Privacy policy
With the following information, we would like to give you as a visitor to our website an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail depends largely on your specific usage behavior. Therefore, not all parts of this information may apply to you.
1. responsible body and contact details of the data protection officer
Responsible for the data processing on this online offer is the
pei tel Communications GmbH
Rheinstraße 15 A
DE-14513 Teltow
(hereinafter also referred to as the "Company")
You can reach our external data protection officer at
Firma GENA
Data Protection Officer
Böttgerstrasse 6
65439 Flörsheim
2. processing of personal data in connection with your use of our websites, applications and online platforms
2.1 Data categories, purpose of processing and legal basis
We process the following personal data when you use our websites, applications or online tools (hereinafter referred to collectively as "online offering"):
- Personal data that you voluntarily enter yourself in the context of an online offer (e.g. when registering, contacting us or participating in surveys, etc.), such as first and last name, e-mail address, telephone number, information provided in the context of a support request, comments or forum posts, and
- HTTP data: Information that is automatically sent to us by your web browser or end device, such as your IP address, device type, browser type, previously visited websites, subpages visited or the date and time of each visitor request.
We process your personal data for the following purposes:
- Technical administration of the website (defense against and detection of fraudulent or similar acts, including attacks on our IT infrastructure, enabling user authentication) The
legal basis for the processing of personal data for these purposes is our legitimate interest in ensuring the security of the website in accordance with Art. 6 para. 1 lit. f GDPR, regardless of whether a contractual relationship exists with you. - Online and other services (enabling the use of the services and functions of our online offerings, processing inquiries, sending marketing information upon request) The
legal basis for the processing of personal data for the above-mentioned purpose is the performance of the contract pursuant to Art. 6 para. 1 lit. b and our legitimate interest in marketing pursuant to Art. 6 para. 1 lit. f GDPR. Visiting our online offer establishes a legal relationship similar to a contract within the meaning of Art. 6 para. 1 lit. b GDPR. Without the processing of personal data, we cannot offer our online services as intended. In particular, the transmission of personal data such as the IP address is required to establish a connection.
In some cases, we also expressly request your consent to the processing of your personal data. In this case, the legal basis for processing is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR.
2.2 Cookies
We also use cookies as part of our online offering. Cookies are small text files that are stored on your device by your browser when you visit our website. Cookies contain information that is related to the context of use and your device.
2.2.1 Technically necessary cookies
The use of technically necessary cookies relates in particular to cookies that are required to make our online offering available or that serve IT security purposes. The legal basis for the storage and retrieval of such cookies on your end device is § 25 para. 2 no. 2 TTDSG. The legal basis for further data processing in these cases is Art. 6 para. 1 lit. f GDPR (legitimate interests in the provision of the online offer or IT security).
2.2.1.1 Consent management with Usercentrics
We use the Consent Management Platform (CMP) of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. The tool allows you to conveniently manage your consent to the setting of technically unnecessary cookies and to make changes in this regard, such as revoking consent. For this purpose, Usercentrics also has access to the collected data as a processor.
The tool enables us to inform you about your consent and to obtain, manage and document it. For this purpose, we process http data and the consent, insofar as this has been granted.
The purpose of the processing is to obtain consent, to provide the option to revoke or adjust consent, to provide evidence (accountability) with regard to consent given and to ensure the security of the application. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests in the purposes mentioned).
Information on consents given and on the withdrawal of consent is kept for one year for accounting purposes.
2.2.1.2 Shopware
We use the software of Shopware AG, Ebbinghoff 10, 48624 Schöppingen for our online store. With the help of cookies, the basic functions of the store are guaranteed, e.g. shopping cart content, login status of the customer. Without the use of cookies, the store cannot be used because, for example, the shopping cart would be set to empty each time the website is changed (new product call).
The purpose of the processing is thus to enable the user to make an unhindered purchase. The legal basis for this is either the initiation of a contract in accordance with Art. 6 para. 1 lit. b GDPR or our legitimate interest in making the store available in accordance with Art. 6 para. 1 lit. f GDPR.
Information is usually deleted at the end of the browser session. If the customer uses the watch list function, this information is stored for one year.
2.2.2 Marketing cookies
With the help of so-called marketing cookies, we process information regarding the websites visited by users in order to improve our marketing and to adapt the use of our offer to your individual preferences. We also use marketing cookies to statistically record, optimize and evaluate the use of our online services. These cookies are only activated if you have given your consent in accordance with § 25 para. 1 TTDSG and Art. 6 para. 1 lit. a DS-GVO in conjunction with. Art. 7 GDPR have given. You give your consent in this regard when you call up our online offer by displaying our "cookie banner". Here you can declare your consent to the use of cookies on this website by clicking a button.
You can revoke or change your decision to use cookies requiring consent on our website at any time with effect for the future. To do so, please use the "Cookie settings" link, which you will find at the bottom of our website. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.2.2.1 Google Analytics
This website uses functions of the web analysis service "Google Analytics". The recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU as part of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 para. 1 lit. a, 49 para. 1 sentence 1 lit. a GDPR. Corresponding information on the risks of such data transmissions and revocation options can be found under section 8. Details on the transmission by Google can be found in Google's data protection information at www.google.com/policies/privacy/.
Google Analytics enables us to analyze the usage behavior of our online offering. The data obtained from this (hereinafter referred to as "usage data") is used to optimize our website and advertising measures and to increase the efficiency of the resources we use.
The following usage data is recorded during your visit to the website:
- Websites accessed
- Your behavior on the websites
- Your approximate location (country and city)
- Your IP address (in anonymized form, see under (i) )
- technical information such as browser, internet provider, end device and screen resolution
- Source of origin of your visit (i.e. via which website or advertising medium you came to us)
Google Analytics stores cookies in your web browser for its services. These cookies contain a randomly generated user ID with which you can be recognized on future website visits. The aforementioned data is stored together with the randomly generated user ID, which enables the creation and analysis of pseudonymous user profiles.
The storage of Google Analytics cookies and the processing of data in connection with Google Analytics is based on your consent within the meaning of Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR and § 25 para. 1 TTDSG. Art. 7 GDPR and § 25 para. 1 TTDSG. We obtain the required consent immediately after accessing our website via our cookie banner.
The consent obtained from you in this respect also relates to the transfer of your data to the USA (Art. 49 para. 1 lit. a GDPR).
You can revoke your decision to use Google Analytics on our website at any time with effect for the future. To do so, please use the "Cookie settings" link, which you will find at the bottom of our website. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Alternatively, you can prevent the collection of data by Google by downloading and installing the browser plug-in available at the following link or by disabling the storage of cookies in your browser settings.
We have activated IP anonymization for the use of Google Analytics. This means that the IP address transmitted by the browser for technical reasons is anonymized by shortening it (deleting the last octet of the IPv4 address or the last 80 bits of the IPv6 address) before it is stored. The remaining user and event data is stored for 14 months. User and event data is data that is linked to cookies, user identifiers (e.g. user ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]). The cookie itself is deleted 2 years after the last visit to our website or if consent is withdrawn.
2.2.2.2 Google Tag Manager
If you have given your consent, we use the "Google Tag Manager" service of Google Inc. based in the USA (hereinafter referred to as "Google") on our website. The recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU as part of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 para. 1 lit. a, 49 para. 1 sentence 1 lit. a GDPR. Corresponding information on the risks of such data transmissions and revocation options can be found under section 8. Details on the transmission by Google can be found in Google's data protection information at www.google.com/policies/privacy/.
The Tag Manager is an organizational tool with which we can integrate and manage website tags. Tags can perform various tasks, e.g. collect browser data, control marketing tools, set cookies or track users across multiple websites. The Tag Manager therefore helps us to control our cookies and optimize our website as a whole.
The legal basis for the integration of the Tag Manager is your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 ‑GDPR. With regard to access to the end device, the legal basis is Section 25 (1) sentence 1 TTDSG. We obtain the required consent immediately after accessing our website via our cookie banner.
You can revoke your decision to use the Tag Manager on our website at any time with effect for the future. To do so, please use the "Cookie settings" link, which you will find at the bottom of our website. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.2.3 Functional cookies
Furthermore, we use so-called functional cookies to make the use of our online services more appealing and user-friendly. The legal basis for the use of such functional cookies, the associated data processing or the processing of the data obtained from them is our legitimate interest in the design of the website in accordance with Art. 6 para. 1 lit. f GDPR or your consent in accordance with § 25 para. 1 TTDSG and Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR. You give your consent in this regard when you access our online offer by displaying our "cookie banner". Here you can give your consent to the use of cookies on this website by clicking a button.
You can revoke or change your decision to use cookies requiring consent on our website at any time with effect for the future. To do so, please use the "Cookie settings" link, which you will find at the bottom of our website. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.2.3.1 Google Fonts
Our online offer uses so-called fonts from Google Fonts of (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, ("Google") (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)). These fonts are integrated locally by us so that no connection to Google's servers is established. The processing of your personal data (e.g. IP address) takes place solely on our servers, so that the legal basis for the use of these fonts is our legitimate interest in a user-friendly presentation.
2.2.3.2 OpenStreetMaps
If you have given your consent, this website uses OpenStreetMaps to display interactive maps and to create directions. OpenStreetMaps is a map service of the Openstreetmap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom (OSMF). By using the map services, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to OSFM. When you call up the map services, your browser establishes a direct connection with OSMF. The map content is then transmitted directly to your browser, which integrates it into our website.
The integration of OpenStreetMaps is based on your consent (Art. 6 para. 1 lit. a ‑GDPR). We obtain the necessary consent from our users directly before integrating the map services. If consent is not given in this way, the map services cannot be used.
We have no influence on the further processing and use of the data by OSMF. For further information on the scope of data processing by OSMF, please refer to OSMF's privacy policy[SKW1] .
2.2.3.3 Google Translate
If you have given your consent, we use the functions of the translation service Google Translate from Google Inc. based in the USA (hereinafter referred to as "Google") on the website. The recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU as part of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 para. 1 lit. a, 49 para. 1 sentence 1 lit. a GDPR. Corresponding information on the risks of such data transmissions and revocation options can be found under section 8. Details on the transmission by Google can be found in Google's data protection information at www.google.com/policies/privacy/.
Google Translate enables you to translate our website automatically.
The legal basis for the integration of Google Translate is your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 ‑GDPR. With regard to ‑access to the end device, the legal basis is § 25 para. 1 sentence 1 TTDSG. We obtain the required consent immediately after accessing our website via our cookie banner.
You can revoke your decision to use Google Translate on our website at any time with effect for the future. To do so, please use the "Cookie settings" link, which you will find at the bottom of our website. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.2.3.4 Gravatar
If you have given your consent, you can use the Gravatar plug-in from Automattic Inc. based in the USA (60 29th Street #343, San Francisco, CA 94110, USA) on our website. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 para. 1 lit. a, 49 para. 1 sentence 1 lit. a GDPR. Corresponding information on the risks of such data transfers and revocation options can be found in section 8.
The Gravatar function allows you to display avatars that are linked to your e-mail address in published posts or comments, provided that the corresponding e-mail address is registered with Gravatar.
The legal basis for the integration of Gravatar is your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 ‑GDPR. With regard to access to the end device, the legal basis is § 25 para. 1 sentence 1 TTDSG. We obtain the required consent immediately after accessing our website via our cookie banner.
You can revoke your decision to use Gravatar on our website at any time with effect for the future. To do so, please use the "Cookie settings" link, which you will find at the bottom of our website. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.3 Newsletter
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter (double opt-in procedure). To personalize the newsletter, we store personal data, e.g. first name, surname and company. We use this data exclusively for sending the requested information and to document your consent. To document your consent, we also store the IP address of the Internet connection from which you access our website as well as the date and time of your registration. You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time and with effect for the future, for example via the "unsubscribe" link in the newsletter.
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
We use an external service provider to manage and send our newsletter. This service provider has of course been carefully selected and is obliged to comply with all data protection regulations in accordance with Art. 28 GDPR.
2.4 Making contact
Contact forms are available on our website which can be used to contact us electronically. If a user makes use of these options, the data entered in the input mask is transmitted to us and part of the data is stored.
In this context, no data is passed on to third parties outside the company. The data is used exclusively for the processing of correspondence.
The legal basis for the processing of data transmitted in the course of sending an email is our legitimate interest in communicating with you in accordance with Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is a further legal basis for the processing.
The processing of the personal data from the input mask serves us to process the contact and to prevent misuse of the contact form.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective correspondence has ended.
The user has the option to object to the processing of their personal data at any time. In such a case, correspondence cannot be continued. Please send us your request for deletion by email to datenschutz@peitel.com. All personal data stored in the course of contacting us will be deleted in this case.
3. processing of personal data for customer satisfaction surveys and direct marketing
If you have given us your consent or if we are authorized to do so within the framework of existing customer relationships, your contact data will also be used for direct marketing purposes (such as trade fair invitations, newsletters) or to conduct customer satisfaction surveys. You have the right to object to the use of your contact data for these purposes at any time. If you wish to exercise your right to object in this regard, please send us an email to datenschutz@peitel.com or follow the corresponding instructions that you have received from us in any promotional email. The legal basis for processing your data for advertising purposes is our legitimate interest in marketing in accordance with Art. 6 para. 1 lit. f GDPR in the case of existing customer relationships or Art. 6 para. 1 lit. a GDPR if you have given us your consent.
4. processing of personal data of business partners
4.1 Data categories
As part of the cooperation with business partners, the company processes personal data of contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter referred to as "business partners"):
- Contact information, such as first and last name, business address, business phone number, business cell phone number, business fax number and business email address,
- Payment data, such as information required to process payment transactions or prevent fraud, including credit card information and card verification numbers,
- other information whose processing is necessary in the context of a contractual relationship and which is provided voluntarily by business partners, such as orders, inquiries or details of projects,
- When you register for a customer account, we also store your IP address and the date of your registration,
- personal data collected from publicly available sources, information databases or credit agencies and
- Where legally required as part of compliance screenings: date of birth, ID and ID numbers, information on relevant legal proceedings or other legal disputes involving business partners.
4.2 Purpose of processing and legal basis
Furthermore, personal data is processed for the following purposes:
- Communication with business partners about products, services and projects, for example to process inquiries from business partners or to provide technical information about products,
- Contract processing,
- Planning, execution and administration of the contractual business relationship, for example to process orders for products and services, to collect payments, for accounting and billing purposes and to carry out deliveries, maintenance activities or repairs,
- Processing the registration for a customer account,
- Management of a customer account for pre-contractual services, for the fulfillment of the contract or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called notepad function),
- Implementation of customer surveys, marketing campaigns, market analyses, competitions, etc.,
- Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraudulent activity or other criminal or malicious acts,
- Comparison of personal data with US sanctions lists on the basis of European Regulations 2580/2001 and 881/2002,
- Compliance with (i) legal requirements (e.g. retention obligations under tax and commercial law), (ii) existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering) and (iii) guidelines and industry standards, and
- Settlement of legal disputes, enforcement of existing contracts and for the assertion, exercise and defense of legal claims.
The processing of personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise when the personal data is collected, the legal basis for data processing is
- the execution and fulfillment of a contract with you or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR,
- the fulfillment of legal obligations to which the company is subject pursuant to Art. 6 para. 1 lit. c GDPR, or
- the protection of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the initiation, execution and processing of the business relationship in commercial transactions.
If you have expressly given your consent to the processing of your personal data in individual cases, this consent is the legal basis for the processing in accordance with Art. 6 para. 1 lit. a GDPR.
5. processing of personal data of applicants
5.1 Data categories and purpose of data processing
As part of the application process, we generally process the following categories of personal data:
- Personal data (first and last name, date of birth, address, school-leaving qualification)
- Communication data (telephone number, mobile phone number, fax number, e-mail address)
- Data on the assessment and evaluation in the application process
- Education data (school, vocational training, civilian or military service, studies, doctorate)
- Data on your professional career to date, training and job references
- Information on other qualifications (e.g. language skills, PC skills, voluntary work)
- Application photo
- Details of desired salary
- Application history
- Social media links (link to Xing or LinkedIn profile if data transfer from these profiles has been selected)
Personal data that you provide to us as part of your application will be stored and used exclusively for the purpose of processing the application and, if necessary, for the subsequent employment relationship.
5.2 Legal basis for data processing
The processing of your personal data as part of the application process is based on Art. 6 para. 1 lit. b GDPR (establishment and performance of a contract) and § 26 para. 1 sentence 1 BDSG as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in communication and processing of the application).
Any further processing of applicant data will only take place on the basis of an explicit declaration of consent. This is particularly the case if we are unable to offer you a current vacancy in the company, but we consider your application to be suitable for future positions. In this case, your data will be stored and processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The storage and processing of your data for forwarding to other companies in the group of companies is also based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.
5.3 Information on shared responsibility
If you apply to us and give your consent for inclusion in the applicant pool, we will also check whether you are suitable for another position with us or another of the Peiker family companies mentioned above in accordance with your consent and contact you accordingly if necessary. Only in this case and if the application also relates to other companies of the Peiker family or is kept open for this purpose will the processing be carried out as joint controllers. In this respect, the HRworks applicant portal is operated by us together with the companies of the Peiker family [peiker Holding GmbH, peiker Immobilien GmbH, peiker CEE GmbH, FTI Engineering Network GmbH, peicom GmbH, Hofgut Liederbach Service GmbH] as joint controllers within the meaning of Art. 26 GDPR.
As joint controllers in accordance with Art. 26 GDPR, the companies have recorded the joint use of the application portal in an agreement and agreed which of them fulfills which data protection obligations. In the following, we would like to inform you about the main contents of the agreement between the joint controllers:
5.3.1 Cooperation between the jointly responsible parties
The companies decide on the content of the application process and the specific processing of applicant data independently of each other. If you apply to us and give your consent, we will include you in an applicant pool and, in accordance with your consent, also check whether you are suitable for another position with us or another of the Peiker family companies mentioned above and, if necessary, contact you accordingly. Only in this case and if the application also relates to other companies of the Peiker family or is kept open for this purpose will the processing be carried out as joint controllers. The comparison is always carried out by us, but also to fill the vacancies of the other Peiker family companies mentioned above.
If you only apply for a vacancy with us and do not give your consent for us to include your data in an applicant pool and to check whether you are suitable for a position in one of the other Peiker family companies mentioned above, the processing is not carried out under joint responsibility. In this case, only we are responsible.
The companies have jointly determined the means and purposes of the technical operation and organizational use of the applicant portal.
The applicant portal itself is provided by an external service provider as part of order processing in accordance with Art. 28 GDPR. The processor in accordance with Art. 28 GDPR is HRworks GmbH, based in Freiburg.
5.3.2 Responsibility of the companies
The company for whose job advertisement you are applying is individually responsible for informing you about the use of your applicant data in accordance with Art. 13 and 14 GDPR and your rights in this context. You will find the relevant information in this privacy policy.
You can request information about the processing of your personal data at any time. In addition, you can of course exercise all other rights to rectification, erasure, restriction of processing and data portability in accordance with Art. 15-21 GDPR at any time. In addition, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation in accordance with Art. 21 para. 1 GDPR. In accordance with the joint controllership agreement, only the company for whose job advertisement you have applied is responsible for your inquiries. If you send your request to a company other than this one, the request will be forwarded immediately to the responsible company, which will then process your request.
peiker Holding GmbH performs the administrator function of the applicant portal for all companies of the Peiker family. For this purpose, peiker Holding GmbH, in coordination with the other companies of the Peiker family, exercises the rights of instruction and control over the processor in accordance with Art. 28 GDPR.
5.3 Forwarding of data
Your data will be made available to the responsible employees of the HR department and the responsible employees or superiors of the specialist department(s) for the position for which you have applied.
In the case of a speculative application, your documents will be made available to the responsible employees in the HR department and the responsible employees or supervisors in the relevant specialist departments for whom your application may be of interest.
We do not forward your applicant data to affiliated subsidiaries or parent companies unless your application also relates to these companies or is kept open for this purpose. We also use processors (e.g. IT service providers). Your data will be passed on to them in strict compliance with the obligation of confidentiality and the requirements of the GDPR. The processors commissioned by us may only process the data for us and not for their own purposes. The responsibility for data processing remains with us in these cases.
Data will also be passed on if we are obliged to do so due to legal provisions and/or official or court orders.
5.4 Transfer of personal data to third countries
Our company is part of a group of companies in which personnel responsibilities may exist across national borders. For this reason, responsible superiors in other countries may also have access to your applicant data. This data processing is necessary to decide on the establishment of an employment relationship. In addition, data is also transferred to third countries when your data is included in the talent pool. This means that our affiliated foreign units also have access to your applicant data.
If data is transferred to a body in a third country, appropriate guarantees for the protection of your personal data will ensure that the level of data protection in the European Union is complied with.
5.5 Deletion periods for applicant data
If no employment relationship is established, the application documents will be deleted six months after rejection. The legal basis for the storage in this regard is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to defend against any claims arising from the General Equal Treatment Act ("AGG"). In all other respects, the general deletion periods and notes under Section 9 apply.
5.6 Bridge
For all PTC5 and Platform6 generation phones, an online service for configuration, phonebook management and location tracking is offered under the name "Bridge". This document discloses which data is stored where for the provision of the services and how secure transmission is ensured.
The bridge is a virtual computer hosted by MITTWALD www.mittwald.de in a German data center. This provider provides the technical infrastructure; service design and implementation are carried out exclusively by pei tel.
When using the bridge, telephones connect to the bridge and exchange data. The phone always logs on to the bridge initially with the IMEI (globally unique ID of the built-in modem) and will send the following data to the bridge on request:
- important current configuration settings including SIM settings, but never the
- online password, pins etc.
- some statuses such as version information, connected hardware, connection quality,
- Telephone directory data,
- periodically the current position of the phone (adjustable).
Conversely, the Bridge:
- Send configurations to the phone to change the way the phone works,
- Send data for the phone book,
- Provide update data (on request from the phone).
This transfer only takes place if:
- The phone is registered with a valid user at the Bridge (who does not have to be online) and
- Phone and Bridge can confirm the identity together (not in prerelease).
The phone can receive and process a logout from the bridge if a user has deleted their account while the phone was not online. Data transmission is always encrypted (TLS). In addition, however, data content is always encrypted with a personal "preshared key" between the bridge and the device using SHA128/CBC (not in the prerelease). This replaces the very problematic checking of certificates in the embedded area and closes potential security gaps for PTC5 devices that only support TLS1.0. The preshared key is stored in the device's flash memory and can never be read, but can be deleted by resetting to factory settings. On the bridge, this key is centrally assigned to the device in encrypted form (i.e. there is exactly one key for all devices for the implementation).
The bridge manages the transferred data in a database (MariaDB), which is also encrypted and whose key is requested externally when the system is started. Consequently, an external backup of the system cannot be used to read data. This data is actively processed for display by the web server, which can only be contacted via TLS (lock in the browser). Users must authenticate themselves on the server (email address as username and password); alternative login methods (e.g. Google ID) are not implemented. The user must activate access to their device once with the IMEI of the device, the online password (can be changed by the user after the initial registration of the device and never stored in the database) via SMS service (alternative data path linked to the telephone number). As there is hardware without MMI (voice box) and fleet users, manual interaction on the device (entry of a predefined key) was deliberately omitted. This makes it all the more important for the customer to personalize their online password, which is also used in particular for SMS-based services.
For the provision of customer services, sections of the device configuration are visible to pei tel employees outside the bridge. Specifically, these are
- Unlocks,
- Version information also in the historical process,
- Status information to help with errors
- Location information in the pre-release phase (not applicable after the release).
Bridge administrators (developers of the pei tel) have full access to all data in accordance with their function, but are instructed and obliged to maintain confidentiality.
There is no further processing or forwarding of the data outside the Bridge.
During the processes on the Bridge, personal data may also accumulate in log areas for a limited period of time due to log mechanisms. These are subject to automatic deletion rotation and are systematically reduced in the course of the further development of the bridge. Due to a lack of publicly accessible alternatives, the bridge server is used under an alternative domain name (virtual host) with a second developer database for further development.
6. social media
We use links to some social networks on our website to draw attention to our services and products as well as career opportunities and to get in touch with you as a visitor and user of these social media pages and our online offering.
You can recognize the specific links by the logo of the respective social network. By clicking on the logo, a direct connection is established between your browser and the server of the respective service and you are redirected to the website of the service provider.
Below you can find out how your data is processed on the respective social media sites.
We operate the following presences:
www.linkedin.com/company/pei-tel-communications-gmbh | LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland | https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_join-form-privacy-policy | |
https://www.facebook.com/peitel.de/ | Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland | de-de.facebook.com/privacy/policy/ | |
www.instagram.com/peitel_com/ | Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland | privacycenter.instagram.com/policy/ | |
YouTube | https://www.youtube.com/@peitel_com | Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland | policies.google.com/privacy |
For Instagram and Facebook, there are additional and supplementary notes below in point 6.4.
6.1 Data processing by us
We operate social media presences to draw attention to our products, services and career opportunities, to communicate with users and to achieve improvements.
The processing of personal data is generally carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interests in public relations, communication and product improvement, unless otherwise stated. With regard to YouTube, we require your consent to use the embedded YouTube player on our website. This is the only way to transfer and play videos and audio files directly to our website. Data is also transferred to YouTube as the controller. If you do not give your consent or revoke it later, you will not be able to play embedded videos on our website, but only via the link directly on the YouTube website.
It is possible for us to view your posts and similar interactions on our social media presences and - depending on your privacy settings - your public profile. We may use this data to improve our information and products, particularly on our social media sites.
If you contact us via our social media presence, we will process the personal data you provide in order to process your request, in particular to respond to inquiries. We may then answer your request via the respective social media presence. In many cases, the legal basis for the processing of personal data is Art. 6 para. 1 lit. b GDPR (fulfillment of contract or pre-contractual measures) or, if this legal basis is not relevant, Art. 6 para. 1 lit. f GDPR due to the legitimate interests arising from the purposes mentioned.
In addition, we may also process personal data in connection with the social media presences in accordance with the information in the other sections of the data protection information.
As a precaution, we would like to point out that communication via social media platforms may be insecure. You can contact us at any time via other communication channels and will then also receive a response via these other channels.
We also receive aggregated usage statistics from the platforms, which we use to evaluate usage behavior and to improve our information offering. The usage statistics may also be compiled by the platforms on the basis of personal usage data. Further information on this can be found in the data protection notices of the respective providers linked above. Special information on Facebook and Instagram can be found below.
6.2 Processing by the platform operators
We have no influence on the processing of your personal data by the respective providers. Rather, the platform operators have control over data processing in the context of the use of the respective service. This includes, for example, the storage and use of cookies on user devices and the analysis of your behavior on the social network.
6.3 Notes on the deletion of contributions
If you publish personal data on our social media presences in the form of posts, e.g. images, texts, videos, or interact in other ways, e.g. "liking" posts, your data will be processed and in many cases published. If this content is inappropriate, we may delete it in accordance with the usual procedures and policies of the respective platforms.
6.4 Insights
When you visit our Instagram page, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta") collects in particular your IP address and other information that is transmitted by your browser and, if applicable, other information that is available on your PC in the form of cookies. This information is used to provide us, as the owner of the Instagram presence, with statistical information about the use of the respective presences (Insights).
In this respect, Meta and we process the personal data as joint controllers within the meaning of Art. 26 GDPR and have concluded a corresponding joint controller agreement. The essential information on the corresponding agreement pursuant to Art. 26 ‑GDPR between us and Meta can be found at de-de.facebook.com/legal/terms/page_controller_addendum .
Further information on data processing by Meta in the context of Insights can also be found at de-de.facebook.com/legal/terms/page_controller_addendum.
Notwithstanding the information in the linked agreement, you can assert your data subject rights against us and Meta.
The data collected about you in this context will be processed by Meta and may be transferred to countries outside the European Union, in particular to companies in Meta's group of companies based in the USA. We would like to point out that Meta is responsible under data protection law for the corresponding transfer and subsequent processing operations. The specific data Meta receives and how it is used is described in Meta's privacy policy. Further information on this can be found in Meta's privacy policy: de-de.facebook.com/policy.php.
The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. f GDPR (legitimate interests in achieving the above-mentioned purposes) or, if consent has been obtained, Art. 6 para. 1 lit. a, Art. 7 GDPR (consent).
At www.facebook.com/settings and www.instagram.com/accounts/privacy_and_security/ you can make additional settings for the processing of your personal data by Instagram.
7. recipients and categories of recipients
Within our company, those departments that need your data to fulfill contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain confidentiality and integrity in particular. These are companies in the categories of IT services, telecommunications, sales and marketing.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. We may only pass on information about you if this is required by law, if you have given your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be
- public bodies and institutions (such as law enforcement authorities) in the event of a legal or official obligation,
- other Group companies for risk management due to legal or regulatory obligations,
- Service providers that we use in the context of order processing relationships and
- Service providers that are explicitly named as recipients in this data protection notice.
As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider on the basis of Art. 6 para. 1 lit. b) GDPR, insofar as the transfer is necessary for the delivery of goods or for payment purposes.
8. transfer to third countries
Data is transferred to bodies in countries outside the European Union (so-called third countries) if
- it is necessary for the execution of your orders (e.g. delivery orders),
- it is required by law (e.g. reporting obligations under tax law) or
- you have given us your consent.
Furthermore, a transfer to bodies in third countries to maintain and ensure the IT operations and IT security of the company cannot be ruled out.
The use of our social media and map services may also result in data transfers and subsequent processing of usage data of the respective services in the USA.
When transferring data to so-called third countries, we ensure that this is done in accordance with the law. As a rule, data transfers are permitted on the basis of an adequacy decision, particularly in the case of transfers to the USA. If this does not apply in individual cases, we will conclude the standard data protection clauses or obtain your explicit consent.
You can completely reject the use of cookies and other technologies or make individual settings. You can also withdraw your consent at any time with effect for the future. Previously carried out processing remains unaffected by a revocation.
In addition, personal data may be transferred to third countries by the companies to which we disclose personal data, as described in the other sections.
9. storage period
We process and store your personal data for as long as is necessary to fulfill our contractual obligations and exercise our rights.
The revocation of a previously granted consent is stored for three years (accountability). The administration cookie is deleted 6 months after the last visit. Server log data is deleted or anonymized after seven days at the latest, unless further storage is required for evidence purposes. Data relating to newsletters and invitations are deleted immediately after unsubscribing.
In individual cases, longer storage of data for the purpose of providing evidence may be justified in justified individual cases. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
10. data security
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, SSL or TLS encryption is implemented on our website. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
Our employees and the service companies commissioned by us are also obliged to maintain confidentiality and to comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational security measures to protect your personal data from loss, alteration, destruction and access by unauthorized persons or unauthorized disclosure.
Our security measures are constantly being improved in line with technological developments.
11. rights of data subjects
Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR.
The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
You can withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation is only effective for the future.
You also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based in particular on point (f) of Article 6(1) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. In particular, this includes that the processing is necessary for the establishment, exercise or defense of legal claims.[SKW2]
You also have the right not to be subject to fully automated decision-making in accordance with Art. 22 GDPR. In principle, we do not use fully automated decision-making to establish, implement and terminate the business relationship. Should we use these procedures in individual cases (e.g. to improve our products and services), we will inform you separately about this and about your rights in this regard, insofar as this is required by law.
Further information and explanations regarding the above-mentioned rights can be found on the European Commission's "Rights for Citizens" website.
12. obligation to provide data
As part of our online offering, we rely on the processing of such usage data as is necessary for the performance and termination of the service and for the fulfillment of the associated obligations. Without the collection of usage data, we and our service providers will not be able to provide you with our online service. If processing is based on consent, the provision of data is also voluntary.
13. profiling
We do not process your personal data automatically in such a way that this has a legal effect on you or significantly impairs you in a similar way.
14. topicality and changes to this privacy policy
This privacy policy is currently valid and was last updated in July 2024.