Privacy Policy for Personal Data Processing

The protection of your personal data during processing during your entire employment is a very important concern for us.
In the following, we explain what information we collect during the employment process and how it is used.

1. Responsible Entity
Responsible Entity in terms of data protection law is your employer (companies from the Käfer Group).
As part of the data processing the following company is mandated with administration:

© Käfer AG
Human Resources Department
Heimstettener Straße 1
85599 Parsdorf

Tel .: +49 (0) 89 4168-641

represented by:
CEO Michael Käfer and Dr. Klaus Petermann
Chairman of the Supervisory Board Clarissa Käfer
Munich Commercial Register HRB 235613

2. Personal Data
Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, phone number and date of birth.

3. Collection and processing of personal data
The processing of data of employees takes place in the area of the personnel department. The purpose of the processing is the creation, implementation, organization and termination of employment.
Applicant data is collected, processed and used for the purposes of selecting potential employees. Once an employment relationship has been established (for example, by starting work), the employment data is used to fulfill the employer's responsibilities ("Responsible Entity") towards the employees. The same applies to any legal obligations to public authorities – e. g. in the area of social contributions.
If you provide us with personal information as part of the application process, these are classified for collection and / or use in the following types of data and data categories:
- personal data (first and last name, date of birth, address, graduation)
- Communication data (telephone number, mobile phone number, fax number, e-mail address)
- Marital status / information about children
- Religious information
- Bank details
- information on wage garnishment
- information (by third parties, e. g. credit bureaus or public directories)
- data on education (school, vocational training, study)
- Data on past professional experience, training and employment certificates
- information on other qualifications (eg language skills, computer skills, voluntary work)
- photo
- vacation times
- Information related to occupational integration management (BEM)

4. Use, purpose of processing and disclosure of personal data
The data is passed on internally in the company to the departments that are involved in the service provision process, if and to the extent that this is mandatory for operational matters. All employees responsible for data processing are required to protect the confidentiality of your data.
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

a) For the fulfillment of contractual obligations (Article 6 (1) (b) of the GDPR)
The processing of personal data (Art. 4 No. 2 of the GDPR) involves the delivery of goods, in particular for the execution of our contracts with you and the execution of your orders as well as all the activities required for the operation and administration of a company. The purpose of data processing is primarily based on the specific products and services.

b) As part of the balancing of interests (Article 6 (1) (f) of the GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples:
• Review and optimization of needs analysis and direct customer approach procedures;
• advertising or market and opinion research, provided that they have not objected to the use of your data;
• asserting legal claims and defense in legal disputes;
• ensuring IT security and IT operations;
• prevention and investigation of criminal offenses;
• Measures for the business control and further development of services and products.

c) On the basis of your consent (Article 6 (1a) of the GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (e. g. disclosure of data to third parties, evaluation of data for marketing purposes), the legality of this processing is based on your consent. A given consent can be revoked at any time.
Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.

d) Due to legal requirements (Article 6 (1) (c) of the GDPR)
In addition, we are subject to various legal obligations, i. e. legal requirements (e. g. commercial law, tax laws, etc.). As far as data is processed in this regard, this is done exclusively on the basis of these regulations.

We do not share your personal information with third parties, unless you have consented to the data transfer or we are required by law and / or regulatory or court orders to a data transfer.

5. Use of Personal Data for Advertising Purposes
(1) Your address and order data are processed by us for our own marketing purposes. Of course, you can reject to the processing or use of your personal data for advertising purposes at any time by sending an informal message to or via our contact form. After receipt of a revocation we will process your data no longer for purposes other than to process your order.

(2) A transfer of your personal data to third parties for the purpose of advertising or market and opinion research does not take place without your consent.

6. Order Data Processing
Due to a separate agreement on the processing of personal data also by the Käfer AG, the parent company and management of the Käfer Group, Heimstettener Straße 1, 85599 Parsdorf, Germany, may be transferred, e. g. for paying salaries, in the context of a commissioned data processing in accordance with Art. 28 GDPR according to the relevant legal requirements commissioned, processed and used.

7. Storage and Deletion of Data
We adhere to the principles of data avoidance and data economy. If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract or for the fulfillment of the contractual purpose.
In addition, we are subject to various storage and documentation obligations, which result, inter alia, from the German Commercial Code (HGB) and the Tax Code (AO). These
specified periods for storage or documentation are two to ten years.
Finally, the storage period is also judged by the statutory limitation periods, which can be, for example, according to §§ 195 ff. Of the Civil Code (BGB) usually three years, in some cases, but also up to thirty years.
After discontinuation of the respective purpose or expiration of these deadlines, the corresponding data will be routinely and in accordance with the statutory provisions blocked or deleted. Excluded from this is the data, if you have explicitly agreed to a longer storage.

8. Safety
All necessary technical and organizational security measures to protect your personal data against unauthorized access, loss and misuse are taken by us. This saves your data in a secure operating environment that is inaccessible to the public. To protect the security of your data during transmission, we use encryption techniques (e.g., SSL) over HTTPS. Our servers are secured by firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are routines for us. Our employees are obliged to observe the regulations of the TMG, the BDSG and the GDPR when dealing with data. With regard to access control, care is taken to ensure that only authorized employees are granted access rights.

9. Right to Information and Revocation
Each data subject has the right to information pursuant to Art. 15 of the GDPR, the right to a correction under Art. 16 of the GDPR, the right to cancellation under Art. 17 of the GDPR, the right to limit processing according to Art. 18 of the GDPR and the right to data portability under Art. 20 of the GDPR. And the right to information and the right to delete the restrictions according to §§ 34 and 35 BDSG. In addition, there is a right of appeal to a data protection supervisory authority (article 77 of the GDPR in conjunction with section 19 BDSG).
All enquiries, requests for information or objections to data processing should be directed to us by e-mail.

10. Questions to the Data Protection Officer
If you have any questions about data protection at Käfer AG, please write us an e-mail or contact our data protection officer directly:

Mr. Nikolaos Mitulidis
Data Protection Officer of the Käfer Group
Käfer AG (administration of the Käfer Group)
Heimstettener Straße 1
85599 Parsdorf
Tel .: +49 (0) 89 4168-451
Fax: +49 (0) 89 4168-216

11. Change of our privacy policy
We reserve the right to occasionally adjust this privacy policy to always comply with the latest legal requirements and operating conditions.