Datenschutz bei der Gefährdungsbeurteilung

Privacy Policy

The protection of your personal data or the data of your company respectively, is of central importance to domeba distribution GmbH and we strictly adhere to the rules of data protection laws.

The use of our online offer is generally possible without providing personal data, however, different regulations may apply to the use of individual services. The following Privacy Policy
informs you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as “data”) within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profiles (hereinafter jointly referred to as “online offer”).

We would like to point out that internet-based data transmission has security gaps and complete protection against access by third parties is therefore impossible.

Definitions

For the definition of the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the German Federal Data Protection Act (BDSG).

Legal Responsibility

domeba distribution GmbH
A4 Gewerbepark
Bornaer Str. 205
D – 09114 Chemnitz
Fon: +49 (0)371 4002080
E-Mail: info@domeba.de

Contact data protection officer

The data protection officer for domeba is:

Mr. Matthias Voh
domeba distribution GmbH
A4 Gewerbepark
Bornaer Str. 205
D – 09114 Chemnitz
E-Mail: datenschutz@domeba.de
Fon: 0371 4002080

Cookies

We use so-called cookies on our website to recognise multiple use of our offer by the same user/internet connection owner. Cookies are small text files that your internet browser stores on your computer. They are used to optimise our website and our offers. These are mostly so-called “session cookies”, which are deleted again after the end of your visit.

In some cases, however, these cookies provide information to automatically recognize you. This recognition is based on the IP address stored in the cookies. The information obtained in this way is used to optimize our offers and to provide you with easier access to our site.

You can prevent the installation of cookies in the data protection settings or by setting your browser accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

The legal basis for the use of cookies is your consent given in the data protection settings. No separate consent is required for technically necessary (essential) cookies.

Server data

For technical reasons, the following data, among others, which your Internet browser transmits to us or to our web space provider, is recorded (so-called server log files):

  • browser type and version
  • Operating system used
  • Website from which you visit us (referrer URL)
  • Website you are visiting
  • Date and time of your access
  • Your Internet Protocol (IP) address

This anonymous data is stored separately from any personal data you may have provided and thus does not allow any conclusions to be drawn about a specific person. They are evaluated for the purpose of defending against and tracing attacks as well as for statistical purposes in order to be able to optimise our Internet presence and our offers.

Compliance Letter (Newsletter)

If you would like to receive the Compliance Letter offered on the website, we require your name and title, a valid e-mail address and information that allows us to verify that you are the owner of the e-mail address provided or that the owner agrees to receive the newsletter. No further data will be collected. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time.

Registration for our Compliance Letter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. The registrations for the Compliance Letter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes saving the time of registration and confirmation, as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.

Contact option

On our website, we offer you the opportunity to contact us by e-mail or via a contact form. In this case, the information you provide will be stored for the purpose of processing your contact. Your data will not be passed on to third parties. The data collected in this way is also not compared with data that may be collected by other components of our site.

Your data may be stored in a customer relationship management system (“CRM system”) or comparable systems. Your data will be deleted from these systems if it is no longer required.

Service Desk

On our website, we offer you the option of contacting our service desk directly with your request. If you wish to use this option, we will collect your name and contact details, your company as well as information about the nature, reproducibility and priority of the problem you have described. This data is collected and processed for the purpose of contacting you in connection with the handling of the problem as well as for the related internal documentation and, if necessary, billing.

Your data may be stored in a customer relationship management system (“CRM system”) or comparable systems. Your data will be deleted from these systems if it is no longer required.

When making a Service Desk enquiry, please ensure that the personal data transferred is kept to a necessary minimum. It is your responsibility to ensure that you are authorised to transfer this personal data.

Webinar registration

On our website, we offer you the opportunity to register for various webinars on the topic of compliance management. If you wish to use this option, we will collect your name and contact details, your company as well as information on which webinars you wish to register for. This data is collected for the purpose of contacting you within the scope of the webinar implementation as well as for the associated reminder functions (e.g. reminder e-mail two days before the start of the event).

Registration for our webinars takes place in a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s email addresses. The registrations for the webinars are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Changes to your data stored with the delivery service provider are also logged.

Test systems

On our website we offer you the possibility to register for an iManSys test system. If you want to use this option, we collect your name and contact details, your region for the allocation of sales territories, your company including the number of employees as well as your position in the company in order to be able to offer you optimised consulting services for your industry and your use case, and if necessary a message from you to us. We use your data to activate your test access and to set up your associated user, and also to contact you so that we can advise you during the testing process.

Your data may be stored in a customer relationship management system (“CRM system”) or similar systems. Your data will be deleted from these systems if it is no longer required.

When using the test systems, please note that it is up to you whether and which personal data you enter into these systems. When using real data, please ensure that you are authorised to use this data. Please also note that domeba employees have access to your test system in order to ensure optimal consultation. For more information on data security and data protection for test systems, please contact us.

The registration for our test systems is done in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. The registrations for the webinars are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Changes to your data stored with the delivery service provider are also logged.

Matomo

This website uses Matomo, an open source software for statistical analysis of visitor access. Matomo uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is stored on our server in Germany. The IP address is anonymised immediately after processing and before it is stored. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Google Adwords

We use the Google advertising tool “Google-Adwords” to advertise our website. As part of this, we use the “Conversion Tracking” analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”, on our website. If you have accessed our website via a Google advertisement, a cookie will be stored on your computer. Cookies are small text files that your internet browser places and stores on your computer. These so-called “conversion cookies” lose their validity after 30 days and are not used for your personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google will be able to recognise that you, as a user, have clicked on one of our ads placed with Google and have been redirected to our site.

The information obtained with the help of the “conversion cookies” is used by Google to compile visit statistics for our website. These statistics tell us the total number of users who clicked on our ad and which pages of our website were subsequently called up by the respective user. However, we or other advertisers via “Google Adwords” do not receive any information with which users can be personally identified.

You can prevent the installation of the “conversion cookies” in the data protection settings or by setting your browser accordingly, for example by using a browser setting that generally deactivates the automatic setting of cookies or specifically blocks only the cookies from the domain “googleadservices.com”.

HubSpot

This website uses HubSpot, a software of HubSpot Inc, USA. This is an integrated software solution that we use to optimize our online marketing.

HubSpot uses so-called cookies (see section Cookies). You can prevent the installation of cookies in the privacy settings or by setting your browser accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

Further information on the terms of use and the data protection guidelines of HubSpot Inc. can be found at http://www.hubspot.com/terms-of-service and http://www.hubspot.com/privacy-policy. All information we collect is subject to this privacy policy and is used solely to optimise our marketing activities.

If you do not wish the information about your visit to be used for the purposes described, you can prevent the storage of cookies accordingly at any time through your browser settings.

LinkedIn

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Maude Avenue, Sunnyvale, CA 94085, USA.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access possibility lies exclusively with LinkedIn.

You can find LinkedIn’s data protection information at: https://www.linkedin.com/legal/privacy-policy.

LinkedIn Insight

We use the LinkedIn Insight tool for conversion tracking of campaigns placed on our LinkedIn presence.

The LinkedIn Insight tag (or the action-specific image pixel used analogously) enables the collection of data on website visits including URL, referrer URL, IP address, user agent and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. Members’ direct identifiers are removed within seven days to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days.

LinkedIn does not share any personal data with us, but only provides reports (in which you are not identified) on website audience and ad performance. You can control the use of your personal data for advertising purposes in your account settings.

XING

We maintain an online presence on XING to present our company as well as our services and to communicate with customers/prospects. XING is a service of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

You can find XING’s privacy policy at: https://privacy.xing.com/en/privacy-policy.

YouTube

We maintain an online presence on YouTube to present our company and our services and to communicate with customers/interested parties. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access possibility lies exclusively with YouTube.

You can find YouTube’s privacy policy at https://policies.google.com/privacy.

Twitter

We maintain an online presence on Twitter to present our company and our services and to communicate with customers/interested parties. Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access possibility lies exclusively with Twitter.

You can find Twitter’s privacy policy at https://twitter.com/de/privacy.

Facebook

To advertise our products and services and to communicate with interested parties or customers, we operate a company presence on the Facebook platform.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Facebook’s data protection officer can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970.

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations arise, can be accessed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

The legal basis for the processing of personal data that takes place as a result and is reproduced below is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user’s consent pursuant to Art. 6 para. 1 lit. a DSGVO vis-à-vis the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) DSGVO.

When our online presence is called up on the Facebook platform, data of the user (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create profiles of the users. On the basis of these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Facebook according to their interests. If the user is logged into his or her Facebook account at the time of the call, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the personal data entered by the user on this occasion will be used to process the enquiry. The user’s data will be deleted by us, provided that the user’s enquiry has been conclusively answered and there are no legal obligations to retain data, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be fully used.

More details on the processing activities, how to prevent them and how to delete the data processed by Facebook can be found in Facebook’s data policy: https://www.facebook.com/privacy/explanation.

It is not excluded that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Linking social media via graphic or text link

We also promote presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection from being automatically established to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only when the user clicks on the corresponding graphic is he or she redirected to the service of the respective social network.

After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into his or her user account of the respective network during this time, the network operator may be able to assign the collected information of the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective network, this information may be stored in the user’s personal user account and possibly published. If the user wants to prevent the collected information from being directly assigned to his/her user account, he/she must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.

The following social networks are integrated into our site by linking:

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, Ireland. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy policy: https://www.linkedin.com/legal/privacy-policy.

XING

New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/en/privacy-policy.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Privacy policy: https://policies.google.com/privacy.

Twitter

Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA
Privacy policy: https://twitter.com/privacy.

Application

You can apply at bewerbung@domeba.de for our available vacancies or on your own initiative. It is also possible to apply via external bodies such as StepStone, which will forward your data to us accordingly.

In these cases, we process personal data about you for the purpose of your application for employment, insofar as this is necessary for the decision on the establishment of an employment relationship with us.

The legal basis for this is Section 26 (1) in conjunction with (8) sentence 2 BDSG. Furthermore, we may process personal data about you insofar as this is necessary for the defence of asserted legal claims against us arising from the application process.

The legal basis for this is Art. 6 para. 1, letter f DSGVO; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Insofar as an employment relationship arises between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with section 26 (1) of the BDSG if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

We process data related to your application. This may be general personal data (such as name, address and contact details), information on your professional qualifications and school education or information on further professional training or other information that you provide to us in connection with your application. We may also process job-related information that you have made publicly available, such as a profile on professional social media networks.

If we do not collect the data directly from you and you have an active profile on StepStone, or disclose an inactive or only partially active profile to us as part of the application process, we may also collect personal data from them.

We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out above. In addition, personal data is processed on our behalf on the basis of contracts in accordance with Art. 28 DSGVO, in particular by host providers or providers of applicant management systems.

Recipients of the data are the employees entrusted with recruiting.

We store your personal data for as long as is necessary to decide about your application. Insofar as an employment relationship between you and us does not come about, we may continue to store data beyond this, insofar as this is necessary for the defence against possible legal claims. In this case, the application documents are deleted three months after notification of the rejection decision, unless longer storage is necessary due to legal disputes.

The provision of personal data is neither legally nor contractually required, nor are you obliged to provide personal data. However, the provision of personal data is necessary for the conclusion of a contract of employment with us. This means that if you do not provide us with personal data when applying for a job, we will not enter into an employment relationship with you.

StepStone

We process your application in particular via StepStone, so that on our behalf also the StepStone Deutschland GmbH and its subcontractors, which you can find at https://www.stepstone.de/ueber-stepstone/rechtliche-hinweise/allgemeine-geschaeftsbedingungen/#processors, are also recipients on our behalf. As part of our processing of your application through StepStone on our behalf, security services provided by Akamai Technologies, Inc are used, which may result in a transfer to the USA.

OpenStreetMap

We use OpenStreetMap, a service of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB 4 0 WS, United Kingdom, hereinafter referred to as “OpenStreetMap”, for directions.

When you call up one of our Internet pages in which the OpenStreetMap service is integrated, OpenStreetMap stores a cookie on your end device via your Internet browser. This processes your user settings and user data for the purpose of displaying the page or ensuring the functionality of the OpenStreetMap service. This processing enables OpenStreetMap to recognise the website from which your request was sent and to which IP address the display of the route should be transmitted.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the optimisation and economic operation of our website.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your internet browser.

OpenStreetMap offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Your Rights

a. Information

You have the right to obtain information about your personal data processed by us and to request access to and/or copies of your personal data. This includes information about the purpose of the use, the category of data used, its recipients and persons authorised to access it as well as, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.

b. Correction

You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Considering the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

c. Right to object

Insofar as the processing of personal data concerning you is carried out on the basis of Art. 6(1)(f) DSGVO, you have the right to object to the processing of such data at any time on grounds relating to your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

d. Right of withdrawal

If the processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal. To do this, you can contact us or our data protection officer at any time using the details above.

e. Right to deletion

You have the right to request that we delete personal data relating to you without undue delay and we are obliged to delete personal data without undue delay if one of the following reasons applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed
  • You object to the processing in accordance with the law and there are no overriding legitimate grounds for the processing.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

This does not apply insofar as the processing is necessary

  • for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject.
  • for the assertion, exercise or defence of legal claims.

f. Right to restrict processing

You have the right to request us to restrict processing if one of the following conditions is met:

  • the accuracy of the personal data is contested by you for a period of time which enables us to verify the accuracy of the personal data,
  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data
  • we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing as long as it has not yet been determined whether our legitimate grounds override yours.

Where processing has been restricted, such personal data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State. If you have obtained a restriction on processing, we will inform you before the restriction is lifted.

g. Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the DSGVO.

Amendment of the privacy policy

We reserve the right to amend this data protection declaration in compliance with data protection law. You will find the current version at this point.

This declaration uses excerpts from the sample data protection declaration of the law firm Weiß & Partner and the sample data protection declaration of StepStone.