Privacy Act Statement of the Johs. Boss GmbH Co. (JBO)

Johs. Boss GmbH & Co.KG would like to thank you for your visit on our webpages and your interest in our company and our services. The protection of your privacy in regard to processing is an important matter to us. Therefore, your data will exclusively be processed in accordance with the provisions of the German Data Protection Act as well as the General Data Protection Regulation of the European Union. We want you to feel safe during your visit on our pages.

Introduction

With this privacy policy, we attend to our duty of information towards our visitors and users according to art. 3 General Data Protection Regulation (GDPR). We specifically focus on protecting personal data. Personal Data are particulars about personal or material conditions of a specified or specifiable natural person. This includes information as for instance, name, address, e-mail address and phone number. The legal bases of data protection are to be found in the GDPR as well as the German Telemedia Act (TMG) and the EU ePrivacy regulation.

Your rights in regards to data protection as a user of this website (rights of the persons affected)

The data protection law views you as an affected person of our initiated collection of your personal data in the scope of your visit on our website. Accordingly, the legislator has made provisions for a number of rights of the persons affected that you can make use of as a user of this website. In particular, these rights are the following:

At any time, you have the right of information about your personal data, their origins and recipient and the reason for data processing free of charge and without giving reasons. Likewise, you have the right to adjustment, correction, blockage or deletion of this data. You may also restrict processing of your data or object to processing of your data (right of objection), just as well you generally have the right of data transferability. If you have provided us with your consent to processing of your data, you can revoke it at any time. Additionally, you have the right of appeal with the regulatory authorities according to art. 77 GDPR.

Contact Data: Responsible Person – Data Protection Coordinators – Data Protection Officer

If you have any questions regarding data protection at Johs. Boss GmbH & Co.KG that cannot be answered with the information provided in this privacy policy or if you would like to put your rights as a person affected into practice, you have the following opportunities to contact us:

The management or executive board that you can find in the imprint on www.johs-boss.de is responsible for data processing. However, given that the management has an abundance of other responsibilities, we recommend contacting our data protection coordinators (This email address is being protected from spambots. You need JavaScript enabled to view it.) directly. You may also send your inquiry by mail; the corresponding address can be found in the imprint as well.

Furthermore, Johs. Boss GmbH & Co.KG has commissioned an external data protection officer that is available under datenschutz@johs-boss.de.

We would like to inform you that you may address any of our employees with your inquiries regarding your rights as a person affected. However, it would present a great relief to us if you would address your concerns directly to our data protection coordinators (datenschutz@johs-boss.de).

If you would like to make use of your right of appeal according to art. 77 GDPR, please contact the responsible supervisory authority.

Recipients of Personal Data

If you submit your personal data to us, the main recipients are the employees of Johs. Boss GmbH & Co.KG that have been entrusted with it. Moreover, it is possible that we commission other companies or individuals with the fulfilment of tasks in our name, for instance services that you requested through the contact inquiry (e.g. a printed product brochure). In this case, it is possible that the companies commissioned by us get to process your data for the intended purpose. For more detailed information regarding this matter, please see the section “Obligations of Employees and external Service Providers” and “Cooperation with external Service Providers”.

Transmission of Personal Data in a Third Country

We do not have the intention to transmit personal data beyond the geographic scope of the GDPR. However, given that we occasionally use web services provided by Google (e.g. for the graphic layout of the slogans we use “fonts.gstatic.com”), data such as, for instance, IP addresses and/or so-called referral links or online identifiers might be transmitted, depending on your browser settings. Since we do not initiate the combination of that data, it cannot be ruled out that personal data is created and/or processed beyond the geographic scope of the GDPR. It is possible to prevent the transmission in your browser; for more information regarding this matter, please read the section “Use of Google Maps”.

Duration of Storage

Personal data that has been submitted over our own website will only be stored until its intended purpose is fulfilled. Taking retention periods in accordance with commercial and fiscal laws into consideration, the duration of storage of specific data can be up to 10 years.

Intention of Data Collection

The use of our page is generally possible without submitting personal data. In order to use particular services on our page, however, different regulations might apply that, in this case, will be individually elaborated and inform you especially about the nature, extent and purpose of the collection and processing of personal data. Nevertheless, we only generally only process personal data whenever it is necessary for providing a functional website as well as contents and services. In case of data collection, it is for the purpose of technical provision of our online presence, for informational purposes and for contractual purposes when providing services. Your personal data will be used exclusively for the aforementioned purposes and only within the scope and to the extent necessary to fulfil these purposes. If you apply for employment at Johs. Boss GmbH & Co.KG, another purpose for data processing is the potential conclusion of an employment contract.

Legal Base of Data Collection

Personal data may only be processed in accordance with a legal base. Whenever we process personal data in the scope of our web presence, we generally do so due to legitimate interest of the person responsible, article 6, paragraph 1 GDPR.

The preservation of legitimate interests is a balance of interests and includes not only our interests as the company responsible for the processing but also the interests of the users of our websites. We as a company want to inform you about our company as well as our services. You as a user and potential customer, supplier, competitor, information seeker and/or applicant have an interest in informing yourself about is, our services and products in a technically accessible and comfortable way. Moreover, we give our visitors the opportunity to get into contact with us through our website. Respectively, the processing of data complies with the interests on both ends. At the same time, the processing of personal data is reduced to a minimal extent so that we come to the conclusion that the preservation of legitimate interest can act as the legal base for the processing.

In regard to the application process, we use the legal ground of contract and contract initiation (article 6, paragraph 1 GDPR), especially § 26 BDSG (German Data Protection Law, Data Processing for Purposes of Employment Relationships). For more information, see the section “Applications”.

In addition, we use the legal ground of consent in regard to the application process (article 6, paragraph 1 GDPR). This consent is voluntary and serves the purpose of staff recruitment and transmission of your data into an internal talent pool. For more information, see the section “Applications”. You can freely choose whether you would like to give consent or decline. There will be no negative consequences whatsoever in case of declination. You can revoke previously given consent partially or fully at any time. The legality of processing on the legal ground of consent will persist until the revocation. This means that even in case of revocation of consent, the processing that happened in the past will not become unlawful.

Cookies

Our web site makes use of so-called Cookies, which serve as a means of making our online presence as a whole more user-friendly, more effective as well as more secure – for example when it comes to accelerating navigation on our platform. Find detailed information on cookies, we provide you with a cookie policy. You can view this at https://www.johs-boss.de/index.php/en/privacy-policy.

Furthermore, cookies enable us to measure the frequency of page views and navigation in general.
Cookies are small text files that are stored on your computer system. Cookies are not harmful to your computer and do not contain viruses. Please note that some of these cookies will be transferred from our server to your computer system, which will be so-called “session cookies”. “Session cookies” are characterised by being automatically deleted from your hard drive when the browser session has ended. Other cookies remain on your computer system and enable us to recognise your computer system at your next visit (so-called permanent cookies). Naturally, you can decline cookies at any time, should your browser allow it. However, please be aware that in this case not all features on our website will be available to be used with full functionality.

The help-function in the menu bar of most web browsers will explain how to keep your browser from accepting new cookies, how to make your browser notify you whenever you receive a new cookie or even how to turn off all received cookies. Naturally, you can subsequently delete all cookies. The procedure is dependent on your browser as well as your operating system. We kindly ask you to look up the correct procedure for subsequent deletion of cookies for your system.

Server Log

Every visit of the pages of this web presence is registered and stored in the so-called Server Log files. This data serves exclusively to analyse server utilisation.

The collected data in this procedure specifically contains the following:

• The requesting host address
• Time and date of the request
• Name of the requested file
• HTTP status code
• Amount of transmitted data
• Internet page from which you visit us (referrer URL)
• Browser / operating system / interface
• Particulars about which server services were used
• Protocol version

This anonymous data will be stored separately from your possibly submitted personal data and will not allow any inference to a specific person. It will only be transmitted to third parties when prescribed by law or court order. There will be no transmission for commercial or non-commercial purposes. We reserve the right to check this data, should there be concrete indications of unlawful use.

Contact Opportunity

We offer you the option on our page to contact us via e-mail and/or contact forms. Your submissions from the request form, including the contact data you submitted in order for us to process the request and for the case of further questions will be encrypted before they are transmitted to and stored with us. If you would like to contact us via e-mail, we would like to point out that the confidentiality of the transmitted information in unencrypted e-mails is not guaranteed. The content of unencrypted e-mails can be viewed by third parties (see section “Information Security).

Use of Google Web Services

Like many other websites and service providers on the internet we use technical web services by Google. One can assume that Google collects and links the data that, for instance, creates your cookies (such as online identifiers and IP addresses). In combination with explicit identifiers and other information transmitted to Google’s servers, Google can also create profiles of users of this website and expand existing profiles.

Google APIs

Our website uses APIs by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google” in the following). This refers to a programme interface provided by Google. In the context of use this can lead to data, especially the IP address, being transmitted to Google. This only happens after you have accepted the cookies. You can prevent the collection and transmission of personal data (especially your IP address) to Google as well as the processing of this data by Google by disabling the JavaScript functionality of your browser or installing an extension such as “NoScript”.

Use and Transmission of Personal Data

If you commission us to provide a service, your personal data will only be used to the extent that is necessary for the execution of the commission (e.g. processing of information enquiries or requests for brochures). This especially includes the transmission of your data to transport companies, credit companies or other services used for service delivery or contract processing.
A further transmission, especially sale of your personal data to third parties, does not take place.
This procedure has the following exceptions: we disclose customer accounts and personal data of customers whenever we are legally obligated to do so or whenever such a transmission is necessary to protect our own rights, those of our customers and those of third parties, e.g. in the case of attacks on our network infrastructure. This can, for instance, include an exchange of data with companies that specialise in prevention or minimisation of abuse and credit card fraud and/or IT security. We explicitly point out that in this context there will be no transmission of data for commercial purposes that does not comply with this privacy policy.

Obligations of Employees and external Service Providers

As a matter of course, our employees and the service providing companies we commission are obligated to discretion and compliance with the provisions of GDPR.

YouTube

Our website makes use of plugins by YouTube, a page run by Google. The operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Whenever you visit one of our pages running the YouTube plugin, a connection to the YouTube servers is only established after cookies have been accepted and the server receives information about which particular pages you have visited.

By being logged into your YouTube account, you enable YouTube to associate your surfing activities directly with your personal profile. You can prevent this process by logging out of your account beforehand.
YouTube is used to allow an appealing presentation of our online offers. This presents a legitimate interest according to Article 6, Paragraph 1 of the General Data Protection Regulation (GDPR). For more information regarding handling of usage data, please read YouTube’s privacy policy:
https://policies.google.com/privacy?hl=en&gl=de

Cooperation with external Service Providers

We commission other companies and individuals with the fulfilment of task on our account.
This can include, for instance, package delivery, dispatch of letters or e-mails, analysis of our databases, IT services, advertising measures, payment transactions as well as customer service. These service providers have access to personal information that is necessary for the fulfilment of the given tasks. However, they may not use them for other purposes. Furthermore, they are obligated to handle the information in accordance with this privacy policy as well as GDPR. If these sub-companies are processors as per article 28 GDPR, we have concluded respective lawful contracts with them.

Information Security

Johs. Boss GmbH & Co.KG uses technological and organisational security measures in accordance with the current state of knowledge to protect the data you provided us with from random or deliberate manipulation, loss, destruction or access by unauthorised individuals. Therefore, your data will be stored in a secure operating environment that is not accessible to the public. Our security measures will be reviewed periodically and constantly improved pursuant to the technological development. If you want to contact us via e-mail, please be aware that the confidentiality of the submitted information is not ensured for unencrypted e-mails. The content of unencrypted e-mails can be accessed by third parties. Hence, we recommend sending confidential information either in an encrypted manner or by mail. Your e-mail address will exclusively be used for our correspondence with you. There will be no deviating use or transmission to third parties.

Protection of your Data via TLS / SSL

To ensure safe data transmission on the internet we use the hybrid encryption protocol Transport Layer Security (TLS), more commonly known under its predecessor’s name Secure Sockets Layer Software (SSL). This software encrypts the information you submit. All information relevant to data protection are stored in a protected database in an encrypted state.

Consent, State and Change of this Privacy Policy

By using our website, you consent to the aforementioned data processing as of 21.06.2018. We explicitly reserve the right to take legal action in case of unrequested mailing of advertising information, for instance in the shape of spam e-mails.