Data protection declaration of Jebsen & Jessen (GmbH & Co.) KG

The regulations contained in the EU General Data Protection Regulation (hereinafter GDPR) apply across Europe. We wish to inform you of the processing of personal data carried out by our company in accordance with this regulation (see Articles 13 and 14). Should you have any queries or comments concerning this data protection declaration, you can send these to the email address provided in Numbers 2 and 3 at any time.

Content overview:

I. Overview

Area of applicability
Responsible body
Data protection officer
Data security

II. Data processing broken down

General information concerning data processing
Accessing the website/application
Application
Tracking
Social media plugins

III. Rights of affected persons

Right of information
Right of correction
Right of deletion (“right to be forgotten”)
Right to have the processing restricted
Right of data portability
Right of revocation in case of consent being issued
Right to complain

IV. Glossary

Overview

In this section of the data protection declaration, you can find information concerning the area of applicability, the responsible body for the data processing, its data protection officer and data security.

Area of applicability

The data processing by Jebsen & Jessen (GmbH & Co.) KG and its subsidiary companies can be essentially broken down into two categories:

– For the purpose of performing contracts, all necessary data in order to carry out a contract with Jebsen & Jessen (GmbH & Co.) KG will be processed. Should external service providers also be involved in the performance of the contract, your data will also be passed on to these to the necessary extent.

– When you access the website/application of Jebsen & Jessen (GmbH & Co.) KG, various information will be exchanged between your end device and our server. This can also include personal data. The information which is gathered in this way is used in order to optimise our website amongst other reasons.

This data protection declaration applies to the following services:

– Our online service, which can be accessed at www.jebsen-jessen.de

– Always when reference is made to this data protection declaration from one of our services (for example websites, subdomains, mobile applications, web services or integration into third party sites), regardless of how you access or use these.

The term “services” relates to all of these.

Responsible body

The responsible body for the processing, ie the location which takes decisions concerning the purpose and method of the processing of personal data, in connection with the services is:

Jebsen & Jessen (GmbH & Co.) KG

Kehrwieder 11
20457 Hamburg
E-Mail: info@jebsen-jessen.de

Data protection officer

You can get in touch with our data protection officer as follows:

Contact form:
https://www.dsextern.de/anfragen

 

DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg

Data security

In order to develop the measures required by Article 32 DGPR and to achieve a level of protection which is reasonable in relation to the risk, we have implemented an information security standard at our company.

 

Data processing broken down

In this section of the data protection declaration, we will inform you in detail of the processing of personal data within the framework of our services. For better understanding, we will break this information down according to specified functions of our services. During normal use of the services, various functions and by extension various processing may follow each other or take place at the same time.

General information concerning data processing

Applies to all processing stated below, unless otherwise provided for:

No provision obligation

There is neither a contractual nor a legal obligation to provide the personal data. You are not obliged to provide data.

Consequences of failure to provide data

In case of necessary data (data which is identified as mandatory information), failure to provide the data will mean that the service concerned cannot be provided. Otherwise, failure to provide the data means that our services cannot be provided in the same form and to the same level of quality.

Consent

In various cases, you have the option of issuing us with your consent to further processing in connection with the processing set out below (if applicable for part of the data). In such a case, we will inform you separately in connection with the submission of the respective declaration of consent of all procedures and extension of the consent, and of the purposes we pursue in connection with this processing.

Forwarding on of personal data to third countries

Should we transfer data to third countries, ie countries outside of the European Union, the transfer takes place exclusively in compliance with the lawfulness requirements set by legislation.

The lawfulness requirements are set out in Articles 44-49 GDPR.

Hosting by external service providers

In individual cases, our data processing takes place by using so-called hosting providers, which provide us with storage space and processing capacities in their computer centres and also process personal data on our behalf in accordance with our instructions. These service providers process data either exclusively in the EU, or we have guaranteed a reasonable level of data protection with the assistance of the EU standard data protection clauses.

Transfer to state authorities

We transfer personal data to state authorities (including criminal prosecution authorities), should this be necessary to fulfil a legal obligation to which we are subject (legal basis: Article 6 Paragraph 1 Letter c) GDPR) or should this be necessary in order to assert, exercise or defend legal claims (legal basis: Article 6 Paragraph 1 Letter f) GDPR).

Duration of the saving

We only save your data for as long as we require it for the respective purposes of the processing. Should the data no longer be necessary in order to fulfil contractual or legal obligations, it is deleted regularly, unless temporary storage of it continues to be necessary. Reasons for this can be as follows:

– Fulfilment of retention obligations under commercial law and tax laws

– Gaining of evidence for legal disputes within the framework of the statutory limitation period regulations
It is also possible for us to continue to save your data if you have issued your express consent to this.

Categories of data

– Core personal data: Title, gender, first name, surname, date of birth
– Address data: Road, building number, any additional address data, postcode, town/city, country
– Contact data: Telephone number(s), fax number(s), email address(es)
– Access data: Date and time of the visit to our service; the site from which the accessing system came across our site; pages accessed during the use; data for session identification (Session ID); also the following information relating to the accessing computer system; Internet protocol (IP) address used, browser type and version, device type, operating system and similar technical information.
– Application data: CV, references, proof, work samples, certificates, photos

Accessing the website/application

Here, a description concerning how we process your personal data when accessing our services is provided. We particularly wish to point out that the transfer of access data to external content providers (see b below) is necessary due to the technical functions of information transfer over the Internet.

 

Information concerning processing
Data category Purpose Legal basis Any legitimate interest Duration of the saving
Access data Connection establishment, display of the content of the service, discovery of attacks against our site due to unusual activities, error diagnosis Article 6 Paragraph 1 Letter f) GDPR proper function of the services, security of data and business processes, prevention of misuse, prevention of damage due to attacks against information systems 7 days

 

Recipients of the personal data

Category of recipients Affected data Legal basis of the transfer Any legitimate interest
External content providers which make content available (for example photos, videos, integrated postings from social networks, advertising banners, fonts, update information) which is necessary to display the service. Access data Order processing (Article 28 GDPR) Proper functioning of the service (accelerated) display of the content
IT security service provider Access data Order processing (Article 28 GDPR) Prevention of attacks by exploiting security loopholes/weaknesses

Application

Data protection policy for applicants

We appreciate your interest in us and that you are applying or have applied for a position at our company. Below, we wish to provide you with information concerning the processing of your personal data in connection with the application.

 

Who is responsible for data processing?

The responsible controllers for data processing of applicants differ from the controller of the general data processing.
The joint controllers in accordance with data protection laws are
Jebsen & Jessen (GmbH & Co.) KG
Kehrwieder 11
20457 Hamburg
(“Jebsen & Jessen“)

 

and its subsidiary companies of the same address
Jebsen & Jessen Trading Solutions GmbH
Jebsen & Jessen Life Science GmbH
Jebsen & Jessen Chemicals GmbH
Jebagro GmbH
Ruhr Petrol GmbH
Juritex Import-Export GmbH
GMA Garnet (Europe) GmbH
Jebsen & Jessen Industrial Services GmbH
Jebsen & Jessen Industrial Solutions GmbH
Jebsen & Jessen Metals GmbH

 

(all referred to individually as “Jebsen & Jessen subsidiary company”)
(Jebsen & Jessen and Jebsen & Jessen subsidiary companies also referred to jointly as ”Jebsen & Jessen corporate group“, “we”, and “us“)

 

You can find further information concerning our company, the persons with power of representation and other contact options in the legal notice of our Internet site https://www.jebsen-jessen.de/impressum/ and on the Internet sites of the Jebsen & Jessen subsidiary companies.

 

What personal data relating to you is processed by us? And for what purposes?

We process personal data that you have provided us with in connection with your application in order to assess your suitability for the position (or other open vacancies at our companies, if applicable) and to perform the application process. This information includes, in particular, your contact details, the information contained in your CV and your employment references.

 

What is the legal basis for this?

The legal basis for the processing of your personal data in this application process is primarily § 26 of the German Federal Data Protection Act (BDSG). According to the above, the processing of the data which is necessary in connection with the decision as to whether to enter into an employment relationship is lawful.
In the application form on our website, you have the option of having CV data extracted from documents or your profile on Xing.com or LinkedIn.com through an automatic tool. This can then be transferred in structured form to the appropriate form fields (so-called “CV parsing”). The CV Parsing option is intended to ensure the user-friendly design of the application process and is based on § 26 Paragraph 1 Sentence 1 of the German Federal Data Protection Act (BDSG). The tool is not intended to assess applications. The decision as to whether a candidate is suitable is always taken by one of our employees.
Should you not apply to us via the applicant management system, we will transfer your application to the system and we will also use CV parsing in order to extract your data from your CV into the system for this purpose. This processing is also based on § 26 Paragraph 1 Sentence 1 of the German Federal Data Protection Act (BDSG) in order to carry out the application process more effectively and in a more secure manner.
Should you apply for a specific position, you can consent to your application being considered by us for additional roles at our company. This processing takes place on the basis of Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent to this at any time. The revocation of your consent does not affect the lawfulness of the data processing that took place prior to this.
In addition, you have the option of consenting to your application being entered into our general pool of applicants. In such a case, we then save your application in accordance with Article 6 Paragraph 1 Letter a) GDPR for new positions that become available. You can revoke your consent to this at any time. The revocation of your consent does not affect the lawfulness of the data processing that took place prior to this.
Should the data be necessary for any legal action following the completion of the application process, data processing can take place on the basis of Article 6 Paragraph 1 Letter f) GDPR for the safeguarding of legitimate interests. In such a case, our legitimate interest is based on the bringing or defence of claims.

 

How long is the data saved for?

In case of a rejection, data of applicants will be deleted after 6 months.
Should you have consented to the inclusion of your data in the pool of applicants, your data will be deleted from this after two years.
Should you be successful during the application process and be appointed to a position at our company, we will transfer your personal data from the applicant data system to our personnel information system.

 

To what recipients is the data passed on?

Following receipt of your application, your applicant data will be viewed by the personnel department at Jebsen & Jessen, which is responsible for all of the subsidiary companies.
In addition to the personnel department of Jebsen & Jessen, the relevant responsible employees of the subsidiary companies have access to those applications that are of relevance to them. Generally, only persons who require your data for the proper performance of our application process have access to this.
For the application process, we use specialised application management software of the provider d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg (“d.vinci”). D.vinci works for us as a service provider and may also obtain knowledge of your personal data in connection with the maintenance and upkeep of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing takes place lawfully.
The provider of the CV parsing tool who is therefore our order processor is Textkernel BV, Nieuwendammerkade 28/a17, 1022, Amsterdam, Netherlands (“Textkernel”). Textkernel processes the received data straight away and returns this after the analysis has taken place without any saving by entering it in the form fields and displaying it to the user.

 

Where is the data processed?

The data is primarily processed in computer centres in the Federal Republic of Germany and in part also in other EU or EEA Member States.

 

Changes to this data protection policy

We reserve the right to alter this data protection policy in line with the updating of our processes. Please visit this site regularly and consult the current data protection policy. This data protection policy was most recently updated on 04.05.2022.

 

8.1 Consent to the assessment of additional roles at our company

I hereby agree that Jebsen & Jessen will not only consider my application for the selected position, but will also assess it for other roles across the company. I hereby agree that other companies of the Jebsen & Jessen corporate group will obtain access to my personal data for this purpose. Should my information contain a photo and/or information relating to my ethnic origin, religion or health (for example skin colour, head covering, glasses), my consent also extends to this information. My application will be deleted from the system at the latest after six months.
This consent is voluntary. I can refuse to issue my consent without giving reasons without any disadvantages on my part as a result. I can revoke this consent at any time in text form (for example letter or email) without giving reasons. In case of revocation, my application will no longer be considered for other roles at the company. However, the revocation of consent does not affect the lawfulness of the processing that took place with my consent prior to this.

 

8.2 Consent to inclusion in the pool of applicants

I hereby consent that Jebsen & Jessen will include my application in the pool of applicants of the Jebsen & Jessen corporate group. Applications in the pool of applicants are continually assessed for new positions opening up. I hereby agree that my personal data may be viewed again by the personnel department for this purpose and where suitable, other companies of the Jebsen & Jessen corporate group may be granted access to my personal data. Should my information contain a photo and/or information relating to my ethnic origin, religion or health (for example skin colour, head covering, glasses), my consent also extends to this information. My application will be deleted from the system at the latest after two years.
This consent is voluntary. I can refuse to issue my consent without giving reasons without any disadvantages on my part as a result. I can revoke this consent at any time in text form (for example letter or email) without giving reasons. In case of revocation, my application will be deleted from the pool of applicants. However, the revocation of consent does not affect the lawfulness of the processing that took place with my consent prior to this.

 

Tracking

Below, we will describe how your personal data is processed with the assistance of tracking technologies in order to analyse and optimise our services, as well as for advertising purposes.

The description of the tracking process also includes information as to how you can prevent or object to the data processing. Please bear in mind that the so-called “opt out” ie the rejection of the processing, is generally saved via cookies. Should you use our services via a new end device or in a different browser or should you have deleted the cookies which were set by this browser, you need to declare the rejection again.

The tracking procedure described only processes personal data in the form of pseudonyms No connection to a concrete, identifiable natural person, ie combination of the data with information concerning the holder of the pseudonym takes place.

Tracking in order to analyse and optimise our services and their use, as well as to measure the success of advertising campaigns and to optimise the display of adverts

 

Purposes of the processing

The analysis of the user behaviour by means of tracking helps us check the effectiveness of our services, to optimise them and tailor them to the needs of the users, as well as to correct errors. Also, it serves the purpose of creating numerical values of the use of our services (breadth, use intensity, surfing behaviour of the users) in statistical terms, on the basis of unified standard procedures, and therefore allow values which are comparable across the market to be received.

The tracking in order to measure the success of advertising campaigns serves the purpose of optimising our adverts for the future and also to enable advertisers to optimise their adverts accordingly. The tracking in order to optimise the display of advertising has the purpose of displaying adverts to users which are tailored to their interests, which increases the success of the advertising and by means of this, the revenues generated from it.

 

Legal basis of the processing

In case of services which enable the behaviour of affected persons on the Internet to be traced and when creating user profiles, informed consent under the GDPR is required.

 

The tracking procedure used at a glance

 

Description of the service Functionality Option of preventing the processing (opt out) Data transfer to third country? If applicable, reasonableness resolution (Article 45 GDPR) If applicable, suitable guarantees (Article 46 GDPR)
Google Analytics Web analysis No

Social media plugins

This website may include additional programs (plugins) of social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and by means of which messages can be transferred to the corresponding networks with the assistance of the button, in order to evaluate, recommend or share contents. By means of this, we are pursuing the purpose and legitimate interest in raising awareness of our services. We configure our services in such a way that data transfers do not take place until you click on the button. In such a case, the legal basis for the data transfer is Article 6 I Letter f) GDPR. The respective provider is responsible for ensuring that the data which is transferred is processed in accordance with data protection laws.

 

Description of the service Provider Data protection information of the provider
Facebook Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA https://de-de.facebook.com/about/privacy/
LinkedIn LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other
Twitter Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA https://twitter.com/de/privacy
Xing XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland https://privacy.xing.com/de/datenschutzerklaerung

 

Rights of affected persons

Right of information

You have the right to be informed whether personal data relating to you is processed by us, what personal data this is, as well as to receive other information in accordance with Article 15 GDPR.

 

Right of correction

You have the right to request the immediate correction by us of incorrect personal data relating to you (Article 16 GDPR). Taking the purposes of the processing into account, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration.

 

Right of deletion (“right to be forgotten”)

You have the right to request that the personal data relating to you be immediately deleted, should one of the reasons named in Article 17 Paragraph 1 GDPR be present and should the processing not be necessary for one of the purposes set out in Article 17 Paragraph 3 GDPR.

 

Right to have the processing restricted

You are entitled to request that the processing of your personal data be restricted, should one of the requirements set out in Article 18 Paragraph 1 Letters a) to d) be present.

 

Right of data portability

You have the right to receive the personal data relating to you which you have provided to us in a structured, up-to-date and machine readable format. You also have the right to transfer this data to another responsible body without hindrance by us or to have a direct transfer carried out by us, should this be technically possible. This should always be the case when the basis of the data processing is the consent or a contract and the data is processed automatically. Accordingly, this does not apply to data which is held solely in paper form.

 

Right of revocation in case of consent being issued

Should the processing be based on your consent, you have the right to revoke the consent at any time. The lawfulness of the processing which took place prior to the revocation will not be affected by this.

 

Right to complain

You have the right to complain to a supervisory authority.

 

Should our processing be based on your consent, then in addition to the right of revocation, you have the right of data portability in accordance with Article 20 GDPR.
Should the processing be based on our legitimate interests, you have the right to object to the processing at any time in accordance with Article 21 Paragraph 1 GDPR, should the reasons for this be connected to your specific situation. However, we may continue to process personal data in order to assert, exercise or defend legal claims.
You can contact us at any time in order to claim your rights.
You also have the right to complain to the responsible data protection supervisory authority about the processing of your personal data by us. This is the Hamburg Office for Data Protection and Information Freedom (Hamburgischer Beauftragte für Datenschutz und Informationsfreiheit), Ludwig-Erhard-Str. 22, 20459 Hamburg, Telephone +49 (0) 40 428 54 4040, email: mailbox@datenschutz.hamburg.de.

 

Glossary

Order processor: A natural or legal person, authority, institution or other body which processes personal data on behalf of the responsible body.

Browser: Computer program for displaying websites (for example Chrome, Firefox, Safari).

Cookies: In connection with the World Wide Web, a cookie is a small text file which is stored locally on the computer of the user when visiting a website. This file saves data concerning the behaviour of the user. Should the browser be opened and the relevant website be accessed again, the cookie is used and informs the web server of the surfing behaviour of the user with the assistance of the data which has been saved.

In this case, cookies are not biscuits, rather information which a website saves locally on the computer of the website visitor in a small text file. This can concern settings which have already been carried out by the user on a site, but can also include information which the website has collected independently from the user itself. Later, these text files which are stored locally can be read once again by the same web server which created them. Most browsers accept cookies automatically. You can administer cookies with the help of the browser functions (usually under “options” or “settings”). By means of these, the saving of cookies can be de-activated, made dependent on your consent or otherwise restricted. You can also delete cookies at any time.

Third countries: Country which is not bound by the legal requirements of the GDPR (country outside of the EEA).

Personal data: All information which relates to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by means of assignment to a label, such as a name, number, location data, online profile or one or more special characteristics which express the physical, physiological, genetic, psychiatric, economic, cultural or social identity of this natural person.

Pixel: Pixels are also called number pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. Should a document be opened, this small picture is then loaded by a server on the Internet, whereby the downloading is registered there. By means of this, the operator of the server can see if or when an email was opened or a website was visited. This function is usually carried out by accessing a small program (JavaScript). By means of this, certain types of information on your computer system can be recognised and passed on, such as the content of cookies, time and date of the site access, as well as a description of the site which contains the number pixel.

Profiling: Any type of automated processing of personal data which means that this personal data is used in order to evaluate certain personal aspects which relate to a natural person, in particular in order to analyse or forecast the work performance, economic position, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.

Services: Our services to which this data protection declaration applies (see area of applicability).

Tracking: The collection and evaluation of data in relation to the behaviour of visitors to our services.

Tracking technology: Tracking can take place both via activity protocols (logfiles) saved on our web servers and by means of data gathering from your end device via pixels, cookies and similar tracking technology.

 

Processing: Any process or succession of processes carried out in connection with personal data with or without the assistance of automated procedures, such as the gathering, recording, organisation, filing, saving, adjustment or alteration, reading, retrieval, use, disclosure by transfer, distribution or other form of provision, comparison or connection, restriction, deletion or destruction.

Analytics Opt Out

If you have given us your consent to use your personal data, you can revoke this consent at any time with effect for the future.