Privacy Policy

Below you will find the information that has to be provided in accordance with Articles 13 and 14 of the General Data Protection Regulation (“GDPR”) on the processing of your personal data when you visit (hereinafter “you” or “your”) our website www.kostal-career.com hereinafter each referred to as “Website”) by Leopold Kostal GmbH & Co. KG and all jointly responsible companies (hereinafter “we” or “us”).

A. Data controller and data protection officer

Leopold Kostal GmbH & Co. KG, An der Bellmerei 10, 58513 Lüdenscheid, info@kostal.com, Telefon +49 (0) 2351 16-0.

Data Protection Officer of the KOSTAL Group, An der Bellmerei 10, 58513 Lüdenscheid, dataprotection@kostal.com

B. Information on the processing of personal data

Below you will find information on the processing of your personal data for the purposes specified in more detail there and, for example, about the legal basis for this processing. If the legal basis for the processing specified there is the balancing of interests, you can request additional information about the balancing of interests carried out by us using the contact details specified in Section A.

The same applies if we are jointly responsible with another person. Even then, you can ask for information about the agreement on joint responsibility by using the contact details specified in Section A.

I. Use of the Website for information purposes

When you visit our Website, we process the IP address of your device for technical reasons, i.e. in order to be able to display the Website at all. We cannot provide the Website content accessed without the provision of this data.

In order to protect our IT infrastructure, we also process the IP address of your device, the type and version of the internet browser used by you, information on the operating system of your device, information on the pages accessed, the site previously visited (referrer URL) and the access date and time and store this information in so-called log files. Without the provision of this information, we will not be able to provide the content accessed on the website.

If you call up job advertisements on the website, we also process your details in the search mask of our website.

The legal basis of this processing is the balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest for this processing is the provision of the Website content accessed by you and the protection of the IT infrastructure used to provide the Website, in particular to identify, remedy and document IT disruptions (e.g. DDoS attacks) for evidence purposes. For more information please refer to the contact details specified in Section A.

The recipient of these data is our hosting provider FlipZoom Media – David Karich, which acts for us as processor. A further recipient is kostal design GmbH & Co. KG, which likewise acts as processor and has been commissioned with the development of the Website as well as its maintenance and servicing.

When using the job advertisements, the recipient is also Haufe-Lexware GmbH & Co. KG as operator of the “Umantis” platform for job advertisements, a company based in Switzerland, which operates parts of the website as our contract processor. In order for these job offers to be called up, your personal data will be transferred to this company – and thus to a company outside the European Economic Area. However, by Decision 2000/518/EC of 26 July 2000, the European Commission has decided that Switzerland ensures an adequate level of protection for personal data transmitted from the Union for all activities formerly covered by Directive 95/46/EC and therefore now covered by the DS Block Exemption Regulation. We use a so-called frame for the transmission of data. This means that “UMANTIS” is embedded in the website and you as a user do not notice the transfer. As soon as you open a job advertisement, you will be redirected to a website within UMANTIS. This website then begins with the URL “recruitin-gapp-2633.umantis.com”. The same applies when you press “Set up job subscription”, “Login” or “Unsolicited application”.

We generally store these personal data in the log files for 3 (three) months. If you also view job advertisements, we store the log files for six (6) months. In the case of any security-relevant event (e.g. an attack), we also store the log files until the security-relevant event has been eliminated and clarified in full.

II. Job subscription

If you set up a job subscription on our website in order to be informed about new job advertisements, we process your surname and first name, your e-mail address and the category of the job search, i.e. information about the area for which you are looking for a job, for the purpose of your information. The provision of this data is necessary to set up a job subscription; without this data we cannot send you any job advertisements.

The legal basis for the processing of your personal data within the framework of the job subscription is the execution of the contract (point b of Article 6 paragraph 1 of the GDPR). You may terminate the job subscription at any time. You will also be informed of this in every message.

The recipient of this personal data is Haufe-Lexware GmbH & Co. KG as operator of the “Umantis” platform for job advertisements, which processes the data on our behalf and according to our instructions (refer to Section B.I).

We store the data for providing the job subscription until you cancel the job subscription.

III. Selection of applicants

1. Job offer

If you apply in response to job offer from us or from any other company in the KOSTAL Group on our website or initiative, i.e. without reference to a specific job, we process (i) the assignment to a specific job offer (i.e. a link between your entries and such an offer) in order to recruit new employees and carry out an application procedure; (ii) your personal data (first name, last name, address, contact data, date of birth, place of birth); (iii) the photo you have provided; (iv) your information about your previous resume, including educational background and professional experience, as well as certificates from previous employers and/or training institutions; (v) your letter of application; (vi) information about how you came to our attention; and (vii) login data. The processing of login data is necessary for the purpose of transmitting your application. With the exception of information about how you came to our attention and any severe disabilities, which you may voluntarily provide, you must provide the remaining personal information if you wish to work with us.

The legal basis for this processing is the decision on the establishment of an employment relationship (Art. 88 paragraph 1 GDPR in conjunction with § 26 paragraph 1 sentence 1 BDSG).

The recipient of this personal data is Haufe-Lexware GmbH & Co. KG as operator of the “Umantis” platform, which processes the data on our behalf and according to our instructions (section B.I). If you apply for a job with another company in the KOSTAL Group, we will also forward your personal data to this company. In this case we are also jointly responsible for data processing with these companies.

Companies within the KOSTAL Group are Kostal Automobil Elektrik GmbH, Kostal Industrie Elektrik GmbH, Kostal Solar Electric GmbH, Kostal Kontakt Systeme GmbH and SOMA GmbH.

In any case, we will retain the personal data for six (6) months after completion of the application process. If legal proceedings are instituted within this period, we will keep these documents for a longer period of time, namely until the conclusion of the legal proceedings. The human resources department may delete the applicant data on the individual instructions of the applicant or according to personnel specifications. After successful application, the data is transferred to our human resources system and deleted from the platform.

2. Recruitment test

In order to determine the aptitude of applicants for a training position as objectively as possible, we conduct online recruitment tests. In case we would like to get to know applicants better on the basis of their application documents, we will invite them to participate in an online test procedure on the basis of their application documents. For this purpose, they will receive a personal tan to register for the test with our contract processor u-form Testsysteme GmbH & Co. KG. The participation is voluntary. The tests are carried out according to the existing standards and comply with DIN 33430. During the online tests we collect the following personal data from applicants:

Personal master data (e.g. first and last name, address, date of birth)

Communication data (e.g. e-mail, telephone)

Data on personal structure and cognitive skills, based on the answers given in the online test.

The legal basis for processing is consent (point a Article 6 paragraph 1 GDPR ). Consent is requested when registering for the online test procedure.

The recipient of this personal data is u-form Testsysteme GmbH & Co. KG, which processes the data on our behalf and according to our instructions.

We will keep the personal data for six (6) months after completion of the application procedure. If legal proceedings are instituted within this period, we will keep these documents for a longer period, namely until the conclusion of the legal proceedings. The human resources department may delete the applicant data on the individual instructions of the applicant or according to personnel specifications. After successful application, the data is transferred to our human resources system and deleted from the platform.

IV. Analysis of behaviour on the Website using (Google Analytics and Matomo)

We use two solutions on the website to log and analyse your user behaviour on the website. These are Google Analytics (number 1 below) and Matomo (number 2 below). The logging and analysis will only take place if you have given us your prior consent. We use these two solutions for the purpose of logging and analysis cookies. Detailed information on these cookies can be found in Section D.

The personal data collected with the help of these cookies includes your IP address as well as information about sub-pages visited, the time spent on our website, the website from which you accessed our website and the page you call up after visiting our website. There is no obligation to provide this data. In the event that the data is not provided, we cannot measure web audience.

This processing serves the optimisation of the Website by analysing your usage behaviour on our Website. We can, for example, based on the frequency with which subpages are accessed, identify which content is particularly interesting for our Website visitors and which content has to be placed differently, for example, in order to be seen by visitors.

The legal basis for this processing – including the setting and reading of cookies – is the consent you have given (point a Article 6 Paragraph 1 GDPR). You can revoke this consent by deleting the cookies. This is described in Section D.

1. Google Analytics

Google Analytics is a service provided by Google LLC (“Google”), which is headquartered in the USA.

It is technically necessary that your full IP address is transmitted to Google. However, we use so-called IP anonymisation. This means that your IP address is shortened immediately after transmission to Google as our processor and is no longer stored by Google. It is then no longer possible to identify the user of the device.

Based on this shortened IP address and the information contained in the cookies, Google prepares the aforementioned analysis of usage behaviour on our Website. As a rule, it is not possible for us to identify you as an individual based on this usage profiles. We do not know which pseudonym you have been given. Therefore, based on the usage profiles of Google Analytics, we are generally unable to identify what specific actions you have taken on the Website.

The legal basis for this processing, including the setting and reading of cookies, is consent to be given separately by you (point (a) of Article 6 paragraph 1 of the GDPR)). You can withdraw this consent by deleting the cookies. This is described in Section D.

The data described in this Section B.VI.1 can be transmitted to Google in the USA. The USA is a third country outside the European Union that generally guarantees a level of data protection that differs from that of the European Union. Google has, however, been certified under the EU-US Privacy Shield (more information can be found here). In an adequacy decision pursuant to Article 45 of the GDPR (see Commission implementing decision (EU) 2016/1250 of 12 July 2016, notified under document C(2016) 4176), the European Commission determined that the United States provides an adequate level of protection for personal data transferred from the European Union to organizations in the United States under the EU-US Privacy Shield.

We store profiles for 26 (twenty-six) months.

2. Matomo

The use of Matomo (formerly Piwik) also requires that we first process your complete IP address. However, we use a so-called IP-anonymization function, which means that your address is shortened immediately after the collection and not saved in complete form, so that a conclusion on you as a user of the terminal device is no longer possible afterwards.

On the basis of this shortened IP address and the information in the cookies, we create the above-mentioned evaluation of the user behavior on our website. It is generally not possible for us to draw conclusions about you as an individual person from these usage profiles. We do not know which pseudonym is assigned to you. Therefore, based on Matomo’s usage profiles, we are generally not able to recognize which concrete actions you have taken on the website. Recipient of the above-mentioned data is our hosting provider FlipZoom Media – David Karich, who works for us as a processor and hosts our website.

C. Third Party Provider Plug-ins

The third-party provider plug-ins described below are embedded in our Website. These enable you to use certain services of external provider directly on our Website. The providers specified below have sole responsibility for these third-party provider plug-ins.

Plug-in providers can (similar to accessing an external website via a link) in particular receive your IP address and the address (URL) of the website from which you access the plug-in. If you are registered with the third-party provider as a user, the plug-in provider can usually also assign the data received to your user account.

I. Google Maps

The map service Google Maps is embedded in our Website. Google is the third-party provide of this plug-in. Information on Google Maps can be found here. Google’s privacy policy can be found here, where you can find information about the processing of personal data by Google.

Information about the transfer of personal data to the USA can be found in Section B.VI.

II. YouTube

The video player YouTube is also embedded in our Website. The third-party provider of this plug-in YouTube LLC, a company under US law. Information about YouTube can be found here. YouTube LLC’s privacy policy can be found here, where you can find information about the processing of personal data by Tube LLC.

YouTube is a subsidiary of Google. The information about the transfer of personal data to the USA in Section B.VI. therefore also applies accordingly to the use of the YouTube content embedded in our Website.

III. Google Fonts

We use fonts on this website that we integrate via Google Fonts. The third-party provider of this plug-in is Google. Information about Google Fonts can be found here, the privacy policy of Google can be found here. There you will find information about the processing of personal data by Google.

The information on the transfer of personal data to the USA in Section B.IV therefore applies accordingly.

IV. Gravatar

On some pages of this website we use so-called gravatare. These are small images that are displayed next to a user name. Information about Gravatar can be found here. The third party provider of this plug-in is Aut O’Mattic A8C Ireland Ltd and Automattic Inc. for visitors from the European Union. You can find information about the processing of personal data by Aut O’Mattic A8C Ireland Ltd and Automattic Inc. here. Automattic Inc. is a company based outside the European Economic Area.

Personal data may be transferred to the USA. As explained in Section B.IV, this is a country with a different level of data protection. To ensure an adequate level, Automattic Inc. has certified under the EU-U.S. Privacy Shield.

V. Haufe Umantis

The Umantis job platform from Haufe Lexware AG is integrated. The third party provider is Haufe-Lexware AG with headquarters in St. Gallen, Switzerland. Further information on the data protection principles of the Haufe Group can be found here. The transfer of personal data to Switzerland was carried out in accordance with the Adequacy Decision 2000/518/EC of 26 July 2000.

D. Use of cookies

When you use our Website, we store cookies in your device’s browser, unless you prohibit this with appropriate settings in your browser.

I. General information on cookies

Cookies are small text files containing information which can be placed on the user’s device via its browser when a website is visited. When the website is visited again with the same device, the cookie and the information stored in it can be read.

Generally and also in the description of the individual cookies used by us in Section D.III, a distinction is made between (i) first-party and third-party cookies, (ii) transient and persistent cookies as well as (iii) cookies that do not require consent and those that do require consent.

First-party cookies are cookies placed by us or a processor commissioned by us, whereas third-party cookies are cookies that are placed and accessed by another controller.

Transient cookies are deleted when you close your browser, whereas persistent cookies are cookies that are stored on your device for a specific period of time.

Cookies that do not require consent are cookies whose sole purpose is to transmit a message via an electronic communications network. Cookies that are strictly necessary so that the provider of an information society service expressly requested by the subscriber or user can make this service available do not require consent either (also referred to as “strictly necessary cookies”). All other cookies require consent.

II. Cookie Management

If the user’s consent is required for the use of certain cookies, we only place these cookies when you use the Website if you have given your consent to this beforehand. Please refer to Section D.III for information about whether the use of a cookie requires consent.

When you visit our Website, we display a so-called cookie banner in which you can give your consent to the use of cookies on this Website. By clicking on the button provided for this, you have the possibility to consent to the use of all cookies requiring consent described in detail in this Section D.III of this cookie information.

We likewise store your consent and, where applicable, your individual selection of cookies requiring consent in an additional cookie (“opt-in cookie”) on your device so that we can determine whether you have already given your consent when the Website is accessed again. The opt-in cookie is valid for a limited period of 1 (one) month.

Strictly necessary cookies cannot be deactivated with the cookie management function of this Website. However, you can at any time deactivate these cookies generally in your browser.

You can also manage the use of cookies in your browser settings. Additional detailed information can, for example, be found at http://www.allaboutcookies.org/manage-cookies/.

When you deactivate the storage of cookies in your browser, some Website functions may no longer work or no longer work properly.

III. Cookies used on this website

Below we provide you with information about the cookies we use.

1. General Cookies

a) Name: cookie_notice_accepted

Purpose and content: Strictly necessary opt-in cookie (see Section D.II above) used to store your consent and, where applicable, your individual selection for the use of cookies on your device, in order to determine whether you have already given your consent when the Website is accessed again.

Responsibility: First-Party

Validity: persistent (six (6) month)

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is the management of cookie consents given by the user for this Website.

b) Name: CGISESSID

Purpose and content: The cookie is used to recognize the user session and its state (logged in, language, …) is restored.

Responsibility: First-Party

Validity: persistent (eight (8) hours)

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

c) Name: CompanyID

Purpose and content: This cookie is used to recognize the company ID

Responsibility: First-Party

Validity: persistent (eight (8) hours)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

d) Name: ExternalDesignID

Purpose and content: This cookie is used to store Design ID for external Design.

Responsibility: First-Party

Validity: persistent ( two (2) days)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

e) Name: alphakey

Purpose and content: The cookie is used to secure that the Session could not be taken over by third party.

Responsibility: First-Party

Validity: persistent (eight (8) hours)

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

f) Name: auth-token

Purpose and content: The auth-token cookie stores user information in the form of a specific data format for the purpose of data exchange between applications (so-called JSON structure).

Responsibility: First-Party

Validity: persistent (nine (9) hours)

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

g) Name: language

Purpose and content: This cookie is used to fix the chosen language of the website.

Responsibility: First-Party

Validity: persistent (eight (8) hours)

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

h) Name: selfid

Purpose and content: The Cookie is used to generate an ID individually for the user in order to be able to assign the actions you perform on the website to him.

Responsibility: First-Party

Validity: persistent (eight (8) hours)

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

i) Name: tracking_id

Purpose and content: The cookie is used in in the job market for recommendation programs.

Responsibility: First-Party

Validity: persistent (two (2) days)

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

j) Name: IDE

Purpose and content: These cookies are used for the delivery of targeted, for you relevant advertising on the Internet. Targeted advertisements may be displayed based on your previous visits to this website.

Responsibility: Third-Party

Validity: persistent (eighteen (18) month)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

2. Google Analytics Cookies

a) Name: _ga

Purpose and content: For use with Google Analytics (see Section B.IV), used to differentiate users by means of an assigned ID.

Responsibility: First-Party

Validity: persistent (2 years)

Consent required: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

b) Name: _gid

Purpose and content: For use with Google Analytics (see Section B.IV), used to differentiate users by means of an assigned ID.

Responsibility: First-Party

Validity: persistent (twenty four (24) hours)

Consent required: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

c) Name: _gat

Purpose and content: For use with Google Analytics (see Section B.VI), used to throttle the request rate, i.e. the maximum number of requests that can be sent to Google’s servers.

Responsibility: First-Party

Validity: persistent (one (1) minute)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

3. Matomo Cookies

a) Name: _pk_id

Purpose and content: for use with Mamoto (see section B.IV.2), is used to distinguish users by means of an assigned ID.

Responsibility: First-Party

Validity: persistent (thirteen (13) month)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

b) Name: _pk_ses

Purpose and content: The cookie is used with Mamoto (see section B.IV.2), is used to determine when the last action on the website was performed.

Responsibility: First-Party

Validity: persistent (thirty (30) minutes)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

c) Name: _pk_ref

Purpose and content: The cookie is used with Mamoto (see section B.IV.2) to determine which page you last called up.

Responsibility: First-Party

Validity: persistent (six (6) month)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

4. YouTube Cookies

a) Name: 1P_JAR

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent (Thirty (30) days)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

b) Name: GPS

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent (one (1) day)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

c) Name: DV

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent (one (1) day)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

d) Name: CONSENT

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent (nineteen (19 years)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

e) Name: NID

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent six (6) months)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

f) Name: PREF

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent (two (2) years)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

g) Name: VISITOR_INFO!_LIVE

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: persistent (six (6) months)

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

h) Name: YSC

Purpose and content: This cookie is used for the YouTube plug-in (see Section C.II) in order to be able to embed videos on our website.

Responsibility: Third-Party

Validity: Session

Requires consent: yes

Legal basis under data protection law: Consent (point (a) of Article 6 paragraph 1 of the GDPR).

5. U-form cookies

a) Name: Session

Purpose and content: The cookie is used to recognize user session is and its state (logged in, language, …) and will be restored.

Responsibility: First-Party

Validity: Session

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

b) Name: Org.Springframework.web

Purpose and content: Cookie transmits the language of the user to the test system to open it automatically in the language set in the browser.

Responsibility: First-Party

Validity: Session

Consent requires: no

Legal basis under data protection law: Balancing of interests (point (f) of Article 6 paragraph 1 of the GDPR). Our legitimate interest is is providing the informational function of the Website requested by the user.

E. Information on the rights of data subjects

As a data subject, you have the following rights with respect to the processing of your personal data. You can contact us for the purpose of exercising your rights using the contact details in Section A:

  • A right to obtain access to and information (Article 15 GDPR) about which personal data from you we process. This includes additional information on the data processing, such as the purpose and legal basis as well as the recipients of these data. You also have the right to request a copy of these data.
  • A right to obtain from us the rectification of inaccurate personal data concerning you and the completion incomplete personal data concerning you (Article 16 of the GDPR).
  • A right to obtain the erasure of personal data concerning you in the cases provided for by law (Article 17 of the GDPR), such as when the data are no longer needed for the purposes for which they were collected or have been unlawfully processed.
  • A right to obtain the restriction of processing in the cases provided for by the law (Article 18 of the GDPR).
  • A right to receive the personal data concerning you that we process on the basis of consent which has been given or for the performance of a contract (see Section B) in a structured, commonly used and machine-readable format (right to data portability, Article 20 of the GDPR).
  • A right to withdraw the consent given to us at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
  • A right to lodge a complaint with a supervisory authority (Article 77 of the GDPR). A list of the data protection supervisory authorities and their addresses can be found here.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6 paragraph 1 of the GDPR (see Section B). We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

The above rights do not necessarily apply to you without limitation in every case. The law provides for restrictions in each case. You can find the full extent of your rights in the Articles of the GDPR specified above, which you can access by using the following link:

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

You can also assert the above rights against us if the assertion of the right relates to data processing in the context of applicant selection, in which we are considered to be jointly responsible with another company in the KOSTAL Group within the meaning of the DSGVO. We have concluded an agreement with these companies to the effect that we will take over the responsibility of answering queries from the person concerned.

Last modified: 23rd of July 2020