DS Crewing: Datenschutz | Dr. Peters Group

This privacy policy applies to the Dr. Peters Group website. Here you will find information in accordance with the law, in particular Article 13 of the General Data Protection Regulation [GDPR], relating to information about access to and use of our website and how this information is used, processed and disclosed.

Name and contact of the data controller:

DS Crewing GmbH
Mattentwiete 1
20457 Hamburg
Germany

crewing@ds-crewing.de
Tel.. +49 (40) - 76 79 61-0
Fax +49 (40) - 76 79 61-260

Our data protection officer is:

Thilo Noack, SharedIT Professional GmbH & Co. KG
Saebystrasse 17a
24576 Bad Bramstedt
Germany
thilo.noack@shared-it.de

Security and protection of your personal data

We consider it our most important task to maintain the confidentiality of the personal data you provide and to protect it from unauthorised access. For this reason, we take the greatest care and apply the most modern security standards to ensure maximum protection of your personal data.

As a privately owned company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the german Federal Data Protection Act (BDSG). We have developed technical and organisational measures to ensure that the regulations on data protection are observed not only by us but also by our external service providers.

Definitions

The legislation requires that personal data are processed lawfully, fairly and in a manner that is comprehensible to the data subject ("lawfulness, fair processing, transparency"). To ensure this, we inform you about the individual legal definitions that are also used in this privacy policy:

1. personal data
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. processing
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration of retrieval, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. restriction of processing
Restriction of processing" includes the marking of stored personal data with the aim of limiting their future processing.

4. profiling
"Profiling" means any kind of automated processing of personal data which enables that personal data to be used to evaluate certain individual aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

5. pseudonymisation
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable individual.

6. file system
"File system" means any structured compilation of personal information that is accessible according to specified criteria, whether the arrangement of that compilation is controlled centrally or decentrally or according to functional or geographical considerations.

7. the controller
The term “controller” means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are prescribed by European Union law or the law of its Member States, the controller and/or the specific criteria for the designation of the controller may be prescribed by European Union law or the law of its Member States.

8. information processors
The term "data processor" refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. receiver
"recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under European Union law or the law of its Member States shall not be considered as recipients; the processing of such information by the designated authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing.

10. third party
"Third party" refers to a natural or legal person, public authority, agency or other place other than the data subject, the controller, the processor and the persons authorised to process personal data under the direct or indirect responsibility of the controller or the processor.

11. Consent
"Consent" of the data subject means any voluntary, freely given, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of the personal data concerned.

Lawfulness of the processing

The processing of personal data is only lawful if there is a legal basis for the processing. According to the GDPR, the legal basis for processing can be Article 6 (1) (a) - (f):

a. The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes:
b. processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures at the request of the data subject;
c. processing is necessary for compliance with a legal obligation to which the data controller is subject;
d. the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e. processing is necessary for the performance of a task carried out in the public interest entrusted to the controller or in the exercise of official authority vested in the controller;
f. processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Information on the collection of personal data

(1) In the following points we inform you about the collection of personal data when using our website: Examples of personal data are name, address, e-mail addresses, user behaviour.

(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data resulting from this connection as soon as their storage is no longer necessary or their processing is restricted, provided that there are legal retention obligations.

Collection of personal information by visiting our website

If you use the website for purely informational purposes, i.e. do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to access our website, we collect the following information, which we need for technical reasons to display our website and to ensure its stability and security (the legal basis for this can be found in GDPR Art. 6 para. 1 p. 1 lit. f).

IP adress
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (specific page)
Access Status/HTTP Status Code
the amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software

Access data

The website operator or provider of the website collects data on accesses to the page and stores these as "server log files". The data is documented as follows:

Visited website
Time of access
IP address used (in anonymised form)

The data collected is used exclusively for statistical evaluations and to improve the performance of our website. The website operator reserves the right to subsequently check the server log files if there are concrete indications of illegal activity. In this respect, the log files are stored for 7 days; the legal basis is Art. 6 para. 1 lit. f) GDPR, the protection of the overriding interests in the correct presentation of our offer and better security to combat cyber attacks, based on a weighing of interests.

Cookie Consent Tool

We use the cookie consent tool from Cookiebot to obtain effective user consent for cookies and cookie-based applications that require consent. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. By integrating this tool, users are shown a banner when they call up the page, in which they can give their consent to certain cookies and/or cookie-based applications by ticking the appropriate box. The tool blocks the setting of all cookies requiring consent until the respective user gives the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on your respective end device if you have given your consent. In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected when our website is called up by the cookie consent tool, transmitted to the server of the provider of the cookie consent tool and stored there. This data processing is carried out in accordance with Art. 6 (1) f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Further legal basis for the described data processing is Art. 6 para. 1 lit. c) GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.

Telecommunications Telemedia Data Protection Act (TTDSG)
The legal basis for the storage and retrieval of information in the end user's terminal equipment is consent, according to § 25 para. 1 p. 1 TTDSG. This consent is requested when the website is called up.
According to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or the access to information already stored in the end user's terminal equipment is absolutely necessary in order for the provider of a telemedia service to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as "technically necessary cookies") and therefore fall under the exemption of Section 25 (2) TTDSG and thus do not require consent.
Please note that the legal basis for the downstream processing of personal data then results from the GDPR. You will find the relevant legal basis for the processing of personal data on this website in the further course of this data protection information.

Use of cookies

In addition to the previously mentioned data, cookies or similar technologies such as pixels (hereinafter generally referred to as "cookies") are used on your computer when you use and visit our website. Cookies are either small databases that are stored by your browser on your end device to store certain information, or image files such as pixels. The next time you call up our website with the same terminal device, the information stored in cookies is subsequently sent back either to our website ("first party cookie") or to another website to which the cookie belongs ("third party cookie").
Through the stored and returned information, the respective website recognises that you have already called up and visited it with the browser of your end device. We use this information to optimally design and display the website according to your preferences. Only the cookie itself is identified on your end device. Any further storage of personal data only takes place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Unconditionally required cookies (type a)
Functional and performance cookies (type b)
Cookies requiring consent (type c)

Essential cookies (type a)
Essential cookies ensure functions without which you cannot use our websites as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies is returned to our website.
Essential cookies are used, for example, to ensure that you, as a registered user, always remain logged in when accessing various sub-pages of our website and thus do not have to re-enter your login data each time you call up a new page.
The use of essential cookies on our website is possible without your consent. For this reason, cookies that are absolutely necessary cannot be individually deactivated or activated. However, you have the option to generally deactivate cookies in your browser at any time (see below).

Functional and performance cookies (type b)
Functional cookies allow our website to store information you have already provided (such as registered name or language selection) and offer you improved and more personalised features based on this information. These cookies only collect and store anonymised information, so they cannot track your movements on other websites.
Performance cookies collect information about how our websites are used in order to improve their attractiveness, content and functionality. These cookies help us to determine, for example, whether and which subpages of our website are visited and which content users are particularly interested in. In particular, we record the number of times a page is accessed, the number of sub-pages accessed, the time spent on our website, the order of the pages visited, which search terms led you to us, the country, region and, if applicable, the city from which access is made, as well as the proportion of mobile devices accessing our websites. Furthermore, we record movements, "clicks" and scrolling with the computer mouse in order to understand which areas of our website are of particular interest to users. As a result, we can tailor the content of our website more specifically to the needs of our users and optimise our offering. The IP address of your computer transmitted for technical reasons is automatically anonymised and does not allow us to draw any conclusions about the individual user.
You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

Legal basis: Art. 6 para. 1 lit. f) GDPR

Cookies requiring consent (type c)
Cookies that are neither absolutely necessary (type a) nor functional or performance cookies (type b) are only used after your consent.
We reserve the right to also use information obtained by means of cookies from an anonymised analysis of the usage behaviour of visitors to our websites in order to display specific advertising for certain of our products to you on our own websites. We believe that this benefits you as a user because we display advertising or content that we believe, based on your browsing behaviour, matches your interests and so you are less likely to be shown randomly scattered advertising or specific content that may be of less interest to you.
Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertising for the user.

Legal basis: Art. 6 para. 1 lit. a) GDPR

Opt-out for marketing cookies
You can also manage cookies used for online advertising through tools developed in many countries as part of self-regulatory programmes, such as the US-based www.aboutads.info/choices/ or the EU-based www.youronlinechoices.com/uk/your-ad-choices.

Legal basis: Art. 6 para. 1 lit. a) GDPR

Management and deletion of all cookies
In addition, you can set your internet browser to generally prevent cookies from being saved on your end device or to ask you each time whether you agree to cookies being set. Once cookies have been set, you can also delete them at any time. You can find out how all this works in detail in the help function of your browser.
We use the following cookies described here for the following purposes:

Google Tag Manager

With the Google Tag Manager, marketers can manage website tags via an interface. However, the Tag Manager itself, which deploys the tags, works without cookies and does not collect any personal data. The Tag Manager merely ensures that other tags are triggered. Corresponding explanations on these respective third-party providers can be found in this privacy notice. However, the Google Tag Manager does not use this data. If you have set or otherwise made a deactivation of cookies, this will be observed for all tracking tags that were used with the Google Tag Manager, so the tool does not change your cookie settings.
The legal basis is Art. 6 para. 1 lit. a) GDPR.

Additional functions and offers on our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide personal data which we use to provide the respective service and for which the above-mentioned data processing principles apply.

(2) We sometimes use external service providers to process your data. We have carefully selected and commissioned them, they are bound by our instructions and are regularly checked.

(3) In addition, we may disclose your personal data to third parties when we offer contracting or other services in cooperation with partners.

(4) If our service providers are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

Applicant management

Dr. Peters Group collects, stores and processes personal data from applicants for the purpose of handling the application process. This may also involve electronic processing. This is the case if the applicant sends corresponding application documents to the data controller electronically, e.g. by e-mail or using a form that you can find on the website.

The legal basis for the processing of your personal data in this application procedure is Art. 6
(1) lit. b) GDPR. According to this, the processing of data is permissible insofar as it is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures.
Should the data be required for legal prosecution after the application process has been completed, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular in order to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then consists in the assertion or defence of claims.

Your application data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who need this for the proper course of our application procedure.

In the event that Dr. Peters concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no contract is concluded with the applicant, the application documents are automatically deleted within three months after notification of the rejection of the application, provided no other legitimate interests are opposed. Other legitimate interests are subject to proof in proceedings under the General Equal Treatment Act (AGG).

The data is processed exclusively in data centres in the Federal Republic of Germany.

Children
Our offer is basically aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.

Rights of the data subject

(1) Revocation of consent
If the processing of personal data is based on the granting of consent, you have the right to revoke this consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To exercise your right of revocation, you can contact us at any time.

(2) Right to confirmation
You have the right to request an explanation from the controller as to whether we are processing personal data concerned. You can request the declaration at any time using the contact details above.

(3) Right to information
When personal data is processed, you have the right to request disclosure of the following facts about that personal data at any time:

a. The purpose of the processing;
b. the categories of personal data that are processed;
c. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
d. if possible, the planned duration of the storage of the personal data or, if this is not possible, the criteria for determining this duration;
e. the existence of a right to rectification or erasure of the personal data concerned or to restriction of their processing by the data controller or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. if the personal data have not been collected from the data subject, any available information on the source of the information;
h. the existence of automated decision-making including profiling pursuant to Section 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved, the scope and the intended effects of such processing for the data subject.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed about the applicable safeguards under Article 46 GDPR in connection with the transfer of the information. We will provide you with a copy of the personal data that is the subject of the processing. For any additional copies that you may request in person, we are entitled to charge a reasonable fee based on the administrative costs. If you apply electronically, the information will be provided in a commonly used electronic format unless otherwise stated. The right under paragraph 3 to obtain a copy must not prejudice the rights and freedoms of other persons.

(4) Right of rectification
You have the right to obtain from us the rectification without delay of any inaccurate personal data concerned. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

(5) Right to erasure ("right to be forgotten")
You have the right to request the data controller to delete personal data relating to you without undue delay and we are obliged to delete personal data without undue delay if one of the following reasons applies:

a.    The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b.    The data subject revokes his/her consent underlying the processing pursuant to GDPR Art. 6 (1) (a) or Art. 9 (2) (a) and there is no other legal basis for the processing.
c.    The data subject objects to the processing pursuant to Article 21 GDPR and there is no overriding legal basis for the processing, or the data subject objects to the processing pursuant to Article 21 GDPR.
d.    The personal data have been processed unlawfully.
e.    The erasure of the personal data serves the fulfilment of a legal obligation under the law of the European Union or the law of its Member States to which the controller is subject.
f.    The personal data have been collected in connection with the services offered by the information society in accordance with GDPR Article 8 (1).

Where the controller has disclosed the personal data and is obliged to erase it pursuant to paragraph 1, it shall take reasonable steps, taking into account the available technology and the cost of implementation as well as the technical circumstances, to inform the data controllers processing the personal data that a data subject has requested the erasure of all links to, or copies or replications of, such personal data.

The right to erasure ("right to be forgotten") does not apply insofar as the processing is necessary:

- For the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest on behalf of the controller or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with GDPR Art. 9 (2) (h) and (I) and Art. 9 (3);
- for archiving, historical research or statistical purposes in the public interest pursuant to Section 89 (1) GDPR, insofar as it is to be expected that the right pursuant to paragraph 1 will render impossible or significantly impair the achievement of the objectives of such processing, or
- for the assertion, implementation or defence of a legal claim.

(6) Right to restrict processing
You have the right to request us to restrict the processing of your personal data if one of the following conditions applies:

a.    The accuracy of the personal data of the data subject is contested, including a period of time needed for the controller to assess the accuracy of the personal data,
b.    The processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that the use of the personal data be restricted;
c. the controller no longer needs the personal data for the purposes of processing, but the data subject needs the data for the assertion, exercise or defence of legal claims; or
d.    The data subject has objected to the processing pursuant to Article 21 (1) of the GDPR as long as it is not clear whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted in accordance with the conditions described above, such personal data may - apart from being stored - only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the European Union or one of its Member States. In order to exercise the right to restrict the processing, the data subject may contact us at any time using the contact details provided above.

(7) Right to data portability
You have the right to receive the personal data concerned that you have provided to us in a structured, generally accessible and machine-readable format, and you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, insofar as this is possible:

a. The processing is based on consent pursuant to Section 6 (1) (a) or Section 9 (2) (a) GDPR or on a contract pursuant to Section 6 (1) (b) and

b. the processing is carried out with the aid of automated procedures.

When exercising the right to data portability under paragraph 1, you have the right to have the personal data transferred directly from one controller to another controller where technically feasible. The exercise of the right to data portability does not affect the right to erasure ("right to be forgotten"). Processing is necessary for the performance of a task carried out in the public interest entrusted to the controller or in the exercise of official authority vested in the controller;

(8) Right of appeal
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be used for these purposes.

In connection with the use of the services of the information company, by way of derogation from Directive 2002/58/EC, you may exercise your right to object through automated procedures using technical specifications.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR, unless the processing serves a task in the public interest.

You can exercise your right to object at any time by contacting the respective controller.

(9) Automated decision making including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is:

a. are necessary for the conclusion or performance of a contract between the data subject and the controller,

b. is authorised on the basis of legislation of the European Union or its Member States to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or

c. be carried out with the express consent of the data subject.

The controller shall take reasonable steps to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and contest the decision.

The data subject may exercise this right to object at any time by contacting the relevant controller.

(10) Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. Your competent supervisory authority is the authority competent for your place of residence. You can find a list of all supervisory authorities here www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

(11) Right to an effective remedy
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective remedy if you consider that your rights under this Regulation have been infringed as a result of processing of your personal data which does not comply with this Regulation.

Legal validity

If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.