Data protection policy
Possehl Erzkontor GmbH & Co. KG
Thank you for visiting our website. Compliance with data protection legislation is particularly important for us. The aim of this data protection policy is to inform you as a user of the website about the type, extent and purpose of processing your personal data and about your rights as a data subject within the meaning of Art. 4(1) General Data Protection Regulation. The following data protection policy reflects the changes made by the General Data Protection Regulation (GDPR) in effect as of 25.5.2018. At the same time this policy also meets the requirements of Section 13 German Telemedia Act (TMG) which applied until this date.
This website and the services offered are operated by
Possehl Erzkontor GmbH & Co. KG
PO Box 1633
Phone: +49 451 929 62 0
Fax: +49 451 929 62 199
Management Board: Jan Weber (CEO), Nils Fleig (CFO)
- General remarks
We have designed the website to collect as little data from you as possible. Generally speaking, the website can be used without providing any personal data. Only when you decide to make use of certain services (e.g. to use the contact form) is it necessary to process personal data. When doing so, we always ensure that your personal data are only processed on an appropriate legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation in effect as of 25.5.2018 and applicable national legislation, such as the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and other specific data protection legislation.
The terms used in this data protection policy have the following meanings, as defined in the GDPR.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
When you visit our website there are some cases in which we require your consent to collect personal data.
Declaration of consent By using the form we provide, you consent to our collection of the personal data you provide and their processing as described in this data protection policy. You can withdraw this consent at any time with future effect by sending us a corresponding statement. However, you are advised that it will no longer be possible to use our service without your consent. Please use the contact channels mentioned above to withdraw your consent (in this case please provide us with your name, email and postal address).
- Purpose and legal basis for the processing of personal data
|Purpose of data processing||Legal basis for data processing (“Why is the data processing necessary?”)|
|To make contact and for related correspondence||On the basis of your consent|
|To process your request and provide any further advice you may want||On the basis of your consent|
|To arrange pre-contractual matters for the preparation of an offer||On the basis of your consent|
|To process your application for a job vacancy advertised by us||On the basis of your consent|
|To ensure that our website is presented to you in as effective and interesting a way as possible (e.g. by means of anonymised analysis)||On the basis of our legitimate interests|
|For the technical implementation of our services||On the basis of our legitimate interests|
- Personal data collected and processed
We only collect and process your personal data when you have provided it knowingly and freely. This is the case if you make contact with us and request information about our services and products. This contact is generally made by means of email. When you make contact by email you freely send us personal data and make them available for processing. We will only process your data for the purposes mentioned above. If a contract or business relationship does not come about we will erase your data when the purpose of their collection no longer applies.
The personal data and the contents you provide will remain solely with us and our affiliates. We will only store and process the data for the purposes mentioned in Point 5. Any further use requires your explicit consent. The same applies to the transfer and transmission of your data to third parties.
- General logfiles
The webserver temporarily stores in logfiles the access request, the connection data of the requesting device (IP address), the pages that you visit, the date and duration of your visit, the type of browser and operating system being used and the website from which you visit us. The technical administration of the website and the anonymous statistical analytics make it possible to analyse the visits to the Possehl Erzkontor website with the aim of increasing data protection and data security in our company, ultimately in order to ensure optimal security for the personal data we process.
The data in the server logfiles are stored separately from all the personal data you provide. Subject to any record-keeping obligations, we delete your IP address seven days after you leave our website.
- Job applications
You can find the names of contacts for applications and job vacancies advertised by us at https://www.erzkontor.com/en/company/job-offers-career.html.
If you apply for a job with Possehl Erzkontor by electronic means, your data is only used to process your application and is not forwarded to third parties. Please note that applications sent to Possehl Erzkontor by email are transmitted unencrypted. To this extent there is a risk that the data could be intercepted and used by unauthorised third parties.
We only collect and process the personal data that you send to us in the course of the application process, such as:
- Place of birth,
- Date of birth,
- Email address,
Data processing takes place in accordance with the applicable EU General Data Protection Regulation (DGPR) and the German Federal Data Protection Act as amended (BDSG-neu), and specific data protection rules for job applications, such as the German Social Code (SGB), Telecommunications Act (TKG) and the Works Constitution Act (BetrVerfG).
We process your data as necessary to protect our legitimate interests or those of third parties. This may relate to the assertion of legal claims, for instance, defending ourselves against litigation, company management and development activities.
The data collected are transferred within our company to the persons who have been appointed to administer the application procedure, who need them to fulfil their statutory duties. External processors working with the company may also receive your data for the purposes mentioned. In addition to other companies in the Group, this relates to IT service providers. We would like to point out that we also respect and apply data protection rules when data is forwarded to third parties in the circumstances described above.
Your data are only forwarded on the basis of statutory provisions, with your consent or when we are authorised to grant access to them. This may relate to data recipients, such as affiliated companies (application for other advertised vacancies) for which you have given us your consent to transfer the data.
Your personal data are processed and stored for the duration of the application process if necessary. We erase them once they have served their purpose, but no later than after 6 months. The data will be erased immediately if it is no longer necessary to store your data to administer the application procedure and there is no statutory retention period or we do not have your consent to a longer storage period.
Your data are not transferred to a third country, i.e. countries outside the European Economic Area (EEA).
No automatic decision-making takes place in the course of our job application process. We do not use data to form profiles for establishing and carrying out the application procedure.
8.1. d.vinci applicant management
Type and purpose of the processing
We have integrated components from d.vinci recruitment management into our website. d.vinci recruitment management is a service of d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, Germany, which provides recruitment and HR management software. d.vinci recruitment management is used in the context of recruitment in order to optimise the recruitment process, by automatically analysing company references, for example. In addition, d.vinci recruitment management enables us to prepare and analyse job adverts.
Purpose and legal basis
This service is used on the basis of our legitimate interests, i.e. our interest in optimising our recruitment process, in accordance with Art. 6(1) f GDPR. The legal basis for the data processing is Sec. 26 German Data Protection Act (BDSG).
We have no control over the length of time for which the processed data are stored, since this is determined by d.vinci HR-Systems GmbH. Further information can be found in the data protection policy of d.vinci recruitment management: www.dvinci.de/data-protection.
8.2 Notice on right of objection:
You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data. An objection has no effect, however, if there are grounds, which we must demonstrate, that outweigh your interests, rights and liberties, or if further processing services serves to establish, exercise or defend legal claims.
Your objection can be made in any form and will be forwarded to the person responsible without delay.
- contact form
You can contact us by e-mail or via our contact form (offer form for business customers). In this case, we store the personal data you provide in order to process your request and to contact you to handle your request. If we request information via our contact form, we have marked the mandatory fields required for contacting us accordingly (asterisk). The voluntary information is used to specify your request and to improve the processing of your request. The requested data is transmitted to us by you on a purely voluntary basis.
Depending on the type of request, the legal basis for this processing is Art. 6 para. 1 lit. b DSGVO for requests that you yourself make as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f DSGVO if your request is of a different nature. The legitimate interest follows from the purposes mentioned under point 3 a.). If personal data is requested that we do not need for the fulfillment of a contract or for the protection of legitimate interests, the transfer to us will be based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO.
- Embedded services and third-party contents
Our website uses contents and services from other providers. That includes road maps provided by Google Maps, for example. The transmission of the IP address is absolutely necessary for these data to be retrieved and displayed in the user’s browser. The providers (hereafter known as ‘third-party providers’) therefore know the IP address of the respective user.
Even if we strive only to use third-party providers which only need the IP address to deliver content, we have no control over whether the IP address is stored. In this case the procedure also serves statistical purposes. To the extent that we become aware that the IP address is stored, we will notify you.
10.1. Google fonts
Type and purpose of the processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our website. To obtain these fonts you make a connection to the servers of Google Ireland Limited and transmit your IP address.
Purpose and legal basis
The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision as well as the optimization of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.
10.2. Use of Google reCaptcha
Type and scope of processing
We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user’s browsing time and mouse movements in order to distinguish automated requests from human ones. This data is processed solely for the above purposes and to maintain the security and functionality of Google reCAPTCHA.
Purpose and legal basis
The service is used on the basis of our legitimate interests, i.e. for protection when submitting forms in accordance with Art. 6 para. 1 lit. f. DSGVO.
10.3 Use of Google AdWords
Type and scope of processing
Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider.
If you are registered with a Google Ireland Limited service, Google Ads can associate the visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features.
In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose and legal basis
We process your data with the help of Google Ads for the purpose of optimizing our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO.
10.4 Use of LinkedIn and Xing plugin
Social plugins (“plugins”) of the social networks LinkedIn and Xing are used on our website, operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland and XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For improved protection of your data when visiting our website, these buttons are not integrated as plugins without restrictions, but in the form of HTML links. This type of integration ensures that when you call up a page of our website on which such buttons are available, a connection is not yet established with the servers of LinkedIn and Xing. When you click on such a button, the LinkedIn or Xing page opens in a new browser window. There you can interact with the plugins there (if necessary after prior login). The purpose and scope of the data collection, the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy can be found in the privacy notices of LinkedIn: www.linkedin.com/legal/privacy-policy and Xing: https://privacy.xing.com/en/privacy-policy
10.5. General remarks on social media platforms
In order to present our company in the best possible way and communicate with you as a user, customer or potential customer and inform you about our services, we make use of our presence in social media networks.
You will find us on the following platforms and social networks:
When social networks are used your data is processed outside the European Union (EU) and the European Economic Area (EEA). Not all countries outside the EU can guarantee the same level of data protection as exists in the EU.
Risks may result for you as a user in this context, if the data transferred to third countries is processed with an inadequate level of data protection.
This makes it more difficult for you assert your user rights. It may also be that your data are processed by the provider in the third country in a way that is not in your interest.
The processing purposes of the social networks generally differ from ours. It is mostly the case that the data you post on social networks is processed for market research, advertising and user profiling for personalised advertising (e.g. Facebook, Google, Instagram, etc.). To do this, cookies are used which track user behaviour and enable user profiling. Facebook also creates user profiles of people who have no registered account with Facebook. A concrete list of the purposes of processing user data can be found in the data protection policies of the respective providers. By adjusting the settings of your user account accordingly it is at least possible to restrict profiling to a certain extent. Please read the data protection policies of the respective providers for details of how to do this.
Below you will find a detailed description of data processing by the respective providers and the opt-out opportunities they offer via the links to the providers’ websites:
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland) – privacy notice: www.linkedin.com/legal/privacy-policy , Opt-Out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) – privacy notice/ Opt-Out: privacy.xing.com/en.
10.6. Use of Matomo
Type and scope of processing
We use the open source software tool Matomo (formerly PIWIK) on our website. The software sets a cookie in your browser (for cookies, see already above). If individual pages of our website are called up, the following data is stored:
– Two bytes of the IP address of the user’s calling system (anonymized IP address).
– The website called up
– The website from which the user accessed the accessed website (referrer)
– The subpages that are accessed from the accessed website
– The time spent on the website
– The frequency with which the website is accessed
– The software runs exclusively on the servers of our website.
Your personal data is only stored there. The data is not passed on to third parties.
Purpose and legal basis
The specific storage period of the cookies set is 13 months.
This site uses only technically necessary cookies.
- Data security
Unfortunately the transmission of information via the internet is never 100% secure, which is why we cannot guarantee the security of data sent to our website via the internet.
However, we do take technical and organisational measures to secure our website against the loss, destruction, access, modification or dissemination of your data by unauthorised parties.
In particular, your personal data are transmitted to us in encrypted form. To do so we use the coding system SSL/TLS (Secure Sockets Layer/ Transport Layer Security). Our security measures are improved continuously in line with technological developments.
- Rights of data subjects
To the extent that you are a data subject within the meaning of Art. 4(1) GDPR, you have the following rights under the GDPR in connection with the processing of your personal data.
Right of access
Subject to the conditions of Art. 15 GDPR, you have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data free of charge at any time and a copy of the personal data.
Right to rectification
Subject to the conditions of Art. 16 GDPR, you have the right to obtain the rectification without undue delay of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
Subject to the conditions of Art. 17 GDPR, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the grounds mentioned in Art. 17 GDPR applies and the processing is not necessary.
Right to restriction of processing
Subject to the conditions of Art. 18 GDPR, you have the right to restriction of processing when one of the conditions mentioned in Art. 18 GDPR applies.
Right to data portability
Subject to the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the further conditions of Art. 20 GDPR apply.
Right to withdraw consent
You have the right to withdraw your consent to our processing of your personal data with future effect at any time. Please send your withdrawal notice to the contact details mentioned above.
Right to object
Subject to the conditions of Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. If the conditions for an effective objection apply, we may no longer process the data.
Right to lodge a compaint with a supervisory authority
Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
- Transfer of your personal data
The website is hosted by an external service provider in Germany. We ensure that data processing only takes place in Germany. This is necessary for operating the website and for establishing, performing and implementing the existing licence and is possible without your consent.
Data is also transferred when we are entitled or obliged to do so by statutory provisions and/or an order of a public authority or law court. In particular this may constitute the provision of information for the purposes of law enforcement, or to avert a public danger or to assert intellectual property rights.
To the extent that your data are transferred to a service provider as necessary, they only have access to your personal data to the extent necessary to perform their responsibilities. These service providers are obliged to handle your personal data in accordance with applicable data protection legislation, in particular the GDPR.
Beyond the circumstances mentioned above, we do not transfer your data to third parties without your consent. In particular we do not transfer any personal data to a body in a third country or an international organisation.
- Retention of personal data
We delete your personal data as soon as its storage is no longer required for its original purpose and no statutory record-keeping obligations apply. Statutory record-keeping obligations are ultimately the criterion for defining the retention period for personal data. Once the deadline expires, the data concerned are routinely erased. If record-keeping obligations exist, the processing is restricted by blocking the data.
- References and links
When websites are retrieved to which links have been set on our website, information such as name, address, email address, browser characteristics etc. may be requested again. This data protection policy does not govern the collection, transfer or handling of personal data by third parties.
Third-party providers may have their own different rules for the collection, processing and use of personal data. Before providing any personal data to third-party websites, users are therefore advised to inform themselves about their handling of personal data.
- Amendments to the data protection policy
We develop our website continuously in order to provide you with an ever better service. We will keep this data protection policy up to date at all times and amend it as necessary.
Of course we will notify you in good time of any changes to this data protection policy. We will do this e.g. by sending you an email to the address you have given us. To the extent that any further consent from you to our handling of your data should be required, we will of course obtain it before the relevant amendments take effect.
You can obtain the current version of our data protection policy at any time online from www.erzkontor.com/en/legal/privacy-policy.html.
- Data protection officer
Tel.: +49 451 – 16 08 52 -21 (ggf. -13)