Information on Privacy and Cookies
Dyckerhoff GmbH Privacy Policy
Joint Privacy Policy of Dyckerhoff GmbH and its subsidiaries Dyckerhoff Beton GmbH & Co. KG, Dyckerhoff Beton Rheinland-Pfalz GmbH & CO. KG, Dyckerhoff Transportbeton Schmalkalden GmbH & Co. KG, Dyckerhoff Transportbeton Thüringen GmbH & Co. KG, TBG Lieferbeton GmbH & Co. KG Odenwald, Dyckerhoff Kieswerk Trebur GmbH & Co. KG and Dyckerhoff Kieswerk Leubingen GmbH (“we” below).
Contact details and further information on the above-mentioned entities responsible for this website can be found in the annex to this Privacy Policy.
You can contact our Data Protection Officer using the information provided below:
Dyckerhoff GmbH
Data Protection Officer
Biebricher Str. 68
65203 Wiesbaden, Germany
Phone: +49 611 676-1647
Email: protection.data@dyckerhoff.com
1. Data processing when visiting our website
We operate our website with the support of Buzzi S.p.A. in Italy. Each time the content of our website is accessed, their data-processing web hosting provider collects and temporarily stores data in log files. However, this does not mean that we can identify the user directly. Log files contain the following data and information:
- the date and time of access to the website
- the browser types and versions used
- IP address of the computer making the request
- host name of the accessing computer
- the operating system used by the accessing system
- website from which the website was accessed
- websites accessed through the website
- page visited on our website
- volume of data transferred
- message as to whether the request was successful
- information about the browser type and version used.
This data is processed for the purposes of our legitimate interests as defined in Article 6(1) Sentence 1 (f) of the General Data Protection Regulation (GDPR).
It is necessary to store data temporarily, especially the IP address, in order to deliver the website and enable users to visit it. Other log files are stored in order to ensure the functionality of the website and the security of the information technology systems, in particular the web server. These purposes constitute our legitimate interests.
We store the server log files to the extent necessary, unless there are specific indications of unlawful use requiring subsequent review.
The data-processing host is Amazon Data Services Ireland Limited, 1 Burlington Plaza, Burlington Road, Dublin 4, D04RH96 Ireland. Experience suggests that the servers are also located in Ireland. Nevertheless, we cannot exclude the possibility that data may be transferred to a third country. The recipient of your data in this case would be Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA, as part of the Amazon, Inc. group. Since Amazon Web Services is owned by the Amazon group and Amazon has its servers distributed all around the world, it is possible that your personal data will be stored and processed worldwide, including on servers in the USA. This could involve countries where the level of data protection is not as high as within the European Union.
As the level of data protection in third countries may possibly be lower, in some circumstances you may not be able to exercise your data protection rights, or only partially, in the case of these recipients. In addition, your data could be exposed to access by foreign authorities, and legal remedies at courts and authorities abroad could be unsuccessful. There is no European Commission adequacy decision for the USA within the meaning of Article 45 of the GDPR. EU standard contractual clauses used in these cases constitute appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer. A copy of the standard contractual clauses approved by the European Commission that are relied upon by Amazon, as well as the AWS GDPR Data Processing Addendum, is available at:
https://aws.amazon.com/de/compliance/germany-data-protection/
https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/
https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
Our job portal at https://www.dyckerhoff.com/web/dyckerhoff/stellenangebote includes items that are loaded from external servers as soon as you access this sub-page. The reason for this is the integration of innovative e-recruiting software by our data processor, BITE GmbH, Magirus-Deutz-Strasse 16, 89077 Ulm, Germany. While most files are downloaded from servers located in Germany, our data processor also uses capacity from Amazon Data Services Ireland Limited, 1 Burlington Plaza, Burlington Road, Dublin 4, D04RH96 Ireland. In this respect, the statements in the previous section regarding possible transfer of data to a third country apply here accordingly.
We also use services provided by foreign third parties that collect server log files for their own purposes. You can find out more about this at the relevant point in this Privacy Policy (point 6 f.).
2. Cookies
Accessing our website involves the storage of cookies. These are small files that are automatically created and stored on your device (laptop, tablet, smartphone, etc.) when you access our website.
Information connected with the specific device used is stored in the cookie. However, this does not mean that we gain direct knowledge of your identity as a result. Cookies also do not cause any damage to your device.
By using technical cookies, we aim to make your use of our website a pleasanter experience. For example, we use session cookies to detect that you have already visited certain pages of our website. Most cookies are routinely deleted automatically after you leave our website (“maximum period: end of session”).
The data processed by cookies is necessary for the aforementioned purposes of our legitimate interests and those of third parties, in accordance with Article 6(1) Sentence 1 (f) of the GDPR.
Using the “Language selection” cookie as an example, we will show you how a cookie works in outline. If you choose “English” the first time you visit our website, your selection will be stored in a cookie on your device. This cookie remembers your selection even if you then navigate to other subpages of our website. If this cookie is deleted by you or automatically by the system, then the language is no longer automatically displayed in English.
Most browsers accept cookies by default. You can set your browser so that cookies are not stored on your device, or so that a notification is always shown before a new cookie is created. Complete deactivation of cookies, however, may mean that you cannot use all the functions of our website. Depending on the privacy settings and the browser being used, cookies might not be stored at all. This also applies to all third-party cookies: detailed information about these is provided below.
We also use services that may set third-party cookies on your device. You can find out more about this at the relevant point in this Privacy Policy (point 6 f.).
3. Getting in touch
When you contact us (e.g. by email or phone), we will process your details insofar as this is necessary to respond to the enquiry and any requests.
If the purpose of your message is to initiate a contractual relationship with us, or if it is necessary for the performance of an existing contract between you and us, or for restoration of each party to its pre-contract position, we base the processing of the relevant data on Article 6(1) Sentence 1 (b) of the GDPR.
Insofar as your message is of a general nature, we base the processing of your enquiry on our legitimate interest in accordance with Article 6 (1) Sentence 1 (f) of the GDPR. Dealing definitively with the message received and contacting you externally constitutes our legitimate interest. We will store your message until the matter has been completely dealt with. It will be stored for longer only if legislation expressly entitles us to do so.
Your message will only be processed across the group if required by contract, or if it is in your interests and you can reasonably expect that it will result in the forwarding of your message.
Please note that, despite taking the utmost care, we cannot guarantee that communication via the Internet is secure. For this reason, we recommend that you send your message with password protection.
4. Employment applications
If you apply for a job with us, we will process the application documents that you send you us. In other cases, we may have received your application documents through a recruitment agency appointed by us. The data we process in this respect depends on the data you provide to us or to our appointed recruitment agent. We also process data that is collected during the job interview.
The processing of your documents for the purposes of the application procedure is a pre-contractual measure in accordance with Article 6(1) Sentence 1 (b) in conjunction with Article 88 of the GDPR, and Section 26 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
The sole purpose of this processing is to process your application and to contact you. We do keep statistics, but these do not refer to any particular person.
Your application documents will only be transferred to another company within the Dyckerhoff Group if you give your consent in accordance with Article 6(1) Sentence 1 (a) of the GDPR, Article 7 (f) of the GDPR. This includes cases where we believe that you could be suitable for another company within the Dyckerhoff Group, rather than the one to which you first sent your application documents. You can find out more about our companies via the link: https://www.dyckerhoff.com.
If you consent to your application documents being passed on, you may revoke your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. An email is sufficient to exercise your right of revocation. Your consent to intra-group processing is voluntary. Without your consent, however, we cannot pass on your application documents to another company within the Dyckerhoff Group in order to increase your chances. When we receive your revocation, intra-group processing will cease.
If your application is rejected, we will store your data for six months after you have received the relevant decision. If an employment contract is concluded, we will delete your application data as soon as the purpose ceases to apply.
For longer storage of your application documents, e.g. in the event that there is currently no vacancy but a suitable position becomes available in our company at a later date, we will obtain your consent in advance, in accordance with Article 6(1) Sentence 1 (a) of the GDPR, Article 7 (f) of the GDPR. In this case, too, you may revoke your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
An email is sufficient to exercise your right of revocation. Your consent to longer storage of your application documents is voluntary. Without your consent, however, we will not be able to consider your application in the event that we have a vacancy or suitable position available for you at a later date. Once we receive your revocation, your application documents will be removed from the pool of applicants.
We recommend that you send your application documents as an encrypted PDF file or compressed as an encrypted ZIP file, for example. Your application documents will be treated in the strictest confidence.
In conjunction with our data processor for innovative e-recruiting software, BITE GmbH, Magirus-Deutz-Strasse 16, 89077 Ulm, Germany, we provide a job and application portal. This runs under a sub-domain and is an additional service. Alternatively, you can also send us your application documents directly at any time, without using the job portal. While most files are downloaded from servers located in Germany, our data processor also uses capacity from Amazon Data Services Ireland Limited, 1 Burlington Plaza, Burlington Road, Dublin 4, D04RH96 Ireland. In this respect, the statements under point 1, “Data processing when visiting our website” in this Privacy Policy shall apply accordingly with regard to possible transfer of data to a third country.
5. Job newsletter
We offer the opportunity to subscribe to our job newsletter. This enables us to inform you directly as soon as we post a new position.
Our newsletter offers you several choices: for example, you can decide for yourself how often you would like to be notified, how long you would like to receive our newsletter (period of time after which the subscription should end automatically), and you can provide personal information about yourself (optional) – all this can be done directly during the registration process.
The legal basis is your voluntary consent in accordance with Article 6 (1) Sentence 1 (a) of the GDPR, Article 7 (f) of the GDPR. We comply with the proper “double opt-in procedure”: this means that you will only be added to our newsletter distribution list once you have clicked on the link with the unique ID, following your initial registration.
You have the right to revoke your consent, without affecting the lawfulness of processing based on consent before its withdrawal. Unless you have specified a time period, you will no longer receive our job newsletter if you revoke your consent or the purpose of holding the data no longer applies.
The provider of the newsletter function is BITE GmbH, Magirus-Deutz-Strasse 16 in 89077 Ulm, Germany. It is possible that our data processor also uses capacity provided by Amazon Data Services Ireland Limited, 1 Burlington Plaza, Burlington Road, Dublin 4, D04RH96 Ireland. In this respect, the statements under point 1, “Data processing when visiting our website” in this Privacy Policy shall apply accordingly with regard to possible transfer of data to a third country.
6. Third-party services and possible transfer of data to a third country
6.1. Google Web Fonts
Fonts from Google are integrated into our website. These fonts are automatically downloaded from Google servers: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, whose EU subsidiary is Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland. As soon as you access content on our website, a connection is automatically established to servers from which Google Web Fonts are downloaded. In doing so, Google collects normal log files for its own purposes, in particular the IP address. However, this does not mean that we gain knowledge of your identity.
We base the processing when using Google Web Fonts on Article 6(1) Sentence 1 (f) of the GDPR for the purposes of our legitimate interests.
Consistent presentation of our website on the Internet and promotion of our coverage optimisation through the use of a font that is intended specifically for indexing in search engines (search engine optimisation) constitute the data processing purposes. Furthermore, we have an interest in freely designing our website, also bearing in mind efficiency and cost-saving considerations by integrating content from Google Web Fonts hosted on other servers (Content Delivery Networks - CDN). By outsourcing, our website also gains speed in loading data. These purposes constitute our legitimate interests.
Since Google Web Fonts is owned by the Google group and Google has its servers distributed all around the world, it is possible that your personal data will be stored and processed worldwide, including on servers in the USA. This could involve countries where the level of data protection is not as high as within the European Union. As the level of data protection in third countries may possibly be lower, in some circumstances you may not be able to exercise your data protection rights, or only partially, in the case of these recipients. In addition, your data could be exposed to access by foreign authorities, and legal remedies at courts and authorities abroad could be unsuccessful. There is no European Commission adequacy decision for the USA within the meaning of Article 45 of the GDPR. EU standard contractual clauses used in these cases constitute appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer.
A copy of the standard contractual clauses approved by the European Commission that are relied upon by Google is available at:
https://policies.google.com/privacy/frameworks?hl=en&gl=en.
6.2. Google Maps
We have integrated Google Maps services into our website to display interactive maps and to create directions. The operator is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, whose EU subsidiary is Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland.
We use Google Maps for the purposes of our legitimate interests as defined in Article 6 (1) Sentence 1 (f) of the GDPR. By using this service, we aim to help you find us interactively, so that you can visit our premises easily and efficiently if you have an appointment.
Through using Google Maps, information about the use of this website, including your IP address and the (start) address entered when using the route planner (location data), may be transferred to Google in the USA, although this does not mean that we gain knowledge of your identity. When you access a web page on our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. The map content is sent by Google directly to your browser, which then integrates it into the website. In doing so, normal log files are collected, in particular the IP address:
Date and time of the visit to the website in question,
Internet address or URL of the accessed website,
IP address, (start) address entered in the course of route planning.
Since Google Maps is owned by the Google group and Google has its servers distributed all around the world, it is possible that your personal data will be stored and processed worldwide, including on servers in the USA. This could involve countries where the level of data protection is not as high as within the European Union. As the level of data protection in third countries may possibly be lower, in some circumstances you may not be able to exercise your data protection rights, or only partially, in the case of these recipients. In addition, your data could be exposed to access by foreign authorities, and legal remedies at courts and authorities abroad could be unsuccessful. There is no European Commission adequacy decision for the USA within the meaning of Article 45 of the GDPR. EU standard contractual clauses used in these cases constitute appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer. A copy of the standard contractual clauses approved by the European Commission that are relied upon by Google is available at:
https://policies.google.com/privacy/frameworks?hl=en&gl=en.
If you do not wish Google to collect, process or use data about you through our website, you can deactivate JavaScript in your browser settings. In this case, you will not be able to use the map display and other functions on our website.
You can view Google’s privacy policy here: https://policies.google.com/privacy?hl=en.
6.3. Bootstrap
In order to achieve consistent presentation and an appealing, modern design for our website, especially with regard to mobile responsive design, we use the free and widely used library called Bootstrap. “Mobile responsive” means that our website is displayed consistently, even on devices with a lower resolution. Bootstrap also provides other design functionality: animations, integrated fonts, forms, buttons, tables, navigation elements (menu), icons and much more.
In addition to our interests in consistent presentation of our website and a mobile responsive design, regardless of the device from which you access our website, we have an interest in freely designing our website, also bearing in mind efficiency and cost-saving considerations by integrating content from Bootstrap hosted on other servers (Content Delivery Networks - CDN). This constitutes our legitimate interests and the purposes of processing the data: the legal basis is Article 6(1) Sentence 1 (f) of the GDPR.
This library is not located on the servers of the data-processing host. As soon as you access our website, connections are automatically established to servers from which the specifically requested files are then loaded. When each server connection is made, normal log files are collected by the third party. In addition, cookies could possibly be stored on your device; they may also remain stored when you leave our website again, or even after you end the browser session. Lastly, the server owner could also keep statistics itself and track them for its own purposes.
The provider of the cloud solution on which the Bootstrap files are located is Stackpath LLC, 2021 McKinney Ave., Suite 1100, Dallas, TX 75201 with MaxCDN and the Highwinds Network Group. Since MaxCDN and Highwinds Network Group as ISP are part of the Stackpath Group and Stackpath has its servers distributed all around the world, it is possible that your personal data will be stored and processed worldwide, including on servers in the USA. This could involve countries where the level of data protection is not as high as within the European Union. As the level of data protection in third countries may possibly be lower, in some circumstances you may not be able to exercise your data protection rights, or only partially, in the case of these recipients.
In addition, your data could be exposed to access by foreign authorities, and legal remedies at courts and authorities abroad could be unsuccessful. There is no European Commission adequacy decision for the USA within the meaning of Article 45 of the GDPR. EU standard contractual clauses used in these cases constitute appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer. A copy of the standard contractual clauses approved by the European Commission that are relied upon by Stackpath is available at:
https://www.stackpath.com/legal/data-processing-addendum/
6.4. Vimeo
Our online product uses Vimeo to embed videos in our website. The provider of the video portal is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you access one of our pages that has an integrated Vimeo video, a connection to Vimeo servers is established. This tells Vimeo which of our pages you have accessed. Vimeo learns your IP address, even if you are not logged in to the video portal or do not have an account. The information collected by Vimeo is sent to the video portal’s servers in the USA.
Vimeo is used in the interests of an appealing presentation and freely designing our website. These constitute our legitimate interests within the meaning of Article 6 (1) Sentence 1 (f) of the GDPR.
Since Vimeo has its servers distributed all around the world, it is possible that your personal data will be stored and processed worldwide, including on servers in the USA. This could involve countries where the level of data protection is not as high as within the European Union. As the level of data protection in third countries may possibly be lower, in some circumstances you may not be able to exercise your data protection rights, or only partially, in the case of these recipients.
In addition, your data could be exposed to access by foreign authorities, and legal remedies at courts and authorities abroad could be unsuccessful. There is no European Commission adequacy decision for the USA within the meaning of Article 45 of the GDPR. EU standard contractual clauses used in these cases constitute appropriate safeguards within the meaning of Article 46 of the GDPR for the data transfer. A copy of the standard contractual clauses approved by the European Commission that are relied upon by Vimeo is available at:
https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.
7. Your rights
In accordance with Article 15 of the GDPR, you have the right to obtain information about the data stored about you, including any recipients and the scheduled storage period.
You have the right to revoke your consent, without affecting the lawfulness of processing based on consent before its withdrawal.
If inaccurate personal data is processed, you have the right to rectification in accordance with Article 16 of the GDPR.
If the legal requirements are met, you have the right to erasure or restriction of processing of the data concerned (Article 17 and Article 18 of the GDPR).
Under the provisions of Article 20, you have a right to data portability.
In accordance with Article 21 of the GDPR, you have the right, on grounds relating to your particular situation, to file an objection at any time to processing of your personal data conducted on the basis of Article 6(1) Sentence 1 (f) of the GDPR. In such a case, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or that the processing is necessary to assert, exercise or defend legal claims. The collection of data in order to make the website available and storage of the log files are essential for operation of the website.
Under Article 77 (1) of the GDPR, you have the right to complain to a data protection supervisory authority if you believe that processing of your data infringes applicable data protection law.
We do not use automated decision-making, including profiling.
For information on the processing and protection of personal data for employees of business partners, for customers as well as suppliers of Dyckerhoff GmbH and its associated companies, please refer to the relevant documents.
Version dated: September 9, 2021