Privacy Policy

1) Information on the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is DriveCon GmbH, Mainfrankenpark 59, 97337 Dettelbach, Deutschland, Tel.: +49 9302 931 856, E-Mail: info@drivecon.de.

The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Contact data protection:

datenschutz@drivecon.de

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

It is also possible to use alternative communication channels (e.g. by post).

2) Data collection when visiting our website

When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use. After 7 days at the latest, the IP address is anonymized by shortening it so that no reference to the user can be made.

We collect and process the following data as part of a contact request:

Salutation
First name, surname
company name
Contact details (telephone number, e-mail address)
Information on wishes and interests
We collect and process the following data when you use the application form:
- Salutation
- First name, surname
- Contact details (telephone number, e-mail address)
- Application documents (cover letter, CV, references including the information contained therein)

3) Purposes and legal bases of data processing

When processing your personal data, the provisions of the GDPR and all other applicable data protection regulations are complied with. The legal basis for data processing arises in particular from Art. 6 GDPR.

We use your data to initiate business, to fulfill contractual and legal obligations, to execute the contractual relationship, to offer products and services and to provide a website to present our company.

Your consent to data processing may also constitute a data protection authorization requirement. Before you give your consent, we will inform you about the purpose of the data processing and your right of withdrawal.

If the consent also relates to the processing of special categories of personal data, we will expressly point this out to you in the consent. Processing of special categories of personal data in accordance with Art. 9 GDPR only takes place if this is required by law and there is no reason to assume that your legitimate interest in the exclusion of processing prevails.

4) Career portal (Art. 6 para. 1 lit. a, b GDPR, § 26 para. 1 BDSG)

Thank you for your interest in working for DriveCon GmbH. We are aware of the importance of your data and process the personal data you provide in the application form only for the purpose of effective and correct processing of the application procedure and for contacting you as part of the application process. The data will not be passed on to third parties without your consent.

We offer you the opportunity to apply to us (e.g. by e-mail or post). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be processed in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

If you send us an application, we will process your associated personal data insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 lit. b) GDPR in conjunction with Section 26 para. 1 BDSG . The processing of special categories of personal data (e.g. health data) is based on your consent in accordance with Art. 9 para. 2 a) GDPR, unless legal permissions such as Art. 9 para. 2 b) GDPR are relevant. Your applicant data will be treated confidentially at all times. If we wish to process your applicant data for a purpose not mentioned above, we will inform you in advance.

If the application is successful, the data submitted by you will be stored in our data processing systems for the purpose of implementing the employment relationship.

The categories of personal data processed include, in particular, your master data (first name, surname, name affixes, nationality), contact data (private address, (mobile) telephone number, e-mail address) and other data relating to the application process (cover letter, certificates, questionnaires, interviews, qualifications and previous activities). If you have also voluntarily provided special categories of personal data (e.g. health data, religious affiliation, degree of disability) in the letter of application or during the application process, processing will only take place if you have consented to this or if a legal permission justifies this. As a rule, your personal data is collected directly from you as part of the recruitment process.

In addition, we may have received data from third parties (e.g. recruitment agencies) to whom you have made your data available for disclosure. We also process personal data that we have legitimately obtained from publicly accessible sources (e.g. professional social networks). In this respect, your data is processed on the basis of Article 6(1)(b) GDPR.

Of course, you can also communicate with us in encrypted form to transmit sensitive data by e-mail. Please contact us at jobs@drivecon.de if you wish to do so.

The decision as to whether or not to establish an employment relationship with you can only be made if you provide us with certain personal data, such as your CV. In doing so, we naturally observe the principle of data minimization and data avoidance in that you only have to provide us with the data that we need to fully review your application documents or that we are legally obliged to collect.

Unfortunately, we cannot review your application documents without this data.

Of course, you have the option of voluntarily providing us with further information in your application documents.

Recipients (categories) of personal data

Within the company, only those persons and departments (management, personnel administration, specialist department) receive your personal data that require it for the recruitment decision and to fulfill our pre-contractual/contractual and legal obligations.
External bodies (contractual partners) insofar as these are necessary for the fulfillment of the contract. External contractors (service providers) in accordance with Art. 28 GDPR to process the data on our behalf:
Other external bodies, other external bodies for the fulfillment of the above-mentioned purposes, insofar as the data subject has given their written consent, this is necessary for the fulfillment of the contract or a transfer is permitted due to an overriding legitimate interest: e.g. credit institutions (e.g. to reimburse travel expenses), tax consultants

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

5) Contact form/contact by e-mail (Art. 6 para. 1 lit. a, b GDPR)

There is a contact form on our website that can be used to contact us electronically. If you send us an email via the contact form, we will process the data you provide in the contact form to contact you and answer your questions and requests.

The principle of data minimization and data avoidance is observed in that you only have to provide the data that we absolutely need to contact you. These are your name, your e-mail address and the content of the message field itself. Your IP address is also processed for technical reasons and for legal protection. All other data are voluntary fields and can be provided optionally (e.g. to answer your questions more individually).

In order to protect the security and confidentiality of your data in the best possible way, we implement appropriate security measures. The website is encrypted with an SSL certificate. If you send us data via the contact or application form, your data and the request will also be encrypted during transmission.

If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request.

6) Cookies (Art. 6 para. 1 sentence 1 lit. a, f GDPR, § 25 para. 1, 2 TDDDG)

Our website uses so-called cookies. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your end device and saved (locally) by your browser. Cookies only contain pseudonymous, usually even anonymous data. Some cookies remain in place for the duration of a browser session (so-called session cookies), others are stored for longer periods (so-called persistent cookies, e.g. consent settings). The latter are automatically deleted after the specified time (usually 6 months). In addition to our own cookies, we also use cookies that are controlled by third-party providers. These use the information contained in the cookies, e.g. to show you content or to record the pages you have visited.

Due to our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), we set technically necessary cookies, which are absolutely necessary for the operation of the website and to ensure its functionality. Furthermore, we use cookies without your consent if their sole purpose is to store or access information stored in the terminal device for the transmission of messages or if they are absolutely necessary to provide the service you have expressly requested, Section 25 (2) TDDDG.

Subject to your consent, other cookies are used which help us or third parties, for example, to continuously develop our website and display it better. This enables us to design the content according to user needs. The legal basis for this is your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG).

You can revoke your consent via our consent banner at any time with effect for the future and change the cookie settings. Please note that changes must be made separately for each end device.

If you have accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can avoid such a combination by not giving or revoking your consent to the relevant cookies or by logging out of the respective third-party providers in advance.

Most browsers accept cookies automatically. You can also deactivate, restrict or delete cookies on your end device manually via your browser settings or with the help of software. If you deactivate the setting of cookies, you will not be able to use our website to its full extent or only to a limited extent.

Please also note our information in the section of the respective service that uses cookies.

7) Use of your data for direct advertising

7.1 Advertising by letter post

On the basis of our legitimate interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address and - insofar as we have received this additional information from you as part of the contractual relationship - your title, academic degree, year of birth and your professional, industry or business name in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and to use it to send you interesting offers and information about our products by post.

You can object to the storage and use of your data for this purpose at any time by sending a corresponding message to the controller.

The objection can be made free of charge and without giving reasons and should preferably be sent to Tel.: +49 9302 931 856, by e-mail to datenschutz@drivecon.de or by post to DriveCon GmbH, Mainfrankenpark 59, 97337 Dettelbach.

7.2 Advertising purposes for existing customers (Art. 6 para. 1 sentence 1 lit. f GDPR)

We are interested in maintaining the customer relationship with you and providing you with information and offers about our products and services. In addition, we attach great importance to the relationship with our customers, which is why we also use advertising measures aimed at improving our image and cooperation. We therefore process your data in order to send you relevant information and offers by e-mail or post.

If you do not wish this, you can object to the use of your personal data for the purpose of direct advertising at any time; this also applies to profiling insofar as it is associated with direct advertising. If you object, we will no longer process your data for this purpose.

8) Disclosure to third parties

We will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, your data will not be passed on to third parties unless we are obliged to do so on the basis of mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

9) Recipients of the data/categories of recipients

Within our company, we ensure that only those persons receive your data who need it to fulfill their contractual and legal obligations.

In certain cases, service providers support our specialist departments in the fulfillment of their tasks. The necessary data protection contracts have been concluded with all service providers. The service providers are IT service providers, our online agency and social media providers.

Within our company, we ensure that only those persons receive your data who need it to fulfill their contractual and legal obligations.

10) Transfer to third countries/intention to transfer to third countries

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual relationship, is required by law or if you have given us your consent to do so.

We do not currently transfer your personal data to any service provider or group company outside the European Economic Area.

11) Obligation to provide the data

Various personal data are necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarized the details for you in the point above. In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or perform the underlying contractual relationship without providing this data.

12) Automated decisions in individual cases

We do not use any purely automated processing procedures to reach a decision.

13) Links to other providers

Our website also contains - clearly recognizable - links to the websites of other companies. Where there are links to websites of other providers, we have no influence on their content. Therefore, no guarantee or liability can be assumed for this content. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal content was not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. If we become aware of any legal infringements, such links will be removed immediately.

14) Handling of data from customers, suppliers, contractual partners, interested parties

14.1 Category/origin of the data

We process the following personal data as part of the contractual relationship and for the initiation of the contract:

Contact data (e.g. first/surname of current and, if applicable, previous contact persons as well as name affixes, company name and address of the customer (employer), telephone number with extension, business e-mail address)
Job-related data (e.g. function in the company, department)
If applicable, bank details (in the context of a SEPA direct debit mandate also first/last name of the account holder)

We generally receive your personal data from you as part of the contract initiation process or during the ongoing contractual relationship.

14.2 Purposes and legal bases of data processing

When processing your personal data, the provisions of the GDPR, the BDSG and other relevant legal provisions are always complied with.

Your personal data will be processed exclusively for the implementation of pre-contractual measures (e.g. communication; for the preparation of offers for products or services) and for the fulfillment of contractual obligations (e.g. for the implementation of our service, the supplier contract or for order/order/payment processing), (Art. 6 para. 1 lit. b GDPR) or if there is a legal obligation to process (e.g. due to tax law requirements) (Art. 6 para. 1 lit. c GDPR). The personal data was originally collected for these purposes.

Your consent to data processing can, of course, also constitute a data protection authorization provision (Art. 6 para. 1 lit. a GDPR). Before granting consent, we will inform you about the purpose of the data processing and about your right of revocation in accordance with Art. 7 para. 3 GDPR.

DriveCon GmbH is also interested in maintaining the customer relationship with you and providing you with information and offers about our products and services. In addition, we attach great importance to the relationship with our business partners, which is why we also use advertising measures aimed at improving our image and cooperation. We therefore process your data in order to send you relevant information and offers by email or post (Art. 6 para. 1 lit. f GDPR).

15) Datenschutzerklärung/Hinweise zum Datenschutz in den Sozialen Medien

Die DriveCon GmbH unterhält Auftritte in den „Sozialen Medien“. Soweit wir die Kontrolle über die Verarbeitung Ihrer Daten haben, stellen wir sicher, dass die geltenden Datenschutzbestimmungen eingehalten werden. Nachfolgend finden Sie in Bezug auf unsere Auftritte die wichtigsten Informationen zum Datenschutzrecht.

15.1 Name und Anschrift der für den Betrieb Verantwortlichen

Verantwortlich für die Unternehmensauftritte im Sinne der EU Datenschutz-Grundverordnung (EU-DSGVO) sowie sonstiger datenschutzrechtlicher Bestimmungen sind neben der DriveCon GmbH

Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Xing (Xing SE, Dammtorstraße 30, 20354 Hamburg, Deutschland)
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
YouTube (Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Irland) - Details siehe 16.4 YouTube Videos

Diese Plattformen und ihre Funktionen nutzen Sie jedoch in eigener Verantwortung. Dies gilt insbesondere für die Nutzung der interaktiven Funktionen (z. B. Kommentieren, Teilen, Bewerten). Wir weisen Sie weiterhin darauf hin, dass dabei Ihre Daten außerhalb des Raumes der Europäischen Union verarbeitet werden können.

15.2 Purpose and legal basis

We maintain the fan and company pages ourselves in order to communicate with visitors to these pages and to inform them about our offers in this way. We also collect data for statistical purposes in order to further develop and optimize the content and to make our offer more attractive. The data required for this (e.g. total number of page views, page activity, data provided by visitors, interactions, etc.) is processed and made available by the social networks. We have no influence on the generation and presentation of this data.

In addition, your personal data will be processed by the social media providers, but also by DriveCon GmbH, for market research and advertising purposes. For example, it is possible that user profiles are created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed inside and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not collected directly from your end devices may also be stored in your usage profiles. Data is also stored and analyzed across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

The processing of your personal data by DriveCon GmbH is based on our legitimate interests in effective information and communication in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR. GDPR.

15.3 Your rights/option to object

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data on the respective network, you must

log out of the respective network before visiting our fan or company page,
delete the cookies on your device and
close and restart your browser

After logging in again, however, you will once again be recognizable to the network as a specific user.

For a detailed description of the respective processing and the opt-out options, please refer to the information linked below:

Facebook
Datenschutzerklärung: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com
Instagram
Datenschutzerklärung: https://help.instagram.com/519522125107875
Opt-Out: optout.networkadvertising.org/ und http://www.youronlinechoices.com
Xing
Datenschutzerklärung: https://privacy.xing.com/de/datenschutzerklaerung
Opt-Out: http://www.youronlinechoices.com
LinkedIn
Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/legal/cookie-policy und http://www.youronlinechoices.com

Overall, you have the following rights regarding the processing of your personal data: Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint about unlawful processing of your personal data with the competent data protection authority.

However, since DriveCon GmbH does not have complete access to your personal data, you should contact the social media providers directly when asserting your rights, as they have access to the personal data of their users and can take appropriate measures and provide information. If you still need help, we will of course try to support you. Please contact datenschutz@drivecon.de.

15.4 YouTube videos

On our website you will find links to videos on the platform of the social media service YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”).

You can recognize the corresponding video links on YouTube by the “Play symbol” and the YouTube company logo at the bottom right of the video bar. When you click on a corresponding video link, a connection to Google's servers is established. This tells Google that you have visited our website. In addition, further data is transmitted to Google. These are, for example:

Address of the website on which the activated link is located
Date and time the website was accessed or the link was activated
Information about the browser and operating system used
IP address

If you are already logged in to a Google-affiliated service, e.g. YouTube, at the time the link is activated, Google may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user accounts of the corresponding Google services. You can exclude this possibility of assignment to one of your personal user accounts if you log out of your corresponding user account beforehand.

Please note that we have no influence on the scope, type and purpose of data processing by the provider of the social media service. You can find more information on the use of your data by the videos embedded on our website in Google's privacy policy.

16) Rights of the data subject

16.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

Right to information pursuant to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries;
Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;
Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
Right to withdraw consent given in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Right to object to data processing in accordance with Art. 21 GDPR.

To assert these rights, please contact datenschutz@drivecon.de.

16.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

The objection is free of charge and can be made informally, if possible to: datenschutz@drivecon.de.

17) Duration of storage of personal data

We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Fiscal Code, etc.). If there are no further retention obligations, the data is routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the scope of statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.