Privacy Policy of AGO GmbH Energie + Anlagen

1. Data protection at a glance

1.1 General information

The following information provides a simple overview of what happens to your personal data when you visit our website or contact us via the website.

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to guarantee complete protection of data against access by third parties.

1.2 Definitions

Personal data is any data that can be used to personally identify you. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

1.3 Who is responsible for data collection on this website?

The controller responsible for data processing on this website is:

AGO GmbH Energie + Anlagen
Am Goldenen Feld 23
95326 Kulmbach
Telephone: +49 (0) 9221 602-0
Email: info@ago-energie.de

1.4 How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data that you enter into a contact form.
Other data is collected automatically by our IT systems when you visit the website. This consists primarily of technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

1.5 What do we use your data for?

The data is collected solely to ensure the website functions correctly.

1.6 What rights do you have regarding your data?

You have a right to access (Art. 15 GDPR) as well as a right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR) or a right to object to processing (Art. 21 GDPR) as well as a right to data portability (Art. 20 GDPR). Furthermore, you have the right to withdraw your consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to withdrawal. The GDPR provides for a right to lodge a complaint with the supervisory authority.

The contact details of the supervisory authority are available here: https://www.lda.bayern.de/de/kontakt.html

You may contact us at any time at the address given in section 1.3 regarding this matter or any other questions relating to personal data.

2. Technical information

2.1 Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not combined with other data sources. The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. In addition, we process this data on the basis of Article 6(1)(f) of the GDPR on the grounds of legitimate interest. This includes supporting marketing activities, maintaining a current and contemporary public image, and increasing awareness of our company.

2.2 SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the padlock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2.3 Cookies

The website does not use cookies.

2.4 To which third countries is your data transferred?

Your personal data will not be transferred to third countries other than to the providers listed in Section 4, Data Transfer to Third-Party Providers.

How long is your data stored or archived?

We comply with the statutory retention periods set out in the Commercial Code and the Tax Code. These are generally between 6 and 10 years.

Server logs are stored by the hosting provider for 10 days.

Otherwise, the following applies: once the purpose for which the data was collected has ceased to apply, including any limitation periods, your data will be deleted.

In the event of withdrawal of consent, the data will be deleted immediately.

3. Use of our website

The data you provide in your letter or email will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

3.1 Contacting us via our website

3.1.1 When contacting us via the contact form, email, telephone, fax or post

If you have any questions, we offer you the option of contacting us by telephone, fax, email or post.

When you contact us, we collect the data you provide and, where applicable, further contact details (surname, first name, address where applicable, telephone number where applicable, email address where applicable) as well as the content of your enquiry in order to be able to respond to your enquiry. Otherwise, data processing is based on the content of your enquiry.

We process the data on the basis of Article 6(1)(b) of the GDPR for the purpose of entering into or performing a contract. Should this processing purpose not be the subject of your enquiry, we may assume your consent to processing in accordance with Article 6(1)(a) of the GDPR. You may withdraw this consent at any time. To do so, simply send us an informal email. The lawfulness of the data processing operations carried out up to the point of withdrawal remains unaffected by the withdrawal.

3.1.2 Data protection in relation to job applications and the application process

We collect and process the personal data of individuals who apply for a position at AGO GmbH Energie + Anlagen for the purpose of handling the application process or for the establishment and administration of the employment relationship, should such a relationship be established.

The legal basis for the processing is Article 88 of the GDPR in conjunction with Section 26 of the Federal Data Protection Act. The processing may also take place electronically. This is particularly the case where an applicant submits the relevant application documents to us electronically, for example by email. If we enter into a contract with an applicant, the data provided will be processed for the purpose of managing the contractual relationship in accordance with the statutory provisions. The legal basis for this processing is also Article 88 of the GDPR in conjunction with Section 26 of the Federal Data Protection Act.

Furthermore, personal data is processed on our behalf on the basis of contracts pursuant to Article 28 of the GDPR, in particular by hosting providers or providers of applicant management systems or applicant portals.

a) Personal data in the application process

We process data relating to your application. This may include general personal data (such as your name, address and contact details), information regarding your professional qualifications and educational background, details of any further professional training, or other information you provide to us in connection with your application. In addition, we may process work-related information that you have made publicly available, such as a profile on professional social media networks.

b) Categories of recipients of your data:

Application by email:

In the case of an electronic application process via email, the data is passed on internally to the department heads who are (jointly) responsible for deciding on your application. Our staff involved in the application process are specially trained and explicitly bound by confidentiality obligations and instructed not to reproduce your application. Furthermore, the data is passed on to the department heads in a manner that prevents copying and permanent storage/archiving.

Applications submitted on paper:

In the case of an application process using paper documents (hard copies), the data will be passed on internally to the department heads who are (jointly) responsible for deciding on your application. To this end, it may be necessary to copy your documents or parts thereof. Our staff involved in the application process are specially trained and explicitly bound by confidentiality, and are instructed not to reproduce your application further.

In accordance with our obligation to retain records, we will keep your application for a maximum period of six months following the decision. After this period, any copies of your application documents will be securely destroyed (using a shredder) or deleted from our systems. Your original documents will be returned to you for our records.

Data transfer to third-party providers

4.1 Host provider

Your data will be passed on to our provider, Zeist Media, An der Steinernen Brücke 16 c, 95632 Wunsiedel, for the purpose of providing the website.

4.2 Google Maps

We use Google Maps (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in various places on our website to display maps and create route plans. By using this website, you consent to the collection, processing and use of automatically collected data and data entered by you by Google, one of its representatives or third-party providers.

For Google Maps, you can find the Terms of Service at Terms of Service for Google Maps and the Privacy Policy under “Privacy” on Google.

Google may transfer the information obtained via Google Maps to third parties where required by law or where such third parties process the data on Google’s behalf. It cannot be ruled out that Google may associate your IP address with other data held by Google. It is technically possible that Google could identify at least individual users based on the data received. We have no influence over whether personal data and user profiles of website users are processed by Google for other purposes. You have the option to easily disable the Google Maps service and thus prevent the transfer of data to Google. To do this, disable JavaScript in your browser. However, please note that in this case you will not be able to use the map display.

Data processing on behalf of others

We have concluded a contract with our third-party providers for data processing on our behalf in accordance with Article 28 of the GDPR. This obliges the providers to comply with the strict requirements of the European data protection authorities when using our services.

5. Social media

5.1 Facebook/Instagram

AGO GmbH maintains publicly accessible profiles on social networks.
Social networks such as Facebook etc. are generally able to analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. ‘Like’ buttons or advertising banners). It cannot be ruled out that this may result in further risks for you as a user.

When you visit one of our social media pages (e.g. Facebook), you trigger the processing of your personal data. In this case, we are jointly responsible with the operator of the respective social network for these data processing operations within the meaning of Article 26 of the GDPR. You may generally exercise your rights (right of access under Article 15 of the GDPR, right to rectification under Article 16 of the GDPR, right to erasure under Article 17 of the GDPR, right to restriction of processing pursuant to Article 18 of the GDPR, right to data portability pursuant to Article 20 of the GDPR and right to lodge a complaint pursuant to Article 77 of the GDPR) may, in principle, be exercised both against us and against the operator of the relevant social network (e.g. Facebook).

Please note that, despite our joint responsibility under Article 26 of the GDPR with the operators of social networks, we do not have full control over the data processing carried out by the individual social networks. The data protection policy of the respective provider has a significant influence on our options.

Social networks are obliged to comply with EU data protection standards when offering their services to EU citizens. Nevertheless, risks arising from processing in so-called third countries cannot be ruled out. AGO GmbH does not use social media plugins, but rather so-called social bookmarks. These are integrated into an AGO GmbH website solely as links to the relevant services. Upon clicking the embedded graphic, the user is redirected to the respective provider’s website. Furthermore, if a website is shared via the ‘Share this content’ button, there is a possibility that the relevant website will become visible on Twitter, Facebook, etc., and will appear as an activity on the user’s respective profile.

When you visit our social media pages, the respective service provider collects, amongst other things, your IP address and other information that is stored on your device (computer, smartphone, tablet, etc.) in the form of cookies or is already present there. This information is used to provide us, as the operators of the pages, with statistical information regarding the use of the social media service. Specifically, this data may include truncated IP addresses, aliases, names, profile data, contact details (email), image/video/audio data, information and content provided, connected people, pages, accounts, hashtags and groups. Further information on this is provided by the respective provider via the following links: “http://de-de.facebook.com/help/pages/insights”:<https://help.instagram.com/788388387972460

Please note that using apps in which your login details are stored results in automatic login to the respective service, meaning your visit can be traced.

As the operator of the social media services, we do not collect or process any further data from your use of our service! Please note that AGO GmbH has no knowledge of the content of the data transmitted or its use by Facebook/Instagram.

Please note that you use this Facebook page and its features at your own risk. This applies in particular to the use of interactive features (e.g. commenting, sharing, rating). Alternatively, you can also access the information provided via this page on our website at www.ago-energie.de.

When you visit our Facebook page, Facebook collects, amongst other things, your IP address and other information stored on your computer in the form of cookies. This information is used to provide us, as the operators of the Facebook pages, with statistical information regarding the use of the Facebook page. Facebook provides further information on this at the following link: http://de-de.facebook.com/help/pages/insights..

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Economic Area. Facebook describes in general terms what information it receives and how it is used in its Data Policy. There you will also find information on how to contact Facebook and on the settings options for advertisements. The Data Policy is available via the following link: http://de-de.facebook.com/about/privacy.

For details on how Facebook uses data from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are attributed to individual users, how long Facebook stores this data, and whether data is passed on to third parties, please refer to Facebook’s full data policy. This can be found here: https://de-de.facebook.com/full_data_use_policy.

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about its users’ devices (e.g. as part of the “login notification” feature); where applicable, this enables Facebook to link IP addresses to individual users.

If you are currently logged into Facebook as a user, there is a cookie on your device containing your Facebook ID. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons embedded in websites allow Facebook to track your visits to these websites and associate them with your Facebook profile. This data can be used to offer you content or advertising tailored to your interests.

If you wish to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies stored on your device, and close and restart your browser. This will delete Facebook information that can be used to identify you directly. This allows you to use our Facebook page without your Facebook ID being revealed. When you access interactive features on the page (Like, Comment, Share, Messages, etc.), a Facebook login screen will appear. Once you have logged in, Facebook will recognise you again as a specific user.

You can find information on how to manage or delete information held about you on the following Facebook Support pages: https://de-de.facebook.com/about/privacy

5.2 YouTube

Our website uses plugins from the YouTube site operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages featuring a YouTube plugin, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of presenting our online services in an appealing manner. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

XING

Functions and plugins from XING, provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, may be used on our website. These may include, for example, content such as images, videos or text and buttons, which allow you to use the provider’s services. You can also access the AGO GmbH page on XING via the button.

If you are a member of XING, XING may associate your access to the aforementioned content and features with your profile there. You can find XING’s privacy policy at
https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

Our website may use features and plugins from LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. These may include, for example, content such as images, videos or text and buttons, which allow you to use the provider’s services. You can also use the button to access the AGO GmbH page on LinkedIn.

If you are a member of LinkedIn, LinkedIn may associate your access to the aforementioned content and features with your profile there. You can find LinkedIn’s privacy policy at: https://www.linkedin.com/psettings/

5.5 Data transfers to third countries

In accordance with the information provided on our social media platforms or by third-party providers, data transfers to third countries are possible. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. To ensure the lawful transfer of data to third countries, providers rely on the legitimisation provided by the use of standard contractual clauses approved by the European Commission and, where applicable, on the adequacy decisions issued by the European Commission regarding certain countries for data transfers from the EEA to the USA and other countries. This is intended to ensure the security standard for data transfers to third countries.

Furthermore, we would like to point out that US companies are obliged to hand over personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot therefore be ruled out that US authorities may process, analyse and permanently store your data held on US servers for surveillance purposes. We have no influence over these processing activities.

Data Protection Officer

We have appointed a Data Protection Officer for our company.
If you have any questions, please contact:

Mr Gerald Saur
Email: datenschutz@ago-energie.de or gerald.saur[at]gsmanagement.de