Data protection
1. Our privacy policy
We at Südwestdeutsche Salzwerke AG take the protection of your personal data very seriously. We therefore treat your personal data confidentially and in accordance with the applicable data protection regulations at all times.
You can essentially use our website without providing personal data. However, the processing of personal data could be necessary if you as a visitor to our website wish to use specific services provided by our company via our website. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
Our privacy policy provides information regarding the type, scope and purpose of the personal data we collect, use and process. This privacy policy also sets out the rights of data subjects with respect to your personal data.
As the data controller, we have implemented numerous technical and organisational measures to ensure the highest level of protection of personal data processed through this website. However, we would like to emphasise that Internet-based transmissions of data may always have security vulnerabilities, and total protection cannot therefore be guaranteed.
2. Definitions of terms
We use terms in our privacy policy that are also used in the General Data Protection Regulation: (hereinafter referred to as "GDPR"). Below, we have listed the most important terminology to make it easier for you to read and understand this privacy policy.
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.
2.2 Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
2.3 Processing
Processing is any operation or set of operations which is carried out on personal data, whether by automated means, e.g. collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
2.5 Profiling
Profiling is any form of automated processing of personal data which uses such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of such natural person.
2.6 Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
2.7 Data controller or entity responsible for processing
The data controller or entity responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of the personal data. If the purposes and methods of such processing are determined by EU or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
2.8 Commissioned data processor
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.9 Recipient
The recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, regardless of whether the recipient is a third party. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not deemed recipients.
2.10 Third parties
A third party is a natural or legal person, public authority, agency or other body in addition to the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
2.11 Consent
Consent denotes any specific and informed indication of the data subject's wishes, granted voluntarily, in the form of a statement or other unambiguous affirmative act by whereby the data subject signifies their consent to the processing of their personal data.
3. Name and address of the controller / entity responsible for processing
The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Südwestdeutsche Salzwerke AG
Salzgrund 67
74076 Heilbronn
Germany
4. Data Protection Officer contact details
You can contact the Data Protection Officer at the following address:
Südwestdeutsche Salzwerke AG
Data Protection Officer
Salzgrund 67
74076 Heilbronn
Alternatively, use the following email address for any enquiries:
5. How we protect your data
We take the protection of your personal data very seriously and implement the appropriate technical and organisational measures to protect your data with respect to the use of this website against access by unauthorised persons, manipulation, destruction and loss. The security measures implemented are continuously improved in line with technological progress.
For example, communication via our website is protected by an HTTPS protocol (HyperText Transfer Protocol Secure). This establishes a secure connection between the server and client that cannot be accessed by unauthorised persons. This serves to protect the transmission of confidential content, such as enquiries you send to us as the site operator.
If we designate service providers to process the services offered on our website and these are designated as processors, we have regulated these contractual relationships to protect your personal data via a processing contract in the sense of Art. 28 GDPR.
6. Collection of general data and information when using our website
Our website collects a series of general data and information which is stored in the log files of the server every time our website is accessed. The type and version of the browser used, the operating system used by the user, the last website the system accessed (“referrer”) prior to visiting our site, the sub-website accessed via an accessing system on our website, the date and time of access to our website, an Internet protocol address (IP address) and the Internet service provider of the accessing system may be logged. When using this general data and information, no conclusions are drawn about the data subject, i.e. you as a visitor to the website. This information is required to ensure the functionality of the website. In addition, we use the data to optimise the Internet presence and to ensure the security of our IT systems. All anonymous server log file data is stored separately from any personal data provided by a data subject. The collection of data to provide the website and to store the data in log files is absolutely necessary to operate the website. The user therefore has no right of objective. The log file data is deleted when it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data to provide the website, log file data will be deleted no later than after seven days.
7. Data within the framework of the use of a contact form provided on the website
If you have any questions, you can use a contact form provided on the website or contact us via the corresponding online function. You must provide a valid email address so we know from whom the request originates and we can then respond to it. Any additional information required is marked with an asterisk in the contact form. Depending on the subject, the type of data and whether you are already a customer, the basis for the processing of data is the contract we have with you, your consent or your/our legitimate interest in responding to the request in accordance with Art. 6 para 1 sentence 1 a), b) and f) GDPR. We will delete your data relating to the request unless we are required by law to continue to store or retain it. Insofar as the data is still required for the processing of outstanding enquiries, it will be deleted at the earliest after these enquiries have been processed. Your personal data will not be disclosed to third parties.
8. Links to other websites
Our website may contain links to third party sites, and some of our services may allow you to access third party services (e.g. social networks). We have no control over how third party websites and services process your personal data. We do not monitor third-party websites and services and are not responsible for such websites and services or their data protection measures. Please read the privacy policies of the respective third-party websites or services you access through the use of our websites or services. If our website integrates other services, you will find an explanation of this in this privacy policy.
9. Cookie policy
9.1 What are cookies?
Cookies are small text files in which the web browser stores information sent by the web server regarding websites visited. This may be information about the site visit; e.g. duration, login data, user input, etc.
The cookies are stored on your computer or mobile device when you visit a website. They require hardly any storage space and are automatically deleted after expiry. Some cookies expire at the end of your Internet session, and others are stored for a limited period.
9.2. What are the different types of cookies?
9.2.1 Essential cookies
These cookies are strictly necessary to guide you through the website or to allow you to access certain functionalities you have requested.
9.2.2 Functionality cookies
These cookies save your settings and therefore improve the functionality of a website. These enable you, for example, to save an existing shopping basket, optimise a website display, depending on the terminal device you are using, or to save your shipping details to speed up the payment process.
9.2.3 Performance cookies
These cookies help to improve the performance of the website and to provide a better user experience.
9.2.4 Cookies to manage web analytics
Cookies are also used to identify, for example, frequency of use and also repeat visits to websites. We use the MATOMO software tool for this. This privacy policy contains Information about MATOMO and how we use it under "Data protection provisions on the use and application of MATOMO".
Targeting cookies, advertising cookies and social media cookies log your preferences to show you relevant advertising on third-party websites. Social media cookies can also be used to monitor your activities on social media platforms.
Information on how we use such services (if we do use such services) is available in this privacy policy.
9.3 Why do we use cookies?
We use cookies primarily to make your visit to our website as user-friendly as possible (session cookies). Moreover, we use cookies to analyse the tracking on the website.
9.4 How you can manage cookies
You can adjust your browser settings to delete cookies or prevent certain cookies from being stored on your computer or mobile device without your consent. Your browser should contain information on how to manage your cookie settings under "Help". The following links provide information on how to adjust your browser settings correctly:
Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Mozilla Firefox: http://support.mozilla.com/de-DE/kb/Cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Adobe (Flash cookies): http://www.adobe.com/de/privacy/policies/flash-player.html
9.5. Topicality of the cookie policy
Our cookie policy may be periodically amended. For example, to implement the changes to the cookies we use or, where necessary, for other operational or legal reasons. We therefore ask you to consult this cookie policy regularly to keep updated on how we use cookies.
10. Personal data in the (online) application procedure
We collect and store your personal data in the context of an (online) application if you send it to us via our website, by email or by post and submit an unsolicited application or an application for a specific job vacancy.
If you apply for a specific job vacancy or apprenticeship, your data can only be viewed and processed by the relevant employees in the HR department of the company advertising the post and by the employees in the respective department. After completion of the application process, your applicant data will remain stored for a period of up to three months based on a legitimate interest and will then be deleted. The legitimate interest here is based on securing a duty of proof in proceedings under the General Act on Equal Treatment (AGG). If you are employed, your personal data will be stored and processed as employee data to the extent necessary in accordance with Art. 88 GDPR and § 26 BDSG-Neu (Federal Data Protection Act as amended).
In the event of a speculative application, we would like to include you in our pool of potential applicants if you are interested, and will contact you in this regard. If you expressly agree to be invited to join our pool of potential applicants, you will be providing us with your personal data with the aim of finding a suitable position within the Südwestdeutsche Salzwerke AG Group. Your data will then be included in the pool of applicants of the Südwestdeutsche Salzwerke AG Group for a period of 12 months and used to search for suitable applicants. Your data can then be viewed by the personnel departments of the Südwestdeutsche Salzwerke AG Group and by the employees of the relevant departments involved in the application process to analyse your profile for potential job offers. Your data will be deleted after the period of 12months has elapsed. You can also revoke your consent to the inclusion of your applicant data in the pool of applicants at any time with effect for the future. In this case, the data in our applicant management system will also be deleted from the time of your revocation.
As part of the application process, we will contact you in writing or by telephone and provide regular updates on the status of your application.
Südwestdeutsche Salzwerke AG and its affiliated Group companies ensure the protection of your data and comply with the applicable laws and regulations on data protection. Your personal data will not be made available to third parties outside the Südwestdeutsche Salzwerke AG Group.
Please address your rights to request pursuant to Art. 15 - 21 GDPR regarding the application process and your revocation if you are included in the applicant pool directly to the email address: Karriere@salzwerke.de
11. Deletion and blocking of personal data
The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be blocked or deleted in accordance with the statutory provisions.
12. Legal basis for the processing of personal data
Art. 6 I lit. a GDPR is our company’s legal basis for processing operations in which we obtain consent for a specific processing purpose; e.g. to use a contact form integrated on the website.
If the processing of personal data is necessary to perform a contract to which the data subject is a party, e.g. to carry out processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b GDPR. The same applies to such processing operations that are necessary to implement pre-contractual measures, e.g. for enquiries about our products or services.
If our company is subject to a legal obligation whereby the processing of personal data is necessary, e.g. to fulfil tax obligations, the processing is based on Art. 6 I lit. c GDPR.
Processing operations may also be based on Art. 6 I lit. f GDPR. This is the case if the processing is necessary to protect a legitimate interest of our company or a third party and provided this does not override the interests, fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations notably because they have been specifically stipulated by the European legislator. In this respect, a legitimate interest could be assumed if the data subject is a customer of the controller or is in the service of such customer. (Recital 47, sentence 2 GDPR). Where the processing of personal data is based on Art. 6 I lit. f GDPR, our legitimate interest is to conduct our business for the benefit of our shareholders, taking into account the legitimate interests of the data subjects. When considering the respective interests, the focus will be on an appropriate relationship between the data subject and us as a company at all times.
13. Duration for which the personal data is stored
The criterion for the storage period of personal data are legal retention periods which may arise from tax or commercial law and other applicable legal provisions and, in any case, if such legal provisions can be applied to your personal data. After expiry of the deadline, the corresponding data will be deleted if it is no longer required for the fulfilment of the contract, the initiation of the contract or the maintenance of the business relationship. If no retention periods are applicable and you have provided your consent to store and use your personal data, the data will be stored and used for the purpose specified in the consent or until you revoke your consent to its use in the future.
14. Legal or contractual requirements to provide the personal data; necessity to conclude the contract; obligation of the data subject to provide personal data; potential consequences of not providing the data
We would like to inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). It may sometimes be necessary for a data subject to provide us with personal data which must subsequently be processed by us to conclude a contract. For example, data subjects are obliged to provide personal data if our company concludes a contract with them. Failure to provide such personal data would mean that it would not be possible to conclude the contract with the data subject.
15. Data protection provisions regarding the use and application of MATOMO
The controller has integrated the MATOMO component on this internet site and implemented this via an opt-in solution. MATOMO is an open source software tool for web analytics. Web analytics is the collection, collation and evaluation of data about the behaviour of visitors to websites. A web analytics tool collects, among others, data regarding the last web address a data subject accessed (“referrer”) prior to accessing another website, which sub-sites of the internet site were accessed or how often and for how long a sub-site was viewed. Web analytics is mainly used to optimise a website and to analyse the costs and benefits of advertising on the Internet.
The software is operated on the server of the controller and the log files, which are sensitive in terms of data protection law, are stored exclusively on this server.
The purpose of the MATOMO component is to analyse the flow of visitors to our website. The controller uses the data and information obtained to, among others, evaluate the use of this website to compile online reports that report on the activities on our websites.
MATOMO places a cookie on the data subject’s IT system in the event of express consent by the user (opt-in). The cookie declaration is part of this privacy policy, and explains what cookies are and what they are used for. Setting the cookies enables us to analyse the use of our website. Every time an individual pages of this website is accessed, the browser on the data subject’s IT system is automatically prompted by the MATOMO component to transmit data to our server for the purpose of online analysis. As part of this technical procedure, we obtain knowledge of personal data, including the IP address of the person concerned, which we use, among others, to trace the origin of visitors and clicks.
Cookies enable us to store personal information, for example the access time, the place from which an access originated and the frequency of visits to our website. Every time you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to our server. We store this personal data. We do not pass on this personal data to third parties.
We will only use this technology with your explicit consent. When you visit our website, you may agree (or not) to the use of such technology (opt-in cookie). If you consent, the MATOMO cookie will be placed on your end device. If you decide not to use the MATOMO cookie, it will not be set and no analysis will take place.
Deactivation of an (opt-in) consent for web analytics with MATOMO
If you have consented to the placing of the MATOMO cookies and wish to object to the use of such in the future, you can prevent our website from setting the cookies via the relevant setting on your browser, and therefore permanently object to the setting of cookies. This setting on your browser would also prevent MATOMO from placing cookies on the data subject’s IT system. In addition, cookies previously set by MATOMO may be deleted at any time via an Internet browser or other software programmes.
The data subject may also object to and prevent the collection of data generated by MATOMO and relating to the use of this website.
The data subject must place an opt-out cookie under the link https://matomo.org/docs/privacy/. If the data subject’s IT system is subsequently deleted, formatted or reinstalled, the data subject must again set an opt-out cookie under https://matomo.org/docs/privacy/.
However, should the data subject set the opt-out cookies, the data subject may not be able to access the full website services provided by the controller.
For more information on MATOMO’s valid data protection provisions, please visit https://matomo.org/docs/privacy/.
16. Your rights as a data subject at a glance
A data subject has individual rights to request under the GDPR that can be asserted with respect to their personal data. Data subjects can therefore exercise their right of access, to rectification, erasure, to a restriction of processing, to data portability and individual rights to object to processing and a right to lodge a complaint with a supervisory authority. The following contains an overview of the individual rights and their deadlines.
16.1 Deadlines for the rights to request pursuant to Art. 15 - 21 GDPR
As the controller, we will respond to any requests from the data subject pursuant to Art. 15 - 21 GDPR within one month after receipt. This period may be extended by a further two months if this is necessary, taking into account the complexity and number of applications. In this case, we will inform you within one month after receipt of your request regarding the extension. If the data subject makes the request electronically, we will respond to such electronically where possible, unless you indicate otherwise.
16.2 Channels for requests to exercise rights
Requests to exercise rights may be sent by surface post or email. The contact address is available in section 4 of this policy.
Please address all applications pursuant to Art. 15-21 GDPR in connection with the (online) application process directly to the email address provided under the heading "Personal data in the (online) application process".
16.3 Right of access by the data subject pursuant to Art. 15 GDPR
A data subject has the right to obtain confirmation from the controller as to whether their personal data is being processed; if so, they have a right of access to such data and further information as described in Art. 15 GDPR.
Please note that the controller may only provide information if there are no doubts about the identity of the data subject. The controller will use all reasonable means to verify the identity of a data subject who is seeking information.
16.4 Right to rectification pursuant to Art. 16 GDPR
A data subject shall have the right to obtain rectification from the controller of any inaccurate personal information without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including via a supplementary statement.
16.5 Right to erasure pursuant to Art. 17 GDPR
A data subject has the right to require the controller to erase their personal data without undue delay and the controller shall erase personal data without undue delay if the conditions stipulated in Art. 17 GDPR are satisfied.
16.6 Right to restriction of processing pursuant to Art. 18 GDPR
The data subject shall have the right to obtain from the controller restriction of processing if the conditions in Art. 18 GDPR are satisfied.
16.7 Right to data portability pursuant to Art. 20 GDPR
A data subject has the right to obtain the personal data concerning them which they have provided to a controller in a format stipulated in Art. 20 GDPR or to request such data to be transferred to another controller as instructed by the data subject, provided the conditions in Art. 20 GDPR are satisfied.
16.8 Right to object pursuant to Art. 21 GDPR
A data subject shall have the right to object at any time on grounds relating to their specific situation, to the processing of personal data concerning them which has been collected based on Art. 6 para 1 lit. e GDPR [the processing is to perform a task carried out in the public interest or in the exercise of official authority vested in the controller] or Article 6 para 1 lit. f GDPR [processing is carried out based on the legitimate interest of the controller or a third party].
The controller shall cease processing the personal data in such cases, unless it can demonstrate compelling legitimate grounds for such processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If personal data is processed by the controller for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of their personal data for such marketing; this shall also apply to profiling insofar as it relates to such direct marketing.
16.9 Right to withdraw consent pursuant to Art. 13 para 2 lit. c GDPR
If the processing of a data subject's personal data by the controller is based on Art. 6 para 1 lit. a GDPR [the data subject has consented to the processing of their personal data for one or more specific purposes] or Art. 9 para 2 lit. a GDPR [the data subject has consented to the processing of specific categories of their personal data for one or more specific purposes], the data subject has the right to withdraw their consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up the date of such withdrawal.
You can request withdrawal by surface post or email. The contact address is available in section 4 of this policy.
Please address all applications pursuant to Art. 15-21 GDPR in connection with the (online) application process directly to the email address provided under the heading "Personal data in the (online) application process".
17. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, data subjects reserve the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of their personal data infringes the GDPR. For this purpose, data subjects can generally contact the supervisory authority of their usual place of residence or workplace or the company head office.
Please visit the following link for a list of data protection officers, their contact details and the addresses of national and international supervisory authorities: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
18. Topicality of this privacy policy
Amendments to our privacy policy may become necessary for legal or technical reasons. We reserve the right to make the relevant amendments at any time and therefore request that you consult this privacy policy at regular intervals to ensure you are aware of the current status of such.
Date: February 2022