LinkedIn and our purposes
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
We use a link on our website to our company page on the social media network LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing.
When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymized form. This provides us with insights into the types of actions that people take on our site (so-called Page Insights). In particular, LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized Page Insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings.
Through our social media presence, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on 10.07.2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations.
This is fulfilled by the providers of the social media channels we use, Microsoft, Google and meta platforms (non-HR data).
How long and where is the data stored?
In principle, LinkedIn retains your personal data for as long as the company considers it necessary to provide its own services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymized form even after you delete your account. As soon as you delete your account, other people will no longer be able to see your data within one day. However, LinkedIn retains data if it is required by law. Data that can no longer be assigned to a person remains stored even after the account has been closed. The data is stored on various servers in America and presumably also in Europe. The data is deleted when it is no longer required for our and LinkedIn’s purposes.
Legal basis
If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.
LinkedIn also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.
Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).
We have tried to provide you with the most important information about data processing by LinkedIn. You can find out more about data processing by the social media network LinkedIn at https://www.linkedin.com/legal/privacy-policy.
c. Facebook
Facebook privacy policy summary
” Data subjects: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as customer data, user behavior data, information about your device and your IP address.
” More details can be found below in the privacy policy
” Storage period: until the data is no longer useful for Meta and our purposes
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
What are Facebook tools?
We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people who are interested in our products and services the best possible offer.
If data is collected and forwarded from you via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint obligations are also set out in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are securely integrated into our website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.
Below we provide an overview of the various Facebook tools, what data is sent to Facebook and how you can delete this data.
Among many other products, Facebook also offers the so-called “Facebook Business Tools”. This is the official name of Facebook. However, since the term is hardly known, we decided to just call them Facebook tools. Among them are:
- Social plug-ins (such as the “Like” or “Share” button)
- Facebook login
- Account Kit
- APIs (programming interface)
- SDKs (collection of programming tools)
- Platform integrations
- plugins
- codes
- specifications
- Documentation
- Technologies and services
Through these tools, Facebook expands services and has the ability to obtain information about user activity outside of Facebook.
Why do we use Facebook tools on our website?
We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, in order to show users suitable advertising, Facebook needs information about people’s wishes and needs. This provides the company with information about user behavior (and contact information) on our website. As a result, Facebook collects better user data and can show interested people the appropriate ads about our products or services. The tools thus enable customized advertising campaigns on Facebook.
Facebook calls data about your behavior on our website “event data”. This is also used for measurement and analysis services. Facebook can thus create “campaign reports” on our behalf about the impact of our advertising campaigns. Furthermore, analytics give us a better insight into how you use our services, website or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can use the social plug-ins to share content on our site directly on Facebook.
What data is stored by Facebook tools?
By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number and IP address may be sent.
Facebook uses this information to match the data with the data it has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, it is hashed. This means that a data record of any size is transformed into a character string. This also serves to encrypt data.
In addition to the contact data, “event data” is also transmitted. “Event data” refers to the information that we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless the company has explicit permission or is legally obliged to do so. “Event data” can also be linked to contact details. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact data again.
In order to deliver optimized ads, Facebook only uses the event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are stored in your browser. We go into more detail about individual Facebook cookies in the descriptions of the individual Facebook tools. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.
How long and where is the data stored?
In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world where its data is stored. The data is deleted when it is no longer needed for our and Meta’s purposes.
How can I delete my data or prevent data storage?
In accordance with the General Data Protection Regulation, you have the right to information, correction, transferability and deletion of your data.
The data will only be completely deleted if you delete your Facebook account completely. And this is how deleting your Facebook account works:
1) Click on Settings on the right-hand side of Facebook.
2) Then click on “Your Facebook information” in the left-hand column.
3) Now click on “Deactivation and deletion”.
4) Now select “Delete account” and then click on “Continue and delete account”
5) Now enter your password, click on “Next” and then on “Delete account”
The data that Facebook receives via our site is stored using cookies (e.g. for social plugins). You can deactivate, delete or manage individual or all cookies in your browser. Depending on which browser you use, this works in different ways. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.
If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you want to allow it or not.
Legal basis
If you have consented to your data being processed and stored by integrated Facebook tools, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy about cookies carefully and take a look at Facebook’s privacy policy or cookie guidelines.
Facebook also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.
Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).
We hope we have provided you with the most important information about the use and data processing by the Facebook tools. If you would like to find out more about how Facebook uses your data, we recommend that you read the data policy at https://www.facebook.com/privacy/policy/.
d. XING
What is Xing?
We use social plugins from the social media network Xing, Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany, on our website. These functions allow you, for example, to share content on Xing directly via our website, log in via Xing or follow interesting content. You can recognize the plug-ins by the company name or the Xing logo. When you visit a website that uses a Xing plug-in, data may be transmitted to the “Xing servers”, stored and analyzed. In this privacy policy, we want to inform you about what data is involved and how you can manage or prevent this data storage.
Xing is a social network with its headquarters in Hamburg. The company specializes in the management of professional contacts. This means that, unlike other networks, Xing is primarily about professional networking. The platform is often used for job searches or to find employees for your own company. Xing also offers interesting content on various professional topics. Its global counterpart is the American company LinkedIn.
Why do we use Xing on our website?
There is now a flood of social media channels and we are well aware that your time is very valuable. Not every company’s social media channel can be scrutinized closely. That’s why we want to make your life as easy as possible so that you can share or follow interesting content directly via our website on Xing. With such “social plug-ins” we expand our service on our website. In addition, the data collected by Xing helps us to carry out targeted advertising measures on the platform. This means that our service is only shown to people who are really interested in it.
What data is stored by Xing?
Xing offers the share button, the follow button and the log-in button as plug-ins for websites. As soon as you open a page where a Xing social plug-in is integrated, your browser connects to servers in a data center used by Xing. In the case of the share button, according to Xing, no data is stored that could be directly linked to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. Therefore, no evaluation of your user behavior takes place. You can find more information on this at https://dev.xing.com/plugins/share_button/privacy_policy
With the other Xing plug-ins, cookies are only set in your browser when you interact with the plug-in or click on it. Personal data such as your IP address, browser data, date and time of your Xing page visit can be stored here. If you have a XING account and are logged in, the data collected will be assigned to your personal account and the data stored in it.
As soon as you are logged in to Xing or become a member, further personal data will definitely be collected, processed and stored. Xing also passes on personal data to third parties if this is necessary for the fulfillment of its own business purposes, if you have given your consent or if there is a legal obligation.
How long and where is the data stored?
Xing stores the data on various servers in various data centers. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.
How can I delete my data or prevent data storage?
You have the right to access and delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent any data processing or manage it according to your wishes. Most data is stored via cookies. Depending on which browser you have, the administration works slightly differently. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.
You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.
Legal basis
If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.
We have tried to provide you with the most important information about data processing by Xing. You can find out more about data processing by the Xing social media network at https://privacy.xing.com/de/datenschutzerklaerung.
Privacy policy for the contact form
The personal data that you provide to us as part of this contact request will only be used to answer your request or contact you and for the associated technical administration. It will not be passed on to third parties.
You have the right to withdraw your consent at any time with effect for the future. In this case, your personal data will be deleted immediately.
Your personal data will also be deleted without your revocation if we have processed your request or you revoke the consent given here for storage. This also happens if the storage is inadmissible for other legal reasons.
You can obtain information about the personal data stored about you at any time.
Detailed information on data protection and the handling of personal data can be found in the general privacy policy of this website.
e. Youtube
Youtube privacy policy summary
” Affected parties: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored. You can find more details below in this privacy policy.
” Storage period: 6 months
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
What is YouTube?
We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the YouTube or Google servers. Various data will be transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.
In the following, we would like to explain to you in more detail what data is processed, why we have integrated YouTube videos and how you can manage or delete your data.
On YouTube, users can watch, rate, comment on and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have integrated into our site.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos are a must. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, our website is easier to find on the Google search engine thanks to the embedded videos. Even if we place ads via Google Ads, Google can – thanks to the data collected – only show these ads to people who are interested in our offers.
What data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, the sharing of content via social media or adding to your favorites on YouTube.
If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier that is linked to your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.
How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where the Google data centers are located. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation.
The data will be deleted when it is no longer required for our and YouTube’s purposes.
How can I delete my data or prevent data storage?
In principle, you can delete data in your Google account manually. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.
Regardless of whether you have a Google account or not, you can configure your browser so that cookies are deleted or deactivated by Google. Depending on which browser you use, this works in different ways. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.
If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you want to allow it or not.
Legal basis
If you have consented to your data being processed and stored by integrated YouTube elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.
Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).
As YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to find out more about how your data is handled, we recommend that you read the privacy policy at https://policies.google.com/privacy?hl=de.
V. Online meeting tool “Microsoft Teams”
Below we inform you about the processing of personal data in connection with the use of “Microsoft Teams”
Purpose of the processing
We use the tools of “Microsoft Teams” to conduct telephone conferences, online meetings and video conferences. (hereinafter: “online meetings”).
What data is processed?
Various types of data are processed when using the “Microsoft Teams” tools. The scope of the data also depends on the data you provide before or when participating in an “online meeting”.
Legal basis for data processing
Insofar as personal data of employees of Terhalle Holding GmbH is processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of “Microsoft Teams”, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings”.
In addition, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we have an interest in the effective conduct of “online meetings”.
Should video and audio recordings be necessary in exceptional cases, this will be done exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
Type and scope of data processing
We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and ask for your consent. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
The following personal data is processed when using “Microsoft Teams”, whereby the handling of the data also depends on what data you provide before or when participating in an “online meeting”:
User details (registration information): e.g. user name, activation and conference codes, e-mail address, first name and surname, company, organization ID, participant IP, profile picture (optional)
Configuration and communication data: e.g. device name, IP address, geodata, time zone, activity logs, hardware type
Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information
Text, audio and video data: You may have the option of using the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.
Recipients / forwarding of data
Personal data that is processed in connection with participation in “online meetings” is not passed on to third parties unless it is intended to be passed on. Please note that content from “online meetings”, as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Another recipient is the provider of “Microsoft Teams”.
Data processing outside the European Union / EEA
Data processing in third countries does not take place, as we or the service provider have restricted the storage location to data centers in the EU or the EEA.
However, we cannot rule out the possibility that the service provider also uses servers outside the EU or the EEA or that data is routed via internet servers located outside the EU or the EEA.
Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).
Storage duration
Your personal data that we process as part of your use of “Microsoft Teams” will generally be deleted as soon as it is no longer required for the purposes for which it was collected. A requirement for storage may exist in particular if the data is still required in order to fulfill contractual services and to be able to check and grant or defend against warranty or guarantee claims. In the case of statutory retention obligations of 6 years or 10 years under commercial and tax law, deletion will only be considered after expiry of the respective retention obligation. If and insofar as the processing is based on your consent, the data will only be stored until you withdraw your consent, unless there is another legal basis for the processing.
Your rights as a data subject
As a data subject, you may at any time exercise the rights granted to you by the GDPR insofar as they apply to the processing:
- the right to information as to whether and which of your data is being processed (Art. 15 GDPR)
- the right to request the rectification or completion of data concerning you (Art. 16 GDPR)
- the right to erasure of the data concerning you in accordance with Art. 17 GDPR
- the right to request a restriction on the processing of data in accordance with Art. 18 GDPR
- the right to data portability in accordance with Art. 20 GDPR;
- the right to object to the future processing of data concerning you in accordance with Art. 21 GDPR
Revocability of your consent
If the processing takes place on the legal basis of consent, this consent can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 (21) GDPR)
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a data protection supervisory authority.
VI Implementation of competitions
the purposes for which the personal data are processed and the legal basis for the processing
The purpose of data processing is the implementation and processing of competitions, in particular the verification of eligibility to participate and the determination of winners. Participation in the competition is only possible if you provide us with the aforementioned data, as otherwise we will not be able to contact you in the context of a prize notification.
If you take part in one of our competitions, you consent to data processing for the stated purposes. The data processing therefore takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR).
Another legal basis for the processing of personal data is the fulfillment of a contract. (Art. 6 para. 1 lit. b GDPR), provided that the personal data is processed exclusively for the purpose of determining and notifying the winners and for transmitting the prize.
Sources and categories of personal data processed
In the event of a win, the following data will necessarily be processed
First name and surname
your address
e-mail address
Facebook profile information
Duration for which the personal data will be stored and the criteria for determining the duration
The data collected in the competition will be deleted by Terhalle Holzbau as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected as part of the competition when the competition has been completed. We must store winners’ data until the statutory retention periods expire.
VII. Information on the rights of data subjects
This section of the privacy policy provides additional information on exercising your rights as a data subject vis-à-vis Terhalle.
You have the right
- in accordance with Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Article 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us;
- in accordance with Article 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- in accordance with Article 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Article 21 GDPR;
- pursuant to Article 21 GDPR, to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(f);
- in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller;
- in accordance with Article 7(3) DS-GVO to revoke your consent once given at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. This has the consequence that we may no longer continue the data processing based on this consent for the future. You can revoke the consent via: datenschutz@terhalle.de
- to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or our company headquarters.
- information as to whether the provision of personal data is required by law or contract or is necessary for the pre-contractual or contractual conclusion and whether the data subject is obliged to provide the personal data and what the possible consequences of non-provision would be. Without the data, we will generally no longer be able to carry out pre-contractual or contractual measures or may have to terminate them.
Separate information about your right to object in accordance with Article 21 GDPR
According to Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
If the processing is carried out for the purpose of direct advertising, you have the right under Art. 21 (2) GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
If you wish to make use of your right to object or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.
To exercise the rights listed, to ask questions in connection with the privacy policy or for further information, please contact Terhalle’s data protection officer:
DSB Münster GmbH
Martin-Luther-King-Weg 42
48155 Münster
Phone: +49 0251 71879-0
datenschutz@terhalle.de
Safety note
We make every effort to take technical and organizational measures to store your personal data in such a way that it is not accessible to third parties. Complete data security cannot be guaranteed when communicating by e-mail, so we recommend that you send confidential information by post.
VIII. Analysis tools and advertising
” Data subjects: Visitors to the website
” Purpose: Google cookie used for Google Ads conversion tracking to advertise targeted online marketing measures and also to record corresponding conversions and remarketing measures.
” Processed data: Data such as user behavior data, information about your device and your IP address.
” You can find more details below in the privacy policy.
” Storage period: 30 days
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).
If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
IX. Privacy policy app
Privacy policy
Welcome to our app and thank you for your interest. The protection of your personal data is important to us. We therefore conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. We would like to inform you below about which data is used for which purposes.
Controller for processing in accordance with the GDPR
The controller within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
Terhalle Holding GmbH
Solmsstraße 46
48683 Ahaus-Ottenstein
Data Protection Officer
DSB Münster GmbH
Martin-Luther-King-Weg 42-44
48155 Münster
+49 251 718790
Scope of data collection and data processing
Unless otherwise stated in the following sections, personal data is always collected, processed or used when using our apps so that we can meet our quality standards. As part of the registration process, user master data is therefore collected first:
- First and last name
- Language and country
- E-mail address
We also obtain certain technical information through the use of web-based structures based on the data transmitted by your browser (e.g. browser type/version, operating system used). The following data may be collected:
- Information about the browser type and version used;
- the user’s operating system;
- Device ID of the end device;
- the IP address of the user;
- Date and time of access;
- Websites that are accessed by the user’s system via our app, if additional data must be obtained from Community Connect Server
Relevant legal bases for the processing of personal data
In order to provide effective and dynamic apps in accordance with our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR, we may use your data for the following:
- to ensure your safety and security, including reviewing user content, messages and associated metadata for violations of our Community Guidelines and Terms of Use;
- to ensure that content is presented in the most effective way for you and your device;
- to understand how users use the apps so that we can improve, promote and further develop them;
When we process your data to fulfill our legitimate interests, we carry out a balancing test to check whether the use of personal data is really necessary to achieve our business purpose. When we carry out this balancing test, we also take into account the rights of our users with regard to the protection of their privacy and take appropriate precautions to protect their personal data.
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) DS-GVO as legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) DS-GVO as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) DS-GVO as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f) DS-GVO as the legal basis for the processing.
Duration of storage of personal data
Personal data is stored for the duration of the respective statutory retention period. After this period has expired, the data is routinely deleted, unless there is a need to initiate or fulfill a contract.
Registration in our app
If the data subject uses the option to register via d.velop postbox with the app of the controller by providing personal data, the data in the respective input mask will be transmitted to the controller. The data is stored exclusively for internal use by the controller. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. During registration, the user’s IP address and the date and time of registration are stored (d.velop postbox). This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to disclose. The registration of the data is necessary for the provision of content or services. Registered persons have the possibility to have the stored data deleted or modified at any time. The data subject shall receive information about his/her stored personal data at any time.
Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. As soon as the storage purpose no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.
Security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, we ensure data protection on an ongoing basis by constantly auditing and optimizing our data protection organization.
Conclusion
Terhalle Holding reserves all rights to make changes and updates to this privacy policy.