PRIVACY STATEMENT

General and obligatory information

The data controller under data protection legislation, in particular the EU General Data Protection Regulation (GDPR), is:

OPTIMAL Automotive GmbH
Alfred-Kühne-Straße 3
85416 Langenbach
Germany

Phone: +49 (0) 8761 7206-0
Fax: +49 (0) 8761 7206-121

Email: info@optimal-germany.com
Website: www.optimal-germany.de

Managing Director: Iwan Schmitz

The data controller is responsible for deciding alone or together with others about the purposes and means of processing personal data (e.g. names, contact details).

Data protection officer

If you have any questions about data protection, please send us an email:

Email: Datenschutz@optimal-germany.com

1.                     Data subject rights

You can exercise the following rights at any time by contacting our data protection officer using the details provided:

·         Withdraw your consent to data processing

Some data processing activities are only possible with your express consent. Once you have consented to data processing, you may withdraw your consent at any time in accordance with Article 7(3) GDPR. A simple email will suffice. The withdrawal of consent will not affect the lawfulness of data processing which took place before consent was withdrawn.

·         Right to lodge a complaint with the competent supervisory authority

As a data subject, you have the right in accordance with Article 77 GDPR to lodge a complaint with the competent supervisory authority in the event of a breach of data protection legislation. The competent supervisory authority for matters relating to data protection is the Bavarian Data Protection Commissioner (Bayerischer Landesbeauftragte für Datenschutz).

The following link takes you to the official website of the Federal Commissioner for Data Protection and Freedom of Information. You can find the required contact details here: https://www.bfdi.bund.de/SharedDocs/Adressen/LfD/Bayern.html?nn=5217144

·         Right to data portability

In accordance with Article 20 GDPR, you have the right to receive or have transmitted to a third party the data which we process by automated means on the basis of your consent or on the basis of performing a contract. The data will be provided in a machine-readable format. If you request that the data be transferred directly to another controller, this will only be done where technically feasible.

·         Right of access and right to rectification, erasure and restriction of processing

In accordance with the applicable legal provisions under Article 15 GDPR, you have the right at any time to obtain access free of charge to the personal data concerning you which we have processed. In particular, you can request information about the following: the purposes of the processing; the categories of personal data concerned; the categories of recipient to whom your data has been or will be disclosed; the envisaged duration of storage; the existence of the right to rectification, erasure or restriction of processing or to object to such processing; the existence of the right to lodge a complaint; the source of the data if it was not collected by us; the existence of automated decision-making, including profiling and, if applicable, meaningful information on the details concerning this.

In accordance with Article 16 GDPR, you have the right to request the rectification without undue delay of inaccurate personal data we have stored about you.

Furthermore, pursuant to Article 17 GDPR, you are entitled to request the erasure of the personal data we have stored about you, provided that processing thereof is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

In accordance with Article 18 GDPR, you have the right to request that the processing of your personal data be restricted in any of the following cases: you do not believe the data to be accurate; the processing is unlawful, but you are opposed to the data being erased; we no longer need the personal data, but you require it for the establishment, exercise or defence of legal claims; you have objected to the processing pursuant to Article 21 GDPR.

If you have any questions about your rights or any other matters relating to your personal data, please do not hesitate to contact us using the details provided on the legal notice on our website.

2.                     SSL or TLS encryption

For security reasons and to secure the transmission of confidential information which you send to us in our capacity as the site operator, our website uses SSL or TLS encryption. This prevents third parties from being able to access the data you transfer through our website. A connection is encrypted whenever “https://” or a lock symbol appears in your browser’s address bar.

3.                     Server log files

When you visit our website, information of a general nature is automatically recorded using a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the website content you have requested and is mandatory when using the Internet. In particular, they are processed for the following purposes:

·         The page you visited on our domain

·         Date and time of the server request

·         Browser type and browser version

·         Operating system

·         Referrer URL

·         Host name of the computer accessing the website

·         IP address

This data is not merged with data from any other sources. The legal basis for the data processing is Article 6(1)(b) GDPR, as it is within our legitimate interest to improve our website’s stability and functionality. The data is stored for seven days and is automatically deleted after this period.

The provision of the aforementioned personal data is neither required by law nor by contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed.

4.                     Contact form

Data transmitted using our contact form, including your contact details, is stored so that we can process your enquiry and contact you in the event of follow-up questions. This data will not be disclosed to third parties without your consent.

The data entered into the contact form is processed on the basis of a legitimate interest (Article 6(1)(f) GDPR) and for the purpose of initiating, performing or ending a contractual relationship (Article 6(1)(b) GDPR). 

We will store data transmitted via our contact form until you ask us to delete it or you withdraw your consent to its storage or until we no longer need to store it. Mandatory legal provisions, in particular statutory retention periods, will not be affected by this.

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, your e-mail address and the reason for the request.

5.                     Social media plugins

Our website uses social medial plugins from the providers listed below. These plugins can be identified from the providers’ respective logos.

In certain circumstances, information, which may include personal data, is sent to the service providers through these plugins and possibly used by them. We use a two-click solution to prevent data from being collected and transferred to the service providers without your knowledge or consent. To activate a social media plugin, users first need to click on the button in question. Data can only be collected and transferred to the respective service provider once the plugin has been activated in this way. We do not collect any personal data through the social media plugins or about their use.

We have no influence over which data an activated plugin collects and how this data is used by the provider. At present, we have to assume that a direct connection to the provider’s services is established and at least the user’s IP address and data about their device are collected and used. The service providers may also attempt to store cookies on your device. Please see the providers’ privacy policies for specific information about which data is collected and how it is used. Please note: If you are logged into Facebook at the same time as visiting our website, Facebook may be able to identify which webpages you have visited.

·         Facebook

Our website uses plugins from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). When you visit a page on our website which includes a Facebook plugin, a connection to Facebook’s servers is established which instructs your browser to display the plugin on that webpage. Information about which of our webpages you have visited is then transferred to Facebook’s server. If you are logged into Facebook at the same time, Facebook will link this information to your personal Facebook account. If you use the plugin’s features (e.g. by clicking the “Like” button or posting a comment), this information will also be linked to your Facebook account. You can only prevent this by logging out of your account before using the plugin. If you do not want Facebook to link the data it collects through our website to your Facebook account, you need to log out of Facebook before visiting our website. Please see Facebook’s Data Policy (https://www.facebook.com/about/privacy/) for information about which data Facebook collects, the purposes for which it collects this data, how it processes and uses data, your rights and how you can change your settings to protect your privacy.

·         Instagram

Our website uses functions from the social network Instagram. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to this website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram. The data are stored and analyzed on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR; the consent can be revoked at any time. You can find more information on this in Instagram’s data protection declaration: https://instagram.com/about/legal/privacy/.

·         Twitter

Our website uses features from the service provider Twitter. These services are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

When you use Twitter and the “Retweet” feature, the websites you visit are linked to your Twitter account and published on your Twitter feed. This results in data being transferred to Twitter. We have no knowledge of which data is transferred or of how Twitter uses this data. Please see Twitter’s Privacy Policy for more information: https://twitter.com/privacy.

·         YouTube

We use YouTube plugins to integrate and display video content on our website. The provider of this video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit a webpage with an integrated YouTube plugin, a connection is made with YouTube’s servers. This provides YouTube with information about which of our webpages you have visited.

If you are logged into your YouTube account, YouTube can link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.

We use YouTube to make our website more appealing. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

Please see YouTube’s Privacy Policy for more information about the processing of user data: https://www.google.de/intl/en/policies/privacy.

·         XING

Our website uses features from the network XING, which is provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

When you visit a webpage with integrated features from XING, a connection to XING’s servers is established. As far as we are aware, this does not result in any personal data being stored. XING does not store any IP addresses or analyse your browsing behaviour.

Please see XING’s Privacy Policy for information about data protection and the XING share button: https://www.xing.com/app/share?op=data_protection.

·         LinkedIn

Our website uses features from the network LinkedIn, which is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

When you visit a webpage with integrated features from LinkedIn, a connection to LinkedIn’s servers is established. This informs LinkedIn of the IP address you have used to visit our webpages. If you click on the LinkedIn “Recommend” button while you are logged into your LinkedIn account, LinkedIn can link your visit to our webpage to you and your user account. As the provider of this website, we do not have any knowledge of which data is transferred or how it is used by LinkedIn.

Please see LinkedIn’s Privacy Policy for more information: https://www.linkedin.com/legal/privacy-policy.

6.                     Cookies

Our website uses cookies. Cookies are small text files which your web browser stores on your end device. They help us to make our website more user-friendly, efficient and secure.

While session cookies are automatically deleted at the end of your browser session, other cookies remain on your end device until you delete them yourself. These cookies help us to identify you if you visit our website again.

Up-to-date web browsers are able to monitor, restrict and block cookies. Many web browsers can be configured to delete cookies automatically when the program is closed. Deactivating cookies may, however, reduce the functionality of our website.

If other cookies are set (e.g. for analysis functions), the legal basis for this processing is your consent, Article 6(1)(f) GDPR. They serve to tailor the offer on a website better to the interests of the visitors or to generally improve them on the basis of statistical evaluations.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via the settings of your browser (see revocation of consent). Please note that individual functions of our website may not work if you have deactivated the use of cookies.

The data may be transferred to technical service providers responsible for operating and maintaining our website as processors contracted by us. We have concluded appropriate processing agreements with these service providers.

We use the following cookies:

Name:	Provider:	Purpose:	Expiry:	Type:
CookieConsent(required)	Cookiebot	Stores the user’s cookie consent status for the current domain.	1 year	http
_pk_id#	Matomo	Collects statistics about the user’s visits to the website, such as the number of visits, average time spent on the website and which pages were read.	1 year	http
_pk_ses#	Matomo	Used by the Piwik Analytics Platform to track the visitor’s page views during the session.	1 day	http

7.                     Matomo (Webtracking)

With your permission, we will use the web analytics service Matomo (www.matomo.org), which is provided by InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand, („Matomo“) to collect data of statistic analytics and user behavior for optimization- and marketing purposes. According to Article 6 (1)(a) GDPR, data will be collected and saved.

Matomo cookies are only placed on your device if you consent to this in our cookie banner.

a.       IP-Anonymization

Based on this kind of data, it is possible to create and analyze anonymized/pseudonymised user profiles for the same purposes. Hereto, cookies are used. These kind of cookies make it possible to recognize the used web browser.

The through the Matomo-Technology gained Data (including your pseudonymised IP-Address) will be processed locally on our Webserver.

The collected informations from the pseudonymised user profile will not be used to identify the visitor and won’t be brought together with person related Data of the pseudonym user or the person behind the pseudonym.

b.      Withdraw of consent

You are always able to withdraw your approval for the future, if you remove the tick in the box „Statistics“. Don’t forget to click „save and exit“ afterwards, as described in II.2. above.

8.                     Recruitment management

We collect various pieces of personal data during the recruitment process. Personal data includes any information which allows conclusions to be drawn about your personal or factual circumstances or which allows you to be identified. The following data is collected and processed to allow us to process your application automatically:

• First name, surname, address, email address, date of birth, title, telephone number, country of residence and nationality
• Additional questions specific to the advertised position (e.g. driving licence)
• CV, in particular information on professional experience and education
• Skills and competencies relating to the advertised position
• Photo
• Qualifications, awards and language skills
• Files and documents which you send to us or upload to support your application

When you transfer your application data to us, you automatically consent to the processing of your personal data for the purposes outlined in this Privacy Policy.

When processing your application, we do not require any information which is not permitted to be processed under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz), including data on race, ethnic origin, gender, disability, religion or belief, and age. Please do not send us any information which is irrelevant to the processing of your application in accordance with the General Act on Equal Treatment (e.g. information on medical conditions, pregnancy, membership of a trade union or your sexual orientation).

Furthermore, please do not send us any content which could violate copyright or the rights of third parties under press laws. 

a.       Processing and use of personal data

The data you transfer to us is only collected, processed and used in connection with the processing of your application to OPTIMAL Automotive GmbH.

If you are hired by our company, we will use the information you have transferred to us for administrative purposes relating to payroll, financial accounting and HR management.

Your personal data will only be collected or processed by individuals who are responsible for processing applications. All staff involved in this process have been obligated to treat your data confidentially. In particular, they are not permitted to transfer data to unauthorised parties.

If you submit your application in writing, your personal data will be entered into our applicant management system. Hard copies will be returned to you after your data has been entered into our system.

If you submit your application by email, we will also enter your data into our applicant management system. Your email will then be stored for two weeks, before being automatically deleted at the end of this two-week period.

Please note that emails are not generally encrypted by default. Applicants should therefore take their own steps to encrypt their emails. This is why we recommend either applying online or sending in your application by post.

b.      We process your data for the following purposes and on the following legal basis:

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG):

To fulfil pre-contractual obligations (Article 6(1)(b) in conjunction with Article 88 GDPR and Section 26 BDSG)

We will only use the data you send to us to evaluate your suitability for the role and to get in contact with you.

Processing takes place for the purpose of establishing an employment relationship with you and involves taking steps at your request prior to entering into a contract.

To fulfil contractual obligations (Section 26 BDSG)

Data processing takes place for the purpose of maintaining or terminating an employment relationship on the basis of a contract concluded with you or involves taking steps at your request prior to entering into a contract. If you claim additional benefits (e.g. a childcare subsidy), your data will, wherever necessary, be processed to provide these additional benefits.

After weighing up interests (Article 6(1)(f) GDPR)

If necessary, we will process your data for reasons beyond the performance of a contract if doing so is required for the purposes of our legitimate interests or those of a third party. Examples of such cases include the following:

• Measures relating to building and system security (e.g. the operation of video cameras, access controls, locking systems)
• The establishment of legal claims and the provision of a defence in the case of legal disputes

c.       Storage

If we are unable to offer you a position, we will keep your data for a maximum of six months following this decision so that we can answer any questions relating to our decision not to employ you.

Please contact us if you want us to delete your data or if you would like to make a request for information in accordance with Article 15 GDPR. You can reach us on 08761 72060 from Monday to Friday between 8:00am and 4:30pm. If you are calling from outside Germany, please dial 0049 8761 72060. Alternatively, please send an email to d.puhovec@optimal-germany.com or to our data protection officer at datenschutz@optimal-germany.com

d.      Data security

We place immense value on keeping your personal data secure, which is why we protect it from access by unauthorised parties. We do this using a range of measures, including antivirus software, a firewall and encrypted connections to our applicant management system. We also regularly update our security systems to ensure that they provide protection against the latest threats.

e.       Encryption

You are also welcome to send us your application in an encrypted form. Please send us the password needed to decrypt the file separately or communicate it to us over the phone.

9.                     Changes to our Privacy Policy

We reserve the right to change this Privacy Policy to ensure that it always complies with current legal requirements or to ensure that it takes into account any changes to our services, e.g. if we introduce new services. In such cases, the new Privacy Policy will apply when you next visit our website.