Privacy Policy

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Bavaria Medizin Technologie GmbH. The use of the Internet pages of the Bavaria Medizin Technologie GmbH is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Bavaria Medizin Technologie GmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, the Bavaria Medizin Technologie GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

 

In the following, we inform you how and on what grounds we process your personal data and which rights you are entitled to.

 

1.    Who is Responsible for the Processing of Data?

Bavaria Medizin Technologie GmbH
Represented by
the Managing Directors: Knut Sauerteig, Ulrich Winkhaus
Argelsrieder Feld 8
82234 Wessling, Germany
Email: info.bmt [at] lubrizol.com
Telephone +49 8153 / 401 – 0 

 

You can reach our data protection officers by e-mail at
dsb.bmt [at] lubrizol.com or with the following contact information:

Munker Privacy Consulting GmbH
Data Protection Officer
Pähler Straße 5a
82399 Raisting, Germany
Telephone +49 8807 / 24447 0

 

2.    Purposes and Legal Grounds

Your personal data is processed in accordance with the provisions of the EU General Data Protection Regulation (hereafter referred to as GDPR), the German Federal Data Protection Act (hereafter referred to as BDSG), and other relevant data protection regulations.

2.1    Consent (Art. 6 Para. 1 Pt. a GDPR)

If you have given us your explicit consent to process personal data in certain cases, the respective consent is the legal ground for the processing mentioned there. You may withdraw your consent at any time, which will affect future processing.

2.2    Carrying out Pre-Contractual Measures and Fulfilling Contractual Obligations (Art. 6 Para. 1 Pt. b GDPR)

We process your personal data to carry out measures and activities as part of pre-contractual relations, in particular for contract negotiations. In addition, your personal data is processed for the purpose of carrying out our contracts with you, in particular as part of our processing of orders and the use of your services.

2.3    Fulfillment of Legal Obligations (Art. 6 Para. 1 Pt. c GDPR)

We process your personal data to the extent that this is legally required to fulfill commercial and tax law record-keeping obligations or otherwise on the grounds of legal standards (e.g. pursuant to the German Money Laundering Act). 

2.4    Protection of Our Legitimate Interests or Those of a Third Party (Art. 6 Para. 1 Pt. f GDPR)

We may also process your personal data on the basis of a balancing of interests in order to protect our legitimate interests or those of a third party. This is done for the following purposes:

  • for the comparison with European and international anti-terrorism lists if this exceeds statutory requirements;
  • for the further development of services and products as well as existing systems and processes;
  • for obtaining information and exchanging data with credit agencies if this exceeds our commercial risk;
  • for the disclosure of personal data as part of due diligence (catalog of obligations), e.g. in the event of sales of companies;
  • for the enhancement of our data through research and use of publicly available data;
  • for statistical evaluations or for market analyses;
  • for benchmarking;
  • for internal and external investigations and/or security audits;
  • for ensuring and exercising our householder’s rights through appropriate measures (e.g. video surveillance);
  • for the enforcement of our rights and defense of unjustified claims in case of a legal dispute with you.

 

3.    Categories of Personal Data Processed by Us

The following categories of data are processed:

  • Data about your person (e.g. name, nationality, occupation/line of work),
  • Contact data (e.g. address, e-mail address, telephone number),
  • Bank data (e.g. account number),
  • Tax data (e.g. VAT ID number),
  • Information about your financial situation (e.g. credit rating data),
  • ·Register information and other data from public sources (e.g. Internet, media, the press, commercial registers and associations, register of residence, register of debtors, land registry).

 

4.    Who Receives Your Data?

We pass on your personal data to those within our company who require the data to fulfill contractual and legal obligations or to implement our legitimate interests.

 

Moreover, the following may receive your data:

  • Contract processors (Art. 28 GDPR) and contract services used by us for supporting business activities, e.g. in the areas of IT services, logistics and printing services, archiving, document processing, data destruction services, purchasing/procurement, media technology, tax and auditing, courier services;
  • Public bodies and institutions where there is a legal or official obligation according to which we are required to disclose data;
  • Bodies and institutions due to our legitimate interest or the legitimate interest of the third party for the purposes mentioned in Section 2.4 (e.g. to authorities, credit agencies, debt collectors, lawyers, courts, assessors).

 

5.    Transfer of Your Data to a Recipient in a Third Country or to an International Organization

A data transfer to third countries (countries outside the European Economic Area - EEA) takes places only to the extent that this is required to carry out a contract with our customer (e.g. payment orders) or you have given us your consent or this is otherwise legally permissible. In this case, we take measures to ensure the protection of your data; for example, by means of contractual provisions. We transfer exclusively to recipients who ensure the protection of your data pursuant to the regulations of the GDPR for the transfer to third countries (Art. 44 to 49 GDPR). The processing of your data in a third country is also done in connection with the use of services as part of processing orders.

In the absence of a decision by the EU Commission on an appropriate level of data protection in the country in question, we ensure pursuant to Art. 46, 47 GDPR that your personal data, rights and freedoms are appropriately protected and guaranteed with the recipient by means of binding corporate data protection rules, contracts or other legally provided guarantees, unless pursuant to Art. 49 GDPR there is a legal exception to compliance with the appropriate level of protection.

Within the corporation (The Lubrizol Corporation), a respective Intercompany Data Transfer Agreement has been concluded.

 

6.    How Long Do We Save Your Data?

To the extent required, we process your personal data for the duration of our contractual relationship with you.

Moreover, we are subject to various retention and documentation requirements, which result from the legal framework. The periods of retention or documentation are up to ten years after the end of the contract.

Finally, the retention period is also determined by statutory limitation periods, which, for example, in accordance with paragraphs 195 and onward of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.

 

7.    To What Extent is there Automated Decision-Making in Individual Cases (Including Profiling)?

No purely automated decision-making processes are used by us in accordance with Art. 22 GDPR. Should we use such processes in individual cases, we will inform you separately of such.

 

8.    Scope of Your Obligations to Provide Us with Your Data

You need only provide us with the data required for the establishment and carrying out of a contractual relationship with us, which we are legally obliged to collect or entitled to collect in order to protect legitimate interests. You are not obliged to provide personal data. Without such data, however, the proper carrying out of the contract would not be possible, which could ultimately result in the refusal to conclude a contract or the termination of a contract. Insofar as we request additional data from you, you will be informed separately of the voluntary nature of providing the information.

 

9.      Rights of Data Subjects

You have the right:

  • pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of the personal data, the categories of the recipients to whom your data has been or will be disclosed, the envisaged duration that the data will be saved, the existence of a right to rectify, erase, restrict or object to the processing, the existence of a right to lodge a complaint, the origin of your data if not compiled by us, as well as the existence of automated decision-making including profiling and information concerning such if applicable;
  • pursuant to Art. 16 GDPR to request immediately the rectification of inaccurate or incomplete personal data saved by us;
  • pursuant to Art. 17 GDPR to request the erasure of your personal data saved by us, as long as the processing is not required for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims;
  • pursuant to Art. 18 GDPR to request the restriction of processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful, you refuse its deletion and we no longer require the data, you require it for establishing, exercising or defending legal claims, or you have lodged a complaint to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller;
  • pursuant to Art. 7 para. 3 GDPR to withdraw your consent given to us at any time. As a consequence, we are not permitted to continue the data processing, which was based on this consent, in future.

If you want to assert one of these rights, please contact us or our data protection officers.

 

Information About Your Right to Object Pursuant to Art. 21 GDPR

You have the right to object to the processing of personal data concerning you that is carried out on the grounds of Art. 6 para. 1 pt. f GDPR (data processing to protect legitimate interests) or Art. 6 para. 1 pt. e GDPR (data processing for tasks carried out in the public interest).

If you object, we will no longer process your personal data, unless we can prove compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves for establishing, exercising or defending legal claims.

Information About Your Right to Withdraw Pursuant to Art. 7 Para. 3 GDPR

Insofar as we process your personal data for specific purposes on the grounds of your consent, you have the right to withdraw your consent at any time pursuant to Art. 7 para. 3 GDPR. After receiving your withdrawal, we will stop processing your data for the purposes for which you have given us your consent. The legality of the processing before receipt of your withdrawal remains unaffected.

Please take notice that the withdrawal takes effect for the future only. Processing that took place before the withdrawal is not affected.

Objection to Processing for Purposes of Direct Marketing

In the case of data processing for direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made without filling out a form and should be addressed to:
dsb.bmt [at] lubrizol.com or to the contacts given in the imprint.

 

10. Your Right to Lodge a Complaint with the Supervisory Authority

You have a right of lodge a complaint with the data protection supervisory authority if you believe that the processing of your data violates the GDPR (Art. 77 GDPR). The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18, 91522 Ansbach, Germany, Telephone: +49 (0) 981 180093-0, E-Mail: poststelle
 [at] lda.bayern.de

1.    Introduction

Thank you very much for your interest in our company. Bavaria Medizin Technologie GmbH places great importance on data protection. With the following information, we would like to give you as a “data subject” an overview of how your personal data is processed by us and your rights under the data protection laws. In principle, it is possible to use the Internet pages of Bavaria Medizin Technologie GmbH without entering personal data. Insofar as you would like to make use of particular services of our company via our website, the processing of personal data may, however, be required. If it is necessary to process personal data and there is no legal basis for such processing, we will obtain your consent.

The processing of data about your person, such as your name, address or e-mail address, shall always be carried out pursuant to the General Data Protection Regulation (hereafter referred to as GDPR) and in compliance with the country-specific data protection regulations applicable to Bavaria Medizin Technologie GmbH. By means of this data protection policy, we would like to inform you of the scope and purpose of the personal data collected, used and processed by us.

As the “controller”, Bavaria Medizin Technologie GmbH has implemented numerous technical and organizational measures to ensure the most comprehensive protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can have, in general, gaps in security, meaning that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, such as over the telephone or by mail.

 

2.    Persons Responsible

Bavaria Medizin Technologie GmbH
Represented by
the Managing Directors: Knut Sauerteig, Ulrich Winkhaus
Argelsrieder Feld 8
82234 Wessling, Germany
Email: info.bmt [at] lubrizol.com
Telephone +49 8153 / 401 – 0 

 

3.    Data Protection Officer

You can reach our data protection officers by e-mail at
dsb.bmt [at] lubrizol.com or with the following contact information:

Munker Privacy Consulting GmbH
Data Protection Officer
Pähler Straße 5a
82399 Raisting, Germany
Telephone +49 8807 24447 0

You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

 

4.    Definition of Terms

The data protection policy of Bavaria Medizin Technologie GmbH is based on the terminology that is used by the European Legislator when enacting the General Data Protection Regulation (GDPR). To ensure that our data protection policy is easy to read and understand for both the public and for our customers and business partners, we would like to explain the following terms:

4.1    Personal Data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2    Data Subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller (our company).

4.3    Processing

Processing means any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organization, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.4    Restriction of Processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

4.5    Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

4.6    Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

4.7    Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

4.8    Recipient

Recipient means a natural or legal person, public authority, agency or other body, to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

4.9    Third Party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or the processor, are authorized to process personal data.

4.10    Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him
or her.

 

5.    Legal Grounds for the Processing

Art. 6 para. 1 pt. a GDPR serves as the legal ground for processing operations in our company for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the fulfillment of a contract to which you are a party, as is the case, for example, when processing operations are necessary for the delivery of goods or the performance of other services, the processing is grounded on Art. 6 para.1 pt. b GDPR. The same applies to processing operations which are necessary for the performance of pre-contractual measures, for example, in cases where inquiries are made regarding our products or services.

If our company is subject to a legal obligation by which the processing of personal data is required, such as, for example, to fulfill tax obligations, the processing is grounded on Art. 6 para. 1 pt. c GDPR.

In rare cases, the processing of personal data can become necessary to protect the vital interests of the data subject or another natural person. This would be the case if, for example, a visitor to our company is injured and his name, age, health insurance data or other vital information needs to be shared with a doctor, a hospital or other third parties. In this case, the processing is grounded on Art. 6 para. 1 pt. d GDPR.

Finally, processing operations may be grounded on Art. 6 para. 1 pt. f DSGVO. Processing operations that are not covered by any of the aforementioned legal grounds are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European Legislator. In this respect, the European Legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).

 

6.    Technology

6.1    SSL/TLS Encryption

To ensure security of data processing and to protect the transmission of confidential information such as order requests, login data or contact requests which you send to us as the operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that there is “https://” instead of “http://” and a lock symbol in the address bar of your browser.

When the SSL or TLS encryption is activated, the data you are transmitting to us cannot be read by third parties.

6.2    Data Collection when Visiting the Website

When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (in so-called “server log files”). Our website collects a range of general data and information every time you or an automated system access a page. This general data and information are stored in the server log files. The following can be recorded:

1. Browser types and versions used,

2. The operating system used from the accessing system,

3. The website from which an accessing system reaches our website (so-called referrer),

4. The subsites which are controlled via an accessing system on our website,

5. The date and time of access on the website,

6. An Internet Protocol (IP) address,

7. The Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person; rather, this information is necessary:

1. To deliver the contents of our website correctly,

2. To optimize the contents of our website and the advertising for it,

3. To ensure the lasting operability of our IT systems and the technology of our website,

4. To provide law-enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

The data and information collected are, therefore, evaluated by us statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject.

The legal ground for data processing is Art. 6 para. 1 pt. f GDPR. Our legitimate interest results from the purposes for data collection listed above.

 

7.    Our Activities on Social Networks

In order to be able to communicate with you on social networks and inform you of our services, we represent ourselves with our own pages on these networks.

We are not the original provider (controller) of these pages but use them only within the framework of the opportunities offered by the respective providers.

Therefore, we would like to point out as a precaution that your data may also be processed outside of the European Union or the European Economic Area. Any use may, therefore, involve data protection risks for you, as it may be difficult to protect your rights, e.g. to information, erasure, objection, etc., and processing on social networks is often carried out directly by the providers for advertising purposes or for analysis of user behavior, without this being able to be influenced by us. If user profiles are created by the provider, cookies are often used, or user behavior is directly assigned to your own social network profile (if you are logged in).

The processing of personal data described is carried out pursuant to Art. 6 para. 1 pt. f GDPR on the grounds of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a modern way or to inform you of our services. If you must give your consent to data processing as a user with the respective provider, the legal grounds are Art. 6 para. 1 pt. a GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the provider’s databases, we would like to point out that your rights (e.g. to information, rectification, erasure, etc.) are best exercised directly with the respective provider. For further information on the processing of your data on social networks and the possibility to make use of your right of objection or withdrawal (so-called opt-out), we have listed the respective provider of the social network we use:

 

7.1    XING

Controller for the processing of data in Germany:
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

Data Protection Policy:
https://privacy.xing.com/de/datenschutzerklaerung 

Request for information for XING members:
https://www.xing.com/settings/privacy/data/disclosure

 

8.    Your Rights as Data Subject

8.1    Right of Confirmation

You have the right to request confirmation from us whether your personal data is processed.

8.2    Right of Access Art. 15 GDPR

You have the right to obtain information free-of-charge at any time from us about the personal data stored about your person as well as to receive a copy of this data.

8.3    Right to Rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. The data subject also has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data.

8.4    Right to Erasure Art. 17 GDPR

You have the right to request from us the erasure of your personal data without undue delay, provided that one of the statutory reasons applies and the processing is not necessary.

8.5    Right to Restriction of Processing Art. 18 GDPR

You have the right to obtain from us restriction of processing if one of the statutory requirements is met.

8.6    Right to Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller, without hindrance from us, to whom the personal data has been made available, provided that the processing is grounded on consent pursuant to Art. 6 para. 1 pt. a GDPR or Art. 9 para. 2 pt. a GDPR, or on a contract pursuant to Art. 6 para. 1 pt. b GDPR, and provided that the processing is carried out with the aid of automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to request that personal data be transferred directly from one controller to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of others

8.7    Right to Object Pursuant to Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the grounds of Art. 6 para. 1 pt. e GDPR (data processing in the public interest) or pt. f GDPR (data processing founded on a balancing of interests).

This also applies to profiling within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we can prove compelling reasons for the processing which are worth of protection and which outweigh your interests, rights and freedoms, or unless the processing serves for establishing, exercising or defending legal claims.

In individual cases, we process personal data in order to carry out direct advertising. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing your personal data for the purposes of direct marketing, we will no longer process the personal data for these purposes.

You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out by us, for the purposes of scientific or historical research or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

In connection with the use of information society services and irrespective of Directive 2002/58/EC, you are free to exercise your right to object by means of automated procedures which use technical specifications.

8.8    Right to Withdrawal of Consent under Data Protection Law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

8.9    Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint to a supervisory authority responsible for data protection about our processing of personal data.

 

9.    Changes to the Data Protection Policy

This data protection policy is in effect as of October 2020.

As a result of future development of our website or due to changes in statutory or official requirements, it may become necessary to amend this data protection policy. You can access and print out at any time the current data protection policy at https://www.bavaria-medizin.de/de/datenschutzerklaerung/

We are pleased that you are interested in our company and that you have applied or are applying for a position with us. In the following, we would like to inform you about the processing of your personal data in relation to your application.

 

1.    Who is Responsible for the Processing of Data?

Bavaria Medizin Technologie GmbH
Represented by
the Managing Directors: Knut Sauerteig, Ulrich Winkhaus
Argelsrieder Feld 8
82234 Wessling, Germany
Telephone +49 8153 / 401 – 0
Email: info.bmt[at]lubrizol.com

 

You can reach our data protection officers by e-mail at
dsb.bmt [at] lubrizol.com or with the following contact information:

Munker Privacy Consulting GmbH
Data Protection Officer
Pähler Straße 5a
82399 Raisting, Germany
Telephone +49 8807 24447 0

 

2.    Purposes and Legal Grounds

We process your personal data, as far as it is necessary, to review the grounds for an employment relationship. The legal ground for this is Art. 6 para. 1 pt. b of the General Data Protection Regulation (hereafter referred to as GDPR) in conjunction with § 26 of the German Federal Data Protection Act (BDSG).

We collect only personal data from you (in particular first name, surname, postal address, e-mail address, position applied for, information from the application form) that are necessary for the application process. To fully review your application, it is necessary that you also provide us with information about your previous professional career.

In the case of an online application, you enter this data independently into the online form; in any other type of application, we record the relevant information from the employment application and scan any accompanying documents.

For the purpose of your application, we will use only data that originates directly from you or from a person whom you have authorized. Within the course of the application process, further personal data may be collected from you personally, from generally accessible sources or from former employers and trainers. This may also include data that you provide online for the purpose of professional representation (e.g. in business networks). We do not carry out any further research about you, e.g. by using online search engines.

When filling certain positions, especially management positions, we may involve consultants to carry out assessments or capability analyses - provided you have given your explicit consent.

Should we ask you in the application process about the form of address you desire concerning gender, this is solely because we want to address you in the correct manner. Your age or date of birth is required because some of our job activities require a minimum age by law.

2.1    Consent (Art. 6 Para. 1 Pt. a GDPR)

If and insofar as you have given us your consent to process your data for specific purposes, e.g. to actively contact you in order to provide you with additional vacant positions within our company or at one of our corporate branches, the processing time is dependent on the purpose of the consent that was granted. Please take notice of the information provided in connection with the declaration of consent.

2.2    Carrying out Pre-Contractual Measures and Fulfilling Contractual Obligations (Art. 6 Para. 1 Pt. b GDPR)

We process your personal data to carry out measures and activities within the scope of pre-contractual relations, in particular for contract negotiations.

2.3    Fulfillment of Legal Obligations (Art. 6 Para. 1 Pt. c GDPR)

We process your personal data to the extent that this is legally required to fulfill commercial and tax law record-keeping obligations or otherwise on the grounds of legal standards (e.g. pursuant to the German Money Laundering Act). 

2.4    Protection of Our Legitimate Interests or Those of a Third Party (Art. 6 Para. 1 Pt. f GDPR)

We process your personal data, as far as it is necessary, for the defense of asserted legal claims from the application process against us. Legitimate interest is, for example, a duty of proof in legal proceedings pursuant to the German General Equal Treatment Act (AGG).

 

3.    Categories of Personal Data that are Processed by Us and From Where the Data Originate

We process the personal data that we receive from you yourself as part of the application process. This data is the data that you provide us as part of your application, in particular by submitting your employment application documents and providing information in job interviews. We also visit profiles of applicants on XING and LinkedIn or other professionally oriented social networks, provided that such exist. We do not visit profiles in private social networks.

It is also possible that we receive data from recruiters to whom you have given your employment application documents and who recommend you to us as a candidate for a position.

 

4.    Who Receives Your Data?

It goes without saying that your data will be treated confidentially and will be made available only to those persons in the company who are involved in the decision-making process in regard to the hiring (e.g. Human Resources department, department in which the vacancy exists).

Provided that you have agreed to your documents being forwarded to other corporate branches in the course of your application, your application data, where applicable, is included in a respective company-wide applicant pool. 

Furthermore, data processors, such as software providers, IT service providers, document shredding services, etc., can be the recipients of the data. We have concluded a so-called data processing agreement with these providers which ensures that the data processing occurs in a permissible manner.

 

5.    Transfer of Your Data to a Recipient in a Third Country or to an International Organization

If we transfer personal data to services outside of the European Economic Area (EEA), the transfer will take place only when the third country was confirmed by the EU Commission as having an adequate level of data protection or when other appropriate data protection guarantees are in place (e.g. binding corporate data protection rules or EU standard contractual clauses), unless there is a statutory exemption from adherence to the level of data protection (Art. 49 GDPR), in particular your explicit consent.

Within the corporation (The Lubrizol Corporation), a respective Intercompany Data Transfer Agreement has been concluded.

 

6.    How Long Do We Save Your Data?

We retain your personal data for as long as it is necessary to bring the processing to fruition and/or to fulfill legal record keeping requirements.

If you are not selected for the position for which you have applied, we will delete your data; if you withdraw your application, six months after your application is withdrawn and, if we reject you, six months after the date of rejection. In the event that an employment contract is concluded between you and us or one of our corporate branches, your employment application documents will be included in your personnel file and kept for at least the duration of employment.

 

7.    To What Extent is there Automated Decision-Making in Individual Cases (Including Profiling)?

No purely automated decision-making processes are used by us in accordance with Art. 22 GDPR. Should we use such processes in individual cases, we will inform you separately of such.

 

8.    Scope of Your Obligations to Provide Us with Your Data

An employment application to us is voluntary. It is necessary to provide us with your personal data regarding your previous professional and/or educational background, your qualifications, your skills and information about yourself and how you can be reached, so that we can find out whether you as an applicant match the position to be filled and so that we can make a selection of personnel. Without providing personal data by you as an applicant, no selection of personnel or application process can be conducted.

Consequently, failure to provide personal data simply means that you cannot be considered as a candidate for the position. 

 

9.      Rights of Data Subjects

You can at the address given above and under certain conditions

  • pursuant to Art. 15 GDPR request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of the personal data, the categories of the recipients to whom your data has been or will be disclosed, the envisaged duration that the data will be saved, the existence of a right to rectify, erase, restrict or object to the processing, the existence of a right to lodge a complaint, the origin of your data if not compiled by us, as well as the existence of automated decision-making including profiling and information concerning such if applicable;
  • pursuant to Art. 16 GDPR request immediately the rectification of inaccurate or incomplete personal data saved by us;
  • pursuant to Art. 17 GDPR request the erasure of your personal data saved by us, as long as the processing is not required for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims;
  • pursuant to Art. 18 GDPR request the restriction of processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful, you refuse its deletion and we no longer require the data, you require it for establishing, exercising or defending legal claims, or you have lodged a complaint to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller;
  • pursuant to Art. 7 para. 3 GDPR withdraw your consent given to us at any time. As a consequence, we are not permitted to continue the data processing, which was based on this consent, in future. 

If you want to assert one of these rights, please contact us or our data protection officers.

 

Information About Your Right to Object Pursuant to Art. 21 GDPR

You have the right to object to the processing of personal data concerning you that is carried out on the grounds of Art. 6 para. 1 pt. f GDPR (data processing to protect legitimate interests) or Art. 6 para. 1 pt. e GDPR (data processing for tasks carried out in the public interest).

If you object, we will no longer process your personal data, unless we can prove compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves for establishing, exercising or defending legal claims.

Information About Your Right to Withdraw Pursuant to Art. 7 Para. 3 GDPR

Insofar as we process your personal data for specific purposes on the grounds of your consent, you have the right to withdraw your consent at any time pursuant to Art. 7 para. 3 GDPR. After receiving your withdrawal, we will stop processing your data for the purposes for which you have given us your consent. The legality of the processing before receipt of your withdrawal remains unaffected.

Please take notice that the withdrawal takes effect for the future only. Processing that took place before the withdrawal is not affected. 

Objection to Processing for Purposes of Direct Marketing

In the case of data processing for direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. 

The objection can be made without filling out a form and should be addressed to:
dsb.bmt [at] lubrizol.com or to the contacts given in the imprint.

 

10. Your Right to Lodge a Complaint with the Supervisory Authority

You have a right of lodge a complaint with the data protection supervisory authority if you believe that the processing of your data violates the GDPR (Art. 77 GDPR). The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18, 91522 Ansbach, Germany. Tel.: +49 (0) 981 180093 0, E-mail: poststelle [at]
 lda.bayern.de