Privacy Policy

CONREN Land AG (hereinafter also referred to as “CONREN Land”) takes the protection of your personal data very seriously and is complaint with applicable data protection laws and other statutory requirements. The purpose of this Notice is to inform you about the nature, scope and purposes of our collection and use of personal data. It is available in other languages on request.

This Privacy Notice (including the information required to be provided by statute) is divided into three parts:

Part 1: Data protection information regarding our processing of personal data pursuant to Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR)

Data protection information regarding our processing of personal data pursuant to Articles (Art.) 13, 14 and 21 of the EU General Data Protection Regulation (GDPR). We take data protection seriously and this notice is to inform you about how we process your data and your rights under data protection laws. Valid since 25 May 2018

1. Data Controller and contact details

The Controller under data protection law is:

CONREN Land AG
Bockenheimer Anlage 2
D-60327 Frankfurt am Main
Telephone: +49 (69) 69766430-0
Fax:                 +49 (69) 69766430-90

Our Data Protection Officer can be contacted using the following details:

HEC Harald Eul Consulting GmbH
Datenschutz + Datensicherheit
Auf der Höhe 34
D-50321 Brühl
Telephone: +49 (2232) 1885211
Fax:                +49 (2232) 200884

DSB-Conrenland(at)he-c.de

2. Purposes and legal basis for processing your data

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act [Bundesdatenschutzgesetz – BDSG] and other applicable data protection laws and regulations (as explained in more detail below). The specific types of data we process and how they are used depends mainly on the specific services applied for or agreed in each individual case. For further details or additional information on data processing by CONREN Land, please refer to the relevant contract documents, forms, declaration of consent and/or other information provided to you (e.g. in the context of your use of our website or as part of our General Terms and Conditions). Moreover, this Privacy Notice may be updated from time to time. To review the most current version of this Privacy Notice, please visit our website www.conrenland.com.

2.1. Processing for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6(1)(b) GDPR)

Personal data are processed for the purposes of performing contracts we have with you, fulfilling your orders and taking steps and actions which form part of pre-contractual relations, e.g. with prospective customers. The primary purpose of processing is therefore to fulfil our obligations to fulfil your orders and requests and includes the services, steps and actions required. This includes first and foremost communicating with you in relation to a contract, the associated billing and payment transactions, the traceability of transactions, orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures to control and improve business processes and to fulfil general duties of care, control and supervision by affiliates (e.g. a parent); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting for company benefits and their valuation for tax purposes, risk management, assertion of legal claims and defence in legal disputes; ensuring IT security (including system and plausibility tests) and general safety, including building and plant safety, protection and exercise of domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory bodies or control bodies (e.g. auditing).

2.2. Processing for the purposes of the legitimate interests pursued by CONREN Land or by a third party (Art. 6(1)(f) GDPR)

Beyond the actual performance of the contract or preliminary contract, we may also process your data where such processing is necessary for the purposes of the legitimate interests pursued by CONREN Land or by a third party, in particular for the following purposes:

• Advertising or market research and opinion polling, unless you have objected to the use of your data;
• Obtaining information and exchanging data with credit agencies about matters beyond our financial risk;
• Reviewing and improving requirement analysis processes;
• Development of services and products and of existing systems and processes;
• Disclosure of personal data as part of the due diligence process in the negotiations for the sale of a business;
• Performing checks of European and international terrorism lists that go beyond our statutory obligations;
• Enhancement of our data, including by using or searching publicly available data;
• Statistical evaluations or market analysis;
• Benchmarking
• Asserting legal claims and defence in legal disputes not directly associated with the contractual relationship;
• Restricted storage of data if erasure is not possible or only possible at disproportionate expense due to the particular manner of storage;
• Developing scoring systems or automated decision-making processes;
• Preventing and investigating criminal offences beyond what is required to comply with legal obligations;
• Ensuring building and plant safety (e.g. through access controls and video surveillance), beyond complying with our general duty of care;
• Conducting internal and external investigations, safety reviews;
• Monitoring or recording of telephone calls for quality control and training purposes;
• Obtaining and maintaining certifications (e.g. ISO certifications) of a private-law or official nature;
• Protecting and exercising domiciliary rights through appropriate measures, including video surveillance, to protect our customers and staff and to capture evidence of and prevent criminal activity.

2.3. Processing based on your consent (Article 6(1)(a) GDPR)

For certain purposes, your personal data may also be processed on the basis of your consent. As a rule, you can withdraw your consent at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018. Information about the purposes and consequences of withdrawing or not granting consent will be provided separately in the wording of the consent form.
A withdrawal of consent generally applies only to future processing of your data and does not affect the legality of processing carried out prior to withdrawal.

2.4. Processing for compliance with a legal obligation (Art. 6(1)(c) GDPR) or in the public interest (Art. 6(1)(e) GDPR)

Like all business players, we are subject to a range of legal obligations. These are mostly statutory requirements (e.g. trade and tax laws) but also regulatory or other authority requirements, if applicable. The purposes of such processing may include identity and age verification, fraud and money laundering prevention, preventing, combating and investigating terrorist financing and property offences, checks of European and international terrorism lists, compliance with monitoring and reporting obligations under tax law and archiving of data for purposes of data security and data protection as well as audits by tax and other authorities. Personal data may also have to be disclosed in the context of authority/judicial measures to take evidence, prosecute criminal activity or enforce civil law claims.

3. Categories of data processed and their origin in the case of data not received directly from you

Where necessary for the provision of our services, we process personal data lawfully obtained from other companies or other third parties (e.g. credit agencies). Furthermore, we process personal data we lawfully obtain, receive or purchase from public sources (e.g. telephone directories, commercial registers and registers of associations, registers of residents, records of debtors, land registers, the press, the Internet and other media) and which we are allowed to process.
Relevant categories of personal data may include, but are not limited to

• Personal details (name, date and place of birth, nationality, marital status, profession/industry and similar information)
• Contact details (address, email address, telephone number and similar information)
• Address details (resident registration data and similar information)
• Confirmations of payment/account coverage for debit and credit cards
• Information about your financial standing (credit data including credit scoring, i.e. data to assess financial risk)
• Customer history
• Data about your use of telemedia we offer (e.g. when you access our websites, apps or newsletters, which of our pages/links or entries you clicked on, and similar information)
• Video data

4. Recipients or categories of recipients of your data

Within our company, your data are shared with those internal departments or organisational units that have a need to know to fulfil our contractual or legal obligations or for processing and to pursue our legitimate interests. We only disclose your data to third parties in the following circumstances:

• in connection with the performance of the contract;
• In order to comply with legal obligations which require us to provide information or notifications or to share data, or under which the sharing of data is in the public interest (cf. clause 2.4 above);
• If third-party service providers process data on our behalf as commissioned processors or function-holders (e.g. external data centres, support/maintenance of data processing and computer applications, archiving, document processing, compliance services, controlling, AML data screening, data validation and plausibility checking, data destruction, purchasing/procurement, client management, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, financial institutions, print shops or providers of data destruction, courier and logistics services);
• Based on legitimate interests pursued by CONREN Land or by a third party for the purposes referred to in clause 2.2 (e.g. to public authorities, credit agencies, debt collection agencies, lawyers, courts, appraisers and experts, companies and bodies forming part of the CONRENLAND Group and control bodies);
• If you have given us your consent to transfer your data to third parties.

We will never pass on your data to third parties in any other circumstances. If we instruct service providers to undertake commissioned data processing on our behalf, your data will be protected by the same security standards as with us. In all other cases, recipients may use your data only for the purposes for which they were transmitted.

5. Period for which your data will be stored

We process and store your data for the duration of our business relationship. This also includes the pre-contract negotiation phase (pre-contractual legal relationship) and the performance of a contract.
Moreover, we are subject to various retention and documentation obligations which arise, for example, under the German Commercial Code [Handelsgesetzbuch –HGB] or the German Tax Code [Abgabenordnung –AO]. These laws provide for retention and documentation periods of up to ten years beyond the end of a business relationship or pre-contractual legal relationship.
Furthermore, longer retention periods may apply due to special statutory requirements, e.g. in relation to the preservation of evidence in accordance with statutory limitation periods. Pursuant to Secs. 195 et seq. of the German Civil Code [Bürgerliches Gesetzbuch – BGB], the general limitation period is three years, however, in certain circumstances, limitation periods of up to 30 years may apply.
If we no longer need your data t perform our contractual or legal obligations, they will usually deleted, unless further processing is necessary – for a limited time – for the purposes referred to in clause 2.2 above based on an overriding legitimate interest. Such an overriding legitimate interest is deemed to exist, for example, if erasure is not possible or only possible at disproportionate expense due to the particular manner of storage and processing for other purposes is excluded by appropriate technical and organisational measures.

6. Processing of your data in a third country or by an international organisation

Data will be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) (known as “third countries”) if it is necessary to do so for the purpose of completing an order from you or performing a contract with you, if required by law (e.g. to comply with reporting obligations under tax law), for the purposes of the legitimate interests pursued by CONREN Land or by a third party or on the basis of your consent.
Such processing of your data in a third country may also occur if service providers are engaged to perform data processing on our behalf. If the country concerned is not subject to an adequacy decision by the EU Commission finding it to provide an adequate level of protection of personal data, we will ensure by means of appropriate contracts that your rights and freedoms are adequately protected and safeguarded in accordance with EU data protection requirements.
Information about the suitable or adequate safeguards and about whether, how and where it is possible to obtain a copy for you can be requested from the company data protection officer or from the personnel department competent for you.

7. Your data protection rights

Under certain circumstances, you have the following rights towards us under data protection laws:

• For example, you have a right of access to the information we store about you in accordance with Art. 15 GDPR (if applicable, subject to the restrictions of Sec. 34 BDSG).
• At your request, we will rectify the data we store about you in accordance with Art. 16 GDPR if they are incorrect or inaccurate.
• If you wish we will erase your data in accordance with the provisions of Art. 17 GDOR, unless there are other statutory provisions (e.g. statutory retention requirements or the restrictions under Sec. 35 BDSG) or an overriding interest on our part (e.g. in defending our rights and claims) preventing this.
• Subject to the conditions of Art. 18 GDPR, you have the right to request that we restrict the processing of your data.
• Furthermore, you have the right to object to the processing of your data in accordance with Art. 21 GDPR. We will then no longer be allowed to process your data. However, this right of objection applies only if certain grounds relating to your personal situation exist and subject to the proviso that CONREN Land may have rights that override your right to object.
• Subject to the conditions of Art. 20 GDPR, you also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit them to a third party.
• Furthermore, you have the right to withdraw the consent you have given to us to process your personal data at any time with effect for any further processing.
• You also have a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you raise any complaints with our data protection officer in the first instance.

All requests to exercise your rights should wherever possible be sent in writing to the address specified above or directly to our data protection officer.

8. Scope of your obligations to provide data

You only have to provide the data required to establish and maintain a business relationship or for a pre-contractual relationship with us, or data we are required by law to collect. Without these data, we will generally not be able to enter into or perform a contract with you. This may also apply to data needed at a later point of our business relationship. If we ask you to provide further data beyond those referred to above, we will specifically indicate that the provision of those data is voluntary.

9. Automated individual decision-making (including profiling)

We do not use decision-making processes that are based solely on automated processing pursuant to Article 22 GDPR. If we were to use any such processes in isolated cases in the future, we would specifically inform you if we are required to do so by law.
In certain circumstances, we may process some of your data with the aim of evaluating certain personal aspects (profiling).
We may use analysis tools to provide you with targeted product information and advice. This helps us tailor our products, communication and advertising to demand and to carry out market research and opinion polls.
Such methods may also be used to assess your credit history and credit standing and for combating money laundering and fraud. We may also use scoring methods to assess your credit history and credit standing. Scoring models use mathematical techniques to calculate the probability that a customer will comply with his or her payment obligations as agreed by contract. Scoring helps us, for example, evaluate customers’ credit-worthiness and make decisions in the context of product sales and is a tool we use in our risk management.
The calculation is based on acknowledged and proven methods of mathematical statistics and your data, including, but not limited to, your income, spending, existing liabilities, profession, employer, duration of employment, the experience gathered so far in the business relationship between us, your repayment of credits in the past and information from credit agencies.
Information about your nationality and special categories of personal data pursuant to Art. 9 GDPR will not be processed in this context.

Information about your right to object pursuant to Art. 21 GDPR
  1. You have the right to object, on grounds relating to your particular situation, at any time to processing of your data on the basis of Art. 6(1)(f) GDPR (processing for the purposes of the legitimate interests pursued by the Controller or by a third party) or (Art. 6(1)(e) GDPR (processing for the performance of a task carried out in the public interest). This also applies to profiling as defined in Art. 4(4) GDPR on the basis of this provision.If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
  1. We may also process your personal data for direct marketing purposes. If you do not wish to receive marketing communications from us, you have the right to object to this at any time; this also applies to profiling related to direct marketing. We will then observe your objection with respect to all further processing.If you object to processing for direct marketing purposes, we will stop processing your personal data for this purpose.

Your objection may be made informally and should be directed, if possible, to the following address:

CONREN Land AG
Bockenheimer Anlage 2
D-60327 Frankfurt am Main
Telephone: +49 (69) 69766430-0
Fax:                 +49 (69) 69766430-90

Our Privacy Notice and the data protection information regarding our processing of personal data pursuant to Articles (Art.) 13, 14 and 21 GDPR is subject to change from time to time. Any revisions will be published on this website. Previous versions are available upon request.

Part 2: Additional data protection information about our website

Welcome to the CONREN Land website and thank you for your interest in our company.

1. Data Controller and contact details

The Controller under data protection law is:

CONREN Land AG
Bockenheimer Anlage 2
D-60327 Frankfurt am Main
Telephone: +49 (69) 69766430-0
Fax:                  +49 (69) 69766430-90

Our Data Protection Officer can be contacted using the following details:

HEC Harald Eul Consulting GmbH
Datenschutz + Datensicherheit
Auf der Höhe 34
D-50321 Brühl
Telephone: +49 (2232) 1885211
Fax:                +49 (2232) 200884

DSB-Conrenland(at)he-c.de

2. Collection and retention of personal data and nature and purpose of processing

2.1. If you use our website

You do not need to provide any personal data (e.g. your name, address, email address, etc.) to use our online offering. When you request to open our website using a browser, your browser automatically gives information to the server for the page. The following information is stored in files that are temporarily stored until they are automatically deleted (log files):

• your browser type/version
• the operating system you are using
• the referrer URL
• the host name/IP address of the accessing computer
• the date and time of the server request

The purpose of storing this information in log files is to ensure the proper functioning of the website. The data stored also help us optimise our website and maintain the safety of our IT systems. They are not analysed for marketing purposes.
These purposes also represent the legitimate interest on which we rely in order to process your data (Art. 6(1)(f) GDPR). In no case will we use the data collected for the purpose of identifying you.
For further information about the cookies and analytics services we may use to understand more about visits to our website, please refer to sections 4 and 5.

2.2. If you use our contact form

If you have any questions or queries, you can use the contact from provided on our website to get in touch. If you use the contact form, you need to provide a valid email address so we know who is contacting us and can respond to you. Further details may be provided on a voluntary basis.
This information will be processed for the purpose of contacting us in accordance with Art. 6(1) Sentence 1 lit. a GDPR on the basis of your voluntary consent. The personal data we collect when you use our contact form will be deleted automatically when your enquiry is complete.

3. Use and sharing of personal data

We will not transfer your personal data to third parties for purposes other than those specified herebelow.
We will only provide your personal data to third parties in the following cases:

• if you have given your explicit consent according to Art. 6(1) Sentence 1 lit. a GDPR,
• if disclosure is necessary pursuant to Art. 6(1) Sentence 1 lit. f GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding protectable interest in the non-disclosure of your information,
• if disclosure is necessary for compliance with a legal obligation pursuant to Art. 6(1) Sentence 1 lit. c GDPR, and
• where permitted by law and necessary for the performance of a contract to which you are a party pursuant to Art. 6(1) Sentence 1 lit. b GDPR.

4. Cookies

Our website does not use cookies.
If cookies are used by third parties or for analysis purposes, we will specifically inform you about this in this Privacy Notice and, if applicable, ask you for your consent.

5. Website analytics tools

Our website does not use website analytics tools or other tracking tools.

6. Rights of data subjects

You have the right
• to obtain information from us pursuant to Art. 15 GDPR as to whether or not we process personal data about you. In particular, you may request information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of a right to request rectification or erasure of personal data or restriction of processing of personal data about you or to object to such processing, the right to lodge a complaint, where the personal data are not collected from you, any available information as to their source, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details of it;
• to obtain from us without undue delay the rectification of any inaccurate personal data we hold about you pursuant to Art. 16 GDPR;
• to obtain from us the erasure of personal data we hold about you pursuant to Art. 17 GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
• to obtain restriction of processing of your personal data pursuant to Art. 18 GDPR where you contest the accuracy of the personal data, the processing is unlawful but you oppose the erasure of the personal data and we no longer need t the personal data but you require the data for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
• to receive the personal data about you which you have provided to us in a structured, commonly used and machine-readable format or to request that those data be transmitted to another controller pursuant to Art. 20 GDPR;
• to withdraw any consent you have previously given to us at any time pursuant to Art. 7(3) GDPR. This means that we are not allowed to continue processing your data in the future as we did on the basis of that consent; and
• to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can turn to the supervisory authority at your habitual residence, at your place of work or at the official domicile of our company.

7. Right to object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1) Sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation or if your objection relates to direct marketing. In the latter case, you have a general right of objection that will be implemented by us without any particular situation having to be stated.

Your objection may be made informally and should be directed, if possible, to the following address:

CONREN Land AG
Bockenheimer Anlage 2
D-60327 Frankfurt am Main
Telephone: +49 (69) 69766430-0
Fax:                 +49 (69) 69766430-90

8. Data security

We use SSL (Secure Socket Layer) technology, which is the Internet standard for the secure transmission of data, with the highest level encryption supported by your browser. As a rule, this will be 256 bit encryption. If your browser does not support 256 bit encryption, we use 128 bit v3 technology instead. You will know whether a particular page of our Website is transferred in encrypted form by the key or closed padlock symbol on the bottom toolbar of your browser.
Apart from that, we use appropriate technical and organisational safeguards to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continually improved as new technology becomes available.
Due to the further development of our website and our offers on this website, or due to changes in legislation and authority requirements, it may become necessary to make changes to this Privacy Notice. Our current Privacy Notice can be downloaded and printed from our website at https://www.conrenland.com/privacy_notice

Part 3: Additional data protection information for job applicants

Data protection information regarding our processing of job applicant data pursuant to Articles (Art.) 13, 14 and 21 of the EU General Data Protection Regulation (GDPR). We take data protection seriously and this notice is to inform you about how we process your data and your rights under data protection laws. Valid since 25 May 2018

1. Data Controller and contact details

The Controller under data protection law is:

CONREN Land AG
Bockenheimer Anlage 2
D-60327 Frankfurt am Main
Telephone: +49 (69) 69766430-0
Fax:                 +49 (69) 69766430-90

Our Data Protection Officer can be contacted using the following details:

HEC Harald Eul Consulting GmbH
Datenschutz + Datensicherheit
Auf der Höhe 34
D-50321 Brühl
Telephone: +49 (2232) 1885211
Fax:                 +49 (2232) 200884

DSB-Conrenland(at)he-c.de

2. Purposes and legal basis for processing your data

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act [Bundesdatenschutzgesetz – BDSG] and other applicable data protection laws and regulations (as explained in more detail below). For further details or additional information on data processing by CONREN Land, please refer to the relevant contract documents, forms, declaration of consent and other information provided to you.

2.1. Processing for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6(1)(b) GDPR)

Your personal data are processed for the purposes of processing your application in response to a particular vacancy or any speculative application you may make, in particular for the following purposes in this context: reviewing and assessing your suitability for the position to be filled, performance evaluation and behaviour analysis within the limits allowed by law, if applicable for your registration and authentication on our website for the purposes of your application, if applicable for the purpose of drawing up your employment contract, for traceability of transactions, orders and other agreements as well as quality control through appropriate documentation, measures to fulfil general duties of care, statistical evaluations for corporate management, travel and event management, for booking travel and travel expense purposes, authorisation and authentication management, cost recording and controlling, reporting, internal and external communication, accounting for company benefits and their valuation for tax purposes (e.g. canteen meals), if applicable processing expense claims using a company credit card, occupational safety and health and safety at work, communicating with you in relation to a contract (including making appointments) with you, assertion of legal claims and defence in legal disputes; ensuring IT security (including system and plausibility tests) and general safety, including building and plant safety, protection and exercise of domiciliary rights through appropriate measures, including video surveillance, if applicable, to protect third parties and our staff and to capture evidence of and prevent criminal activity; ensuring integrity, prevention and investigation of criminal offences; authenticity and availability of data, control by supervisory bodies or control bodies (e.g. auditing).

2.2. Processing for the purposes of the legitimate interests pursued by CONREN Land or by a third party (Art. 6(1)(f) GDPR)

Beyond the actual performance of the (preliminary) contract, we may also process your data where such processing is necessary for the purposes of the legitimate interests pursued by CONREN Land or by a third party. If this is the case, your data will be processed only if and to the extent that there are no overriding interests on your part that would outweigh the interest in such processing, in particular for the following purposes: measures for the further development of existing systems, processes and services; performing checks of European and international terrorism lists that go beyond our statutory obligations; if necessary, enhancement of our data, including by using or searching publicly available data; benchmarking; developing scoring systems or automated decision-making processes; ensuring building and plant safety (e.g. through access controls and video surveillance), beyond complying with our general duty of care; conducting internal and external investigations, safety reviews.

2.3. Processing based on your consent (Article 6(1)(a) GDPR)

For certain purposes (e.g. requesting references from previous employers or using your data for future vacancies) your personal data may also be processed on the basis of your consent. As a rule, you can withdraw your consent at any time. Information about the purposes and consequences of withdrawing or not granting consent will be provided separately in the wording of the consent form.
A withdrawal of consent generally applies only to future processing of your data and does not affect the legality of processing carried out prior to withdrawal.

2.4. Processing for compliance with a legal obligation (Art. 6(1)(c) GDPR) or in the public interest (Art. 6(1)(e) GDPR)

Like all business players, we are subject to a range of legal obligations. These are mostly statutory requirements (e.g. the German Works Constitution Act [Betriebsverfassungsgesetz – BetrVG], German Social Security Code [Sozialgesetzbuch – SGB], trade and tax laws) but also regulatory or other authority requirements (e.g. of the employers’ liability insurance association [Berufsgenossenschaft]), if applicable. The purposes of such processing may include identity and age verification, fraud and money laundering prevention (e.g. checks of European and international terrorism lists), company health management, ensuring occupational safety, compliance with monitoring and reporting obligations under tax law and archiving of data for purposes of data security and data protection as well as for purposes of audits by tax advisor and/or chartered accountant [Wirtschaftsprüfer], tax and other authorities. Personal data may also have to be disclosed in the context of authority/judicial measures to take evidence, prosecute criminal activity or enforce civil law claims.

3. Categories of data processed and their origin in the case of data not received directly from you

Where necessary for our contractual relationship with you and for the purposes of the application you submitted, we may process data lawfully obtained from other sources or other third parties. Furthermore, we process personal data we lawfully obtain, receive or purchase from public sources (e.g. commercial registers and registers of associations, registers of residents, the press, the Internet and other media) where necessary and as far as we are allowed by law to process such data.

Relevant categories of personal data may include, but are not limited to
• Address and contact details (resident registration data and similar information, e.g. email address and telephone number)
• Information about you obtained from the Internet or social media
• Video data

4. Recipients or categories of recipients of your data

Within our company, your data are shared with those internal departments or organisational units that have a need to know to fulfil our contractual or legal obligations (e.g. executives and line managers looking to recruit a new team member or involved in the decision on filling the vacancy, accounting department, if applicable the company physician, occupational safety department, if applicable employee representative body, etc.) or for processing and to pursue our legitimate interests. We only disclose your data to third parties in the following circumstances:
• In order to comply with legal obligations which require us to provide information or notifications or to share data (e.g. with fiscal authorities), or under which the sharing of data is in the public interest (cf. clause 2.4 above);
• If third-party service providers process data on our behalf as commissioned processors or function-holder (e.g. financial institutions, external data centres, travel agents or travel management companies, print shops or providers of data destruction, courier and logistics services);
• Based on legitimate interests pursued by CONREN Land or by a third party for the purposes referred to in clause 2.2 (e.g. to public authorities, credit agencies, lawyers, courts, appraisers and experts, companies and bodies forming part of the CONRENLAND Group and control bodies);
• If you have given us your consent to transfer your data to third parties.

We will never pass on your data to third parties in any other circumstances unless we specifically inform you otherwise. If we instruct service providers to undertake commissioned data processing on our behalf, your data will be protected by security standards specified by us to ensure an adequate level of protection. In all other cases, recipients may use your data only for the purposes for which they were transmitted.

5. Period for which your data will be stored

We process and store your data in principle for the duration of your application process. This also includes the pre-contract negotiation phase (pre-contractual legal relationship).
Moreover, we are subject to various retention and documentation obligations which arise, for example, under the German Commercial Code [Handelsgesetzbuch –HGB] or the German Tax Code [Abgabenordnung –AO]. These laws provide for retention and documentation periods of up to ten years beyond the end of a contractual relationship or pre-contractual legal relationship. If your application is not successful, your application documents will be returned to you in the original after six months. Electronic data we hold in this context will also be deleted after six months. If we wish to retain your data longer for future vacancies, or if you submitted your data for inclusion in our pool of applicants, your data will be deleted later; further details about this will be provided in the context of the process concerned.
If we no longer need your data t perform our contractual or legal obligations, they will usually deleted, unless further processing is necessary – for a limited time – for the purposes referred to in clause 2.2 above based on an overriding legitimate interest of CONREN Land. Such an overriding legitimate interest is deemed to exist, for example, if erasure is not possible or only possible at disproportionate expense due to the particular manner of storage. In such cases, we may retain your data and, if applicable, continue to use them to a limited extent, for such period beyond the end of our contractual relationship with you as agreed together with the purposes. In these cases, your data will generally not be erased but their processing will be restricted instead. In other words, appropriate safeguards will be taken to block the data for the normal manner of use.

6. Processing of your data in a third country or by an international organisation

Data will be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) (known as “third countries”) if it is necessary to do so for the purpose of completing an order from you or performing a contract with you, if required by law (e.g. to comply with reporting obligations under tax law), for the purposes of the legitimate interests pursued by CONREN Land or by a third party or on the basis of your consent.
Such processing of your data in a third country may also occur if service providers are engaged to perform data processing on our behalf. If the country concerned is not subject to an adequacy decision by the EU Commission finding it to provide an adequate level of protection of personal data, we will ensure by means of appropriate contracts that your rights and freedoms are adequately protected and safeguarded in accordance with EU data protection requirements.
Information about the suitable or adequate safeguards and about whether, how and where it is possible to obtain a copy for you can be requested from the company data protection officer or from the personnel department competent for you.

7. Your data protection rights

Under certain circumstances, you have the following rights towards us under data protection laws:
Every data subject has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure (“right to be forgotten”) according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability according to Art. 20 GDPR. The right of access and the right to erasure are subject to the restrictions of Secs. 34 and 35 of the German Federal Data Protection Act [Bundesdatenschutzgesetz – BDSG]. In addition, Data Subjects have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Sec. 19 BDSG).
All requests to exercise your rights should wherever possible be sent in writing to the address specified above or directly to our data protection officer.

8. Scope of your obligations to provide data

You only have to provide the data required to process your application or for a pre-contractual relationship with us, or data we are required by law to collect. Without these data, we will generally not be able to continue the recruiting and selection process. If we ask you to provide further data beyond those referred to above, we will specifically inform you that the provision of those data is voluntary.

9. Automated individual decision-making (including profiling)

We do not use decision-making processes that are based solely on automated processing pursuant to Article 22 GDPR. If we were to use any such processes in isolated cases in the future, we would specifically inform you if we are required to do so by law.

Information about your right to object pursuant to Art. 21 GDPR
  1. You have the right to object at any time to processing of your data on the basis of Art. 6(1)(f) GDPR (processing for the purposes of the legitimate interests pursued by the Controller or by a third party) or (Art. 6(1)(e) GDPR (processing for the performance of a task carried out in the public interest). However, the prerequisite for this is that there are grounds relating to your particular situation for such an objection. This also applies to profiling as defined in Art. 4(4) GDPR on the basis of this provision.If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.Of course you have the right to withdraw your application at any time.
  2. We may also process your personal data for direct marketing purposes. If you do not wish to receive marketing communications from us, you have the right to object to this at any time; this also applies to profiling related to direct marketing. We will then observe your objection with respect to all further processing.
  1. We do not plan to use your personal data for direct marketing purposes. Nevertheless, we are obliged to inform you that you have the right to object to receiving marketing communications at any time; this also applies to profiling related to direct marketing. We will then observe your objection with respect to all further processing.

Your objection may be made informally and should be directed, if possible, to the following address:

CONREN Land AG
Bockenheimer Anlage 2
D-60327 Frankfurt am Main
Telephone: +49 (69) 69766430-0
Fax:                 +49 (69) 69766430-90

Our data protection information regarding our processing of personal data pursuant to Articles (Art.) 13, 14 and 21 GDPR is subject to change from time to time. Any revisions will be published on this website. Previous versions are available upon request.