Search Results

Data Protection Declaration

Data protection declaration

A. General Information

Privacy Policy

We are pleased that you are visiting our website. We would like to provide you with the following information regarding the processing of your personal data on our website.

Data Controller

CHG-MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany                   

Email: info@chg-meridian.com

Phone: +49 751 503-0

 

Data Protection Officer

Benjamin Hummer

Email: datenschutz@chg-meridian.com

B. Terminology

The technical terms used in this Privacy Policy are to be understood as legally defined in Article 4 of the GDPR.

The terms “user” and “website visitor” are used interchangeably in our Privacy Policy. 

Recipients of data

Recipients of data are listed in our Privacy Policy under the respective category/heading. 

Categories of Data Subjects

The categories of data subjects include website visitors and other users of online services.

 

C. General Information on Data Processing on the Website

Automated Data Processing (Log Files, etc.)

Our website can be visited without users actively providing any personal information. However, every time the website is accessed, we automatically store access data (server log files) such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit, or the name of the requested file; and, for security reasons—such as to detect attacks on our website—the IP address of the device used for a period of 30 days.  This data is not combined with other data sources. We process and use the data for the following purposes: providing the website, preventing and detecting errors/malfunctions, and preventing misuse of the website.

Data categories:
Meta and communication data (e.g., IP address, date and time of access, time, type of HTTP request, website from which access is made (referrer URL), browser used, and, if applicable, the operating system of the accessing computer (user agent))

Purpose of processing:
Prevention and detection of errors/malfunctions, detection of misuse of the website

Legal basis:
Legitimate interest pursuant to Art. 6(1)(f) of the GDPR

Legitimate interests:
Fraud prevention to detect misuse of the website

 

Essential Cookies (Functionality, Opt-Out Links, etc.)

To enable the use of the basic functions on our website and to provide the service requested by the user, we use so-called cookies on our website. Cookies are a standard Internet technology for storing and retrieving information for website users. Cookies represent information and/or data that can be stored, for example, on the user’s device. With traditional cookie technology, the user’s browser is instructed to store specific information on the user’s device when a particular website is accessed. 

Strictly necessary cookies are used to provide a digital service explicitly requested by the user, such as:

-     Cookies for error analysis and security purposes
-     Cookies for storing logins
-     Cookies for storing data in online forms, provided the form spans multiple pages
-     Cookies for storing (language) settings
-     Cookies for storing items that users add to their shopping cart to complete a purchase
-     Cookies for storing consent or revocation (opt-in, opt-out)

Some of the cookies used (so-called session cookies) are deleted at the end of the browser session, i.e., when the browser is closed. 

Users can delete cookies at a later time to remove data that the website has stored on the user’s computer.

The data processing described may also relate to information that is not personally identifiable but constitutes information within the meaning of the TDDDG. Even in these cases, such information may be necessary for the use of an expressly requested service and is therefore stored in accordance with § 25 TDDDG. 

 

Opt-out:
Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de 

Microsoft Edge:
https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2 

Opera:
https://help.opera.com/en/latest/security-and-privacy/

Safari
https://support.apple.com/de-de/HT201265 

Legal Basis:
Legitimate interests (Art. 6(1)(f) GDPR in conjunction with § 25(2)(2) TDDDG), consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG)

Legitimate Interests:
Storage of opt-in preferences, ensuring the functionality of the website, maintaining user status across the entire website

 

Google reCAPTCHA (via Microsoft) 

To protect our web forms against automated abuse, we use Google’s CAPTCHA service, which is provided as a subprocessor within the Microsoft services. 

Data Categories:
Meta and communication data (e.g., IP address, browser information, mouse movements, time spent on the page)

Purposes of processing:
Prevention of abuse, protection against automated access (bots)

Legal basis:
Legitimate interests (Art. 6(1)(f) GDPR)

Manage/withdraw consent

 

Google Ireland Limited
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland 

Transfer to a third country:
Based on the European Commission’s Adequacy Decision for the United States.

Privacy Policy:
https://policies.google.com/privacy

 

Storage and Processing of Non-Essential Information and Data

Beyond the necessary scope, user data may be processed using cookies, similar technologies, or application-specific technologies, e.g., for the purposes of (cross-website) tracking or personalized advertising, etc. In doing so, data may be transferred to third-party providers. The storage and further processing of user data that is not strictly necessary to provide the digital service is then based on consent within the meaning of Article 6(1)(a) of the GDPR (where applicable, in conjunction with Section 25(2)(1) of the TDDDG).

 

Consent Management Platforms

We use a consent management process on our website to store and manage the consent granted by website visitors in a verifiable manner in accordance with data protection requirements. 

The consent management platform we use helps us identify all cookies and tracking technologies and control them based on the consent status. At the same time, visitors to our website can use the consent management service we have integrated to manage the consents and preferences they have granted (optional setting of cookies and other technologies that are not necessary) or revoke their consent at any time by clicking the button. 

The consent status is stored on the server and/or in a cookie (known as an “opt-in cookie”) or a comparable technology so that consent can be associated with a user or their device. In addition, the time at which consent was given is recorded.

Data Categories:
Consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g., device information, IP addresses)

Purposes of processing:
Compliance with accountability requirements, consent management

Legal Basis:
Legal obligation (Art. 6(1)(c) GDPR in conjunction with Art. 7 GDPR) 

Manage consent/Withdrawal

 

consentmanager AB
Recipient:
consentmanager AB, Håltegelvägen 1b, 72348 Västerås

Transfers to third countries:
Does not occur.

Privacy Policy:
https://www.consentmanager.net/de/datenschutz/

 

Content Management System

We use a so-called Content Management System (CMS) to process, organize, and display digital content on our website. 

The CMS allows us to create, edit, and manage our website and equip it with the necessary features (e.g., forms, blogs, images, and other digital content). In addition, the website designed using the CMS helps ensure that our website is more easily found by users on search engine results pages (SERPs) when they search for relevant terms. 

An integrated firewall within the CMS ensures that our website is protected against external attacks, thereby preventing misuse of the website. Additionally, we ensure that the CMS receives regular updates and patches to maintain the security of our website, which is based on the CMS.  

Data Categories:
Usage data (e.g., visited web pages, access time), meta and communication data (e.g., device information, anonymized IP address), interaction data (interest in content, etc.)

Purposes of processing:
Creating, editing, and managing page content; storing and archiving data; creating landing pages; generating statistics; measuring reach 

Legal basis:
Consent (Art. 6(1)(a) GDPR)

 

Optimizely
Recipient:
Episerver GmbH, 119 5th Ave, 7th Floor, New York, NY 10003, USA

Transfers to third countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://www.optimizely.com/de/legal/privacy-notice/

 

Hosting (including Content Delivery Network)

Our website is hosted by an external service provider. Data from visitors to our website, in particular so-called log files, is stored on our service provider’s servers. By using a specialized service provider, we are able to efficiently operate our website. The hosting provider we use does not process this data for its own purposes. 

We also use a so-called Content Delivery Network (CDN) to deliver our website’s content more quickly. For example, when website visitors access graphics, scripts, or other content, these are delivered quickly and optimally using servers distributed regionally and internationally. When files are retrieved, a connection is established to the servers of a CDN provider, during which personal data of our website visitors is processed, such as the IP address and browser data. 

Data Categories:
User data (e.g., webpages visited, interest in content, access times), meta and communication data (e.g., device information, IP addresses)

Purposes of processing:
Proper display and optimization of the website; faster and location-independent access to the website; 

Legal bases:
Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR)

Legitimate interests:               Avoiding downtime, ensuring high scalability, and reducing the website’s bounce rate

Microsoft Azure
Recipient:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Transfers to third countries:
Based on the European Commission’s adequacy decision for the United States

Privacy Policy:
https://privacy.microsoft.com/de-de/privacystatement

 

Google APIs
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://policies.google.com/privacy

 

Google Static
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy: 
https://policies.google.com/privacy

 

Website Support and Consulting, Web Agency

We have engaged a web agency to provide support and consulting for the services and applications on our website. This agency assists us with all tasks related to the design and functionality of our website. In this context, the web agency we have selected receives the login credentials for our website in order to make necessary adjustments and changes, such as designing forms or performing other programming tasks. 

The web agency also assists us with the management of our content management system and our accounts with search engine providers. 

Access to personal data—such as data from forms or log data of website visitors—cannot be ruled out in this context. The web agency therefore acts as a so-called data processor on our behalf and operates exclusively on our instructions. Data is not processed for any other purposes. 

Data Categories:
Usage data (e.g., access times), meta and communication data (e.g., device information, IP addresses), contact data (e.g., email address), content data (e.g., text entries)

Purposes of processing:
Support for web analytics and optimization; analysis of user behavior on the website (website interaction) for web optimization and reach measurement; monitoring of website traffic

Legal basis:
Legitimate interests (Art. 6(1)(f) GDPR)

Legitimate interests:
Support for website management through high levels of technical expertise; efficiency through outsourcing

 

Web analytics and optimization

We use methods on our website to analyze user behavior and measure reach. To this end, we collect information about visitors’ behavior, interests, or demographic data to determine whether and where our website needs optimization or adjustment (e.g., forms on the website, improved placement of buttons or call-to-action buttons, etc.). 

In addition, we can measure the clicking and scrolling behavior of website visitors. Among other things, this helps us identify at what times our website, its features, or its content are most heavily used. 

The collection of this data is made possible through the use of certain technologies (e.g., cookies). These are stored on users’ devices as part of client-side tracking when they visit our website. 

We take precautions to protect the identity of our website visitors. We do not process any personal data of website visitors for the purposes described. 

Website visitors are assigned an ID (identification number) upon visiting the site so that they can be recognized on subsequent visits. The IDs and associated information are stored in user profiles. In addition, the IP addresses of website visitors are anonymized, and the storage period for cookies is reduced. 

 

Data Categories:                      Usage data (e.g., webpages visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g., device information, anonymized IP addresses, location data)

Purposes of processing:
Monitoring the status of goal achievement (performance tracking) for all online activities: analyzing user behavior on the website (website interaction) for web optimization and reach measurement, assessing website traffic, lead evaluation, and revenue growth.

Legal basis:
Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR)

Legitimate interests:
Ensuring the functionality and security of the website, optimizing user-friendliness and performance, and diagnosing errors and ensuring stability

6Sense
Recipient:
6Sense Insights, Inc., 450 Mission Street, Suite 201, San Francisco, CA 94105

Transfers to third countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://6sense.com/privacy-policy/

etracker
Recipient:
etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg

Transfer to third countries:
Does not occur.

Privacy Policy:
https://www.etracker.com/datenschutzerklaerung/

Google Analytics
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://policies.google.com/privacy

Microsoft Azure App Insights
Recipient:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://privacy.microsoft.com/de-de/privacystatement

Visual Studio

Recipient:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Transfers to third countries:
Based on the European Commission’s adequacy decision for the United States

Privacy Policy:
https://privacy.microsoft.com/de-de/privacystatement

LinkedIn Insight Tag
Recipient:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Transfer to a Third Country:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://www.linkedin.com/legal/privacy-policy

 

Online marketing 


Search Engine Marketing (Advertising on Search Engines)
We use search engine marketing techniques. Search engine marketing encompasses all measures designed to improve the visibility of our website in organic or non-organic search engine results, increase our reach, and thereby boost traffic (visitor traffic) to our website. In addition, we can use search engine marketing to generate new leads. To do this, the search engine provider sells us ad space on the search engine results page or on websites of the search engine provider’s partners.

Advertising can therefore take place on various external platforms or websites. The ads are displayed to users in the form of text, display, or video ads. 

Using our tracking tool, we first create a search engine advertising campaign and define various dimensions to be tracked by the search engine provider we’ve selected—such as user location, device information, and target audiences (demographic characteristics). This enables us to gain further insights into user interest in our content and products and, where applicable, identify trends.

This process is implemented using a cookie or similar technology. When a visitor accesses our website or searches for a specific keyword within the search engine being used (e.g., Google), a cookie or similar technology is placed on the visitor’s device. This data may include, for example, user locations and device information, which is transmitted to the search engine provider’s server. The search engine provider aggregates this data and automatically makes it available to us in the form of a statistical analysis via a dashboard in our account with the search engine provider. 

The statistics provide us with information about which of our ads were clicked, how often, and at what prices, as well as whether our marketing efforts led to a so-called “event” (e.g., downloading a PDF or playing a video) or a conversion (e.g., purchasing a product or registering on our website). The analysis serves to evaluate the success of our online activities. Because each click on an ad incurs a cost for us, these clicks on external platforms and websites are tracked using our tracking tool. This tracking is used for budget and performance monitoring. We cannot identify individual users based on this information.

Note: 

Website visitors’ data (e.g., name and email address) can be directly associated with them if they are logged into their search engine provider’s account. If they do not wish to be associated via their profile, website visitors must log out of the search engine provider’s account before visiting our website.

Data Categories:
User and interaction data (e.g., webpages visited, interest in content, access times), meta and communication data (e.g., device information, anonymized IP addresses), location data (if applicable), contact data (e.g., email addresses)

Purposes of processing:
Increasing revenue and reach, measuring conversions, targeting audiences, identifying trends to develop marketing strategies

Legal basis:
Consent (Art. 6(1)(a) GDPR)

 

Google Ads
Recipients:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Transfers to third countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://policies.google.com/privacy

Google DoubleClick
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Transfer to a third country:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://policies.google.com/privacy

 

Social Media Presence

We maintain a company profile on social media and career platforms to increase our visibility among potential customers and prospects and to raise public awareness of our company. 

Social media helps us expand our reach and actively promote interaction and communication with users. Activity and communication on social media play a key role in attracting new customers and employees. Through social media and our website, we can share relevant information about our company, announce events, and communicate important last-minute updates and job postings. They also help us connect with users quickly and easily.

Social media platform operators create so-called user profiles based on users’ behavior, such as the interests they indicate (likes, shares). These profiles are used to tailor advertisements to the interests of target groups. When users are active on social media channels, cookies or other technologies are regularly stored on their devices, sometimes regardless of whether they are registered users of the social network. 

Insights (Statistics)

The data analyzed by social media platform operators is provided to us in the form of anonymized statistics, which means that it no longer contains any personal data from users. Based on these statistics, we can, for example, see how often and at what times our social media profile was visited. Currently, fan page operators are unable to disable this feature. We therefore have no control over the extent to which the data is processed by social media platforms. 

Data Categories:
Usernames (e.g., last name, first name), contact information (e.g., email address), content data (e.g., text, photographs, videos), usage and interaction data (e.g., websites visited, interests, likes, shares, access times), meta and communication data (e.g., device information, IP address, location data if applicable)

Purposes of processing:
Increasing reach, raising awareness, facilitating rapid networking 

Legal bases:
Legitimate interests (Art. 6(1)(f) GDPR), consent (Art. 6(1)(a) GDPR)

Legitimate interests:
Interaction and communication on social media platforms, increasing profits, gaining insights into target audiences

Instagram
Recipient:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Transfers to third countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://help.instagram.com/155833707900388 

LinkedIn Ads

Recipient:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Transfer to a third country:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://www.linkedin.com/legal/privacy-policy

YouTube
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://policies.google.com/privacy?hl=en-US

 

Social Media Marketing  

We use our social media channels to promote our products and services. Our goal is to reach a broad community that we cannot reach through traditional advertising channels, such as offline marketing (e.g., flyers). Social media ads are displayed to users in the form of text, display, or video ads on their social media channels. 

Targeting

As part of our social media channels, we use so-called targeting methods to track specific user activities (interactions) to ensure that our ads are delivered to specific target audiences. To do this, we use the methods and technologies of various social media providers. A common technology is the so-called pixel. 

We install this pixel in the source code of our website. This ensures that users’ navigation is tracked. When users interact with our website or our ad on social media, the pixel records the individuals and the actions they perform (e.g., clicks on ads, exits from websites) and stores information about which pages and subpages were visited. 

Products and services featured in our ads that were viewed but not purchased are analyzed using these technologies. This allows us to display real-time, behavior-based advertising to potential customers on various social media platforms. We can determine the success of our ads based on aggregated data provided to us by the social media provider (known as conversion tracking). This allows us to track whether a marketing measure led to a so-called event (e.g., downloading a PDF or playing a video) or a conversion (e.g., purchasing a product or registering on our website). The evaluation is provided to us in the form of statistics via our tracking tool and is used to analyze the success of our online activities (performance monitoring). 

Retargeting List Upload 

To specifically target existing website visitors and/or customers again with certain ads, we create a list of these users tailored to our campaign’s objectives. To do this, we create lists of individuals from our CRM system, which we upload to our social media platform in encrypted form. This allows the social media platform operator to match these individuals on the platform and ensures that only those who are potentially interested in our ads receive them.  

This process serves as a reminder tool to bring customers back to our website and encourage them to complete a specific action (known as a “conversion”), thereby increasing our revenue and brand awareness.

Data Categories:
Usage and interaction data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP address, location data if applicable) 

Purposes of processing:
Expanding reach, reach analysis, and statistical evaluations

Legal basis:
Consent (Art. 6(1)(a) GDPR)

 

LinkedIn Ads
Recipients:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Transfers to third countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://www.linkedin.com/legal/privacy-policy

 

Plugins and Embedded Third-Party Content

Our website incorporates features and elements provided by third-party providers. These include, for example, videos, graphics, buttons, map services, or posts (hereinafter referred to as “content”). When website visitors access this third-party content (e.g., by clicking, playing, etc.), information and data are collected and linked to the visitor’s device via cookies or other technologies (e.g., pixels, JavaScript commands, or WebAssembly), and transmitted to the server of the relevant third-party provider. As a result, the third-party provider receives usage and interaction data from the website visitor and makes this available to us in the form of statistics via a dashboard. The statistics we receive do not contain any personally identifiable user data. 

Without this processing, it is not possible to load and display this third-party content.

To protect the personal data of website visitors, we have implemented safeguards to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted once users actively use the buttons and click on the third-party content.

Data Categories:
Usage data (e.g., websites visited, interests, access time), meta and communication data (e.g., device information, anonymized IP address) 

Purposes of processing:
Sharing posts and content, interest- and behavior-based marketing, statistical analysis, cross-device tracking, increasing reach on social media

Legal basis:
Consent (Art. 6(1)(a) GDPR)

YouTube
Recipients:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Transfers to third countries:
Based on the European Commission’s adequacy decision for the United States

Privacy Policy:
https://policies.google.com/privacy?hl=en-US

accessWidget
Recipient:
accessiBe Ltd., 3 Hamelacha St., Tel Aviv 6721503

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for Israel

Privacy Policy:
https://accessibe.com/privacy-notice

Google Fonts
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://policies.google.com/privacy

Google Play
Recipient:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4

Transfers to Third Countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://policies.google.com/privacy

 

Newsletter and General Communications (with Tracking)

On our website, users have the option to subscribe to our newsletter or any notifications via various channels (hereinafter referred to as “newsletter”). In accordance with legal requirements, we send newsletters only to recipients who have consented to receive them. 

To subscribe to our newsletter, you must provide an email address. We may also collect additional data, such as your name, to personalize our newsletters. 

Our newsletter is sent only after the so-called double opt-in process has been completed. If website visitors choose to subscribe to our newsletter, they will receive a confirmation email, which is intended to prevent the misuse of false email addresses and to ensure that the newsletter is not triggered by a simple, possibly accidental click. Subscription to our newsletter can be canceled at any time with future effect. An unsubscribe link (opt-out link) is included at the end of every newsletter.

In addition, we are required to maintain proof that our subscribers actually intended to receive the newsletter. For this purpose, we collect and store the IP address as well as the time of subscription and unsubscription. 

Newsletter Tracking

Our newsletters are designed to allow us to gain insights into improvements, target audiences, or the reading behavior of our subscribers. This is made possible by a so-called web beacon or tracking pixel, which responds to interactions with the newsletter—for example, whether links are clicked, whether the newsletter is opened at all, or at what time the newsletter is read. For technical reasons, we can associate this information with individual subscribers. 

Data Categories:
Master data (e.g., name, address), contact data (e.g., email address, phone number), meta and communication data (e.g., device information, IP address), usage data (e.g., interests, access times)

Purposes of processing:
Marketing, customer retention, and new customer acquisition; analysis and evaluation of campaign success

Legal basis:
Consent (Art. 6(1)(a) GDPR)

 

Marketing Communications

We use the data provided to us—which we have received, for example, in connection with an order or the commissioning of a service, etc.—for marketing purposes as well, in particular to provide information via various channels about news from us or from our product portfolio. We send promotional communications in accordance with legal requirements and—where required by law—after obtaining consent. If recipients of our promotional communications do not wish to receive them, they may notify us at any time and object or revoke their consent. To do so, they may use the unsubscribe button in our email. Only those users who have not previously objected to receiving such communications will receive our promotional messages. 

We have engaged a service provider to send out these promotional communications. This provider acts exclusively on our instructions. The data is not processed for any purposes other than sending these communications. 

Data Categories:
Master data (e.g., name, address), contact information (e.g., email address, phone number if applicable) 

Purposes of processing:
Direct marketing 

Legal basis:
Consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR)

Legitimate Interests:
Retaining existing contacts and contractual partners and acquiring new ones; providing information about similar goods and services

 

Sweepstakes and Contests

We use our online platforms to conduct sweepstakes and/or contests. In doing so, we process the data of participants that is necessary to carry out the respective promotion. This also includes data we need to notify the winner and award the prize. 

Depending on the nature of the campaign, entries submitted by participants may be published, for example, in reports about the campaign or if voting on a participant’s submitted entry is part of the campaign. In such cases, the participant’s name will also be published. The specific data we process in each case depends on the particular campaign being conducted and on the data we receive from the participant.

The conduct of the respective campaign on our social media presence is also subject to the terms of use and privacy policy of the respective social media platform. 

Data Categories:
Master data (e.g., name, address), contact data (e.g., email address, phone number), content data (e.g., text entries, photos, videos)

Purposes of processing:
Conducting the sweepstakes, including prize distribution and announcement of the winner across various media 

Legal basis:
Consent (Art. 6(1)(a) GDPR)

 

>Service<
Recipient:
DG Business Media GmbH

Legal basis:
Consent (Art. 6(1)(a) GDPR)

Events and Functions

On our website, visitors have the option to register for events and functions. The information we collect that is necessary for the initiation and fulfillment of a contract is marked as required. Providing any additional data is voluntary.

Data Categories:
Master data (e.g., name, address), contact data (e.g., email address, phone number), meta and communication data (e.g., device information, IP addresses)

Purposes of processing:
Contract initiation and performance 

Legal bases:
Contract initiation and performance (Art. 6(1)(b) GDPR), consent (Art. 6(1)(a) GDPR)

Contact

We offer website visitors the opportunity to contact us directly or to obtain information about various contact options. To maintain an overview of contact requests, we use a management tool—our CRM system—to process such inquiries.

When you contact us, we process the data of the person making the inquiry to the extent necessary to respond to or handle the inquiry. The data processed may vary depending on the method used to contact us.

Data Categories:
Master data (e.g., name, address), contact data (e.g., email address, phone number), content data (e.g., text entries, photographs, videos), usage data (e.g., interests, access times), meta and communication data (e.g., device information, IP address).

Purposes of processing:
Processing of inquiries

Legal bases:
Consent (Art. 6(1)(a) GDPR), performance or initiation of a contract (Art. 6(1)(b) GDPR)

Microsoft Dynamics
Recipients:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Transfers to third countries:
Based on the European Commission’s Adequacy Decision for the United States

Privacy Policy:
https://privacy.microsoft.com/de-de/privacystatement

 

Downloads

We offer downloads on our website to provide our visitors with up-to-date information or information relevant to them. 

Before the download, we collect personal data, including the IP address, via a form. In this case, we obtain consent through a double opt-in process—both for the processing of user data for the download and, separately, for subscribing to download-related email newsletters—and this consent may be freely revoked for each purpose independently.

The download is then initiated via a download link that is provided to our users via email.

Data Categories:
Meta and communication data (e.g., device information, IP addresses), usage data (e.g., access time)

Purposes of processing:
Marketing, acquiring new customers, increasing revenue

Legal basis:
Consent (Art. 6(1)(a) GDPR)

 

Online meetings, webinars, online events

We make use of the option to hold online meetings and/or webinars as well as events. For this purpose, we use the services of other providers whom we have carefully selected. When such services are actively used, data from the communication participants is processed and stored on the servers of the third-party providers used, to the extent that such data is necessary for the communication process. When selecting providers, we ensure that communication via the selected services is end-to-end encrypted. 

Data Categories:
Master data (e.g., last name, first name), contact data (e.g., email address), content data (e.g., text entries), meta and communication data (e.g., device information, IP addresses)

Purposes of processing:
Processing inquiries, increasing efficiency, promoting cross-company and cross-location collaboration

Legal basis:
Consent (Art. 6(1)(a) of the GDPR)

GoTo Technologies Germany GmbH

Recipients:
GoTo Technologies Germany GmbH, Ostra-Allee 9, 01067 Dresden, Germany

Transfers to third countries:
Based on the European Commission’s adequacy decision for the United States and on the Standard Contractual Clauses

Privacy Policy:
https://www.goto.de/company/rechtliches/datenschutz/us

 

Additional mandatory information on data processing 

Data Transfer
We transfer the personal data of website visitors for internal purposes (e.g., for internal administration or to the human resources department to comply with legal or contractual obligations). Internal data transfer or disclosure of data takes place to the extent necessary in compliance with the relevant data protection regulations.

To execute contracts or fulfill a legal obligation, it may be necessary for us to disclose personal data. If the data required for this purpose is not provided to us, it may not be possible to conclude the contract with the data subject. 

If your personal data is processed outside the EU/EEA, in so-called third countries (e.g., the U.S.), we ensure that this is done in accordance with the requirements of Art. 44 et seq. of the GDPR. In doing so, we take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to each transfer to a third country is specified in our Privacy Policy under the respective recipients. 

In the event that we transfer data to a country outside the EEA for intra-group processing, we ensure that the processing is legally permissible in the manner we have specified. In such cases, we have entered into standard contractual clauses, including a separate provision regarding appropriate technical and organizational measures, to protect the data of data subjects to the greatest extent possible. 

Legal basis:
Legitimate interests (Art. 6(1)(f) GDPR)

Legitimate Interests:
So-called “small group privilege,” centralized management and administration within the company to leverage synergies, reduce costs, and increase effectiveness

Recipients:
Overview of CHG locations 

Data processing on behalf of a client

Recipients we engage may act as so-called data processors on our behalf. We have entered into so-called “data processing agreements” with them in accordance with Article 28(3) of the GDPR. This means that the data processors may only process your personal data in the manner in which we have explicitly instructed them to do so. Data processors take appropriate technical and organizational measures to process your data securely and in accordance with our instructions.

Retention Period

We store visitors’ data for as long as necessary to provide our services or as required by European legislative bodies or other regulatory authorities in laws or regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we are required to retain to comply with legal obligations (e.g., due to tax and commercial law retention periods, we are required to retain documents such as contracts and invoices for a certain period of time).

Automated Decision-Making (including Profiling)

We do not engage in automated decision-making or profiling pursuant to Article 22 of the GDPR.

Legal Bases

The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the Member States and may apply in conjunction with or in addition to the GDPR. 

Consent:
Article 6(1)(a) of the GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose. 

Performance of a Contract:
Article 6(1)(b) of the GDPR serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request.

Legal obligation:
Article 6(1)(c) of the GDPR serves as the legal basis for processing operations that are necessary to comply with a legal obligation. 

Vital Interests:
Article 6(1)(d) of the GDPR serves as the legal basis when processing is necessary to protect the vital interests of the data subject or another natural person.

Public Interest:
Article 6(1)(e) of the GDPR serves as the legal basis for processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate Interest:
Article 6(1)(f) of the GDPR serves as the legal basis for processing necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail, in particular where the data subject is a child.

 

Rights of Data Subjects

Right of access:
Pursuant to Art. 15 of the GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They may request access to this data, as well as the additional information listed in Art. 15(1) of the GDPR, and a copy of their data.

Right to Rectification:
Data subjects have the right, pursuant to Article 16 of the GDPR, to request the rectification or completion of the data concerning them that we process.

Right to erasure and Restriction:
Data subjects have the right, pursuant to Article 17 of the GDPR, to request the immediate erasure of data concerning them. Alternatively, they may request that we restrict the processing of their data pursuant to Article 18 of the GDPR. 

Right to Data Portability:
Data subjects have the right, pursuant to Article 20 of the GDPR, to request that we provide them with the data they have supplied to us and to request that we transfer that data to another controller.

Right to lodge a complaint:
Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Article 77 of the GDPR.

Right to Object:
If personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR, data subjects have the right, pursuant to Article 21 of the GDPR, to object to the processing of their personal data, provided there are grounds arising from their particular situation or the objection is directed against direct marketing. In the latter case, data subjects have a general right to object, which we will honor without requiring them to specify a particular situation.

 

Withdrawal

Some data processing operations are only possible with the explicit consent of the data subjects. You have the option to withdraw consent that has already been given at any time without providing a reason. To do so, simply send an informal email to: privacy@chg-meridian.com. Consent for data processing operations on our website can be directly adjusted and withdrawn in our Consent Manager. The lawfulness of data processing carried out prior to revocation remains unaffected by the revocation.

External Links
Our website contains links to the online offerings of other providers. Please note that we have no influence over the content of the linked websites or the compliance of their providers with data protection regulations.

Changes
We reserve the right to update the privacy policy on our website at any time in the event of changes and in accordance with applicable data protection regulations to ensure that it complies with data protection requirements.

 

This Privacy Policy was prepared by 

DDSK GmbH

www.ddsk.de  

Business Data protection declaration

1 Introduction and scope

The CHG-MERIDIAN AG (CHG) is committed to process personal data responsibly and in compliance with the applicable data protection laws in all countries in which the company operates.

This European Union (“EU”) Customer/Vendor Data Protection Notice (the “Notice”) describes the types of personal data CHG collects, how CHG uses that personal data, with whom the CHG shares your personal data, and the rights you, as a data subject, have regarding the CHG`s use of the personal data. This notice also describes the measures CHG takes to protect the security of the data and how you can contact us about our data protection practices.

2 Contact details of the Data Controllers

The CHG-entities responsible for the collection and use of your personal data (the Data Controllers) in your home country for the purposes described in this notice are:

CHG-MERIDIAN AG: dataprotection@chg-meridian.com
CHG-MERIDIAN Industrial Solutions GmbH:  dataprotection@chg-meridian.com
CHG-MERIDIAN Nederland BV: dataprotection.nl@chg-meridian.com
CHG-MERIDIAN Belgium NV: dataprotection.be@chg-meridian.com
CHG-MERIDIAN Belux NV: dataprotection.be@chg-meridian.com
CHG-MERIDIAN UK Limited: dataprotection.uk@chg-meridian.com
CHG-MERIDIAN Computer Leasing UK Limited: dataprotection.uk@chg-meridian.com
CHG-MERIDIAN Ireland Limited: dataprotection.ie@chg-meridian.com
CHG-MERIDIAN France SAS: dataprotection.fr@chg-meridian.com
CHG-MERIDIAN Spain S.L. dataprotection.es@chg-meridian.com
CHG-MERIDIAN Italia S.p.A. dataprotection.it@chg-meridian.com
CHG-MERIDIAN Austria GmbH dataprotection@chg-meridian.com
CHG-MERIDIAN Schweiz AG  dataprotection@chg-meridian.com
CHG-MERIDIAN tehnološki menedžment d.o.o.: dataprotection@chg-meridian.com
CHG-MERIDIAN Norway AS: dataprotection.no@chg-meridian.com
CHG-MERIDIAN Skien AS: dataprotection.no@chg-meridian.com
CHG-MERIDIAN Sweden AB: dataprotection.se@chg-meridian.com
CHG-MERIDIAN Denmark A/S: dataprotection.cz@chg-meridian.com
CHG-MERIDIAN Finland OY: dataprotection.fi@chg-meridian.com
CHG-MERIDIAN Polska sp. z.o.o.: dataprotection.pl@chg-meridian.com
CHG-MERIDIAN Czech Republic s.r.o.: dataprotection.cz@chg-meridian.com
CHG-MERIDIAN Slovakia s.r.o.: dataprotection.sk@chg-meridian.com
CHG-MERIDIAN USA Corp: dataprotection.us@chg-meridian.com
CHG-MERIDIAN Canada Ltd.: dataprotection.ca@chg-meridian.com 
CHG-MERIDIAN S.A.P.I. de C.V.: dataprotection.mx@chg-meridian.com
CHG-MERIDIAN do Brasil Arrendamento Mercantil S.A.: dataprotection.br@chg-meridian.com
CHG-MERIDIAN do Brasil Locação de Equipamentos Ltda.: dataprotection.br@chg-meridian.com
 

Contact information can be found here: https://www.chg-meridian.com/company/locations.html

3 Contact details of the Data Protection Manager

A Data Protection Officer (“DPO”) is designated. The DPO is involved in all issues related to the protection of your personal data. In particular, the DPO is in charge of monitoring and ensuring compliance with this notice and the applicable data protection laws. They will also provide advice on data protection matters upon request.

For any clarification or additional information you may need in order to fully understand this Notice, please contact:

dataprotection@chg-meridian.com

4 Purposes of data processing and legal basis

CHG processes personal data in accordance with applicable data protection laws and regulations and only for limited, explicit and legitimate purposes. CHG will not use personal data for any purpose that is incompatible with the original purpose for which it was collected unless you provide your prior explicit consent for further use.

Personal data relating to customers/vendors may be processed for the purposes of:

- Managing commercial relationships with current and potential clients;

- Managing commercial relationships with current and potential suppliers and vendors;

- Carrying out promotional operations;

- Conducting statistical surveys and marketing studies, etc.

 

CHG ensures that our internal governance procedures clearly specify the reasons behind decisions to use personal data for alternative processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.

- Prevention and investigation of criminal offenses

Insofar as not exclusively for the fulfillment of legal requirements, we process personal data in order to respond to inquiries from investigating authorities that are legitimately submitted to us. When responding to inquiries, we comply with the data protection principles of the GDPR.

5 Categories of personal data processed

The provision of personal data is a requirement necessary to enter into a contract with CHG or a requirement by law or regulation for the CHG to administer your customer/vendor relationship. The personal data processed is limited to the data necessary for carrying out the purpose for which such personal data is collected.

Personal data processed includes the following:

- Business information (such as name of organization, department and job title);
- Contractual information (such as date of agreement, type of commercial relationship, etc.).

CHG will not collect personal data if such collection is prohibited under the applicable data protection laws.

In no case will personal data revealing religious beliefs, racial or ethnic origin, political opinions, philosophical beliefs, trade union membership or concerning sex life be processed in the customer/vendor context.

CHG will maintain personal data in a manner that ensures it is accurate, complete and up-to-date.

6 Data Security

CHG has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the data subject, costs of implementation, and the nature, scope, context and purposes for data processing.

The measures include

(i)     encryption of personal data where applicable/appropriate;

(ii)    the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;

(iii)   the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

(iv)   a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

7 Recipients of personal data

CHG will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the function for which such access is granted.

Authorization to access personal data will always be linked to the function so that no authorization will be extended to access personal data on a personal basis. Service providers will only receive personal data according to the purposes of the service agreement with the Company.

8 International data transfers

International data transfers refer to transfers of personal data outside of the European Economic Area (“EEA”). The international footprint of CHG involves the transfer of personal data to and from other group companies or third parties, which may be located outside the EEA. CHG will ensure that when personal data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the personal data are implemented to secure such data transfers in compliance with applicable data protection laws. CHG has implemented Data Transfer agreements based on EU model clauses to cover international data transfers and a copy of these agreements can be obtained by contacting the DPO.

9 Retention of personal data

CHG will not retain your Personal data for longer than is allowed under the applicable data protection laws and regulations or for longer that is justified for the purposes for which it was originally collected or otherwise processed, subject to applicable local retention requirements.

10 Data Protection rights

Under applicable data protection laws, you will benefit from the following rights:

- Right to access to, rectification and erasure of personal information;
- Right to restriction of processing and to object to processing;
- Right of data portability to the extent applicable;
- Right to withdraw consent where the processing is based on consent; and
- Right to lodge a complaint with the supervisory authority.

11 Miscellaneous

This notice may be revised and amended from time to time and appropriate notice about any amendments will be given.

CHG is allowed to adapt the text of this notice only in order to be compliant with local legislation by means of an addendum attached to this notice. In case of any discrepancies between this notice and a specific local addendum made in accordance with local law, the terms of the latter will prevail.

Compliance Violations

Information on Data Processing for Reporting Compliance‑Violations

CHG‑MERIDIAN AG (hereinafter "we" or "Controller") places great importance on the security of user data and compliance with legal requirements, particularly the GDPR and the German Whistleblower Protection Act (HinSchG). The following provides information on the processing of personal data in connection with the reporting of compliance violations.

Controller and Data Protection Officer

Controller:

CHG‑MERIDIAN AG

Franz‑Beer‑Straße 111

88250 Weingarten

Phone: +49 751 503‑0

Email:info@chg‑meridian.com

 

Data Protection Officer:

Benjamin Hummer

Email: datenschutz@chg‑meridian.com

 

Definitions

The terms used in this privacy notice correspond to the definitions set out in Article 4 GDPR.

Information on Data Processing for Reporting Compliance‑Violations

As part of investigating a compliance report, we process personal data of the reporting person solely to the extent necessary for the proper review and handling of the report.

If the report contains descriptions of facts relating to a specific or identifiable individual within our company, we process personal data concerning the person concerned by the report to the extent provided by the reporting person.

Data We Collect About You as the Reporting Person

Categories of data subjects:  

Reporting person

Categories of data:

Name, contact details (e.g., your address, email address,   telephone number), factual information that may relate to you (depending on the individual case and the report you make, the data you provide may vary).

Purpose of processing:

Handling the report of a compliance violation based on and  in accordance with our statutory or corporate obligations, in  particular under European and national whistleblower laws.

Contacting you to obtain further information regarding the  violations you reported.

Evaluating your statements in connection with the reported violations.

Legal basis:

Legitimate interests in ensuring compliance with internal rules and ethical standards (Art. 6(1)(f) GDPR).

Compliance with legal obligations (Art. 6(1)(c) GDPR in conjunction with Directive (EU) 2019/1937).

Data We Collect About You as the Person Concerned by a Report

Categories of data subjects:  

Person concerned by a report

Categories of data: 

Name, contact details, and, where necessary, further attributes to precisely identify the respective person within the company.

Purpose of processing:

Handling the report of compliance violations based on and in accordance with our statutory and internal obligations, particularly under the relevant national and European laws.

Contacting you to clarify the facts in order to obtain further information about the violations reported in connection with you.

 Analysing the facts and comparing them with past reports.

Legal basis:

Legitimate interests in ensuring compliance with internal rules and ethical standards (Art. 6(1)(f) GDPR).

Compliance with legal obligations (Art. 6(1)(c) GDPR in conjunction with Directive (EU) 2019/1937).

Recipients of the Data

Within the EU

Within our organisation, only those internal departments or organisational units receive your data that require them to achieve the purposes mentioned above, in particular the investigation of reported compliance violations. All reports are stored in our database, which is also used for the transmission of data to official databases.

We will disclose data exclusively in a manner that does not allow an immediate conclusion to be drawn about your identity (pseudonymised). No data will be transferred beyond the above cases.

We use a specialised service provider to record and process reports of compliance violations in accordance with statutory and internal requirements. Your data are subject there to the same security standards as with us. Use of the data is permitted only within the contractual agreement, to the strictly necessary extent, and for the purposes we specify.

Outside the EU

We transfer data to countries outside the EEA (so‑called third countries). This is done for the purposes mentioned above. The transfer takes place to fulfil our contractual and legal obligations or on the basis of prior consent by the data subject. Moreover, any transfer is carried out in compliance with applicable data protection laws, particularly Articles 44 et seq. GDPR, e.g., on the basis of adequacy decisions by the European Commission or other appropriate safeguards (such as standard contractual clauses).

List of Recipients

The following recipients receive your data as part of the data processing described here:

Recipient:

EQS Group GmbH, Karlstrasse 47, 80333 München, Deutschland

Third‑country transfer:

No third‑country transfer.

Recipient:

ServiceNow Nederland B.V., Hoeckenrode 3, 1102 BR Amsterdam, Netherlands

Third‑country transfer:

No third‑country transfer.

Recipient:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052‑6399, USA

Third‑country transfer:

Transfer based on EU adequacy decision.

 

Storage Period

We store the data provided in connection with reports of compliance violations for as long as required to fulfil our obligations under national or European laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled. In the case of reports of compliance violations, we delete the data three years after completion of the case review, in each case at the end of the calendar year.

Data that we process about you based on existing contractual relationships or on other legal grounds remain unaffected by this storage period.

Automated Decision‑Making

We do not engage in automated decision‑making or profiling within the meaning of Article 22 GDPR.

Legal Bases

The main legal bases arise primarily from the GDPR. These are supplemented by national laws of the Member States and may apply together with or in addition to the GDPR as appropriate.

Consent:

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific purpose.

Contract performance:

Article 6(1)(b) GDPR serves as the legal basis for processing necessary for the performance of a contract to which the data subject is party or for carrying out pre‑contractual measures at the request of the data subject.

Legal obligation:

Article 6(1)(c) GDPR serves as the legal basis for processing necessary for compliance with a legal obligation.

Vital interests:

Article 6(1)(d) GDPR serves as the legal basis when processing is necessary in order to protect the vital interests of the data subject or of another natural person.

Public interest:

Article 6(1)(e) GDPR serves as the legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interests:

Article 6(1)(f) GDPR serves as the legal basis for processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, particularly where the data subject is a child.

 

Rights of Data Subjects

Right of access:

Data subjects have the right under Article 15 GDPR to obtain confirmation as to whether we process data concerning them. They may obtain access to such data as well as the further information listed in Article 15(1) GDPR and a copy of their data.

Right to rectification:

Data subjects have the right under Article 16 GDPR to request the rectification or completion of the data concerning them and processed by us.

Right to erasure:

Data subjects have the right under Article 17 GDPR to request the erasure without undue delay of data concerning them. Alternatively, they may request restriction of processing under Article 18 GDPR.

Right to data portability:

Data subjects have the right under Article 20 GDPR to request the provision of the data they have provided to us and to request their transmission to another controller.

Right to lodge a complaint:

Data subjects also have the right to lodge a complaint with the supervisory authority competent for them under Article 77 GDPR.

Right to object:

Where personal data are processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, data subjects have the right under Article 21 GDPR to object to the processing of their personal data on grounds relating to their particular situation, or to object to processing for direct marketing purposes. In the latter case, they have a general right to object, which we will implement without requiring a particular situation to be stated.

Online Application

Data privacy statement for online applications

Dear applicant we are pleased that you are interested in the CHG-MERIDIAN and applied for a job in our company. Subsequently we want to inform you about the processing of personal data in connection with your application.

Please read the information and regulations listed below carefully before transmitting your data to us.

 

Who is the Controller of the data processing?

CHG-MERIDIAN AG
Franz-Beer Straße 111
88250 Weingarten

Telephone +49 751 5030
Fax +49 751 50366
E-Mail-address info@chg-meridian.com

You will find further information regarding our company, details on the authorized representatives and further contact details in our imprint.

 

Which of your data do we process? And for which purposes?

We process the data that you have sent us associated with your application to check your suitability for the position (or other positions in our company that may be suitable) and conduct the application process.

In case you have been added to our talent pool at your own requested, we process your data in order to contact you again, for example to continue an application process or to conduct a new application process.

 

What is the legal basis for the processing?

The legal basis for the processing of your personal data in this application procedure is primarily Art. Section 26 BDSG in the version applicable as of 25th Mai 2018. Accordingly, the processing of the necessary data in connection with the decision on the establishment of an employment relationship is legitimate.

Should the data be required once the application process has been concluded, the data may be processed on the basis of the requirements of Art. 6 GDPR, particularly for exercising legitimate interests in accordance with Art. 6 para. 1 f) GDPR. In such case, our interest is the assertion or defense of claims.

In case you have been added to our talent pool at your own requested, the legal basis for the processing of your personal data is solely your consent, you have given prior to the start of the data processing pursuant to Art. 6 para. 1 a), 7 GDPR.

 

How long will the data be stored?

In case of rejection, the applicants’ data will be erased within six months after notice of rejection.

In case you have been added to the talent pool, your data will be stored for 24 months and will not be deleted until this period has expired, unless you withdraw your consent before the retention period expires.

In the case that your application for a position is successful, the data is transferred from the applicant data system to our HR information system

 

To which recipient’s data will be transmitted?

We use a specialized software provider for our application process. This provider operates as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of our systems. We have signed a so-called data processing agreement with this provider, which ensures that the data processing is done in a lawful way.

Your application data is reviewed by the HR department once your application has been received. Suitable applications are forwarded internally to the persons in the respective departments responsible for the vacant position. The further course of action is determined after that. Only persons who require your data for the proper processing of your application are given access to it within our company.

 

Where is the data processed?

The data will be processed exclusively in data centers in Germany.

 

Your rights as a „data subject“

You have the right to receive information from us about your data processed with us.

In case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification, erasure, restriction of processing, insofar as you are entitled to this by law.

In addition, you have the right to object to the processing within the scope of the legal requirements. The same applies to your right to data portability.

The withdrawal has to be sent to the person responsible, Benjamin Hummer by mail or E-Mail at: datatprotection@chg-meridian.com

 

Our data protection officer

We have appointed a data protection officer in our company. You can contact him at the following contact details:

CHG-MERIDIAN AG
Benjamin Hummer
Franz-Beer-Straße 111
88250 Weingarten

E-Mail-address: datenschutz@chg-meridian.com

 

Right to lodge a complaint

You have the right to lodge a complaint with the responsible data protection supervisory authority.

 

Consent

By checking the box, you explicitly agree that CHG-MERIDIAN AG may collect, process, and use the data you provide to us for the purpose of managing your application in accordance with § 26 BDSG-neu.

Your data will only be transmitted if you have confirmed your consent by checking the box.

Note on sensitive data: We like to expressly point out that applications, in particular CVs, certificates and other data you send us, may contain particularly sensitive information about mental or physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in a trade union or political party or sexual life.

If you provide us with such information in your online application, you expressly agree that CHG-MERIDIAN AG may collect, process, and use this data for the purpose of managing your application. This data will be processed in accordance with this data protection information and other applicable legal provisions.

 

Contact person / data protection officer

If you have any questions about data protection or if you want to make use of your right to access or right of withdrawal, please contact datenschutz@chg-meridian.com.

 

Changes to this data protection information

CHG-MERIDIAN AG reserves the right to amend this data protection information at any time. In addition, we also refer to our general data protection information on our website.

Video declaration

Video data protection notice

Name and contact details of the data controller

CHG-MERIDIAN
Franz-Beer-Strasse 111
88250 Weingarten
Germany

Tel: +49 (0)751 5030
Email: info@chg-meridian.com

 

Contact details of the data protection officer

Benjamin Hummer
Franz-Beer-Strasse 111
88250 Weingarten
Germany

Tel: +49 (0)751 503 246
Email: dataprotection@chg-meridian.com

 

Purpose and legal basis of data processing

Article 6(1) (f) GDPR in conjunction with section 4 FDPA (new)

Building security
Enhancing the sense of security
Deterrence

Legitimate interests
Prevention of vandalism
Forensic purposes
Prevention of theft

Duration of storage
Data collected is stored for seven days

Recipients of data and categories of recipients (if data collection takes place)

No transmission of data to non-EU countries or international organizations is intended.

 

Notice regarding the rights of data subjects

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. Where that is the case, the data subject has the right of access to personal data concerning him or her, and to the information listed in Article 15 GDPR.

The data subject has the right to request that the controller rectify any incorrect personal data or complete any incomplete personal data (Article 16 GDPR).

The data subject has the right to request that the controller erase personal data concerning him or her without undue delay, provided that the reason given is listed in Article 17 GDPR, e.g. the personal data is no longer required in relation to the purposes for which it was collected or otherwise processed (right to erasure).

The data subject has the right to request that the controller restrict processing if one of the conditions listed in Article 18 GDPR applies (for example, the accuracy of the personal data is contested by the data subject), for a period enabling the controller to verify its accuracy.

The data subject has the right to object to the processing of personal data concerning him or her at any time on grounds relating to his or her particular situation. The controller may then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims (Article 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory body if the data subject considers that the processing of personal data concerning him or her infringes the GDPR (Article 77 GDPR). The data subject may lodge the complaint with any supervisory body in the Member State of his or her habitual residence, place of work, or place of the alleged infringement. In Baden-Württemberg, the supervisory authority is the State Representative for Data Protection and Freedom of Information for Baden-Württemberg.
The postal address is Postfach 10 29 32, 70025 Stuttgart, Germany.
Please use the street address for parcels: Lautenschlagerstraße 20, 70173 Stuttgart, Germany.

Customer Survey Declaration

1 Source and Categories of Personal Data

You can conduct the customer satisfaction survey without actively providing personal data. However, due to the technical implementation of the customer satisfaction survey, we collect your IP address, but we do not use this IP address to draw conclusions about your person.

2 Purposes and Legal Basis for Processd Data

We process data to ascertain the satisfaction of our customers regarding the service we provide and the cooperation with our team of auditors. This helps us to continuously improve our services. In addition, we are required by accreditation law to conduct customer satisfaction surveys.

We process personal data in accordance with the provisions/regulations of the General Data Protection Regulation (GDPR), the new version of the Federal Data Protection Act of Germany (BDSG) and other applicable data protection regulations.

The legal basis for the processing of your personal data is the protection of our legitimate interests in accordance with Art. 6 (1) f GDPR. Our legitimate interests are the continuous improvement of our service and the increase in our customers’ satisfaction. It is necessary to collect the IP address to comply with our obligations regarding the security of our website and to prevent fraud effectively.

We will inform you in advance if we process your personal data at a later time for a purpose not mentioned above.

3 Consequences of Failure to Provide Data

Your participation in the customer satisfaction survey is technically only possible by collecting your IP address. Without collecting your IP address, a participation is unfortunately not possible.

4 Automated Individual Decision-Making

We do not use sole automated decision-making procedures pursuant to Article 22 GDPR.

5 Recipients of Data Within the EU

Within our company, only the persons and departmens (e.g. specialist departments, management, personnel department) will receive your data, which they need for the evaluation of the customer satisfaction survey.

We also use a specialized software provider for the online survey. It cannot be ruled out, that this provider may get access to personal data within the scope of maintenance and service measures of the systems. We ensure the lawfull processing of personal data by concluding appropriate data protection contracts.

6 Data Recipients Outside the EU

If we transfer personal data to service providers or corporate enterprises outside the European Economic Area (EEA), the transfer will only take place if the third country has been approved by the EU Commission on the basis of an adequacy decision or if other appropriate data protection guarantees (e.g. binding corporate rules or standard data protection clauses) have been provided.

7 Storage Periods

We process data of participants as long as necessary to fulfil the purpose. After the purpose has ceased, the data will be erased without undue delay.

8 Your Rights

By law, you have the right to receive free information about your stored personal data, as well as the right to rectification, the right to data portability and the right ro erasure; if the erasure conflicts with statutory storage obligations, we will restrict the processing. In addition, you have the right to object to the processing of the data under certain conditions or to demand the restrictiction of processing. Furthermore, you have the right to lodge a complaint with a supervisory authority.

If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time with future effect.

Requests for information must be submitted to:

CHG MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany

E-Mail: info@chg-meridian.com 
Web: www.chg-meridian.com 

Telefon: +49 751 503-0
Telefax: +49 751 503-66

 

Data Protection Officer:
You can contact our data protection officer via email. 
Herr Benjamin Hummer
E-Mail: datenschutz@chg-meridian.com

Data protection information of tesma
 

1 General Information

Introduction

We, CHG-MERIDIAN AG, are the controller of this online offering. As the provider of a teleservice, we have to notify you about the nature, scope and purposes of the collection and use of personal data, in a precise, transparent, understandable and easily accessible form and in clear and simple language, at the start of your visit to our online offering. You must be able to access the content of this notification at any time. As a result, we are obliged to notify you of the types of personal data that are collected or used. Personal data is any information relating to an identified or identifiable natural person.

We set great store by ensuring that your data is secure and by complying with the provisions of data protection legislation. The collection, processing and use of personal data is subject to the provisions of currently applicable European and national laws.

We would like to use the below Privacy Policy to show you how we handle your personal data and how you can contact us:

CHG-MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany

Email: info@chg-meridian.com
Website: www.chg-meridian.com
Telephone: +49 751 503-0
Fax: +49 751 503-66

Chairman of the Supervisory Board: Jürgen Mossakowski
Chairman of the Board of Management: Dr Mathias Wagner
Board of Management:  Ulrich Bergmann, Daniel Welzer

Register Court: Ulm HRB 551857

Tax Office: Weingarten
VAT ID no.: DE 146349520

Court of Jurisdiction: Ravensburg
Applicable law: Law of the Federal Republic of Germany (FRG)

Our data protection officer
If you have any questions, you can contact our data protection officer as follows: Benjamin Hummer, email: datenschutz@chg-meridian.com

 

Terminology

To improve readability, our Privacy Policy does not differentiate between genders. In the interests of equality, the corresponding terminology refers to both genders.

Article 4 of the EU General Data Protection Regulation (GDPR) details the meaning of the terminology that is used, such as ‘personal data’ or the ‘processing’ of this.

Users’ personal data processed within the framework of this online offering includes inventory data (e.g. customers’ names and addresses), contract data (e.g. services used, names of administrators, payment information), usage data (e.g. websites within our online offering that were visited, interest in our products) and content-related data (e.g. information entered into a contact form).

Here, the term ‘user’ refers to all categories of data subjects affected by data processing. For example, this includes our business partners, customers, prospective customers and other visitors to our online offering.

 

The legal basis of processing

Article 6 (1) (a) GDPR serves as the legal basis for processing when we have sought consent for a particular purpose of processing.

If personal data needs to be processed for the performance of a contract to which the data subject is a party, as is the case for processing operations relating to the delivery of goods or the rendering of a service or consideration in return, for example, processing is based on article 6 (1) (b) GDPR. The same applies to processing operations required for taking steps prior to entering into a contract, such as in cases of enquiries relating to our products or services.

If we are subject to a legal obligation that makes it necessary to process personal data, such as the fulfilment of obligations under tax law, processing is based on article 6 (1) (c) GDPR.

If personal data needs to be processed to protect vital interests of the data subject or of another natural person, processing is based on article 6 (1) (d) GDPR.

Finally, processing can be based on article 6 (1) (f) GDPR. Processing is carried out on this legal basis if the processing is necessary to protect our legitimate interest or that of a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not override this.

2 General use of online services

The processing of personal data

You can visit our website without actively providing information about yourself as an individual. However, we automatically store access data (server log files) every time the website is accessed. This data includes the name of your internet service provider, the operating system used, the website you visit us from, the date and duration of your visit or the name of the file requested, for example. We also store data for security reasons, e.g. we store the IP address of the computer used so that we can recognise attacks on our websites. This data is solely used to improve our offering and cannot enable conclusions to be drawn about you as an individual. This data is not merged with other sources of data.

The legal basis for data processing is article 6 (1) (f) GDPR. We process and use data for the following purposes:

providing CHG-MERIDIAN AG's websites,
improving our websites and
preventing and recognising errors/malfunctions and the misuse of the websites.
This type of data processing is either undertaken for the performance of the contract regarding the use of CHG-MERIDIAN AG’s website or because we have a legitimate interest in guaranteeing the functionality and error-free operation of CHF-MERIDIAN AG's websites and adapting these websites to suit users’ requirements.

After users have logged into tesma within our customer area, log files are processed and stored with an additional user identifier that is assigned internally.

After the user has logged into tesma, these log files encompass the following data: user identifier, browser version, the operating system used and the date and duration of the visit.

We process data within this framework to fulfil our contractual obligation to our customers and to render our service. The legal basis for data processing within this framework is article 6 (1) (b) GDPR. In addition, we are contractually bound to instructions under a processor contract and have suitable technical and organisational measures in place to protect the rights of the data subject.

 

Email contact

If you send us enquiries or information via email, your details (email address, content of your email, subject line of your email, and date/time), including the contact information provided by you in it (e.g. signature, such as first name, last name, telephone number if given, address) will be stored for the purpose of handling the enquiry and dealing with follow-up questions. We will not disclose this information without your consent. The legal basis for the collection and processing of the data is article 6 (1) (a) GDPR.

Users are reminded that emails can be read or changed while they are being transferred, without this act being authorised or detected. CHG-MERIDIAN AG uses software to filter out undesired emails (a spam filter). The spam filter means that the system can put emails into the spam folder if certain characteristics cause them to be wrongly identified as spam, meaning that they may not reach us.

The data you provide remains with us until you request that it is erased, you withdraw your consent for the storage of the data or the purpose of storing the data lapses (e.g. once your enquiry has been processed to completion). Mandatory statutory provisions, particularly retention periods, remain unaffected by this.

3 Use of tesma

Cookie-based services

We use ‘cookies’ on our websites to make visiting our website a more attractive experience and to enable certain functions to be used. Cookies are small text files that are stored on your end device. They are a standard internet technology for storing and accessing log-in details and other user information for all users of CHG-MERIDIAN AG’s websites. They also enable us to store user settings, permitting our websites to be displayed in a format tailored to your device.

The use of cookies serves our legitimate interest in making your visit to our website as enjoyable as possible and preventing you from inputting information multiple times or adjusting your settings repeatedly. The legal basis for this is article 6 (1) (f) GDPR.

Some of the cookies we use are deleted after the end of the browser session, or, in other words, after you close your browser (known as ‘session cookies’). Other cookies remain on your end device and make it possible for us or our partner companies to recognise your browser during your next visit (known as ‘persistent cookies’).

You can adjust your browser's settings so you are informed when cookies are placed and can make an individual decision as to whether to accept them, accept them under certain circumstances or universally exclude them. In addition, cookies can be retrospectively deleted to remove data that websites have stored on your computer. If cookies are deactivated, this may limit the functionality of CHG-MERIDIAN AG ’s websites.

Deactivate or remove cookies (opt-out)

Web browsers offer options for limiting and deleting cookies. Further information on this can be found on the following websites:

  • Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies  
  • Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
  • Safari: https://support.apple.com/en-gb/HT201265
     

Our services

Registering on the website and logging in

You have the option of registering on our website. Registration serves the purpose of offering you content or services that can only be offered to registered users due to the nature of the matter at hand. To do so, we require the following data: first name and last name, email address. This data is required for registration, and by extension, for the fulfilment of our contractual obligation.

Logging into our website with your log-in details also leads to the IP address provided by the data subject’s internet service provider (ISP), the date, and the time of log-in being stored. This data is stored because this is the only way that the misuse of our services can be prevented and because this data is required, when necessary, to shed light on crimes that have been committed. To this extent, this data needs to be stored for our protection. In principle, this data is not disclosed to third parties, unless there is a statutory obligation for disclosure or the disclosure is in the interests of law enforcement.

The legal basis for processing is the performance of a contract pursuant to article 6 (1) (b) GDPR.

 

Contact form/enquiries

On our website, you have the option of sending us enquiries via a contact form. Here, your details from the contact form (content of your enquiry, subject line of your enquiry and date), including the contact details you provide (first name, last name, company, telephone number and email), are stored by us for the purpose of handling the enquiry and in the event of follow-up questions. The legal basis for the collection and processing of the data is article 6 (1) (a) GDPR.

The data provided by you via the contact form remains with us until you request that it is erased, you withdraw your consent for the storage of the data or the purpose of storing the data lapses (e.g. once your enquiry has been processed to completion). Mandatory statutory provisions, particularly retention periods, remain unaffected by this.

 

Shop function

Our websites give you the option of using shop functions. To this end, we collect additional contact and address data for the following purposes:

We process your data for the following purposes:

To process your order and, if necessary, return your order
In addition, we process your data to manage your personal account
To send text messages about your order’s shipment status
To make contact in the event that there are problems with delivering your goods
We may need to disclose this data to third parties such as processors, shipping services, banks, the tax office etc. in order to fulfil our contractual obligations. The legal basis for the collection and processing of data is article 6 (1) (b) GDPR.  This data remains stored for the entire usage period. Mandatory statutory provisions, particularly retention periods as per the provisions of trade law and tax law, remain unaffected by this.

 

Feedback function

Our websites give you the option of leaving feedback. This feedback can be accessed by the tesma community. Your comment will be stored and published with the user name stated by you and details about when the comment was left. In addition, the IP address of the data subject provided by the internet service provider will be logged as well.

 

Information service

When you write a comment, you can tick a box for our email service. This will inform you if other users leave a comment on your post. You can turn off notifications at any time by clicking the link within the email.

4 Data security

CHG MERIDIAN AG has implemented appropriate technical and organizational measures to ensure a level of security, appropriate to the risk. This type of risk analysis includes estimating the risk that the data subject’s rights will be compromised, the costs of implementation and the nature, scope, context and purpose of data processing.

These measures encompass:

  1. encrypting personal data, provided this is necessary and appropriate;
  2. ensuring the confidentiality, integrity and availability of the processing systems and services, and their reliability in the event of malfunction;
  3. guaranteeing the availability of and access to personal data in the event of a physical or technical incident, and its timely restoration;
  4. creating a procedure for regularly reviewing and assessing the effectiveness of technical and organisational measures to guarantee the security of processing.
5 Data transfer

Recipients of personal data

CHG-MERIDIAN AG only grants access to personal data if this is absolutely necessary. This access is limited to the personal data required for the purpose in question.

The authorisation for access to personal data is always associated with a purpose, meaning that universal approval for access to personal data is not granted. Service providers only receive personal data in line with the purpose of their contractual relationship with the company.

 

International data transfer

International data transfer relates to the transfer of personal data outside the European Economic Area (EEA). The international presence of CHG-MERIDIAN AG involves the transfer of personal data from and to other group companies or third parties located outside the EEA. When personal data is transferred to countries with different data protection standards, CHG-MERIDIAN AG will ensure that suitable measures are taken to provide personal data with adequate protection, ensuring that data transfers are performed in compliance with the applicable data protection legislation. CHG-MERIDIAN AG has implemented data transfer agreements on the basis of EU standard contractual clauses to cover international data transfers. The data protection officer can provide a copy of these agreements on request.

6 Storage periods

CHG-MERIDIAN AG will not process your personal data for longer than permissible in line with applicable data protection legislation and provisions. This applies subject to the applicable local retention requirements.

7 Note regarding minors

This online offering is not suitable for minors under the age of 16. Individuals who are under the age of 16 may not transfer personal data to CHF-MERIDIAN AG without the permission of their parent or guardian.

8 Your rights

Within the framework of the applicable data protection legislation, you have the following rights:

 

  • The right of access, the right to rectification, and the right to erasure of personal data;
  • The right to restriction of processing and the right to object to processing;
  • The right to data portability, as applicable;
  • The right to revoke your consent to processing; and
  • The right to file a complaint with the supervisory authority.
9 Final provisions

External links

Our website contains links to websites offered by other providers, We hereby indicate that we have no influence over the content of the linked websites and their providers’ compliance with the provisions of data protection legislation.

 

Changes to our Privacy Policy

This Privacy Policy can be changed and expanded from time to time. CHG-MERIDIAN AG is only permitted to adapt this Privacy Policy to take local and general legal provisions into account. In the event that this Privacy Policy contradicts with a specific local law, local laws take precedence.