Version: 3.0 – Date: 12.09.2022

Privacy Policy

General information

At Cevotec, we take the protection of your personal data very seriously and attach great importance to security, transparency and fairness of data processing. We treat your personal data confidentially and according to the legal data protection regulations as well as this privacy policy. We will never disclose personal data to third parties for the purpose of processing it for their own purposes without your express consent.

In this privacy policy, we inform you about the type, scope, purpose, duration and legal basis of the processing of personal data. In addition, we inform you about software and services from qualified, secure third-party providers that we have commissioned with the processing of personal data based on the purpose of use.

Personal data

Personal data is information that makes it possible to identify a person. In particular, this includes name, date of birth, address information (e-mail, mail, etc.) and telephone numbers.

Typically, we obtain personal information from you in one of the following ways:

  • Direct communication through personal conversation, business cards, emails, telephone, letter or other media,

Use of the contact form on this website,

  • Signing up for our newsletter on this website,
  • Other use of this website.

Personal data (hereinafter mostly referred to as “data”) is generally processed by us only within the scope of necessity of the respective processing purpose, due to legal requirements and for the provision of a functional and user-friendly website, including its contents and the services offered there.

The duration of the storage of your personal data varies and depends on the purpose as well as the use of the collected data. There are legal requirements that certain data must be stored for a certain period of time. Otherwise, we store data only as long as it is necessary for the respective purpose.

Protection of your data

We use comprehensive technical and organizational security measures to protect your personal data against accidental or unlawful disclosure, access, deletion, alteration or loss. Electronic data transmissions take place exclusively in the encrypted SSL procedure (Secure Socket Layer). However, we must additionally point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps beyond our control. A complete protection of the data against access by third parties is not possible.

Contact data of the controller and the data protection officer

Controller for the processing is:

Cevotec GmbH
Biberger Str. 93
82008 Unterhaching
E-Mail: info@cevotec.com

Contact data of the data protection officer:
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please name the company to which your inquiry relates. Please refrain from enclosing sensitive information such as a copy of an ID card with your request.

Information about the data processing on the website

In this section we inform you comprehensively about the data processing on our website. We will never disclose personal data to third parties for the purpose of processing it for their own purposes without your express consent. However, in many cases, we use software and services from qualified, secure third-party vendors with whom we process and store your data. Details about the use of third-party providers can be found in the section below.

Usage-related data when visiting our website (server log files)

Our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type / browser version,
  • Operating system used,
  • Referrer URL,
  • Host name of the accessing computer,
  • Time of the server request
  • IP address.

This information is technically necessary to correctly deliver the content of websites requested by you and is mandatory when using the Internet. This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

The purpose of the data processing is to evaluate the functionality of the website. Access to this information in your terminal equipment is carried out in accordance with § 25 Para. 2 (2) TTDSG, as this is absolutely necessary to provide you with the website.

Cookies and web analytics

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. language settings). Other cookies are used to evaluate user behavior or display advertising.

Absolutely necessary cookies for the provision of our website are stored on the basis of § 25 para. 2 (2) TTDSG in conjunction with. Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free provision of our services. Other cookies are stored based on § 25 para. 1 TTDSG only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

Insofar as cookies are used for analysis and optimization purposes, we will inform you separately about this within the scope of this privacy policy and obtain your consent.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or  http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

Change cookie settings:
You can revoke or change your cookie settings at any time. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. 

Information about the use of third-party providers

For the processing and storage of data, we use software and services from qualified, secure third-party providers with whom we have concluded corresponding data processing agreements or have otherwise structured the cooperation in compliance with data protection law. In this section, you will find the data protection information on these third-party providers. The underlined terms indicate the area of data processing to which the software and services of the third-party providers relate, as described in the previous section.

Cookiebot

We use the consent management tool “Cookiebot” from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). With Cookiebot, we can display a cookie banner and collect and manage your consent to the various services on our website.

In doing so, the following data is collected with the help of cookies:

  • IP address
  • Date and time of consent
  • Browser information
  • URL visited
  • Consent status

Processing is based on Art. 6 para. 1 lit. c) GDPR, the fulfillment of our legal obligation to obtain effective consent for certain processing operations and to provide evidence of such consent. Your data will be stored for 12 months. Thus, your cookie preference will also be stored for subsequent site visits.

Further information on data protection can be found in the provider’s privacy policy: https://www.cookiebot.com/en/privacy-policy/

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons. Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. We use Google Analytics only with activated IP anonymization. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/
https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analyzing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

Google Maps

Our homepage uses the online map service provider Google Maps via an interface. Provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to display interactive maps directly on the website and makes it easy for you to use the map function. To use the functionalities of Google Maps it is necessary to save your IP address.

Google uses Cookies, to collect information about user behavior. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, Google uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.

Further information on the handling of user data can be found in Google’s privacy policy:
https://www.google.de/intl/en/policies/privacy/
Opt-out: https://www.google.com/settings/ads/

YouTube videos

On our website we embed videos from “YouTube”, a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

If the display of the embedded YouTube videos is started by your consent, the provider “YouTube” uses cookies to collect information about user behavior. According to information from “YouTube”, these serve, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your information is associated directly with your account when you click on a video. If you do not want your profile to be associated with YouTube, you must log out before activating the button. Google stores this data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its websites. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, Google uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy

DoubleClick

We use “DoubleClick” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.

We use DoubleClick for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user.

The following data is collected:

  • Click path
  • IP address
  • Number of visits
  • transactions
  • Cookie ID
  • Unique identifier of the mobile device
  • Pages visited
  • Usage data

The legal basis for the use of cookies is your consent to the processing of the above data pursuant to Art. 6 para. 1 lit. a) GDPR.

The data will be deleted as soon as they are no longer needed for the processing purposes. Cookies will be deleted after 30 days at the latest.

The data will be disclosed to the following recipients:

  • Google Ireland Limited
  • Google LLC
  • Alphabet Inc.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, Google uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy

Zoho Campaigns, Zoho CRM and Zoho SalesIQ

Different functions of the Zoho are integrated on our website. These functions are provided by Zoho Corporation, 4141 Hacienda Drive, Pleasanton, California 94588, USA. Our direct contractual partner is Zoho Corporation B.V., Hoogoorddreef 15, 1101 BA Amsterdam, Netherlands.

Zoho Campaigns

By subscribing to our newsletter, your data is automatically transferred to our account at Zoho Campaigns, from where we send our newsletters. Read more about how we use Zoho for our newsletters in the section “Newsletter”.

Zoho CRM and Desk

In addition, we use Zoho’s CRM system to organize our business contacts as well as our commercial activities such as contract processing with customers and suppliers. For this purpose, we store personal data on Zoho’s systems. When you download one of our whitepapers, we also feed your data into Zoho Campaigns and CRM.

For customer support purposes, support requests are stored as tickets in Zoho Desk, including the content of your request and your contact information. Additional contractual information, such as SLA class, validity and scope of support, between Cevotec and the contracting company is also stored in Zoho Desk. Real-time support sessions involving video conferencing and/or screen-sharing are done via Zoho Assist. The legal basis for these processing activities is Art. 6 para. 1 lit. f) GDPR, our legitimate interest in efficiently organizing customer data.

Zoho Sales IQ

If you have given us your consent, anonymized usage-related data is collected by the Zoho service SalesIQ (https://zoho.eu/salesiq). SalesIQ is an analytics service and uses so-called “cookies”, to enable the analysis of our website. The cookies use the users IP-address and collect information about how visitors use our website, the number of visits of each user and the duration of stay on the websites. IP addresses are shortened by the last digits to ensure anonymity. The legal basis for the processing of your data for analytics purposes is Art. 6 para. 1 lit. a) GDPR, your explicit consent, which you can revoke anytime with effect for the future.

Zoho stores data exclusively on servers in the EU. For technical support purposes, Zoho employees in India may access the data. A corresponding data protection agreement in accordance with European standards is in place with Zoho’s Indian subsidiary.

Since a transfer of personal data to a third country cannot be ruled out, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, the provider uses standard data protection clauses in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we strive to obtain additional regulations and commitments from the recipient in India.

Zoho’s full privacy policy can be found at https://www.zoho.com/privacy.html. 

Getting in contact with us

Contact form

If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. You are required to provide your name and an email address to contact us. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

We use the service provider “Zoho” in the context of processing contact requests. For more information, please read the Information about the use of third-party providers above. 

Gravity Forms

In order to provide you with the contact form on our website, we additionally use the WordPress plugin “Gravity Forms” from the company Rocketgenius Inc, 1620 Centerville Turnpike #102, Virginia Beach, VA 23464, USA.

If you enter personal data via our forms, this data, when submitted, is sent by e-mail to our respective employees responsible for getting into contact with you. No connection is established with the Gravity Forms servers or with the gravityforms.com website. We use the plugin based on Art. 6 para. 1 lit. f) GDPR, our legitimate interest in the effective design of our website.

For more information, please see the provider’s privacy information. Gravity Forms: https://docs.gravityforms.com/wordpress-gravity-forms-and-gdpr-compliance/

Organization of contact information

When you come into business contact with us, we store your contact data on our systems in order to maintain contact with you. The legal basis for the use of a system for organizing contact data is our legitimate interest in the efficient organization of our business operations for the benefit of our owners. In this context, we only store data that you have sent to us or that we receive from publicly available information sources, as well as the history of our business contact and related documents that we have exchanged with each other. After your contact information is initially stored in our system, you will receive an automated email asking if you would like to receive our newsletter. If you do not respond to this email, you will receive one reminder message, but no further automated emails from us after that. We regularly check our data stock and delete data records that are no longer up to date.

We use the service provider “Zoho” to organize contact information. For more information, please read the Information about the use of third-party providers above.

Newsletter

If you would like to receive the newsletter offered on our website with regular information about our offers and products, we need your email address as a mandatory information. We use the so-called double opt-in procedure for sending the newsletter. This means that we will not send you our newsletter by email until you have expressly confirmed that you agree to the dispatch of newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, would like to receive the newsletter in the future. With the confirmation you give us your consent according to Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

When registering for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address via which you have registered for the newsletter as well as the date and time of registration and confirmation so that we can trace any possible misuse at a later point in time.

You can cancel the newsletter at any time via the link inserted in each newsletter or by sending an email to the above-mentioned responsible party. After your cancellation, your email address will be deleted from our newsletter distribution list immediately, unless you have explicitly consented to continued use of the data collected or continued processing is otherwise legally permissible.

Our email newsletters are sent via a technical service provider to whom we pass on the data you provide when you register for the newsletter. We have concluded a data processing agreement with our e-mail service provider in which we bind him to protect the data of our customers and not to pass them on to third parties.

Service provider: Zoho Campaigns (“Zoho”). For more information about the provider, please read the Information about the use of third-party providers above.

Based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, our provider uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. These data are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to revoke your consent for the data analysis for statistical evaluation purposes, you must cancel the newsletter subscription.

Whitepaper

We offer high-quality content on our website in the form of white papers and case studies. If you would like to make use of this free offer, you agree to receive our newsletter. For this purpose, we collect your e-mail address and, if applicable, your name (voluntary).

After registering for the newsletter, we will send you a confirmation email to verify your email and consent to the newsletter. You will then be taken to a confirmation page where you can download the desired content. The legal basis for the data processing is your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke this at any time with effect for the future.

We use the service provider “Zoho” in to provide the whitepaper to you. For more information, please read the Information about the use of third-party providers above.

Use of Gmail for providing the whitepaper

Our website uses Gmail to send you requested whitepapers by e-mail. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When using Gmail, your name and e-mail address are transmitted to Google. This is done exclusively for sending the whitepaper.

You can find more information about data processing by Google in the Google privacy policy: https://www.google.de/intl/en/policies/privacy/. There you can also change your personal privacy settings in the Privacy Center.

Data protection information for customers, interested parties and other contracting parties like business partners

Purposes and legal bases of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR)and the Federal Data Protection Act (subsequently referred to as BDSG 2018), insofar as these are necessary for the establishment, execution and performance of a contract and for the implementation of pre-contractual measures. If the disclosure of personal data is necessary for the initiation or execution of a contractual relationship or in the context of the execution of pre-contractual measures, processing in accordance with Art. 6 Para. 1 lit. b GDPR is lawful.

If you give us your express consent to process personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. Any consent given may be withdrawn at any time with effect for the future (see section 9 of this data protection information).

If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Art. 6 Para. 1 lit. c GDPR. In addition, processing may be carried out to safeguard legitimate interests of us or third parties in accordance with Art. 6 Para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

Categories of personal data

We process only such data which relate to the contract initiation or the pre-contractual measures. This can be general data about your person or persons of your company (name, address, contact data etc.) as well as further data, if necessary, which you transmit to us in the context of the initiation of the contract.

Sources of data

We process personal data which we receive from you within the framework of establishing contact or a contractual relationship or within the framework of pre-contractual measures or which you provide via our Newsletter sign-ups and Whitepaper downloads.

Recipients of data

We transfer on your personal data within our company exclusively to those areas and persons who need this data to fulfil their contractual and legal obligations or to implement our legitimate interest.

Your personal data will be processed on our behalf on the basis of data processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet services and customer management systems and software.

Data will otherwise only be transferred to recipients outside the company if this is permitted or required by law, if it is necessary for the processing of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:

  • External tax consultants and related software
  • Public bodies and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) where there is a legal or official obligation,
  • Recipients to whom the transfer is directly necessary for the purpose of establishing or performing the contract, such as suppliers and third-party service providers.

Contracting with customers and suppliers

If you wish to make use of our range of goods and/or services and provide us with data for the purpose of processing the contract, we will store and process this data on our systems. The same applies to the delivery of goods and/or services from you to us. Conclusion and processing of contracts are not possible without the provision of your data and electronic processing on our systems. We use software and services from qualified, secure third-party providers with which we process and store your data. We delete the data upon your request once the contract has been fully processed, but we must comply with the retention periods required by tax and commercial law. In any case, we routinely delete data that is no longer required after the contract has been processed and legal retention obligations have expired. Within the framework of contract processing, we pass on your data to the transport company commissioned with the delivery of the goods and to financial service providers, insofar as the transfer is necessary for the delivery of the goods and for payment purposes.

Active consulting services

We use web analytics services that include the analysis of IP addresses of visitors to our website. If the IP address from which you visit our website is registered to a company or public institution, we receive publicly available information about the company or institution and the history and duration of pages visited on our website. No personal information about you as a natural person is collected or transferred.

Based on the information we receive, we decide whether to contact your company or institution to provide professional technology advice and customized information – free of charge, of course – to support your information gathering and decision-making process. We base our contacting on our legitimate interest to contact other companies and institutions – on publicly displayed channels – that seem to have a business interest in our Technology and if we are convinced after initial analysis that our products and solutions bring a benefit to the company or institution.

If we contact your company in this course, we will always explain our approach and offer our support for your issues. Of course, we respect if you do not wish to be actively contacted – in this case please just send us a message.

Check of creditworthiness and scoring

Insofar as we offer you the basic option of payment by invoice and you make use of this option, we reserve the right to obtain credit information from a credit agency (e.g. Creditreform, Schufa or others) on the basis of mathematical-statistical procedures. For this purpose, your data, insofar as they are relevant to the contract, such as the name and address of your company, will be forwarded to the credit agency in a particularly secure and protected manner. If you enter into a contract with us as a natural person, we will obtain your express consent to the transfer of data in accordance with Art. 6 (1) lit. a GDPR prior to the credit check. We use the subsequent information about the statistical probability of non-payment for our decision on which payment terms we can offer you. The legal basis for this processing is our legitimate interest in the default security of our receivables. No automated decision-making takes place in this context.

Transfer to a third country

A transfer to a third country is not intended.

Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organization if this is necessary for the performance of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent.

Storage period

If necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the Fiscal Code (AO). The periods prescribed there for storage and documentation are between two and ten years.

Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB) can generally be three years, but in certain cases also up to thirty years.

Your rights

Your rights in relation to the personal data we process from you can be found in the paragraph “Right of access, revocation, information, correction, deletion, objection”

Necessity of providing personal data

The provision of personal data for the purpose of deciding whether to conclude a contract, perform a contract or take pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide personal data necessary for the conclusion of the contract, the performance of the contract or pre-contractual measures.

Automated decision-making

In principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR for the establishment, performance or execution of the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.

Data protection information for job applicants

Purposes and legal basis of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act (Subsequently referred to as BDSG 2018), insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis is Art. 88 GDPR in conjunction with § 26 BDSG 2018 and, if applicable, Art. 6 Para. 1 lit. b GDPR for the initiation or execution of contractual relationships.

Furthermore, we may process your personal data insofar as this is necessary to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or to defend asserted legal claims against us. The legal basis is Art. 6 para. 1 lit. f GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).

Once you give us express consent to process personal data for specific purposes, the lawfulness of this processing depends on your consent pursuant to Art. 6 para. 1 lit. a GDPR. Any consent given may be withdrawn at any time with effect for the future (see section 9 of this data protection information).

If there is an employment relationship between you and us, we may, pursuant to Art. 88 GDPR i. V. m. § 26 BDSG 2018, further process the personal data we have already received from you for the purposes of the employment relationship, insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the representation of the interests of the employees resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

Categories of personal data

We only process data that is related to your application. This may include general information about you (name, address, contact details, etc.), information about your professional qualifications and schooling, information about continuing vocational education and training and any other data that you provide to us in connection with your application.

Sources of data

We process personal data which we receive from you by post, e-mail or which you transmit to us via the application form on our website.

Recipients of data

We pass on your personal data within our company exclusively to those areas and persons who need this data to fulfil their contractual and legal obligations or to implement our legitimate interest.

Your personal data will be processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of Internet services and providers of applicant management systems and software.

Data will otherwise only be passed on to recipients outside the company if this is permitted or required by law, if this is necessary to fulfil legal obligations or if we have your consent.

Transfer to a third country

A transfer to a third country is not intended.

Duration of data storage

We store your personal data as long as this is necessary for the decision on your application. Your personal data or application documents will be deleted a maximum of 180 days after completion of the application procedure (e.g. notification of the rejection decision), unless longer storage is legally necessary or permissible. In addition, we only store your personal data to the extent required by law or in a specific case to assert, exercise or defend legal claims for the duration of a legal dispute.

In the event that you have agreed to your personal data being stored for a longer period of time, we will store it in accordance with your declaration of consent.

If the application procedure is followed by an employment relationship, an apprenticeship relationship or an internship relationship, your data will, as far as necessary and permissible, initially continue to be stored and then transferred to the personal file.

If necessary, you will receive an invitation to join our talent pool following the application process. This allows us to consider you also in the future with suitable vacancies with our applicant selection. If we have received your corresponding consent, we will store your application data in our talent pool in accordance with your consent or future consent, as the case may be.

Your rights

You can find information on your rights in connection with the data processing of your application data here.

Necessity of providing personal data

The provision of your personal data within the scope of application processes is voluntary. However, we can only decide or establish an employment relationship with you if you provide necessary personal information to complete the application.

Automated decision making

The decision on your application is not based exclusively on automated processing. Therefore, no automated decision is made in individual cases within the meaning of Art. 22 GDPR.

Right of access, revocation, information, correction, deletion, objection

You have extensive rights in relation to your personal data. You have the right:

  • in accordance with Art. 7 (3) GDPR, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing that was based on this consent;
  • pursuant to Art. 15 GDPR, to request information about your personal data processed by us, in particular about the purpose of processing, categories of data, categories of recipients (if applicable), planned storage period, your rights to rectification, erasure, complaint, restriction of processing or objection, origin of your data (if not collected by us) and automated decision-making (profiling);
  • pursuant to Art. 16 GDPR, to demand the correction of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and
  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are valid grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. 

If you wish to exercise your rights, please contact us using the contact details listed here.

Automated decision-making (Profiling)

Automated decision-making generally does not take place at Cevotec.

Modification of this Privacy Policy

We continuously adapt our privacy policy to the current legal situation and therefore reserve the right to change this privacy policy accordingly. The currently valid version can be viewed at any time at https://www.cevotec.com/en/privacy-policy/.

Cevotec GmbH
Biberger Str. 93
82008 Unterhaching

Download center