Privacy Policy

The protection of your data is very important to us!

At Friedrich Graepel AG, we handle your personal data with sensitivity and responsibility. How we do this is explained below. In general, the basis for storing and using your data is your consent or a legal authorization. This determines what we do with your data.

1. Introduction

“GDPR” is used here as an abbreviation for the EU General Data Protection Regulation. The following information serves, in a transparent manner, to fulfill the information obligations in areas where Graepel, as the data controller, collects, processes, or uses personal data. In accordance with Articles 13 and 14 of the GDPR, Graepel informs data subjects about the specific circumstances of the collection of personal data. The information is structured below in the form of: some general information, regardless of which target group you belong to as a data subject. Information that Graepel provides specifically, depending on which target group you belong to as a data subject. You will find a separate section for each target group below.

2. General Information for All Target Groups

Name of the data controller:
Friedrich Graepel Aktiengesellschaft

Company Board Members:
Dipl.-Wirt.-Ing. Felix Graepel, Dipl.-Wirt.-Ing. Carlo Graepel

Head of Data Processing:
Uwe Schone

Data Protection Officer:

Bastian Spille, Contact: datenschutz@graepel.de

Address of the responsible entity/controller:
Friedrich Graepel AG, Zeisigweg 2, 49624 Löningen

Rights of the data subject:
To ensure fair and transparent processing, we would like to point out that the data subject has, among other things, the following rights:

• pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection; the existence of a right to lodge a complaint; the origin of your data, if it was not collected by us; as well as information regarding the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
• to request, pursuant to Art. 16 GDPR, the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;
• to request the erasure of your personal data stored by us pursuant to Art. 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;
• to request the restriction of the processing of your personal data pursuant to Article 18 of the GDPR, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, and we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Article 21 of the GDPR;
• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller;
• pursuant to Art. 7(3) GDPR, to withdraw your consent at any time from Graepel. This means that we may no longer continue the data processing based on this consent in the future; and
• pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your usual place of residence, workplace, or the company’s registered office for this purpose.

If necessary, please contact datenschutz@graepel.de to exercise these rights.

To exercise your right to lodge a complaint with the competent supervisory authority, you can find more information at these web addresses: www.datenschutz-wiki.de or www.lfd.niedersachsen.de.

The supervisory authority responsible for Graepel AG is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover

Phone: +49 511 120-4500
Fax: +49 511 120-4599
Email: poststelle@lfd.niedersachsen.de

2.1 Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided there are grounds for doing so arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will honor without requiring you to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, simply send an email to datenschutz@graepel.de

2.2 Data Security

We use the SSL (Secure Socket Layer) protocol on our website in conjunction with the highest encryption level supported by your browser. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a specific page of our website is being transmitted securely by the closed depiction of the key or lock icon in the lower status bar of your browser.

We also employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

3. Target Groups

3.1 Online

You are currently visiting our website. Here, we temporarily store the following data to detect technical errors, track and prevent misuse, and optimize the user experience of the website:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the file accessed,
• Website from which the access originated (referrer URL),
• browser used and, if applicable, your computer’s operating system, as well as the name of your Internet service provider.
   

We process the aforementioned data for the following purposes:

• To ensure a smooth connection to the website,
• Ensuring a user-friendly experience on our website,
• Evaluating system security and stability, as well as
• for other administrative purposes.

Everything else is up to you—that is, what information you choose to share with us. To do so, please adjust the relevant cookie settings in your web browser.

3.2 Legal basis for processing

Processing is carried out to safeguard our legitimate interests or the interests of a third party (Art. 6(1)(f) GDPR).

3.3 Analysis by WiredMinds

Our website uses the tracking pixel technology of WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In doing so, a visitor’s IP address is processed. Processing is carried out exclusively for the purpose of collecting company-relevant information, such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is never stored in LeadLab. When processing the data, it is our particular interest to protect the data protection rights of natural persons. Our interest is based on Art. 6(1)(f) GDPR. The data we collect does not at any time allow for the identification of a specific individual.

WiredMinds GmbH uses this information to create anonymous usage profiles based on visitor behavior on our website. The data obtained in this process is not used to personally identify visitors to our website.

By clicking on the following link, you can permanently opt out of tracking on this website by WiredMinds. A technically necessary cookie will be set to permanently exclude you from tracking by WiredMinds LeadLab on this website.

 

3.4 Use of Cookies

We do not use cookies on our site.

4. Applicants       

You’ve come to the right place if you’re an applicant and would like more information regarding your data.

4.1 Purpose of data collection, processing, or use

Processing of the application; assessment of suitability; establishing contact.

4.2 Legal basis for processing (Art. 6 GDPR)

Implementation of (also) pre-contractual measures taken at the request of the data subject (Art. 6(1)(b)).

The data subject voluntarily consents. This is done through a corresponding declaration of consent (Art. 6(1)(f)).

Graepel fundamentally adheres to the principles of data avoidance and data minimization with regard to the intended purposes of processing, while respecting the legitimate interests of the data subjects.

4.3 Description of the groups of data subjects and the relevant data or categories of data

Group of data subjects: Applicants to the Graepel Group

Standard and necessary information provided by applicants for the application process.

4.4 Recipients or categories of recipients to whom the data may be disclosed

All employees who are authorized internally to perform the tasks for which the data is intended. In the case of payment transactions, financial institutions receive the necessary information. External contractors acting as subprocessors within the meaning of Section 11 BDSG (contract data processing) or Article 28 GDPR. As a rule, access to personal data is not the purpose of the contract, but cannot be ruled out.

4.5 Data transfers to third countries

Data transfers to third countries occur only in the context of contract fulfillment, necessary communication, and other exceptions expressly provided for in the BDSG (as amended) and the GDPR.

In the event that Graepel subsidiaries are engaged in a third country, appropriate safeguards (standard data protection clauses) are in place.

If, in the case of commissioned processing, Graepel itself engages subcontractors, the necessary safeguards are secured through data protection agreements. Corresponding checks are conducted regularly. Further information can be obtained upon request by contacting datenschutz@graepel.de.

4.6 Retention Periods and Standard Time Limits for Data Deletion

The legislature has enacted a variety of retention obligations and time limits. After these periods expire, the relevant data is routinely deleted if it is no longer required for the fulfillment of the contract. For example, commercial or financial data from a closed fiscal year is deleted after an additional ten years in accordance with legal regulations, unless longer retention periods are prescribed or required for legitimate reasons. Shorter deletion periods are applied in specific areas (e.g., in human resources management, such as rejected job applications or written warnings). Unless data is subject to these provisions, it is deleted once the purposes for which it was stored no longer apply.

5. Business contacts of the Graepel Group

5.1 Purpose of data collection, processing, or use

Maintaining contact. So that we can contact you for business purposes.

5.2 Legal basis for processing (Art. 6 GDPR)

Depending on the phase of our contact, different legal bases may apply:

• Implementation of (also) pre-contractual measures carried out at the request of the data subject (Art. 6(1)(b)).
• The data subject voluntarily consents. This is the case through a corresponding declaration of consent (Art. 6(1)(a)).
• Processing is necessary for the performance of contractual obligations and to safeguard the legitimate interests of the Graepel Group (Art. 6(1)(b) and (f)).

Graepel fundamentally adheres to the principles of data avoidance and data minimization with regard to the intended purposes of processing, while respecting the legitimate interests of the data subjects.

5.3 Description of the groups of data subjects and the relevant data or categories of data

Group of data subjects: Graepel’s business contacts; e.g., contact persons of customers, suppliers, service providers, and partners.

Standard and necessary contact details (last name, first name, title, company affiliation, department if applicable, phone number, email address).

5.4 Recipients or categories of recipients to whom the data may be disclosed

All employees who are authorized internally to perform the tasks for which the data is intended. In the case of payment transactions, financial institutions receive the necessary information. External contractors acting as subprocessors within the meaning of Art. 28 GDPR include, for example, factory representatives, transport companies, tax advisors, and IT service providers.

In addition, the data is transferred to companies within the Graepel Group for specific purposes. These are:

• Friedrich Graepel Aktiengesellschaft | D
• Graepel Löningen GmbH & Co. KG | D
• Graepel Seehausen GmbH & Co. KG | D
• Graepel North America | Omaha, NE | USA
• Graepel Oberflächentechnik GmbH & Co. KG | D
• Graepel Perforations India Pvt. Ltd. | IN

These transfers are made to fulfill our contract with you (Art. 6(1)(f) GDPR).

5.5 Data Transfers to Third Countries

Data transfers to third countries occur in the context of contract performance (Art. 6(1)(b)) and on the basis of legitimate interest (Art. 6(1)(f)), as well as other exceptions expressly provided for in the BDSG or GDPR.

In the event that Graepel subsidiaries are engaged in a third country, appropriate safeguards (Standard Data Protection Clauses) are in place.

5.6 Retention period or standard time limits for the erasure of data

The legislature has enacted a wide range of retention obligations and periods. Upon expiration of these periods, the relevant data is routinely deleted if it is no longer necessary for the performance of a contract. For example, commercial or financial data from a closed fiscal year is deleted after an additional ten years in accordance with legal regulations, unless longer retention periods are prescribed or required for legitimate reasons. Unless data is affected by these provisions, it is deleted when the purposes for which it was stored no longer apply. Contact information for individuals known to have left their companies is marked as inactive and therefore no longer appears in standard searches.

6. Visitors and Guests

6.1 Purpose of Data Collection, Processing, or Use

We collect your data for operational and occupational safety purposes.

6.2 Legal basis for processing (Art. 6 GDPR)

There are various legal bases for data collection:

• The data subject voluntarily consents. This is the case through appropriate consent (Art. 6(1)(a)).
• The protection of a legitimate interest of the Graepel Group (Art. 6(1)(f)).

Graepel fundamentally adheres to the principles of data avoidance and data minimization with regard to the intended purposes of processing, while respecting the legitimate interests of the data subjects.

6.3 Description of the groups of data subjects and the relevant data or categories of data

Group of data subjects: Visitors and guests

Standard and necessary contact details (last name, first name, title, company affiliation, department if applicable, phone number, email address, license plate number).

6.4 Recipients or categories of recipients to whom the data may be disclosed

All employees who are entrusted internally with the performance of the specified tasks.

6.5 Data transfer to third countries

No transfer to third countries takes place for this purpose.

6.6 Retention period or standard time limits for the deletion of data

The data will be deleted after a retention period of 14 days.

 

Löningen, April 2024

The Data Protection Officer