Data privacy

Data Protection Declaration of Zentis GmbH & Co KG (as of May 2018)

Thank you for your interest in our website www.zentis.de, in our company and our products and services. We at Zentis are aware that the protection of your privacy when using this website is an important issue. For this reason, compliance with the statutory regulations for data protection is a matter of course for us. In addition, it is one of our key concerns that you as a customer always know when and how we collect, store and use your personal data across.

In the following we will inform you about the collection and further processing (e.g., storage, requests, modifications, forwarding) of personal data related to the use of our website. Personal data is defined as all data which relate to you personally, e.g., your name, address, email address and user behaviour.

Where we process personal data within the scope of visits to our website, where we use the services of service providers in connection with the processing of such data for the provision of individual functions or services on our website or where we intend to use such data for advertising purposes, we will inform you about the relevant procedures in detail, i.e., in particular which data is processed. In doing so, we will also disclose the intended storage duration or at least the defined criteria for the storage duration as well as the relevant legal basis for the processing of the data.

I. Name and address of the controller

The controller in terms of the General Data Protection Regulations (GDPR), other national data protection laws of the Members States or any further data protection provisions is:

Zentis GmbH & Co. KG, Jülicher Straße 177, 52070 Aachen, Tel. No.: +49 241 4760-0, Email: info@zentis.de, Website: www.zentis.de

II. Contact details of the data protection officer

You can contact our data protection officer at datenschutz@zentis.de or by sending a letter to our postal address set out above under Section I. to the attention of the "Data Protection Officer":

III. Collection and storage of personal data as well as the nature, purpose, legal basis and duration of use

§ 1 Visits to our website

When visiting our website for the sole purpose of obtaining information, i.e. if you do not register or transfer information to us in any other way, we will only collect your personal access data in so-called server logfiles which your browser transfers to our server. These server logfiles collect the following data:

  • IP address
  • Date and time of the query
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (concrete page)
  • Access status/HTTP status code
  • Transferred data volume
  • Website, from which we receive the request
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

This data is analysed solely for the purpose of ensuring a smooth operation of the website with regard to stability and security and for the improvement of our services and subsequently deleted. The legal basis for the processing of the data is Art. 6 (1) S.1 lit. f GDPR. Our legitimate interest is based on the above specified purposes for the processing of the data.

The data are also saved in the logfiles of our system. A storage of this data together with additional personal data of the user does not occur.

The collection of the data required for the publishing of the website and the storage of data in logfiles is mandatory for the operation of the website. For this reason, the user cannot object to the collection of such data.

The data is deleted as soon as it is no longer required to attain the purpose of its collection. Where data is collected to enable the publishing of the website, the data will be deleted as soon as the session is closed.

In addition, we use cookies and analytics services on our website. Further information on this is available in Sections IV and V of this data protection declaration.

§ 2 Use of additional services and functions on our website

Apart from using our website solely for the purpose of obtaining information, you can also use the various services and functions on our website. In general, you will need to disclose further personal data which we use for the provision of the relevant services; such data is also subject to the above specified principles for data processing. The services and functions are described in further detail below.

(1) Contact form

When contacting us using our contact form (praise & enquiries), the complaints form regarding spreads / sweets or general issues, the data entered by you on a voluntary basis (your email address, first name, surname and where applicable your phone number, place of residence and postal code) will be saved by us for the purpose of answering your query. The entry of your email address and your first name and surname is mandatory, all additional information is voluntary. For complaints, further information may be required for issuing return slips or providing compensation.

We will reply by email or, where applicable, by phone.

In this case, the legal basis for the processing of the data is Art. 6 (1) lit. a and b) GDPR on the basis of your voluntarily granted consent for the processing of your enquiry.

We will delete the data collected in this context after completion of your enquiry or restrict the processing of the data, where subject to statutory retention periods.

(2) Newsletter

By giving your consent, you can subscribe to our newsletter in which we inform you about our current interesting offers.

We use the so-called double-opt-in procedure for subscriptions to our newsletter. This means that after you have subscribed to our newsletter, we will send you an email to your specified email address in which we request you to confirm that you would like to receive our newsletter. In addition, we will save your used IP addresses and the times of your subscription and confirmation. The purpose of this procedure is to create a proof for your subscription, so that a possible misuse of your personal data can be uncovered, where necessary.

The only mandatory data required for receiving our newsletter is your email address. [The entry of the additional, specially marked data is voluntary and is used to be able to address you personally.] After receiving your confirmation, we will save your email address for the purpose of forwarding our newsletter.

The legal basis for this is Art. 6 (1) S. 1 lit. a GDPR on the basis of your voluntarily provided consent.

You can withdraw your consent to the receipt of the newsletter at any time and unsubscribe. You can unsubscribe by clicking on the link provided in every newsletter email or by sending an email to datenschutz@zentis.de or by sending a letter to the contact details set out in the imprint.

(3) Online job applications

If you want to apply for a job at Zenits GmbH & Co. KG (see Section I) directly on this website, your personal data will be collected in our application portal. The data entered in our application portal is used solely for the purpose of recruiting an employee for the vacant position and for the review and handling of your application for the relevant position. After completion of the application procedure for the specific position, your data will be blocked for further processing and deleted after expiry of any applicable statutory retention periods. The legal basis for the processing is Art. 88 GDPR in conjunction with Section 26 (1) of the German Federal Data protection Act (BDSG).

IV. Use of cookies

§ 1 Scope of data processing

In order to make your visit to our website as user-friendly and effective as possible and to enable the use of certain functions, we work with so-called cookies on some of our pages. Cookies are small text files which are stored on your device and which save certain settings and data via your browser for the exchange with our system. With these cookies, the party putting the cookies on your computer (in this case zentis) will be provided with specific information. Cookies cannot execute any programs or transmit viruses to your computer.

Cookies contain no personal data and can therefore not be directly allocated to a user. Please note that certain cookies are already put on your computer as soon as you access our website. This website uses the following types of cookies:

  • Mandatory / functional cookies: These cookies are mandatory to ensure the operation of the website. For instance, this may be cookies which enable you to sign in to the customer area or place items into your shopping cart.
  • Transient cookies: These are automatically deleted when you close your browser. The most common of these cookies are session cookies which save a so-called session ID with which various requests of your browser can be allocated to your visit to our website. This enables our website to identify your computer when you return. The session cookies are deleted when you sign out or close the browser.
  • Persistent cookies: These are automatically deleted after a defined period which may vary from cookie to cookie. You can delete the cookies in the security settings of your browser any time.
  • Third party cookies: These cookies of some of our advertising parties help to make our services and our website a more interesting experience for you. For this reason, we also save cookies of our partner companies on your hard drive when you visit our website. These are temporary cookies which delete themselves automatically after a set period. In general, the cookies of partner companies are deleted after a few days or 24 months, or in individual cases after a few years. The cookies of our partner companies do not contain any personal data. Only pseudonymised data under a user ID are collected. The pseudonymised data are at no time linked to your personal data.

You can configure your browser settings to meet your own needs and requirements, e.g. reject the acceptance of third-party cookies or other cookies. Also, your browser can be configured so that you will be notified when a cookie is put on your computer. For this, please consult the your browser operator. We would like to point out that the rejection of cookies may mean that you cannot use all functions of the website.

The legal basis for the use of cookies is Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest is based on the above specified purposes, i.e. to make our website more user-friendly and efficient.

Further information on analytics cookies is listed under Section V.

V. Use of analytics tools

We use web analytics services on our website for the purpose of targeted advertising.

New Relic

This website uses the web analytics service New Relic for the statistical analysis of visitor access, operated by New Relic, Inc., 188 Spear St, San Francisco, CA 94105, USA. New Relic collects and stores data on the basis of which user profiles are created under a pseudonym for analysing visitor behaviour, improving the services on this website as well as for optimisation and marketing purposes. New Relic works with so-called "cookies"; these are small text files which are saved locally in the cache of the Internet browser of the person visiting the website. These cookies are designed to identify the browser when you return to the website and enable a more accurate determination of the statistical data. New Relic will use this information to evaluate your use of our website, to prepare reports on website activities and to provide further services in connection with your use of the website and the Internet. Under no circumstances will New Relic link your IP address to other New Relic data. If you want to object to the analysis of the user behaviour via cookies, you can adapt your browser settings accordingly so that you are informed when cookies are put on your computer and you can decide on grounds relating to your particular situation whether you want to accept cookies for specific purposes or generally reject their acceptance.

Alternatively, you can check on the EU deactivation site for consumers at http://www.youronlinechoices.com/uk/your-ad-choices/, whether New Relic advertising cookies are put on your browser and then deactivate them if you want to.

The legal basis for the processing of your data is Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest is based on the above specified purposes.

The data protection regulations of New Relic are available at: https://newrelic.com/termsandconditions/cookie-policy

Odoscope

In order to optimise our website and adapt it to the changing behaviour and technical requirements of our users, we use the web analytics services of odoscope (odoscope GmbH, Lichtstrasse 25, 50825 Cologne). This analytics tool is neither able nor has it been developed to evaluate visitor activities on the basis of personal data.

For example, odoscope measures which pages are accessed by the users and whether the sought-after information can be easily found, etc. The information can only then be interpreted and only then becomes conclusive where a larger group of users is monitored. For this, the collected data are aggregated, i.e. merged together to larger units. This way, we can adapt the design of pages or optimise contents, for instance if we determine that a relevant part of the visistors is using new technologies or has problems finding or cannot find available information.

Zentis and odoscope do not generate visitor profiles. The data is not misused, for example in order to provide previous visitors to our website with targeted advertising. Neither are we interested in the behaviour of individual users, nor in the identity of a user. Structural measures (splitting of databases and responsibilties) ensure that statistical data which is collected and processed for web analytics purposes never contains personal data and can at no time be linked to such data.

We use Odoscope to analyse and continuously improve the use of our website. With the obtained statistics, we are able to improve our services and make our website even more interesting for users.

The legal basis for the processing of your data is Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest is based on the above specified purposes.

If you want to object to the analysis of the user behaviour via cookies, you can adapt your browser settings accordingly so that you are informed when cookies are put on your computer and you can decide on grounds relating to your particular situation whether you want to accept cookies for specific purposes or generally reject their acceptance.

Alternatively, you can check on the EU deactivation site for consumers at http://www.youronlinechoices.com/uk/your-ad-choices/, whether Odoscope advertising cookies are put on your browser and then deactivate them if you want to.

The data protection regulations of Odoscope are available at: https://www.odoscope.com/datenschutz.

VI. Links to social media sites

Our website contains links to the social media sites:
Facebook
Youtube

When visiting our website, generally no personal data will be forwarded to the operators of these social networks. Only if you click on the link to access our page on the relevant social network, the operator of the social network will receive the information that you have accessed the relevant website of our online services. In addition, the data set out in Section III. §1 hereunder will be transferred. According to the relevant operators in Germany, your IP address will be anonymised directly after collection for Facebook applications. This means that by clicking on the link, your personal data will be transferred to the relevant provider of the social network and stored there (i.e. at US-American operators in the USA). As the operator primarily uses cookies to collect this data, we recommend to delete all cookies before clicking on the link in the security settings of your browser.

We can neither influence the collected data and data collection processes nor are the full scope of the data collection, the purpose of the processing and the retention periods known to us. Also, we have no information on the deletion of the collected data by the operator of the social network.

The operator of the social network stores the data collected on you in the form of user profiles and uses it for advertising, market research purposes and/or the targeted design of its website. This evaluation is primarily conducted (also for users who are not signed in) to display targeted advertising and to inform other users in the social network about your activities on our website. You have the right to object to this generation of user profiles, whereby you must address your objection to the relevant operator of the social network as the responsible controller. With these links we give you the opportunity to interact with the social networks and other users so that we can improve our services and make our website even more interesting for users. The legal basis for this is Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest in this case is based on the above specified purposes.

The data is transferred regardless of whether you have an account with the operator of the social network or are signed in. If you are signed in, the data collected on our website will be directly allocated to your account with the relevant operators of the social network. When you click on the link and for example create a link to the page, the plug-in provider will save this information in your user account and share it publicly among your contacts. We recommend, to always signed out after using a social network and in particular before clicking on the link as you can then avoid an allocation to your profile at the operator of the social network.

More information on the purpose and scope of the collection and processing of the data by the operator of the social network, is available in the data protection declarations of the operators set out below. Here you will also receive further information with regard to your relevant rights and setting options for the protection of your privacy.

Adresses of the relvant plug-in providers and URLs with their data protection declarations:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; and for further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/ your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info# everyoneinfo. Facebook complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (Google subsidiary); https://www.google.de/intl/de/policies/privacy.

VII. Embedding of YouTube videos

We have embedded YouTube videos on our web pages, which are stored at http://www.YouTube.com and can be directly called up on our website.

By visiting the website, YouTube will be notified that you have accessed the relevant page of our website. In addition, the data set out in Section III. §1 hereunder will be transferred. This occurs regardless of whether you have a YouTube user account to which you are signed in or whether you have no such account. If you are signed in to Google, your data will be directly allocated to your account. However, if you do not wish your actions to be allocated to your YouTube profile, you must sign out before activating the button. YouTube stores your data in the form of user profiles and uses this data for advertising and market research purposes and/or the targeted design of its website. The data is in particular analysed (even when the user is not signed in) for the purpose of providing targeted advertising and in order to inform other users of the social network about your activities on our website. You have the right to object against the generation of these user profiles, whereby you must address your objection to YouTube.

Further information on the purpose and scope of collection and processing of the data by YouTube (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; subsidiary of Google) is available in the data protection declaration. Here, you will also receive additonal information on your rights and setting options for the protection of your privacy: https://www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA and has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

VIII. Your rights

Whenever your personal data is processed, you have rights vis-á-vis us with regard to your own personal data:

Right of access by the data subject, Art. 15 GDPR

You have the right to request a confirmation from the controller on whether your personal data is processed by the controller.

In the event that the data is processed, you can request the controller to disclose the following information:

  • the purposes for which the personal data is processed;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; In the latter cases, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR relating to the transfer of the data;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in ⦁ Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification, Art. 16 GDPR

You have the right to the rectification and/or completion of the data towards the controller, where the processed personal data concerning you is inaccurate or incomplete. The controller must rectify the data immediately.

Right to erasure, Art. 17 GDPR

a) Right to erasure
You can request the controller to delete all personal data immediately and the controller is obligated to delete this data immediately, where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based according to point (a) of ⦁ Article 6(1), or point (a) of ⦁ Article 9(2), and where there is no other legal ground for the processing;
  • the data subject objects to the processing pursuant to ⦁ Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to ⦁ Article 21(2);
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in ⦁ Article 8(1).

b) Information to third-parties
Where the controller has publicly disclosed the personal data concerning you and is obligated to delete such data in accordance with Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions
No right to erasure will exist, where the processing of the data is required

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of ⦁ Article 9(2) as well as ⦁ Article 9(3);
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with ⦁ Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

Right to restriction of processing, Art. 18 GDPR

Under the condition listed below, you may request the processing of your personal data to be restricted:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pursuant to ⦁ Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where the processing of the personal data concerning you has been restricted, this data – with the exception of storage – shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Once you have obtained a restriction on the processing in accordance with the above terms, you shall be informed by the controller before the restriction of processing is lifted.

Right to information, Art. 19 GDPR

Once you have asserted your right to the rectification, erasure or restriction of processing of the personal data towards the controller, the controller is obligated to notify all recipients to whom the personal data concerning you has been disclosed about the rectification or erasure of the data or the processing restrictions unless this is not possible or requires an unreasonable expense or effort.

You have the right to be notified about the recipients by the controller.

Right to data portability, Art. 20 GDPR

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • the processing is based on consent pursuant to point (a) of ⦁ Article 6(1) or point (a) of ⦁ Article 9(2) or on a contract pursuant to point (b) of ⦁ Article 6(1); and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to demand that the personal data concerning you is transferred directly to one controller to another, where technically feasible. This may however not restrict the freedoms and rights of others.

Your right to erasure shall remain unaffected of this.

To right to data portability shall not apply for a processing of personal data required for the performance of a tasks in the public interest or for the exercise of public authority vested to the controller.

Right to object, Art. 21 GDPR

You have the right to object on grounds relating to your particular situation and the right to object to the processing of data for advertising purposes. Further information on this is available in Section IX of this data protection declaration.

Right to withdraw declaration of consent in under data protection law

You can withdraw a declaration of consent on the processing of your personal data granted by you to the controller at any time. Please note that this withdrawal shall however take effect in the future; it shall not affect the lawfulness any processing of the data previously carried out on the basis of your declaration of consent.

Automated individual decision-making including profiling, Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effect on you or which affects you significantly in a similar way. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(3) is based on the data subject’s explicit consent.

In the cases (1) and (3) as set out above, the controller will take reasonable measures to protect your rights, freedoms and legitimate interests, which at least includes the right to enforce a natural person to become involved on part of the controller, to present the own view and to contest a decision.

Decisions generated solely on the basis of an automated processing may also not be based on certain categories of personal data in accordance with Art. 9 (1) GDPR, to the extent that Art. 9 (2) lit. a or g GDPR does not apply and adequate measures for the protection of the rights, freedoms and legitimate interests are taken.

Right to lodge complaint with a supervisory authority, Art. 77 GDPR

You have the right to lodge a complaint about the processing of your personal data at a supervisory body for data protection. You can lodge your complaint to the supervisory body in the Member State of your place of residence, your place of work or the place of the alleged infringement. The supervisory body where the complaint is lodged, will inform you as the complainant on the progress and the results of the complaint as well as on the option of a judicial remedy before court in accordance with Art. 78 GDPR.

IX. Right to object in accordance with Art. 21 GDPR

Right to object on grounds relating to your particular situation:

You have the right to object to the processing of your personal data conducted on the basis of Art. 6 (1) lit. e GDPR (processing of data in the public interest) and Art. 6 (1) S. 1 lit. f GDPR (data processing for the protection of the legitimate interests of the controller or a third party) at any time for grounds relating to your personal situation; this also applies for a profiling based on these provisions. After receiving your objection, we will cease to process your personal data unless we can provide compelling legitimate grounds for the processing, which take priory of your interests, rights and freedoms, or where the processing serves to establish, exercise and defend legal claims.

Right to object to the processing of data for advertising purposes

In individual cases, we may process your personal data for the purpose of direct advertising. You have the right to object to the processing of the personal data concerning you for the purpose of such advertising at any time; this also applies for profiling where it relates to such direct advertising activities. Once you object to a processing of your personal data for the purpose of direct advertising, your personal data will then no longer be processed for this purpose.

In the above specified cases, you can object informally, preferably by sending an email with "Objection" in the header to datenschutz@zentis.de or to the postal address set out under Section I. to the attention of the "Data Protection Officer".

X. Data security

We strive take all technical and organisational measures to store your personal data in a way so that it cannot be accessed by third parties. When communicating by email, we can however not guarantee complete data security, so that we recommend you to send any confidential information by post.

For reasons of security and to protect the transfer of confidential contents, this website works with SSL encryption, for example for any enquires you send to us as the operator. You can recognise an encrypted connection when the "http://" in the address bar of your bowser changes to "https://" and by the padlock symbol in your browser bar. When the SSL encryption is activated, the data you transfer to us cannot be read by third parties.