Choose your current location.
The following information is intended to give you an overview of the processing of your personal data by the Rhenus Group and the rights to which you are entitled under data protection law. In order to fulfil our duty to provide information in accordance with Article 13 GDPR, we would be pleased to provide you with our data protection information below:
The identity and the contact details of the controller:
Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com
The contact details of the data protection officer:
- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group
Purpose of processing and legal basis
We collect, process and use your data for the purpose of information security of Rhenus SE & Co. KG and its subsidiaries. This applies to data that is processed on the occasion of visitor registration, your safety instruction or within the scope of our video surveillance. Your data will be processed on the basis of a legitimate interest (Article 6 Para. 1 f) GDPR).
Categories of personal data
The following data about you may be processed by us: date, surname, first name, company with address, contact person at Rhenus, number of the visitorpass, time, registration plate, signature, picture or video recording.
Recipients of the personal data
Your data will remain with Rhenus SE & Co. KG and its subsidiaries.
Duration of storage
We keep your data, which is collected within the scope of the safety instruction, for two years. We will then delete them or make them anonymous.
Data recorded within the framework of video surveillance is deleted 14 days after recording. They are only stored for a longer period of time if they are still needed for clarification or to prove a specific incident. In this case, the data will be blocked and deleted immediately after the complete completion of the clarification measures or after the requirement for proof has ceased to apply.
The data from the visitor registration will be deleted after eight weeks or, if they are in paper form, will be destroyed in accordance with data protection regulations.
Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).
Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.
Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).
Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).
Right to object
You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out on the basis of processing carried out in the public interest and processing carried out on the basis of a balance of interests, including profiling based on this provision.
Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.
Right of appeal to the supervisory authority
If you are of the opinion that the processing of your personal data is unlawful, you can complain to a supervisory authority.
Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.
Provision of personal data
You are neither legally nor contractually obliged to make your data available to Rhenus SE & Co. KG for the above-mentioned purpose. However, if you refuse to make your data available, Rhenus SE & Co. KG cannot grant you access to its buildings and premises for reasons of information security.
Automated individual decision-making/profiling
An automated decision making (including profiling) does not take place with your data.
You have come to this page via a link in order to find out about our handling of personal data. In order to fulfil our duty to provide information in accordance with Article 13 GDPR, we would be pleased to provide you with our data protection information below:
The identity and the contact details of the controller:
Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com
The contact details of the data protection officer:
- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group
Purpose of processing and legal basis
Your applicant data will be processed by us in order to assess your suitability for the position (or any other open position in our company) and to complete the application process. The legal basis is Article 26 Federal Data Protection Act. If, after completion of the application process, the data should be necessary in the interest of defending against or asserting claims in the context of legal proceedings, the legal basis for data processing is Article 6 para. 1 f) GDPR.
In order to carry out statistical evaluations regarding our applicant management, your data will be anonymised before it is processed. This data processing does not allow any conclusions to be drawn about your person.
If you have given us consent to the processing of personal data for certain purposes, the lawfulness of this processing is given on the basis of your consent (Article 6 para. 1 a) GDPR). Your consent can be revoked at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.
Categories of personal data
The following categories are processed:
Recipients of the personal data
All persons directly involved in the application process (personnel departments, specialist departments, works councils) have access to your documents.
Transfer of data to third countries and to an international organisation
If you have applied for a job outside the EU or have given your consent to be included in the applicant pool or to your applicant data being forwarded to a non-EU company of our group, we may also forward your applicant data to the relevant company outside the EU. An appropriate level of data protection is guaranteed by the framework agreement on data transfer between all companies of the Rhenus Group with the obligation to comply with the EU standard contractual clauses and by appropriate technical and organisational measures.
Duration of storage
Your documents are archived for 90 days following the conclusion of the application process. All data is automatically deleted from our systems after this period. An email is sent to you to confirm this.
To begin with, your documents are stored in our applicant pool for 180 days. After this, you will receive an email from us giving you the option to extend this period. Your data will be deleted from our systems, if you do not confirm in writing that you wish your name to remain in the pool within 14 days of receiving this email.
Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).
Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.
Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).
Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).
Right to object
You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out on the basis of processing carried out in the public interest and processing carried out on the basis of a balance of interests, including profiling based on this provision.
Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.
Right of appeal to the supervisory authority
There is a right of appeal to a data protection supervisory authority. A list of the Germany supervisory authorities and their contact details can be found in the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.
Provision of personal data
The data collected is necessary for the application procedure. If the data is not made available, it will not be possible to carry out the application procedure.
Automated individual decision-making/profiling
An automated decision making (including profiling) does not take place with your data.
You have come to this page via a link in order to find out about our handling of personal data. In order to fulfil our duty to provide information in accordance with Article 13 GDPR, we would be pleased to provide you with our data protection information below:
The identity and the contact details of the controller:
Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com
The contact details of the data protection officer:
- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group
Purpose of processing and legal basis
The data received from you is processed by us only for the purposes for which we received or collected it. In particular, this can be done for the following purposes:
Processing for other purposes can only be considered if the necessary legal requirements pursuant to Article 6 para. 4 GDPR have been met. Information obligations pursuant to Article 13 para. 3 and Article 14 para. 4 GDPR are of course observed.
The legal basis for the processing of personal data is in principle Article 6 GDPR, unless there are specific legal provisions. If personal data is processed on the basis of your consent, you have the right to revoke this consent at any time with effect for the future.
In particular, the following options may be considered:
If processing is carried out on the basis of Article 6 para. 1 f) GDPR, the controller shall pursue the following legitimate interests of himself or third parties: communication if the person concerned is not a direct party to the contract to be initiated or existing. If we process data on the basis of a weighing of interests, you as the data subject have the right to object to the processing of personal data in accordance with Article 21 GDPR.
Categories of personal data
If the controller does not collect your data directly from communication with you and you therefore know what data is involved, please note that the controller regularly processes the following categories of personal data:
Recipients of the personal data
Transfer of data to third countries and to an international organisation
Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, if this is permissible on the basis of a weighing of interests pursuant to Article 6 Para. 1 f) GDPR, if we are legally obliged to pass it on or if you have given your consent to this.
Where data is transferred to a third country outside the EU, an adequate level of data protection is ensured by the conclusion of EU standard contractual clauses and/or the recipient's participation in the so-called "Privacy Shield" and the technical and organisational measures taken by the third party with regard to data protection and data security.
Duration of storage
Personal data will only be stored by controller as long it is necessary to pursue the purpose for which it was processed. If the storage of the data is no longer necessary for the fulfilment of contractual or legal obligations and for the pursuit of legitimate interests, i.e. for the preservation of evidence or proof within the scope of the statutory limitation provisions, these will be deleted regularly.
Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).
Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.
Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).
Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).
Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.
Right of appeal to the supervisory authority
There is a right of appeal to a data protection supervisory authority. A list of the Germany supervisory authorities and their contact details can be found in the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.
Right to object
You have the right to object to the processing of your data in connection with direct advertising pursuant to Article 21 para. 1 and para. 2 GDPR if this is done on the basis of a weighing of interests.
If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
The following information is intended to give you an overview of the processing of your personal data by the Rhenus Group and the rights to which you are entitled under data protection law. In order to fulfil our duty to provide information in accordance with Article 13 GDPR, we would be pleased to provide you with our data protection information below:
The identity and the contact details of the controller:
Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com
The contact details of the data protection officer:
- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group
Purpose of processing and legal basis
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR):
a.) Based on your consent (Article 6 Para. 1 a) of the GDPR)
If you have given us your consent to process personal data for certain purposes (e.g. passing on data within the group), the lawfulness of this processing is given on the basis of your consent. Your consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the General Data Protection Regulation, before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.
b.) For the fulfilment of contractual obligations (Article 6 Para. 1 b) of the GDPR)
The processing of personal data is carried out to provide disposal and cleaning services within the framework of the execution of our contracts with our customers or to carry out pre-contractual measures, which are carried out at your request. The purposes of data processing are primarily based on the requirements of the service and may include, but are not limited to, needs assessments and advice. Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
c.) As part of the balancing of interests (Article 6 Para. 1 f) of the GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties. Examples:
d.) Due to legal requirements (Article 6 Para. 1 c) of the GDPR) or in the public interest (Article 6 Para. 1 e) of the GDPR)
As a company, we are also subject to various legal obligations, i.e. legal requirements (e.g. tax law, waste law). The purposes of the processing include, among other things, the fulfilment of control and reporting obligations under tax law as well as the fulfilment of the waste documentation system under waste law, the guarantee of IT security and IT operation, measures for building and plant security (e.g. access controls).
Categories of personal data
We process personal data which we receive from our customers within the scope of our business relationship. If you are our customer as a natural person, this refers to your personal data. If you have been named to us by our customer as a contact person within the framework of the business relationship, we process the personal data that our customer or you have provided to us personally for this purpose (usually name, address and other contact data such as e-mail address, telephone number and function). In addition, we process - to the extent necessary for the provision of our services - personal data which we have received from other companies of the Rhenus Group or from other third parties (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of your consent).
On the other hand, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. land registers, commercial and association registers, press, media, Internet). Relevant personal data in the interested party process when opening master data are name, address/other contact data (telephone, e-mail address), bank details and function.
Recipients of the personal data
The service providers and vicarious agents employed by us may have access to your data, which they need to fulfil our contractual and legal obligations. These are the companies from the categories listed below:
Under these conditions, recipients of personal data may be: Processors to whom we transfer personal data in order to carry out the business relationship with you. In detail: Processing of subcontractor services, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, reporting, spear accounting, telephony, video identification, website management, auditing services, payment transactions.
Other data recipients may be those for whom you have given your consent for data transfer.
Transfer of data to third countries and to an international organisation
Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary to carry out the internal business process, is required by law or if you have given us your consent.
Duration of storage
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their - temporary - further processing is necessary for the following purposes:
Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).
Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.
Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).
Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).
Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.
Right of appeal to the supervisory authority
There is a right of appeal to a data protection supervisory authority. A list of the Germany supervisory authorities and their contact details can be found in the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.
Provision of personal data
As part of our business relationship, you must provide the personal information necessary to establish and conduct a business relationship and to fulfil the contractual obligations associated therewith, or which we are required by law to collect. Without this data we will normally have to refuse the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate it.
Automated individual decision-making/profiling
An automated decision making (including profiling) does not take place with your data.
Information about your right of objection
1. Right of objection in individual cases
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 e) GDPR (data processing in the public interest) and Article 6 para. 1 f) GDPR (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Article 4 para. 4 GDPR.
If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
2. Right to object to the processing of data for advertising purposes
In individual cases we process your personal data in order to operate direct advertising. You have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising.
The following information is intended to give you an overview of the processing of your personal data by the Rhenus Group and the rights to which you are entitled under data protection law. In order to fulfil our duty to provide information in accordance with Article 13 GDPR, we would be pleased to provide you with our data protection information below:
The identity and the contact details of the controller:
Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com
The contact details of the data protection officer:
- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group
Purpose of processing and legal basis
The data received from you is processed by us only for the purposes for which we received or collected it. In particular, this can be done for the following purposes:
Processing for other purposes can only be considered if the necessary legal requirements pursuant to Article 6 para. 4 GDPR have been met. Information obligations pursuant to Article 13 para. 3 and Article 14 para. 4 GDPR are of course observed.
The legal basis for the processing of personal data is in principle Article 6 GDPR, unless there are specific legal provisions. If personal data is processed on the basis of your consent, you have the right to revoke this consent at any time with effect for the future.
In particular, the following options may be considered:
If processing is carried out on the basis of Article 6 para. 1 f) GDPR, the controller shall pursue the following legitimate interests of himself or third parties: Communication if the person concerned is not a direct party to the contract to be initiated or existing. If we process data on the basis of a weighing of interests, you as the data subject have the right to object to the processing of personal data in accordance with Article 21 GDPR.
Categories of personal data
If the controller does not collect your data directly from communication with you and you therefore know what data is involved, please note that the controller regularly processes the following categories of personal data:
Recipients of the personal data
Transfer of data to third countries and to an international organisation
Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, if this is permissible on the basis of a weighing of interests pursuant to Article 6 Para. 1 f) GDPR, if we are legally obliged to pass it on or if you have given your consent to this.
Where data is transferred to a third country outside the EU, an adequate level of data protection is ensured by the conclusion of EU standard contractual clauses and/or the recipient's participation in the so-called "Privacy Shield" and the technical and organisational measures taken by the third party with regard to data protection and data security.
Duration of storage
Personal data will only be stored by controller as long it is necessary to pursue the purpose for which it was processed. If the storage of the data is no longer necessary for the fulfilment of contractual or legal obligations and for the pursuit of legitimate interests, i.e. for the preservation of evidence or proof within the scope of the statutory limitation provisions, these will be deleted regularly.
Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).
Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.
Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).
Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).
Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.
Right of appeal to the supervisory authority
There is a right of appeal to a data protection supervisory authority. A list of the Germany supervisory authorities and their contact details can be found in the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.
Provision of personal data
As part of our business relationship, you must provide the personal information necessary to establish and conduct a business relationship and to fulfil the contractual obligations associated therewith, or which we are required by law to collect. Without this data we will normally have to refuse the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate it.
Automated individual decision-making/profiling
An automated decision making (including profiling) does not take place with your data.
Information about your right of objection
1. Right of objection in individual cases
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 e) GDPR (data processing in the public interest) and Article 6 para. 1 f) GDPR (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Article 4 para. 4 GDPR. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims
2. Right to object to the processing of data for advertising purposes
In individual cases we process your personal data in order to operate direct advertising. You have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising.
The following information is intended to give you an overview of the processing of your personal data by the Rhenus Group and the rights to which you are entitled under data protection law. Which data are processed in detail and in which way they are used depends decisively on the concrete employment relationship.
The identity and the contact details of the controller:
Rhenus SE &Co. KG
Rhenus-Platz 1
59439 Holzwickede
Phone: +49 (0) 2301 29-0
E-Mail: datenschutz[at]rhenus.com
The contact details of the data protection officer:
- data protection officer -
Rhenus-Platz 1
59439 Holzwickede
E-Mail: datenschutz[at]rhenus.com
Website: www.rhenus.group
Purpose of processing and legal basis
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act and all other relevant laws.
First and foremost, the processing of personal data serves to establish, execute and terminate a contractual or quasi-contractual obligation with the data subject (e.g. employment relationship). The primary legal basis for this is Article 88 GDPR. In addition, collective agreements (group, collective and works agreements as well as collective bargaining agreements) may be concluded pursuant to Article 6 para. 1 b) in conjunction with Article 26 para. 4 of the Federal Data Protection Act and, if applicable, your separate consents pursuant to Article 6 para. 1 a) and Article 7 GDPR in conjunction with Article 26 para. 2 of the Federal Data Protection Act (e.g. in the case of video recordings) may be used as a data protection permission provision.
We also process your data in order to be able to fulfil our legal obligations as an employer, in particular in the area of tax and social security law. This is done on the basis of Article 6 para. 1 c) GDPR in conjunction with Article 26 of the Federal Data Protection Act. Due to these legal regulations, the Rhenus Group is subject to various control and reporting obligations.
If special categories of personal data pursuant to Article 9 para. 1 GDPR are processed, this serves the exercise of rights or the fulfilment of legal obligations under labour law, social security law and social protection within the scope of the employment relationship, e.g. disclosure of health data to the health insurance fund, recording of severely disabled persons due to additional leave and determination of the severely disabled persons levy. This is done on the basis of Article 9 para. 2 b) GDPR in conjunction with Article 26 para. 3 of the Federal Data Protection Act. In addition, the processing of health data may be necessary for the assessment of your ability to work in accordance with Article 9 para. 2 h) GDPR in conjunction with Article 22 para. 1 b) of the Federal Data Protection Act.
If necessary, we also process your data on the basis of Article 6 para. 1 f) GDPR in order to protect legitimate interests of ourselves or third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis Article 26 para. 1 sentence 2 of the Federal Data Protection Act) or within the group for purposes of group control, internal communication and other administrative purposes. For example:
In addition, the processing of special categories of personal data may be based on consent in accordance with Article 9 Para. 2 a) GDPR in conjunction with Article 26 Para. 2 of the Federal Data Protection Act (e.g. company health management).
Should we wish to process your personal data for a purpose not mentioned above, we will inform you of this beforehand and, if necessary, obtain your consent beforehand.
Categories of personal data
We collect personal data from you in order to establish, carry out and terminate your employment relationship. Data is personal if it is clearly assigned to a specific person or if this identification can at least take place indirectly.
The processed categories of personal data include in particular your master data (such as first name, surname, name supplements and titles, date of birth, gender, nationality, marital status, denomination and personnel number), contact data (e.g. private address, (mobile) telephone number, e-mail address), the log data generated when using the IT systems, as well as data from any company video surveillance and other data from the employment relationship (e.g. personnel questionnaire, social data, size of shoe, health insurance number and name of health insurance fund, bank details, social insurance number, pension insurance number, salary data as well as tax status information and tax identification number, place of employment or workplace, time recording data, absence and holiday periods, business trips, periods of incapacity for work, training and work experience, criminal record and application documents incl. certificates/references and photograph as well as employment documents (such as job title, functions, work history, working hours, remuneration and remuneration components as well as remuneration history, performance information, disciplinary and complaint data, severe disability, pregnancy incl. notification of supervisory authorities, anniversary, pension claims, notices of termination and notice periods).
This may also include special categories of personal data: health data, health conditions, health and illness data, certificate of incapacity for work.
As a rule, your personal data is collected directly from you as part of the recruitment process or during the employment relationship. In certain constellations, your personal data will also be collected from other offices due to legal regulations. This includes, in particular, occasion-related queries of tax-relevant information at the relevant tax office and information on periods of incapacity to work at the respective health insurance fund. In addition, we may have received data from third parties (e.g. employment agencies).
Human resources development
Within your employment relationship, employee appraisals with superiors take place again and again. These are an integral part of personnel development. The subject of such discussions can be performance appraisals by superiors, salary adjustments, perspective discussions, target agreements for the future, but also agreements on training and further education. The results of employee appraisals are usually documented - electronically or in paper form - and are then part of your personnel file. The same applies to information about your salary adjustment, etc. based on this information. In addition, information about your participation in training measures or the qualification measures you have carried out is stored there. Among other things, we store the following information about you: performance appraisals, salary adjustments, short CVs, objectives, information on further training, training courses and qualifications, and certificates, if applicable.
Recipients of the personal data
Within our company, only those persons and bodies (e.g. specialist departments, works councils, representatives for severely handicapped persons) receive your personal data that they require to fulfil our contractual and legal obligations.
In addition, your data will be transferred to certain companies within our group of companies if these companies centrally perform data processing tasks for the companies affiliated in the group, such as payroll accounting, disposal of files, internal administrative purposes, IT administration, controlling and financial accounting, and information for managers.
Furthermore, we transfer your data to our subsidiaries (also abroad) as far as this is necessary due to your employment relationship.
In addition, we make use of various service providers to fulfil our contractual and statutory obligations, including in particular
Compliance with data protection regulations in the event of the processing of personal data on a contractual basis is ensured by corresponding contracts pursuant to Article 28 GDPR with the service providers.
In addition, we may transfer your personal data to other recipients outside the company to the extent necessary to fulfil your contractual and statutory obligations as an employer. This could be for example:
Transfer of data to third countries and to an international organisation
If we transfer personal data to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the European Commission to have an appropriate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. You can request information about this at the above contact information.
Duration of storage
We will delete your personal data as soon as it is no longer required for the above-mentioned purposes. After termination of the employment relationship, your personal data will be stored as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain data, which are regulated in the German Commercial Code (Handelsgesetzbuch) and the German Tax Code (Abgabenordnung). The storage periods can then be up to ten years. Personal data may also be retained for the period during which the claims can be asserted against the Rhenus Group (statutory limitation period of three or up to thirty years).
Right of access
On request, we will inform you in writing or electronically whether and which personal data we have stored about you (Article 15 GDPR).
Right to rectification
You have the right to rectify (Article 16 GDPR) and/or complete the data vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete.
Right to erasure
You may request the person responsible to delete the personal data concerning you immediately (Article 17 GDPR).
Right to restriction of processing
You have the right to demand the restriction of the processing (Article 18 GDPR).
Right to object
You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out on the basis of processing carried out in the public interest and processing carried out on the basis of a balance of interests, including profiling based on this provision.
Right to data portability
You have the right to data portability (Article 20 GDPR). In other words, you have the right to receive your personal data in a machine-readable format.
Right of appeal to the supervisory authority
There is a right of appeal to a data protection supervisory authority. A list of the Germany supervisory authorities and their contact details can be found in the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Revocation of consent
If you have given your consent to the collection or use of personal data and wish to revoke it, you can revoke it at any time with effect for the future by e-mail or letter.
Provision of personal data
As part of your employment relationship, you will only be required to provide the personal information that is necessary to enter into and perform the employment relationship or that we are required by law to collect. Without this information, we will not be able to perform the employment contract with you.
Profiling
We partly process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases: Due to legal and regulatory requirements, we are obliged to combat money laundering, terrorist financing and crimes that pose a threat to property. Data analysis (e.g. comparison with legally prescribed lists) is also carried out.
Data Protection Information
The following data protection information provides you with general information on the functionality of the app and the processing of data within the scope of using the app.
Responsible Party Within The Meaning Of The Data Protection Laws:
Rhenus Warehousing Solutions SE & Co. KG
Rhenus Platz 1
59439 Holzwickede
Data Protection Officer
If you have any questions regarding data protection law or questions about data processing when using the app, you can reach our data protection officer at:
datenschutz-warehousing[at]rhenus.com
Data Processing During Installation And Use Of The App
Automatic data processing when using the app. After the free installation of the app from the Apple App Store, Google Play Store or Microsoft Store, personal data is processed when the app is opened. This happens automatically without you having to take any further action, such as filling out and sending a contact form. These automated processing operations concern:
Processing The IP Address And Other Device Data
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
When the app is opened, requests are sent to the server which it must answer. For this purpose, your IP address must be collected and processed by the server so that the corresponding server requests can be answered.
Other data collected in this context are:
Platform
Device type
Screen size and resolution
Version of the runtime and the operating system
Language
Unique numbers of the unit that make identification possible are not collected. A unit cannot be distinguished by SmapOne from another unit of the same type.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of this data is Art. 6 para. 1 lit. f) DSGVO.
3. PURPOSE OF THE DATA PROCESSING
The purpose of processing your IP address and other data is to establish and secure the functionality of the app and to make it technically possible to retrieve it.
4. LEGITIMATE INTEREST
Our legitimate interest in the temporary storage of the IP address lies in the fact that the functionality and provision of the technical retrieval option of the app is not possible without this storage.
5. DURATION OF STORAGE
The data is deleted again as soon as further storage is no longer necessary because the purpose has been achieved. This usually occurs after a period of 30 days.
6. RECIPIENTS OF PERSONAL DATA
smapOne AG, Freundallee 11a, 30173 Hanover as host of the app, administration and support.
7. TRANSMISSION TO A THIRD COUNTRY
It is not intended to transfer the personal data to a third country or to an international organisation.
8. AUTOMATED DECISION MAKING/PROFILING
No automated decision-making or so-called profiling takes place.
Processing Of Server Log Files
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
The IP addresses collected when opening the app are also stored in so-called server log files in order to detect technical faults and/or attempts to manipulate and break into the server structure and to make them remediable.
In addition, the hosting provider automatically collects, stores and processes information in so-called server log files that are automatically transmitted by the app. However, this information is not merged with other data sources.
This information is:
Time of the request
URL
Response Code
Runtime ID of the device
If applicable, the ID of the smap to which the request refers.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR.
3. PURPOSE OF THE DATA PROCESSING
The purpose of processing your IP address and the above information is to detect malfunctions and attempts to gain entry. This serves the security structure of the app and the system integrity of the servers.
4. LEGITIMATE INTEREST
Our legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical environment.
5. DURATION OF STORAGE
The data is deleted as soon as further storage is no longer necessary due to the achievement of the purpose. This is regularly the case after a period of 30 days. After that, only statistical information is retained.
6. RECIPIENTS OF PERSONAL DATA
smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support
7. TRANSMISSION TO A THIRD COUNTRY
It is not intended to transfer the personal data to a third country or to an international organisation.
8. AUTOMATED DECISION MAKING / PROFILING
No automated decision-making or so-called profiling takes place.
DATA PROCESSING WHEN ENTERING USER DATA / PROCESSING HISTORY
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
In order to be able to use the app within the scope of the employment relationship, the processing of user data is required. For this purpose, an account must be applied for in the Field Business Intelligence and a registration on the platform of the provider SmapOne must be made with the official e-mail address. After downloading the app, a link to the user account via the official e-mail address is required. The individual actions associated with the registration are processed according to the type of action and date for the purpose of proving that the registration has been completed and linked to a specific licence.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.
3. PURPOSE OF THE DATA PROCESSING
Unambiguous identification of the authorised use. Verifiability of registration and linkage to a specific licence.
4. DURATION OF STORAGE
The data processed as part of the registration will be deleted when the user account is deleted.
5. RECIPIENTS OF PERSONAL DATA
smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support
6. TRANSMISSION TO A THIRD COUNTRY
It is not intended to transfer the personal data to a third country or to an international organisation.
7. AUTOMATED DECISION MAKING / PROFILING
No automated decision-making or so-called profiling takes place.
Use Of Cookies/Usage Analyses
Numerous cookies are processed when using the SmapOne website. Rhenus Warehousing has no influence over these cookies. The responsible party in line with the DSGVO for the processing of the cookies mentioned below is SmapOne AG. SmapOne AG’s data protection information is available at: https://www.smapone.com/datenschutzhinweise/
The following cookies are required to use the SmapOne website.
Name | Purpose | Expiry | Type | Provider |
CookieConsent | Saves your consent to the use of cookies. | 1 year | HTML | Website |
fe_typo_user | Assigns your browser to a session on the server. This only affects the content you see and is not evaluated or processed by us. | Session | HTTP | Website |
registrationEmail | Used to create a user account in the registration process. | 1 hours | HTTP | Website |
registrationAsCreator | Used to create a user account in the registration process. | 1 hours | HTTP | Website |
. AspNet.ApplicationCookie | Platform authorisation cookie. | 2 hours | HTTP | Website |
ARRAffinity | Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure. | Session | HTTP | Website |
ARRAffinitySameSite | Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure. | Session | HTTP | Website |
CurrentCulture | Saves the language setting in the corresponding ISO country code. | 1 year | HTML | Website |
TiPMix | Azure Websites Testing in Production (TiP). | Session | HTTP | Website |
__RequestVerificationToken | Prevents attacks for counterfeit cross-site requests (XSRF/CSRF) in ASP.NET Core. | Session | HTTP | Website |
x-ms-routing-name | Azure App Service – Forwarding production data traffic. | Session | HTTP | Website |
ai_session | This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. It is a unique, anonymous session identifier cookie. | Session | HTML | Website |
ai_user | This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. This cookie uniquely identifies a user and counts the number of users who access the app over time. | 1 year | HTML | Website |
The following optional cookies are activated if the cookies are consented to by default:
Name | Purpose | Expiry | Type | Provider |
_gcl_au | Used by Google AdSense to experiment with advertising efficiency on websites. | 3 months | HTML | |
AMP_TOKEN | Contains a token that can be used to retrieve a Client ID from the AMP Client ID Service. Other possible values indicate opt-out, request in progress or an error retrieving a client ID from the AMP Client ID Service. | 1 year | HTML | |
_dc_gtm_--property-id-- | Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests. | 2 years | HTML | |
_ga | Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously. | 2 years | HTML | |
_gat | Used to throttle the rate of queries sent to Google Analytics. It also increases the efficiency of network calls. | 10 minutes | HTML | |
_gid | Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously. | 1 day | HTML | |
_ga_--container-id-- | Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests. | 2 years | HTML | |
_gac_--property-id-- | Contains information about campaigns for the user. If you have linked your Google Analytics and Google Ads accounts, efficiency measurement elements will read this cookie unless you disable it. | 3 months | HTML | |
_fbp | Used to display a range of advertising products, e.g. real-time bids from third party advertisers. | 28 days | HTML | |
fr | Used to display a range of advertising products, e.g. real-time bids from third party advertisers. | 3 months | HTML | |
facebookPixel | If JavaScript is not enabled, this pixel initiates a connection with Facebook. | none | Pixel | |
_pk_id | Used for Matomo (Piwik) to store information about users, e.g. unique, anonymised visitor ID. | 13 months | HTML | Website |
_pk_ref | Used to store the user's originating website information. | 6 months | HTML | Website |
_pk_ses | Used by Matomo (Piwik) to store the attribution information and referrer originally used to visit the website. | 30 minutes | HTML | Website |
_pk_cvar | Short-term cookie to store temporary data of the visit. | 30 minutes | HTML | Website |
_pk_hsr | Short-term cookie to store temporary data of the visit. | 30 minutes | HTML | Website |
_hjid | Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID. | 1 year | HTML | Hotjar |
_hjFirstSeen | Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID. | 1 year | HTML | Hotjar |
_hjTLDTest | Used to identify the first session of a new user, as well as to recognise returning visitors to our website across domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID. | 1 year | HTML | Hotjar |
UserMatchHistory | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML | |
bcookie | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML | |
lang | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML | |
BizoID | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML |
Cookies can only be selected by clicking on the link: “Detailed Settings” in the pop-up “Information about Cookies.” The optional cookies are not preselected. The cookie selection in question is set with “Save Selection.”
Access To Device Functionalities
The app needs access to the camera to capture images. Images are used to document, for example, damage to the object being examined.
Functionalities Of The App And Individual Processing
Processing history within the framework of working with smaps:
1. Description And Scope Of Data Processing
Smaps and individual data per smap (see processing activity) are derived from the process.
Only the forwarding, assignment and sending of data records are stored in the respective data record. No content editing history is created for the entries.
2. Legal Basis For Data Processing
The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.
3. Purpose Of Data Processing
The purpose of processing the data is to control abuse.
4. Duration Of Storage
The data will be deleted when the user account is deleted.
5. Recipients Of Personal Data
smapOne AG, Freundallee 11a, 30173 Hannover is host of the app, administration and support.
6. Transmission To A Third Country
There is no intention to transfer the personal data to a third country or to an international organisation.
7. Automated Decision-Making/Profiling
No automated decision-making or so-called profiling takes place.
Rights Of The Data Subject
As explained above, we do not process any personal data when you use the app. However, we would like to inform you about your rights under the DSGVO when processing personal data:
If you process personal data, you are the data subject within the meaning of the general data protection regulation. You therefore have rights vis-à-vis the controller. To exercise your data protection rights against us as the data controller, please contact the following e-mail address: datenschutz-warehousing[at]rhenus.com .
.
1. Right to Information - Art. 15 GDPR
You have the right to obtain confirmation from the controller as to whether personal data concerning you are being processed.
If there is such processing, you have the right to access this personal data and to receive the following information:
In addition, you have the right to request information on whether the personal data concerning you have been transferred to a third country or to an international organisation. In this context, you may also request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
2. Right to Correction – Art. 16 GDPR
You have the right to obtain from the controller the correction and/or completion of data relating to you without undue delay if the personal data processed is inaccurate or incomplete.
3. Right to Deletion – Art. 17 GDPR
Obligation to Delete:
You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:
Exceptions:
4. Right to Restriction of Processing – Art. 18 GDPR
You have the right to request the restriction of processing of personal data concerning you under the following conditions:
Where the processing of personal data relating to you has been restricted, such data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or due to substantial public interest on the part of the European Union or a member state. If the restriction of processing has itself been restricted on the basis of the above conditions, you will be informed by the controller before the restriction is lifted.
5. Right to Information – Art. 19 GDPR
If you have exercised one of your rights to rectification, deletion or restriction of processing, we are obliged to communicate the rectification, erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
6. Right to Data Portability – Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, as long as:
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
(b) the processing is carried out with the aid of automated procedures.
In exercising this right to data portability, you also have the right to ensure that the personal data concerning you is transferred directly from one controller to another insofar as this is technically feasible.
7. Right of Objection – Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he or she can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications.
8. Right to Revoke the Declaration of Consent under Data Protection Law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9. Right to Complain to a Supervisory Authority – Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the general data protection regulation.
The supervisory authority with which you lodge a complaint shall inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
This data protection notice will be updated at regular intervals.
Data Protection Information
The following data protection information provides you with general information on the functionality of the app and the processing of data within the scope of using the app.
Responsible Party Within The Meaning Of The Data Protection Laws:
Rhenus Warehousing Solutions SE & Co. KG
Rhenus Platz 1
59439 Holzwickede
Data Protection Officer
If you have any questions regarding data protection law or questions about data processing when using the app, you can reach our data protection officer at:
datenschutz-warehousing[at]rhenus.com
Data Processing During Installation And Use Of The App
Automatic data processing when using the app. After the free installation of the app from the Apple App Store, Google Play Store or Microsoft Store, personal data is processed when the app is opened. This happens automatically without you having to take any further action, such as filling out and sending a contact form. These automated processing operations concern:
Processing The IP Address And Other Device Data
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
When the app is opened, requests are sent to the server which it must answer. For this purpose, your IP address must be collected and processed by the server so that the corresponding server requests can be answered.
Other data collected in this context are:
Platform
Device type
Screen size and resolution
Version of the runtime and the operating system
Language
Unique numbers of the unit that make identification possible are not collected. A unit cannot be distinguished by SmapOne from another unit of the same type.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of this data is Art. 6 para. 1 lit. f) DSGVO.
3. PURPOSE OF THE DATA PROCESSING
The purpose of processing your IP address and other data is to establish and secure the functionality of the app and to make it technically possible to retrieve it.
4. LEGITIMATE INTEREST
Our legitimate interest in the temporary storage of the IP address lies in the fact that the functionality and provision of the technical retrieval option of the app is not possible without this storage.
5. DURATION OF STORAGE
The data is deleted again as soon as further storage is no longer necessary because the purpose has been achieved. This usually occurs after a period of 30 days.
6. RECIPIENTS OF PERSONAL DATA
smapOne AG, Freundallee 11a, 30173 Hanover as host of the app, administration and support.
7. TRANSMISSION TO A THIRD COUNTRY
It is not intended to transfer the personal data to a third country or to an international organisation.
8. AUTOMATED DECISION MAKING/PROFILING
No automated decision-making or so-called profiling takes place.
Processing Of Server Log Files
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
The IP addresses collected when opening the app are also stored in so-called server log files in order to detect technical faults and/or attempts to manipulate and break into the server structure and to make them remediable.
In addition, the hosting provider automatically collects, stores and processes information in so-called server log files that are automatically transmitted by the app. However, this information is not merged with other data sources.
This information is:
Time of the request
URL
Response Code
Runtime ID of the device
If applicable, the ID of the smap to which the request refers.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR.
3. PURPOSE OF THE DATA PROCESSING
The purpose of processing your IP address and the above information is to detect malfunctions and attempts to gain entry. This serves the security structure of the app and the system integrity of the servers.
4. LEGITIMATE INTEREST
Our legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical environment.
5. DURATION OF STORAGE
The data is deleted as soon as further storage is no longer necessary due to the achievement of the purpose. This is regularly the case after a period of 30 days. After that, only statistical information is retained.
6. RECIPIENTS OF PERSONAL DATA
smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support
7. TRANSMISSION TO A THIRD COUNTRY
It is not intended to transfer the personal data to a third country or to an international organisation.
8. AUTOMATED DECISION MAKING / PROFILING
No automated decision-making or so-called profiling takes place.
DATA PROCESSING WHEN ENTERING USER DATA / PROCESSING HISTORY
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
In order to be able to use the app within the scope of the employment relationship, the processing of user data is required. For this purpose, an account must be applied for in the Field Business Intelligence and a registration on the platform of the provider SmapOne must be made with the official e-mail address. After downloading the app, a link to the user account via the official e-mail address is required. The individual actions associated with the registration are processed according to the type of action and date for the purpose of proving that the registration has been completed and linked to a specific licence.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.
3. PURPOSE OF THE DATA PROCESSING
Unambiguous identification of the authorised use. Verifiability of registration and linkage to a specific licence.
4. DURATION OF STORAGE
The data processed as part of the registration will be deleted when the user account is deleted.
5. RECIPIENTS OF PERSONAL DATA
smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support
6. TRANSMISSION TO A THIRD COUNTRY
It is not intended to transfer the personal data to a third country or to an international organisation.
7. AUTOMATED DECISION MAKING / PROFILING
No automated decision-making or so-called profiling takes place.
Use Of Cookies/Usage Analyses
Numerous cookies are processed when using the SmapOne website. Rhenus Warehousing has no influence over these cookies. The responsible party in line with the DSGVO for the processing of the cookies mentioned below is SmapOne AG. SmapOne AG’s data protection information is available at: https://www.smapone.com/datenschutzhinweise/
The following cookies are required to use the SmapOne website.
Name | Purpose | Expiry | Type | Provider |
CookieConsent | Saves your consent to the use of cookies. | 1 year | HTML | Website |
fe_typo_user | Assigns your browser to a session on the server. This only affects the content you see and is not evaluated or processed by us. | Session | HTTP | Website |
registrationEmail | Used to create a user account in the registration process. | 1 hours | HTTP | Website |
registrationAsCreator | Used to create a user account in the registration process. | 1 hours | HTTP | Website |
. AspNet.ApplicationCookie | Platform authorisation cookie. | 2 hours | HTTP | Website |
ARRAffinity | Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure. | Session | HTTP | Website |
ARRAffinitySameSite | Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure. | Session | HTTP | Website |
CurrentCulture | Saves the language setting in the corresponding ISO country code. | 1 year | HTML | Website |
TiPMix | Azure Websites Testing in Production (TiP). | Session | HTTP | Website |
__RequestVerificationToken | Prevents attacks for counterfeit cross-site requests (XSRF/CSRF) in ASP.NET Core. | Session | HTTP | Website |
x-ms-routing-name | Azure App Service – Forwarding production data traffic. | Session | HTTP | Website |
ai_session | This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. It is a unique, anonymous session identifier cookie. | Session | HTML | Website |
ai_user | This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. This cookie uniquely identifies a user and counts the number of users who access the app over time. | 1 year | HTML | Website |
The following optional cookies are activated if the cookies are consented to by default:
Name | Purpose | Expiry | Type | Provider |
_gcl_au | Used by Google AdSense to experiment with advertising efficiency on websites. | 3 months | HTML | |
AMP_TOKEN | Contains a token that can be used to retrieve a Client ID from the AMP Client ID Service. Other possible values indicate opt-out, request in progress or an error retrieving a client ID from the AMP Client ID Service. | 1 year | HTML | |
_dc_gtm_--property-id-- | Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests. | 2 years | HTML | |
_ga | Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously. | 2 years | HTML | |
_gat | Used to throttle the rate of queries sent to Google Analytics. It also increases the efficiency of network calls. | 10 minutes | HTML | |
_gid | Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously. | 1 day | HTML | |
_ga_--container-id-- | Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests. | 2 years | HTML | |
_gac_--property-id-- | Contains information about campaigns for the user. If you have linked your Google Analytics and Google Ads accounts, efficiency measurement elements will read this cookie unless you disable it. | 3 months | HTML | |
_fbp | Used to display a range of advertising products, e.g. real-time bids from third party advertisers. | 28 days | HTML | |
fr | Used to display a range of advertising products, e.g. real-time bids from third party advertisers. | 3 months | HTML | |
facebookPixel | If JavaScript is not enabled, this pixel initiates a connection with Facebook. | none | Pixel | |
_pk_id | Used for Matomo (Piwik) to store information about users, e.g. unique, anonymised visitor ID. | 13 months | HTML | Website |
_pk_ref | Used to store the user's originating website information. | 6 months | HTML | Website |
_pk_ses | Used by Matomo (Piwik) to store the attribution information and referrer originally used to visit the website. | 30 minutes | HTML | Website |
_pk_cvar | Short-term cookie to store temporary data of the visit. | 30 minutes | HTML | Website |
_pk_hsr | Short-term cookie to store temporary data of the visit. | 30 minutes | HTML | Website |
_hjid | Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID. | 1 year | HTML | Hotjar |
_hjFirstSeen | Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID. | 1 year | HTML | Hotjar |
_hjTLDTest | Used to identify the first session of a new user, as well as to recognise returning visitors to our website across domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID. | 1 year | HTML | Hotjar |
UserMatchHistory | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML | |
bcookie | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML | |
lang | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML | |
BizoID | Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads. | 6 months | HTML |
Cookies can only be selected by clicking on the link: “Detailed Settings” in the pop-up “Information about Cookies.” The optional cookies are not preselected. The cookie selection in question is set with “Save Selection.”
Access To Device Functionalities
The app needs access to the camera to capture images. Images are used to document, for example, damage to the object being examined.
Functionalities Of The App And Individual Processing
Processing history within the framework of working with smaps:
1. Description And Scope Of Data Processing
Smaps and individual data per smap (see processing activity) are derived from the process.
Only the forwarding, assignment and sending of data records are stored in the respective data record. No content editing history is created for the entries.
2. Legal Basis For Data Processing
The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.
3. Purpose Of Data Processing
The purpose of processing the data is to control abuse.
4. Duration Of Storage
The data will be deleted when the user account is deleted.
5. Recipients Of Personal Data
smapOne AG, Freundallee 11a, 30173 Hannover is host of the app, administration and support.
6. Transmission To A Third Country
There is no intention to transfer the personal data to a third country or to an international organisation.
7. Automated Decision-Making/Profiling
No automated decision-making or so-called profiling takes place.
Rights Of The Data Subject
As explained above, we do not process any personal data when you use the app. However, we would like to inform you about your rights under the DSGVO when processing personal data:
If you process personal data, you are the data subject within the meaning of the general data protection regulation. You therefore have rights vis-à-vis the controller. To exercise your data protection rights against us as the data controller, please contact the following e-mail address: datenschutz-warehousing[at]rhenus.com .
.
1. Right to Information - Art. 15 GDPR
You have the right to obtain confirmation from the controller as to whether personal data concerning you are being processed.
If there is such processing, you have the right to access this personal data and to receive the following information:
In addition, you have the right to request information on whether the personal data concerning you have been transferred to a third country or to an international organisation. In this context, you may also request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
2. Right to Correction – Art. 16 GDPR
You have the right to obtain from the controller the correction and/or completion of data relating to you without undue delay if the personal data processed is inaccurate or incomplete.
3. Right to Deletion – Art. 17 GDPR
Obligation to Delete:
You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:
Exceptions:
4. Right to Restriction of Processing – Art. 18 GDPR
You have the right to request the restriction of processing of personal data concerning you under the following conditions:
Where the processing of personal data relating to you has been restricted, such data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or due to substantial public interest on the part of the European Union or a member state. If the restriction of processing has itself been restricted on the basis of the above conditions, you will be informed by the controller before the restriction is lifted.
5. Right to Information – Art. 19 GDPR
If you have exercised one of your rights to rectification, deletion or restriction of processing, we are obliged to communicate the rectification, erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
6. Right to Data Portability – Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, as long as:
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
(b) the processing is carried out with the aid of automated procedures.
In exercising this right to data portability, you also have the right to ensure that the personal data concerning you is transferred directly from one controller to another insofar as this is technically feasible.
7. Right of Objection – Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he or she can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications.
8. Right to Revoke the Declaration of Consent under Data Protection Law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9. Right to Complain to a Supervisory Authority – Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the general data protection regulation.
The supervisory authority with which you lodge a complaint shall inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
This data protection notice will be updated at regular intervals.
