Data protection

Privacy notice 

11/2024

 

Please note that this English version of our Privacy Policy is provided for your convenience only. The original German text is the authoritative and legally binding version. While we have made efforts to accurately translate the content, there may be discrepancies or inaccuracies. In case of any inconsistency between the German and English versions, the German version https://www.pierre-cardin.de/de/datenschutz shall prevail.

 

New P. C. GmbH is committed to protect your personal data and to respect your privacy. This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. 

Data controller

The data controller according to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
 

New P.C. GmbH

Michael Röther, Anna-Lena Schulte Angels, Raphael Heinold, Fabian Messner

Elverdisser Straße 313, 32052 Herford, Germany 

Registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany

Phone: +49 5221 979-0

E-mail: datenschutz@rbrand.group

Data protection officer

You can contact our data protection officer at:

Gesellschaft für Personaldienstleistungen mbH

Pestalozzistraße 27

34119 Kassel

Phone: +49 561 220774-0

Email: datenschutz@gfp24.de

Website: https://www.gfp24.de

General information on the collection of personal Data

The following notices provide you with transparent information about the type and scope of personal data processing that is collected during:

  • your visit to our website,
  • the use of our online services,
  • external online presences on social media platforms,
  • application processes,
  • business relationships with customers and service providers.

The legal basis for our data protection practices are primarily the provisions of the GDPR, the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG).

Legal bases for processing personal data

In cases where we obtain your consent for processing personal data, Article 6(1)(a) GDPR serves as the legal basis.

When processing personal data necessary for the performance of a contract between you and us, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Article 6(1)(c) GDPR serves as the legal basis.

In cases where vital interests of the data subject or another natural person make the processing of personal data necessary, Article 6(1)(d) GDPR serves as the legal basis.

If the processing of personal data is necessary to protect a legitimate interest of our company or a third party, and if your interests, fundamental rights, and freedoms do not override this interest, then Article 6(1)(f) GDPR serves as the legal basis for processing.

According to § 25 (1) TDDDG, storage of information in the end-user’s terminal equipment or access to information already stored in the terminal equipment shall only be permitted if the end-user has consented on the basis of clear and comprehensive information.

According to § 25(2) no. 2 TDDDG no consent is required, where the storage of information in the end-user’s terminal equipment or the access to information already stored in the end-user’s terminal equipment is strictly necessary to enable the provider of a telemedia service to provide a telemedia service explicitly requested by the user.

Disclosure of Personal Data

If we transmit or disclose your personal data to other entities as part of our processing activities, this is done solely based on one of the mentioned legal bases. Recipients of such data may include, for example, payment service providers for the fulfillment of contracts. In cases where we are legally or by court order obliged to do so, we must transmit your data to authorized entities.

If external service providers support us in processing your data (e.g., data analysis, newsletter dispatch), this is done within the framework of a data processing agreement according to Article 28 GDPR. We only enter into agreements with service providers who offer sufficient guarantees that appropriate technical and organizational measures will ensure the protection of your data.

Transfer of personal data to Third Countries

Data transfer to third countries (outside the European Union or the European Economic Area) only occurs if it is in accordance with legal requirements. Subject to explicit consent or legally required transfer, we process or allow data to be processed only in third countries with an acknowledged level of data protection (e.g., adequacy decision by the European Commission pursuant to Article 45(1)(3) GDPR for the EU-US Data Privacy Framework https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en or based on appropriate safeguards under Articles 44 ff. GDPR, such as contractual obligations through so-called standard data protection clauses of the EU Commission (EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Duration of storage 

Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted, i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Definitions

Our privacy notice is based on the terms used in the GDPR and defined therein. To ensure that our privacy policy is easy to read and understand, we would like to explain the key terms in advance.

Personal Data

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing

"Processing" means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Pseudonymization

"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Processor

"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Recipient

"Recipient" means a natural or legal person, public authority, agency, or another body, to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third Party

"Third Party" means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent

"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Profiling

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Rights of the data subject

As a natural person affected by the processing of personal data, you have certain rights that you can exercise at any time in relation to us. These rights include:

  • Right to withdraw consent for data processing under Article 7(3) GDPR.
  • Right of access to your personal data stored by us, in accordance with Article 15 GDPR.
  • Right to rectification of inaccurate or incomplete data, pursuant to Article 16 GDPR.
  • Right to erasure under Article 17 GDPR.
  • Right to restriction of processing of your data, in accordance with Article 18 GDPR.
  • Right to data portability under Article 20 GDPR.
  • Right to object to processing under Article 21 GDPR.
  • Right not to be subject to automated decision-making, including profiling, under Article 22 GDPR.

Right of access by the data subjects

You have the right to know whether we are processing your personal data and, if so, to request copies of your personal data. Please note that your right of access may be restricted under certain circumstances in accordance with legal provisions.

Right to rectification

If your information is incorrect or incomplete, you have the right to request the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data without undue delay.

Right to erasure

You have the right, under the applicable legal requirements, to request that your data be deleted without undue delay, for example, if the data is no longer needed for the purposes pursued, and if there are no statutory retention and archiving requirements that would prevent deletion.

Right to restriction of processing

You have the right, under the conditions of Article 18 GDPR, to request the restriction of processing of your data, for example, if you have objected to the processing for the duration of the examination as to whether your objection can be upheld.

Right to data portability

You have the right to receive the data you have provided to us in a common, machine-readable format, and to request the transmission of these data to a third party. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

Right to withdraw consent

If the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up until the withdrawal.

Please send your withdrawal to New P.C. GmbH, Elverdisser Straße 313, 32052 Herford, Germany, registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany, email: datenschutz@rbrand.group. Please note that your objection may also occur in other processes or may need to occur due to technical reasons. Further information can be found in the described services.

Right to object

Under the conditions of Article 21(1) GDPR, you may object to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

Please send your objection to New P.C. GmbH, Elverdisser Straße 313, 32052 Herford, Germany, registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany, email: datenschutz@rbrand.group. Please note that your objection may also occur in other processes or may need to occur due to technical reasons. Further information can be found in the described services.

Right to lodge a complaint with a supervisory authority

Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for our company is:

The Baden-Württemberg DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg)

Postal address: 

Postfach 10 29 32

70025 Stuttgart

Phone.: 0711/615541-0

Fax: 0711/615541-15

Email: poststelle@lfdi.bwl.de

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effects on you or similarly significantly affects you.

Use of Online Services

The following information explains when and in what context data is processed during the use of our online services.

Data processing on our website

If you use our website purely for informational purposes, i.e., without registering or otherwise transmitting information to us, we only collect the personal data that your browser transmits to our server. When you view our website, we collect the following data, which is technically necessary to display our website to you and to ensure stability and security. The legal basis for storing information in the form of cookies or server log files on your device or for accessing such information is § 25(2) no. 2 TDDDG. The corresponding data processing is based on Article 6(1)(f) GDPR:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Amount of data transferred
  • Website from which the request originated
  • Browser
  • Operating system and its interface

This data is temporarily stored in the log files of our system. A longer storage period is possible, but in this case, the IP addresses will be partially deleted or altered so that an association with the client making the request is no longer possible.

Use of Cookies

In addition to the aforementioned data, cookies are stored on your device (e.g., PC, laptop, smartphone) when you use our website. Cookies are small text files that are stored on your device and assigned to the browser you are using. They allow us to receive certain information. Cookies cannot run programs or transmit malware to your devices. They help to make our offer more user-friendly, more effective and safer. This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient Cookies: Transient cookies are automatically deleted when you close your browser. These include session cookies, which store a session ID that allows various requests from your browser to be assigned to the same session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your browser.
  • Persistent Cookies: Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.

We use cookies on our website that are generated by us as the website operator and that are necessary for the full functionality and display of our website. The legal basis for storing information in the form of cookies on your device or accessing this information is § 25(2) no. 2 TDDDG. We use these cookies based on our legitimate interest under Article 6(1)(f) GDPR to ensure our online services.

In addition to the cookies set by us as the controller, cookies from third parties are also used. We process these cookies based on your consent under Article 6(1)(a) GDPR and § 25(1) TDDDG (storage of cookies or access to information on a device, e.g., via device fingerprinting). Further information on the use of cookies and cooperation with external service providers can be found in the data protection information for the respective online services.

You can configure your browser settings according to your preferences, for example, to reject cookies from third-party providers or all cookies. However, please note that you may not be able to use all the functions of this website if you do so. If you have consented to the use of cookies and wish to withdraw your consent for the future, you can delete the stored cookies in your browser settings.

Cookie Settings in web browsers

Web browsers can be configured to notify you when cookies are set or to generally reject or disable cookies. By disabling and deleting all cookies, you can also revoke a previously given consent. If you disable or restrict cookies via your browser, some functions on our website may not be available to you. You can delete cookies stored by your web browser at any time, even automatically.

Here are links to information on how to manage cookies in the most commonly used browsers:

If no restrictions on cookie settings have been made, cookies that are necessary to enable and ensure the required technical functions will remain on your device until you close the browser; other cookies may remain on your device for longer.

SSL/TLS Encryption

Our website uses TLS encryption (formerly SSL) for security reasons and to protect the transmission of confidential content. Orders or contact inquiries that you send to us are transmitted via transport encryption. Depending on the browser type, you can recognize this either by the lock symbol and/or the https protocol in the address bar.

External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the servers of the hosting provider(s). This may include all information relating to users of our online services that is generated during usage and communication, such as content data (e.g., entries in online forms); usage data (e.g., visited websites, access times); meta/communication data (e.g., device information, IP addresses).

We collect this data to ensure the secure, fast, and efficient provision of our online offerings. The legal basis for storing information in the form of cookies on your end device or accessing such information § 25 (2) no. 2 TDDDG. The associated processing of your data is carried out based on our legitimate interest in ensuring the proper display and functionality of our website according to Art. 6 (1) (f) GDPR. 

We use the following hosting provider:

Mittwald CM Service GmbH & Co. KG, Königsberger Str. 4 – 6, 32339 Espelkamp, Germany

For more information on data protection, please visit: https://www.mittwald.de/datenschutz.

Furthermore, we have entered into a data processing agreement (DPA) with the above-mentioned provider(s). This agreement regulates the scope, nature, and purpose of the provider’s access to the data. The provider's access is limited to what is necessary to fulfill the hosting services and is carried out in compliance with the GDPR.

Contact

Contact Form

When you contact us via contact form, the data you provide (your email address, your name, phone number, and the content of your message) will be stored by us to respond to your inquiry. The processing of data entered into the contact form is based on your consent in accordance with Art. 6(1)(a) GDPR. If your inquiry is related to the fulfillment of a contract or the implementation of pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. The data collected in this context will be deleted once the storage is no longer necessary or we will restrict the processing if legal retention obligations exist. You can revoke your consent at any time. The lawfulness of the data processing carried out before the revocation remains unaffected by the revocation.

Inquiries via Email, Telephone, or Fax

When you contact us by email, phone, or fax, the personal data you provide (your email address, your name, phone number, and the content of your message) will be stored by us in order to handle your inquiry. We do not share this data without your consent.

The data processing is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required to take steps prior to entering into a contract. In all other cases, we process your data based on your consent pursuant to Art. 6(1)(a) GDPR and/or our legitimate interests in accordance with Art. 6(1)(f) GDPR. Our legitimate interest lies in the effective handling of your request.

The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory legal provisions – especially legal retention periods – remain unaffected.

Data Processing for Marketing Purposes

Direct Marketing

If your personal data is processed for direct marketing purposes, you have the right under Article 21(2) GDPR to object at any time to the processing of your personal data for such marketing purposes, including any related profiling. If you object, your personal data will no longer be used for direct marketing

Postal Marketing

If you have entered into a contract with us, we consider you a current customer. Based on our legitimate interest in personalized direct marketing, we reserve the right to store your first and last name, postal address, and—where applicable and provided in the course of the contractual relationship your title, academic degree, birth year, and your professional, industry, or business designation. This data is used to send you information and offers about our products via postal mail. The processing of current customer data for our own marketing purposes or for third-party marketing purposes is carried out in accordance with Article 6(1)(f) GDPR (legitimate interest).

You can object to this data processing for marketing purposes at any time, free of charge, and with future effect.

If you object, your data will be blocked from further advertising-related processing. Please note that in some cases, it is possible that you may still receive promotional material for a short time after your objection is received. This is due to the technical lead time required for selection processes and does not indicate that we have not implemented your objection.

Messenger Services

We use messenger services to stay in contact with customers and interested parties. User data may be processed outside the European Union, which could pose risks for you as a user, potentially making it more difficult to enforce your rights. We ensure that the operators of the messenger services we use are committed to adhering to the data protection standards of the European Union.

When you use our messenger service, we are jointly responsible for data processing with the provider of the respective messenger service, in accordance with Art. 26 GDPR and other data protection regulations.

We have no control over the processing of personal data by the respective service provider. For example, messenger services may use your data for market research and advertising purposes. Your usage behavior may be analyzed, and a user profile could be created based on your interests. Messenger services can read the contact data on your devices and potentially share this information with third parties. This data processing may also affect individuals who are not registered users of the respective messenger service.

Messenger services provide statistical data on various categories. These statistics are generated and provided by the respective messenger service provider. We, as users of the messenger service, have no influence on the creation and presentation of this data. The data, if available in aggregated form, is not used. Due to the ongoing development of service providers, the availability and preparation of the data may change, so we refer you to the current privacy policies of the service providers for more details.

Legal Basis

To use messenger services, including the processing of users' personal data, we obtain your consent for modern and supportive communication and interaction with our customers and interested parties in accordance with Art. 6 (1) lit. a GDPR. This consent may be given, for instance, through registration. If the consent also includes the storage of cookies or access to information on a user's device, § 25 (1) TDDDG is also the legal basis.

Storage Duration

Data directly collected by us via messenger services will be deleted from our systems as soon as the purpose for processing no longer applies, you request deletion, or you revoke your consent to storage. Mandatory legal provisions, especially retention periods, remain unaffected.

We have no control over the storage duration of your data, which is stored by the providers of the messenger services for their own purposes. For further details, please refer directly to the service provider (e.g., in their privacy policy, as mentioned below).

Data Subject Rights

You can exercise your rights (access, correction, deletion, restriction of processing, data portability, and complaints) either against us or the service provider. Despite shared responsibility, we would like to point out that we do not have full access to your personal data. Therefore, for requests for information and the exercise of your rights, you should contact the provider of the messenger service directly. Only the service providers have full access to user data and can take appropriate actions and provide information. If you need assistance with this, please contact us.

Our Messenger Services:

Instagram Direct

Service provider information: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Further privacy information can be found at: https://instagram.com/about/legal/privacy.

Facebook Messenger

Service provider information: Meta Platforms, Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Further privacy information can be found at https://www.facebook.com/policy.php

Analysis Tools

Matomo

This website uses the open-source software tool “Matomo”, which employs cookies to enable an analysis of website usage. The usage information captured by the cookies (including your shortened IP address) is transmitted to our server (local host) and stored for analysis purposes. No data is transmitted to servers beyond our control. Your IP address is immediately anonymized during this process. The collected information about your use of this website is not shared with third parties. Our interest in and the purpose of data processing lies in optimizing our website, tailoring its content, and improving our offerings.

The processing of users' personal data allows us to analyze the browsing behavior of our website visitors. By evaluating this data, we can gather insights into how individual components of our website are used, helping us continuously improve the website and its user-friendliness.

Data processing is based on your consent in accordance with Article 6(1)(a) of the GDPR and § 25(1) of the TDDDG. You can prevent the employment of (individual or all) cookies by adjusting your browser settings. However, please note that this may limit the full functionality of the website.

For more information about Matomo's terms of use and data privacy regulations, please visit: https://matomo.org/privacy/

Online Video Conferencing Tools

Microsoft Teams

We use the "Microsoft Teams" tool to conduct telephone and video conferences, online meetings, video consultations, digital coaching and/or webinars (hereinafter: "online meetings"). Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

If you access the Microsoft Teams (https://teams.microsoft.com/) website, Microsoft is responsible for data processing. The access to this website is necessary for the download of the necessary software if it should not or cannot be used directly and without downloading via an Internet browser.

Data categories

When using Microsoft Teams, various types of data are processed. The total volume of data processing also depends on the information provided by the user before, during and after an "online meeting".

In principle, the following personal data may be processed:

User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional)

Meeting metadata: topic, description (optional), date, time, duration, participant IP addresses, device/hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in by telephone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". The text entries you make will be processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data of a microphone and a possible video camera of the end device are processed during the meeting. The data transfer from camera and microphone can be switched off or muted at any time and by any user independently via the Microsoft Teams applications.

In order to participate in an "online meeting" or to enter the "meeting room", at least your name is required.

Storage of data

There will be no recording of the "online meetings". If we want to record "online meetings", we will inform you in advance and obtain consent. The fact of the recording is also displayed to you in the Microsoft Teams app.

The content of the chats is logged when Microsoft uses Microsoft Teams. If it is necessary for the purpose of logging the results of an online meeting, chat content may also be logged by us.

In the case of webinars, we may also process the questions asked by webinar participants for the purpose of recording and following up on webinars.

Automated decision-making within the meaning of Art. 22 GDPR does not apply.

Legal basis for data processing

Insofar as personal data of our employees is processed, § 26 BDSG is the legal basis for data processing.

If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Microsoft Teams, Article 6(1)(f) GDPR is the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings".

In all other respects, the legal basis for data processing when conducting "online meetings" is Article 6(1)(b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

Recipients / disclosure of data

Personal data processed in connection with participation in "online meetings" will not be disclosed to third parties unless they are specifically intended for disclosure. Apart from this, data will only be passed on to third parties if we are legally obliged to do so (e.g. by court order) or if the data subjects have expressly consented to the disclosure of their data.

The provider of Microsoft Teams, who supports us in conducting "online meetings", necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract with Microsoft.

Microsoft is obliged to comply with the legal requirements of the applicable data protection law via the order processing concluded with Microsoft Teams, based on EU standard contractual clauses.  A currently valid version can be viewed at the following link:

https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18030.

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have limited our storage location to data centers in the European Union. However, we cannot completely rule out routing or storage on servers outside the European Union at the processor Microsoft.

A secure level of data protection is ensured by the conclusion of supplemented EU standard data protection clauses as well as technical and organizational measures. The data is encrypted, for example, during transport over the Internet and is therefore generally protected against unauthorized access by third parties. The company is certified under the "EU-US Data Privacy Framework" (DPF). More information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active.

Further information on data protection in Microsoft Teams

For more information on Microsoft's privacy policy, please visit

https://privacy.microsoft.com/de-de/privacystatement (section "Online Services for Business"), as well as: https://www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions.

Social media presences

Information on social media

We operate publicly accessible profiles on social networks to draw attention to our services and products. There we would like to get in touch with you as a visitor and user of these pages as well as our website.

User data may be processed outside the European Union. This may result in risks for you as a user, and it may make it more difficult to enforce your rights. When selecting the social media platforms we use, we make sure that the operators commit to complying with EU data protection standards.

If you visit one of our social media sites, we, New P.C. GmbH, Elverdisser Straße 313, 32052 Herford, Germany, registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany, are jointly responsible with the operator of the respective social media platform within the meaning of the GDPR and other data protection regulations.

Data processing on social media platforms

We have no influence on the processing of personal data by the respective platform operator. For example, social networks such as Facebook use your data for market research and advertising purposes. Among other things, user behavior can be analyzed, and a user profile can be created from the resulting interests of the user. Social media operators use cookies to store and further process this information. These are text files that are stored on the user's various terminals. If you have a profile on the respective social media platform and are logged in to it, the storage and analysis is even carried out across devices. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. People who are not registered as users with the respective social media platform may also be affected by the data processing.

Statistical data of different categories can be accessed by us via social media platforms. These statistics are generated and provided by the social media operator. As the operator of the fan page, we have no influence on the generation and presentation. We use this data available in aggregated form (total number of page views, "likes", page activities, post interactions, reach, video views, post reach, comments, shared content, answers, proportion of men and women, origin in terms of country and city, language, views and clicks in the shop, clicks on route planners, clicks on telephone numbers) to make our posts and activities on our fan page more attractive to users.  Due to the constant development of social media platforms, the availability and processing of data is changing, so we refer to the privacy policies of the platforms for further details.

Legal basis

The operation of these fan pages, including the processing of users' personal data, is based on our legitimate interests in a contemporary and supportive information and interaction option for and with our users and visitors in accordance with Article 6(1)(f) GDPR. Under certain circumstances, you may also have given a platform operator your consent to data processing, in which case Article 6(1)(a) GDPR is the legal basis.

For a comprehensive description of the respective data processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information of the corresponding platform operator.

Storage period

The data collected directly by us via social media presences will be deleted from our systems as soon as the purpose for which it was stored no longer applies, you request us to delete it or revoke your consent to its storage. Stored cookies remain on your device until they are deleted by you. Mandatory legal provisions – esp. Retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by social network providers for their own purposes. You can find more information on this directly from the operator of the social network (e.g. in their privacy policy, see below).

Assertion of rights

In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective portal (e.g. Facebook).

Despite joint responsibility, we would like to point out that we do not have complete access to your personal data. For this reason, you should contact the providers of the social media platforms directly for requests for information and the assertion of data subject rights. This is because only the providers have access to user data and can take direct action and provide information. If you need help with this, please contact us: New P.C. GmbH, Elverdisser Straße 313, 32052 Herford, Germany, registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany, email: datenschutz@rbrand.group.

Our social networks

Instagram: 

Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy: http://instagram.com/about/legal/privacy

Opt-Out Option: http://instagram.com/about/legal/privacy

Certification under the "EU-US Data Privacy Framework" (DPF): https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

Facebook: 

Provider: Meta Platforms, Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Agreement on Joint Processing of Personal Data on Facebook Pages: https://www.facebook.com/legal/terms/page_controller_addendum
Certification under the "EU-US Data Privacy Framework" (DPF): https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

Privacy Policy: https://www.facebook.com/about/privacy

Opt-Out Option: https://www.facebook.com/settings?tab=ads

LinkedIn: 

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Data Protection for applications

We offer you the opportunity to apply to us by e-mail or post. In the following, we will inform you about the scope, purpose and use of your personal data collected as part of the application process.

Scope and purpose of data collection

In order for us to be able to consider you in the application process for a specific position, customary and meaningful application documents are required, with which you inform us about your personality profile and your qualifications.

The personal data provided by you as part of your application and transmitted to us usually includes: cover letter, curriculum vitae with the usual personal details (first and last name, date of birth, address, telephone number, e-mail address, photo) as well as evidence and certificates.

As a matter of principle, we only use your application documents to decide whether to fill the position for which you have expressly applied. We process the personal data provided to us only to the extent necessary for the purpose of deciding on the establishment of an employment relationship with us. The legal basis for this is Article 6(1)(b) GDPR, Art. 88 GDPR in conjunction with § 26 (1) sentence 1 BDSG insofar as it concerns information that we receive from you as part of the application process (name, contact details, date of birth, information on your professional qualifications and school education or information on professional training). If you voluntarily provide us with further information, we will process it based on your consent in accordance with Article 6(1)(a) GDPR. During the application process, further personal data may be collected from you personally and from generally accessible sources for this information purpose. Your personal data will only be passed on within our company to people who are involved in the processing of your application.

If we process personal data about you to defend against legal claims asserted by you against us arising from the application process, we refer to Article 6(1)(f) GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

To get an overview of our range of applicants, we statistically evaluate information on incoming applications. Even after deletion of your application documents, we may use anonymized data that does not allow any conclusions to be drawn about your person.

If you submit an unsolicited application that does not relate to a specific position, we will include your application documents as part of filling decisions about all possible positions. In this case, too, the legal basis for data processing is Article 6(1)(a) GDPR in conjunction with Art. 28 GDPR, § 26 (2) BDSG. 

The following companies are part of the corporate group:

  • R.Brand Group GmbH
    Elverdisser Straße 313, 32052 Herford, Germany 
    Registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany
     
  • New P.C. GmbH
    Elverdisser Straße 313, 32052 Herford, Germany 
    Registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany
     
  • New Baldessarini GmbH
    Elverdisser Straße 313, 32052 Herford, Germany 
    Registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany
     
  • New Pioneer GmbH
    Elverdisser Straße 313, 32052 Herford, Germany 
    Registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany
     
  • New Pionier Berufsbekleidung GmbH
    Elverdisser Straße 313, 32052 Herford, Germany 
    Registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany
     
  • Otto Kern GmbH
    Elverdisser Straße 313, 32052 Herford, Germany 
    Registered office of the company: Daimlerstraße 71, 74545 Michelfeld, Germany

Categories of recipients of personal data

Your personal data will only be transferred to third parties for the purposes listed below. We will only pass on your personal data, which we have received as part of the application process, to third parties if:

  • In accordance with Article 6(1)(a) GDPR, § 26 (2) BDSG have given your express consent to this,
  • the disclosure in accordance with Article 6(1)(f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that there is a reason for the disclosure pursuant to Article 6(1)(c) GDPR there is a legal obligation as well as - this is legally permissible and according to Article 6(1)(b) GDPR, § 26 (1) sentence 1 BDSG is necessary for the establishment or processing of contractual relationships with you.

Furthermore, your data will be processed based on Art. 28 GDPR to technical service providers who use your data exclusively on our behalf and under no circumstances for their own business purposes, e.g. IT service providers, hosting providers 

A transfer of your data to third countries outside the EU or the European Economic Area is not planned.

Retention period of the data

If we are unable to make you a job offer, if you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after completion of the application process (retention period) in order to ensure the details of the application process in the event of discrepancies  (Article 6(1)(f) GDPR).

You have the option of consenting to the use of your application documents to fill other positions. Let us know at the appropriate point in the application process.  If you choose this option, we will accept it in accordance with Article 6(1)(a) GDPR into our talent pool. Your application will then be stored by us for a maximum of 12 months until revoked. You can revoke your consent at any time for the future. A justified revocation has no influence on data processing operations that have already taken place.

If an application process leads to employment, we will process your application documents based on Article 6(1)(b) GDPR, § 26 (1) sentence 1 BDSG. in your personnel file, for the purpose of establishing the employment relationship as well as the personality profile described by you and your qualifications on which the recruitment is based.

Provision of data

The provision of your personal data is not required by law in the initiation phase of an employment relationship. However, the provision of personal data is necessary for the conclusion of an employment contract with us. This means that if you do not provide us with any personal data in an application, we cannot and will not enter into an employment relationship with you.

Automated decision-making

There is no automated decision in individual cases within the meaning of Art. 22 GDPR. This means that we personally evaluate your application and the decision on your application is not based exclusively on automated processing.

Whistleblower system

The information you provide through our whistleblowing system is used for purposes such as reviewing and documenting reports, conducting internal investigations (including sharing information with external legal advisors, auditors, or other professionals bound by confidentiality obligations, as well as relevant group companies), and if necessary, forwarding the information to government authorities (such as the police, public prosecutors, or courts). We guarantee all whistleblowers confidential handling of their reports.

The legal basis for processing is the fulfillment of legal obligations under Article 6(1)(c) of the GDPR.

Stationary business premises

Video surveillance

In our stores, video surveillance is used for the purposes of crime detection, property protection, and vandalism prevention. No audio recording is performed. The legal basis for this processing is Article 6(1)(f) of the GDPR, reflecting our legitimate interest in ensuring security. The use of video surveillance is indicated by a clearly visible pictogram in the branches. As a matter of principle, we delete the resulting footage from the security cameras 72 hours after recording. In the event of a criminal offence, we reserve the right to store the image material until the purpose for which it was collected no longer applies. The images will not be transmitted to third parties, except for investigating authorities that request the images in the event of a criminal offence. For installation and maintenance, maintenance companies commissioned by us may have access to stored data.

Use of Wi-Fi

We provide you with access to the Internet in the form of free Wi-Fi access ("guest Wi-Fi") in our business premises. In the following, we inform you about the personal data collected in this context.

Processing purposes and legal basis

The data processing is carried out for the purpose of the technical provision of Wi-Fi and to ensure smooth use by our guests. The processing is necessary for the fulfillment of a contract (provision of Internet access via Wi-Fi) pursuant to Art. 6 (1) (b) GDPR.

Furthermore, we process your data to protect our legitimate interests in accordance with Article 6(1)(f) GDPR. Our legitimate interests lie in ensuring the security of our information technology systems and in defending against liability claims in the event of non-compliant use of the Wi-Fi.

Data categories and data origin

When using our guest Wi-Fi, the following data will be collected and stored: the MAC address and hostname of your device, the username provided by us for Wi-Fi access, the one-time password issued for Wi-Fi login, the validity period of the Wi-Fi access, log data regarding the type and extent of usage of the guest Wi-Fi, as well as the date of the first login, the data traffic used, and the duration of usage. Additionally, a unique IP address is assigned to each device. The data is transmitted directly to us by our guests when they register for the Wi-Fi.

Recipients

We do not share your personal data with third parties. Your data will only be passed on or transmitted if it is necessary for the execution of the contract, if it is based on a legal basis, if there is a legitimate interest or based on your prior consent.

If external service providers support us in the processing of your data (e.g. IT service providers), this is done within the framework of order processing in accordance with Art. 28 GDPR. In doing so, we only conclude appropriate contracts with service providers that offer sufficient guarantees that appropriate technical and organizational measures ensure the protection of your data.

Data transfer to a third country

A transfer of data to third countries does not take place and is not intended.

Duration of storage

The data will be deleted by us on a regular basis, but no later than a maximum of 90 days, unless a longer retention period is required by law or necessary for asserting, exercising, or defending legal claims.

Provision of data

The provision of personal data about the data subject is technically necessary for the use of the Wi-Fi. Without this data, you will not be able to use our t Wi-Fi.

Business relationships

The following information shows you how we handle your data when you contact us, when contract negotiations take place with us and/or when contractual agreements exist with us.

Processing purposes and legal basis

The data processing is carried out for the purpose of contract processing. The processing of your data is required in accordance with Article 6(1)(b) GDPR for the initiation and fulfillment of contracts.

Furthermore, the processing of your personal data may be carried out on the basis of Art. 6 para. 1 lit. f GDPR may be necessary to protect our legitimate interests. Our legitimate interests consist in the avoidance of economic disadvantages through credit checks, invitations to events, assertion of legal claims and avoidance of legal disadvantages (e.g. in the event of insolvencies), defence against dangers and liability claims and avoidance of legal risks, e-mails, prevention of criminal offences.

Data category and data origin

We process the following categories of data: Master and contact data: title, name (first and last name), department and function in the company, address, e-mail, phone, fax, date of birth, purchase history, contract data, billing data.

The data were transmitted directly to us by our customers and interested parties.

Recipients

We do not pass on your personal data to third parties. Excluded from this are our service partners if this is necessary for the fulfillment of the contract, such as parcel and letter deliverers and tax authorities.

Duration of storage

The data stored about you will be deleted after fulfillment of the contract, provided that there are no further legal obligations to retain it. These include, for example, commercial and financial law data. These will be deleted after ten years in accordance with the legal regulations, unless longer retention periods are prescribed or necessary for legitimate reasons. If you revoke your consent to the use of your data, it will be deleted immediately, unless the above reasons speak against it.

Right to object

You have the right to object to the processing. You can object to the use of your data at any time in the future.

Provision of data

The provision of personal data is contractually required or necessary for the conclusion of a contract. If the required personal data is not provided, we will not be able to enter into a business relationship with you.