Privacy Policy

Preamble

In this Privacy Policy, we inform you about the collection of personal data when you use our website. Personal data means any data relating to you as a person, such as your name, address, e-mail addresses or user behaviour.

Controller / DPO

General information about the collection of data when you visit our website

If you use the website for information only, i.e. if you do not otherwise transfer information to us (via our contact form, for example), we will only collect the personal data which your browser sends to our server (log file data):

These data are technically necessary for the purpose of displaying our website to you and to ensure its stability and security (the legal basis is the legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR).

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Thus, the user has no option to object.

Cookies – general information

Cookies are data stored on your computer by a website that you visit which enable us to recognise your browser again. Cookies are used to transfer information to the party that sets the cookie. Cookies can store various kinds of information, such as your language setting, the duration of your visit to our website or the data you have input there. This means, for example, that you do not need to re-enter necessary form data each time you use the site. The information stored in cookies can also be used to recognise preferences and to target content according to areas of interest.

There are different types of cookies: Session cookies are sets of data that are only temporarily stored in working memory and then deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predetermined period which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are visiting. Only that website is allowed to read information from these cookies. Third-party cookies are set by organisations other than the operator of the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for the potential processing of personal data by means of cookies and for their storage period may vary. If you have given us your consent, the legal basis is Art. 6 (1) (1) (a) GDPR and § 25 para. 1 (German national law – Gesetz zur Regelung des Datenschutzes und des Schutzes der Privatsphäre in der Telekommunikation und bei Telemedien (TTDSG)).

Where the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) (1) (f) GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionality and, with your consent, to measure coverage and tailor our services to preferred areas of interest.

You can delete cookies that are already stored on your end device at any time. If you wish to prevent the storage of cookies, you can use the settings in your internet browser to do this.

Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.

An information banner informs all visitors to our website about our use of cookies and refers them to this Privacy Policy. As a user, you will also be asked for your consent to the use of certain cookies, in particular those relating to the personalisation of services and to marketing measures.

After giving your consent, you may withdraw it at any time with effect for the future by going to the cookie settings here or at the bottom of our website and unchecking the box next to the processing for which you gave your consent.

Cookies – different types of cookies

a) Technically necessary cookies

We use cookies to ensure the functionality of our website and so that we can demonstrate compliance with applicable law. Some elements of our website require the identification of the requesting browser even after a page change.

We use the following technically necessary cookies:

b) Marketing cookies

Marketing cookies are used to track visitors across web pages. The intention is to display ads that are relevant and appealing to individual users. In order to improve our web pages, we collect personal data for statistical and analysis purposes (Google Analytics). We can use these cookies, for example, to determine the number of visitors and the effect of certain pages of our website and to optimise our content for you.

Borlabs-cookie

We use the borlabs-cookie service to obtain consent for the use of cookies via our website. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Strasse 17, 21107 Hamburg (hereinafter referred to as “Borlabs”).

When you visit our website, a necessary borlabs-cookie is stored in your browser which saves the declarations or withdrawals of consent made by you. A log file is also created as evidence of consent.

Whenever a user visits our website, Borlabs checks whether that user has already given consent to the use of cookies on a previous visit, using the consent tool.

The following information is stored in the cookie:

• Cookie runtime
• Cookie version
• Domain and path of the WordPress website
• Consent
• UID (randomly generated ID)

The purpose of the data processing is to comply with legal obligations and to store consent. The legal basis is Art. 6 (1) (1) (f) GDPR and § 25 para. 2 b) TTDSG. Our legitimate interest lies in the compliance with legal requirements and the storage of consent.

The maximum storage period is one year.

Google Analytics

Where you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of processing

Google Analytics uses cookies which enable an analysis of your use of our web pages. The information collected by the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the user ID feature. The user ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyse user behaviour across devices.

In Google Analytics 4, the anonymisation of IP addresses is enabled by default. With IP anonymisation, your IP address is truncated by Google within European Union Member States or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Your user behaviour during your visit to the website is recorded in the form of “events”. Events can be:

• Page views
• First visit to the website
• Start of session
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• Ads viewed/clicked

The following information is also recorded:

• Your approximate location (region)
• Your IP address (in truncated form)
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your internet provider
• The referrer URL (via which website / advertising medium you came to this website)

Purposes of the processing

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to compile reports on website activities. The reports provided by Google Analytics are used to analyse the performance of our website.

Recipients

Recipients of the data are / could be:

Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5 Ireland (as processor in accordance with Art. 28 GDPR)

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

It is possible that US authorities might access the data stored by Google.

Third-country transfer

Where data are processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to put an appropriate level of data protection in place. The parent company of Google Ireland, Google LLC, is based in California, USA. It is possible that data might be transferred to the USA and that US authorities might access the data stored by Google. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as you do within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Storage period

Data sent by us and associated with cookies are automatically erased after 2 months. The erasure of data whose retention period has been reached is performed automatically once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art. 6 (1) (1) (a) GDPR and § 25 para. 1 TTDSG.

Withdrawal of consent

You may withdraw your consent at any time with effect for the future by going to the cookie settings here and changing your selection there. The withdrawal of your consent shall not affect the lawfulness of processing carried out based on consent before its withdrawal.

Alternatively, you can prevent the storage of cookies in advance by configuring your browser software accordingly. However, configuring your browser to refuse all cookies may restrict some of the features on this and other websites. You can also prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by

1. not giving your consent to the cookie being set or
2. downloading and installing the browser add-on to disable Google Analytics

For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/privacy?hl=en-US.

Google Tag Manager

For reasons of transparency, we would like to point out that the source code of Google Analytics includes Google Tag Manager. Google Tag Manager is not actively used, but since it is included in the Google Analytics source code, Google Analytics cannot be used without Google Tag Manager. Please bear this in mind when giving consent to the use of Google Analytics. When you give consent to the use of Google Analytics, you also consent to the use of Google Tag Manager.

The provider of Google Tag Manager is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Tag Manager facilitates the integration and management of tags. Tags are small pieces of code that are used, among other things, to measure traffic and visitor behaviour, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimise websites. We do not actively use Tag Manager for the Google Analytics service. It is merely part of the Google Analytics source code.

The legal basis for the data processing is your consent in accordance with Art. 6 (1) (1) (a) GDPR and § 25 para. 1 TTDSG. You may withdraw your consent at any time with effect for the future here or at the bottom of our website under “Cookie Settings”.

For more information on Google Tag Manager, please see: https://www.google.com/intl/de/tagmanager/use-policy.html.

YouTube

We use services from YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the controller for your data.

We obtain consent from you using our cookie banner, Art. 6 (1) (1) (a) GDPR and § 25 para. 1 TTDSG. If you have not given your consent using our cookie banner but you would like to view a YouTube video on our website later on, you can also give your consent via our content blocker in accordance with Art. 6 (1) (1) (a) GDPR.

If you visit a page with an embedded YouTube video, no connection will be made to the YouTube servers until you have given YouTube your consent via the cookie banner or the content blocker. If you have given your consent, YouTube will set cookies in this case and use your visit data for its own purposes. If you are logged in to YouTube at the time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Your consent is voluntary and may be withdrawn at any time with effect for the future by changing your cookie settings here or by clicking on “Cookie Settings” at the bottom of our website.

If you have not given your consent and you later decide to change your mind, you can either change your cookie settings as described above or go directly to the embedded YouTube video blocked by the content blocker (the content blocker will ensure that no data are transferred) and give your consent there.

Where data are processed outside the European Economic Area / the EU and there is no level of data protection equivalent to the European standard, Google states that it makes use of standard contractual clauses.
Google provides more information about YouTube privacy at the following link: https://www.google.de/intl/de/policies/privacy/.

LinkedIn Social Bookmarks

This website uses social bookmarks provided by LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

Social bookmarks are Internet bookmarks which are integrated into our website solely as a link to LinkedIn. After voluntarily clicking on the LinkedIn graphic, you will be redirected to the provider’s page, i.e. only then will user information be transmitted to the provider. No data are sent to LinkedIn when you access our website, however.

For information about how LinkedIn handles your personal data, please refer to LinkedIn’s privacy policy:

https://de.linkedin.com/legal/privacy-policy

Contact

You have the option to contact us via our e-mail address. We will store the personal data transmitted to us in this way (your e-mail address and your name if applicable) in order to answer your questions and to deal with your concerns. The legal basis is Art. 6 (1) (1) (f) GDPR.

Where we request information that is not necessary in order to contact you, we always mark this as optional. We use this information to clarify your enquiry and to improve the processing of your request. This information is expressly provided on a voluntary basis and with your consent, Art. 6 (1) (1) (a) GDPR. Where this information relates to communication channels (e.g. e-mail address, telephone number), you also give us your consent to use it for the purpose of responding to your request, if necessary. You may, of course, withdraw this consent at any time for the future.

Your data that we have received in the course of contacting you will be erased as soon as they are no longer required to achieve the purpose for which they were collected and once your request has been fully processed and no further communication with you is required or desired by you.

As the controller, our company has implemented numerous technical and organisational measures to ensure the best possible protection for the personal data processed via this website. Nevertheless, internet-based data transmissions may, in principle, contain security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask that you do not send sensitive data by unencrypted e-mail, but rather that you use the postal service or encrypt attachments.

Transfer of data

As a matter of principle, your personal data will not be transferred to third parties for purposes other than those listed.

We will only transfer your personal data to third parties:

• if you have previously given us your express consent to do so,
• if the transfer is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being transferred,
• in the event that there is a legal obligation to transfer the data, or
• if it is legally permissible and necessary for maintaining contractual relationships with you.

External service providers and partner companies such as IT service providers only receive your data to the extent required to process your order. In such cases, however, the extent of the data transmitted is limited to the necessary minimum. Where our service providers process your personal data on our behalf, we ensure that they comply with the provisions of the data protection laws in the same way within the scope of commissioned data processing pursuant to Art. 28 GDPR. Please also take note of the privacy notices of the respective providers. The content of third-party services is the responsibility of the service provider in question, and we verify within reason that the services comply with the legal requirements.

We make a point of processing your data within the EU/EEA. However, we may use service providers which process data outside the EU/EEA. In such cases, we ensure that the recipient has implemented an adequate level of data protection comparable to the standards within the EU before we transfer your personal data. The company can achieve this, for example, through EU standard contractual clauses, Binding Corporate Rules, or by submitting to the provisions of special agreements.

Information about the rights of data subjects

We will be happy to provide you with information about whether we process personal data concerning you and if so, which personal data and for what purposes (Art. 15 GDPR). In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal provisions.

You shall have the right at any time, on grounds arising from your particular situation, to object to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (1) (e) or (f) GDPR, including profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the purpose of the processing is the establishment, exercise or defence of legal claims.

Where personal data are processed for the purpose of direct marketing, you shall have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

To exercise your rights as described above, please contact us by e-mail at moc.xebociakot@noitcetorp.atad or by post at Tokai COBEX GmbH, Gustav-Stresemann-Ring 12-16, 65189 Wiesbaden, Germany. You will not be charged for exercising your rights as described above.

Information about the right to lodge a complaint

If you consider that the processing of personal data concerning you breaches data protection regulations (Art. 77 GDPR), you may at any time, without prejudice to these rights and the option of seeking any other administrative or judicial remedy, exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or the place where the suspected breach took place.

The competent subervisory authority for us is: The Hessian Commissioner for Data Protection and Freedom of Information.

Address  :

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany

Links to other websites

Our web pages may contain links to websites of other providers. We would like to point out that this Privacy Policy solely applies to the web pages of Tokai COBEX GmbH. We have no influence over, nor do we monitor, the practices of other providers with respect to compliance with the applicable data protection regulations.

Applications

You can apply to our company electronically, in particular by e-mail and using the application form. Of course, we will only use your information to process your application and will not forward it to third parties. Please note that e-mails sent unencrypted are transmitted without access protection.

Your information will be used for processing your application and deciding on the establishment of an employment relationship. The legal basis is Sec. 26 (1) in conjunction with Sec. 26 (8) (2) of the Federal Data Protection Act [German acronym: BDSG]. In addition, your personal data may be processed should this be necessary to defend against legal claims asserted against us which may arise from the application process. The legal basis for such processing is Art. 6 (1) (1) (f) GDPR. The legitimate interest in the processing is also in the stated purposes.

Where an employment relationship is established between you and us, we may further process the personal data we have already received from you for the purposes of the employment relationship in accordance with Sec. 26 (1) BDSG if this is necessary for the performance or termination of the employment relationship or for the exercise or assertion of the rights and obligations of the employee representation resulting from a law or a collective wage agreement, an operating agreement or a service agreement (collective agreement).

If you have applied for a specific position and the position has already been filled or we consider you to be equally suited or more suited to another position, we would like to forward your application within the company and/or keep it for a longer period. Such forwarding or further storage will only happen if you have given your consent in accordance with Art. 6 (1) (1) (a) GDPR. You may withdraw your consent at any time with effect for the future.

Your personal data will be erased no later than 6 months after completion of the application process, unless there are other legitimate interests on our part which prevent us from erasing the data, you have expressly given us your consent to store your data for a longer period or a contract has been concluded.

Amendments to the Privacy Policy

We reserve the right to amend and/or adapt this Privacy Policy at any time taking account of applicable data protection regulations. Please see the latest version of our Privacy Policy whenever you visit our website.

Personal contact

+49 611 450435-10
moc.xebociakot@ofni

© 2024 Tokai COBEX GmbH all rights reserved

Privacy Policy for our LinkedIn page

We use our LinkedIn channel to attract attention to our company. The protection of your data is also very important to us on this channel. In this Privacy Policy, we inform you about the processing of personal data when you use this channel. If you have any further questions regarding the handling of your personal data, please do not hesitate to contact our data protection officer.

Controller / DPO

Social media channels

We operate the following social media web pages:

• LinkedIn

The operators of the following channels are joint controllers with us:

• LinkedIn

The limit of our responsibility is the point at which our control over data processing ends. We cannot influence data processing carried out by the operator of the channel beyond this point. Consequently, we cannot provide any information about which personal data the operator processes. For more information about the processing of the personal data collected and the options to object, please refer to the corresponding privacy policy of the channel provider.

Data processing by us

Data that you enter on our social media channel, such as comments, videos, images, likes or public messages, may be published by the social media platform. We will only use or process such data for the following purposes.

We will not publish personal data transmitted to us via social media, such as documents or communication data, but we cannot rule out the possibility that the social media provider might process or publish such data.

We would like to point out that we do not wish to receive applications via messengers, as it cannot guarantee the protection of your personal data to the extent that we deem necessary and desirable.

We also reserve the right to delete content should it be necessary to do so. We may share your content on our site if this is a function of the social media platform and if it is permitted, and we may communicate with you via the social media platform.

The legal basis for our data processing in the context of the social media channel is Art. 6 (1) (1) (f) GDPR. The data processing is carried out in the interest of our public relations work and up-to-date communication.

The social media provider is partly located in the USA and in other countries outside the EU and the EEA. The data may therefore also be processed by the platform provider in countries outside the EU. Please note that companies in these countries may be subject to data protection laws that do not provide the same level of protection for your personal data as is the case in EU Member States.

We would also like to point out that we have no influence over the extent, type and purpose of data processing carried out by the provider of the social media platform. For more information about the processing of your data by the social media provider, please refer to the platform provider’s privacy policy.

Data processing by the social media channel

On our website you will find links to our LinkedIn company page. You can recognise links to LinkedIn by the company logo. If you follow these links, you will reach our LinkedIn company page. Clicking on this type of link opens a connection to LinkedIn’s servers. This informs LinkedIn’s servers that you have visited our website.

In addition, further data are transferred to the platform provider, such as:

• the address of the website on which the activated link is located
• the date and time the website was accessed or the link was activated
• information about the browser and operating system used
• the IP address

We would like to point out, in particular, that the social media provider stores data from users (such as their IP address, preferences and personal interests, behaviour on the platform, any personal information stored on the platform, etc.) and uses those data for business purposes.

We would also like to point out that the provider of the social media platform uses web tracking methods and that web tracking can take place whether or not you are logged in and/or registered with LinkedIn. We have no influence over the web tracking methods used by the platform. If, for example, you wish to disable web tracking, you have to do so on the provider’s website.

If you are a LinkedIn member and you are logged into your user account, the social media provider can associate your visit to our site with your user account. If you wish to prevent the provider from linking data about your visit to our fan page with your membership data stored by the platform, you must

• log out of LinkedIn before each visit to our fan page,
• delete the cookies on the device
• and close and reopen your browser.

According to LinkedIn, this ensures that any information enabling LinkedIn to identify you is deleted.

It is possible that the provider of the social media platform might use your data to create a profile about you, for example, and thus generate customised advertising for you.

For more information about data processing by the provider of the social media platform and other options to object, please see the privacy policy here:
LinkedIn: https://de.linkedin.com/legal/privacy-policy

As we are joint controllers for data processing with LinkedIn, you can find the main content relating to joint processing of your data here:
https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn Insights

We can retrieve various categories of statistical data via the so-called “Insights” of the LinkedIn page. These statistics are generated and provided by LinkedIn. We as the operator of the page have no influence over the generation and presentation of these statistics. We cannot disable this function or prevent the data from being generated and processed.

LinkedIn provides us, for a selectable period of time, with the following data relating to our LinkedIn page for the categories of viewers, followers, persons reached and persons interacting with the page:

total number of page views, “likes”, page activities, post interactions, coverage, video views, post coverage, comments, shared content, responses, proportion of men and women, origin in terms of country and city, language, views and clicks, job functions and industry.

Due to LinkedIn’s continuous development, the availability and preparation of the data may change, so please refer to LinkedIn’s privacy policy, as referenced above, for more details.

We use these data, available in aggregated form, to make our posts and activities on our LinkedIn page more attractive for users. In this context, we receive anonymised data relating to the users of our LinkedIn fan page. It is impossible for us to draw any conclusions about you as a person from such data. For example, we use the distribution by age and gender for customised communication and the preferred visiting times of the users to optimise the timing of our posts. Information about the type of end devices used by visitors helps us to adapt the visual design of the posts accordingly. In accordance with the LinkedIn terms of use, which each user has agreed to as part of creating a LinkedIn profile, we can identify followers and viewers of the page and view their profiles as well as other information they share.

Your rights

We will be happy to provide you with information about whether we process personal data concerning you and if so, which personal data and for what purposes (Art. 15 GDPR). In addition, you have the right to rectification (Art. 16 GDPR), the right to restrict processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal provisions.

You shall have the right at any time, on grounds arising from your particular situation, to object to processing of personal data concerning you which is carried out on the basis of Article 6 (1) (1) (e) or (f) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the purpose of the processing is the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

To exercise your rights as described above, please contact us by e-mail at moc.xebociakot@noitcetorp.atad or by post at Tokai COBEX GmbH, Gustav-Stresemann-Ring 12-16, 65189 Wiesbaden, Germany. You will not be charged for exercising your rights as described above.

Information about the right to lodge a complaint

If you consider that the processing of personal data concerning you breaches data protection regulations (Art. 77 GDPR), you may at any time, without prejudice to these rights and the option of seeking any other administrative or judicial remedy, exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or the place where the suspected breach took place.

The competent subervisory authority for us is: The Hessian Commissioner for Data Protection and Freedom of Information.

Address  :

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany