CHG-MERIDIAN AG, represented by the chairman of the board of management, Dr. Mathias Wagner, is the provider of, and therefore responsible for, the commercial and business related online offering.
This data protection declaration (Version: GDPR 1.0 from 11.05.2018) was produced by:
Deutsche Datenschutzkanzlei Datenschutz-Office Munich – www.deutsche-datenschutzkanzlei.de
We, CHG-MERIDIAN AG, are responsible for this online offering and, as the provider of a teleservice, must inform you at the beginning of your visit to our online offering, about the type, scope and purpose of the collection and use of personal data in a precise, transparent, understandable and easily accessible way in clear and simple language. The contents of the information must be retrievable for you at all times. We are therefore obliged to inform you about which personal data will be collected or used. Any information relating to an identified or identifiable natural person is described as personal data.
We place great value on the security of your data and compliance with the data protection regulations. The collection, processing and use of personal data is subject to the regulations of the European and national laws currently in force
We would like to show you in the following data protection declaration how we handle your personal data and how you can make contact with us:
Telephone: +49 751 503-0
Fax: +49 751 503-66
Chairman of the supervisory board: Jürgen Mossakowski
Chairman of the board: Dr. Mathias Wagner
Board: Frank Kottmann, Joachim Schulz, Oliver Schorer
Registry court: Ulm HRB 551857
Tax office: Weingarten
Sales tax identification number: DE 146349520
Court of jurisdiction: Ravensburg
Applicable law: Law of the Federal Republic of Germany (BRD)
Our data protection officer
If you have questions, you can contact our data protection officer as follows:
Frank Schreiber, E-Mail: firstname.lastname@example.org
For the sake of easier reading, no gender-specific distinction is made in our data protection declaration. The terms used apply, in the context of equal treatment, to both genders.
The meaning of the terminology used, for example ‘personal data’ or its ‘processing’ can be taken from Article 4 of the EU-General Data Protection Regulation (GDPR).
The users’ personal data processed in the context of this online offering, includes inventory data (e.g. client’s name and address), contract data (e.g. services used, name of person responsible, payment information), usage data (e.g. Websites of our online offering visited, interest in our products) and content data (e.g. input into the contact form).
‘User’ includes all categories of persons affected by the data processing. These include, for example, our business partners, customers, interested parties and other visitors to our online offering.
Data protection declaration
We guarantee that we only collect, process, store and use your incoming data in connection with the processing of your request, as well as for internal purposes and providing the services that you have requested or to make content available.
Basis of data processing
We process the user’s personal data only in compliance with the relevant data protection regulations. The user’s data are only processed when the following statutory permission exists:
We would like to show you where the main legal grounds are regulated in the GDPR:
Consent - Art. 6 para. 1 lit. a. and Art. 7 GDPR
Processing to deliver our contractual performance and carrying out contractual measures - Art. 6 para. 1 lit. b. GDPR
Processing to fulfil our legal obligations - Art. 6 para. 1 lit. c. GDPR
Processing to safeguard our legitimate interests - Art. 6 para. 1 lit. f. GDPR
Data transfer to third parties
Data is only passed to third parties within the framework of the legal provisions. We only pass user’s data to third parties when this is, for example, necessary for contractual purposes or based on our legitimate interest in the economic and the effective operation of our business.
In the event that we use subcontractors to provide our services, we make suitable legal arrangements as well as appropriate technical and organizational measures, to provide protection for personal data in accordance with the relevant legal provisions.
Data transfers to third countries or an international organization
Third countries are countries in which the GDPR is not a directly applicable law. This basically includes all countries outside the EU, respectively, the European Economic Area.
A transfer of data to a third country or an international organization takes place. Hereby the EU commission’s decision on adequacy is taken into account. This says that a secure third country or a secure international organization in concerned, which offers an adequate level of protection.
Length of storage of your personal data
We adhere to the principles of data economy and data avoidance. This means the data made available to us is only retained as long as it is needed to fulfil the previously named purposes or as laid down by the manifold storage periods provided for by the legislator. If the relevant purpose no longer exists, respectively after expiry of the appropriate period, your data is routinely blocked, respectively erased, in accordance with the statutory provisions
We have developed a company-internal concept to guarantee this procedure.
If you make contact with us by email or through the contact form, you consent to electronic communication. Personal data will be collected in the context of contacting us. Which data is collected in the case of a contact form, can be seen on the respective contact form. Your data are transmitted with SSL encryption. The statements which you make will be stored exclusively for the purpose of processing your inquiry and for possible follow-up questions.
We would like to tell you the legal grounds:
Processing to fulfil our performance and carry out contractual measures - Art. 6 para. 1 lit. b. GDPR
Processing to safeguard our legitimate interests - Art. 6 para. 1 lit. f. GDPR
We would like to advise you that emails can be read or changed, unnoticed and without authorization, during transmission. We would also like to bring to your attention that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if they are wrongly identified as spam due to the presence of certain characteristics.
What rights do you have?
The state representative for data protection and freedom of information, Baden-Württemberg
Postal address: Postfach 10 29 32, D-70025 Stuttgart
Building address: Königstraße 10a, D-70173 Stuttgart
Telephone +49 711 615541–0
Fax: +49 711 615541–15
You can open the complaint form through the following link:
Protection of your personal data
We take state of the art contractual, organizational and technical security measures to ensure compliance with the provisions of the data protection laws and therefore, to protect the data which we process against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.
In particular, our security measures include the encrypted transfer of data between your browser and our server. 256-bit-SSL (AES 256) encryption technology is used for this. This includes our IP address.
Thereby your personal data is protected in the context of the following points (extract):
The security measures employed are continually improved in accordance with technical development. Despite these precautions, because of the insecure nature of the internet, we are unable to guarantee the security of your data transfers to our online offering. For this reason, all data transfers from you to our online offering are made at your own risk.
Protection of minors
Persons who are under 16, are not allowed to provide us with their personal information without the express consent of the person having parental responsibility, unless they have reached the age of 16 or are older. These data will be processed in accordance with our data protection declaration.
Our internet offering uses: Browser cookies
Control of cookies by the user
Browser cookies: All browsers can be set so that cookies are only accepted upon request. Also, per set-up, cookies can only be accepted for sites which are currently being visited. All browsers offer functions which make the selective deletion of cookies possible. The acceptance of cookies can also be deactivated generally, however in that case, limitations in the online offering’s user friendliness must be accepted.
Lifespan of the cookies employed
Cookies are managed by our internet offer’s website. The internet offering uses
Transient cookies/Session cookies (single use)
Life spam: Until the online offer is closed
Deactivate or remove cookies (Opt-Out)
Every browser offers the option of limiting or deleting cookies. Further information about this can be obtained from the following websites:
Use of etracker
We use the services of etracker GmbH from Hamburg, Germany (www.etracker.com) on this website, to analyze usage data. For this, cookies are used to make a statistical analysis of the visitors’ use of this website possible and to display use-related content and advertising. Cookies are small text files which are stored on the user’s end device by the internet browser. etracker cookies do not contain any information which would allow a user to be identified.
The data produced by etracker is processed and stored exclusively by etracker in Germany, by order of the provider of this website, and is subject to the strict German and European data protection legislation and standards. In this context, etracker has been independently tested, certified and awarded the data protection ePrivacyseal seal of quality.
The data processing is carried out on the basis of ‘legitimate interest’ according to the EU General Data Protection Regulation. Our legitimate interest is the optimization of our online offering and our web presence.
Processing to safeguard our legitimate interests - Art. 6 para. 1 lit. f. GDPR
Because our visitors’ privacy is very important to us, the IP addresses will be anonymized by etracker as soon as possible and the registration- or device identification transformed by etracker into a key which is unique but not assigned to a person. etracker does use data in other ways, combine it with other data or transmit it to third parties.
You can object to the data processing described above at any time, to the extent that it takes place with personal data. Your objection has no negative consequences for you.
Further information on data protection with etracker can be found here.
Use of METIS web beacons
We use web beacon technology from VG Wort (METIS System). Web beacons are considered harmless in data protection legislation. The METIS web beacons are used to track the number of visitor numbers to various subpages of our website.
Use of Google Maps
We use Google Maps for the presentation of maps and the creation of route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this online offer, you consent to the collection, processing and use of the automatically collected data as well as the data which you input yourself (including the IP address) by Google, one of its representatives or a third-party provider. The conditions of use for Google Maps can be found under the following link:
Comprehensive details about transparency and choices, as well as the data protection regulations, can be found in the data protection center of google.de: https://www.google.de/intl/de/policies/privacy/?fg=1
Use of YouTube
Functions of the YouTube service are integrated into our website for displaying and playing videos. This function is offered by YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA. Further information can be found in YouTube’s data protection guidelines.
An extended data protection mode is used for this which, according to the provider, only begins to record user information when the video playback is started.
Use of Vimeo Plugins
We use plugins from Vimeo.com. The operator is Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA (“Vimeo”).
When you call up such a plugin, a connection is made to the Vimeo servers and the plugin is displayed on the internet page through a message to your browser. This tells the Vimeo server which internet pages you have visited. If you are logged in as a Vimeo member, Vimeo relates this information to the platform’s respective user account. By using these plugins, for example by clicking the start button for a video or sending a comment, the information is related to the e.g. Vimeo user account, which you can only prevent by logging out before using the plugin.
Information about the collection and use of data by the above-named platform, respectively plugins, can be found in the data protection note: http://vimeo.com/privacy
Use of the Xing-Share-Button
We use the “XING Share-Button”. By calling up our online offering, a short-term connection to the XING AG (“XING”) servers is made over your browser, with which the “XING Share-Button” functions (especially calculation/display of meter readings) are produced. XING does not store any personal data about you from calling up this offering. In particular, XING does not store IP addresses. In addition, no evaluation of user behavior is made through cookies in connection with the “XING Share-Button” .
The current data protection information about the “XING Share-Button” and complementary information, can be found under the following link: https://www.xing.com/app/share?op=data_protection
Use of LinkedIn Plugins
We use social plugins from the social network LinkedIn. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). The LinkedIn plugins can be recognized by the LinkedIn logo or the “Share-Button” (“recommend”) on our online offering.
When you visit our online offering, the plugin makes a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our online offer with your IP address. If you click the LinkedIn “Share-Button” while you are logged into your LinkedIn account, you can link the contents of our online offering to your LinkedIn profile. Thereby, LinkedIn can associate your visit to this online offer with your user account.
The purpose and scope of the data collection and its further processing and use by Pinterest, as well as your rights in this connection and settings options for the protection of privacy, can be found in LinkedIn’s data protection notes: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Amendments to our data protection policy
We reserve the right to adapt our data protection declaration occasionally, so that it always meets the current legal requirements or to implement changes in our services in the data protection declaration. This could apply e.g. to the introduction of new services. The new data protection declaration would then apply to your return visit.
Each firm or trade mark named here is the property of the respective firm. The naming of brands and names is purely for informative purposes.
The following applies to users who are residents of the Russian Federation:
The services of our online offer listed above, are not intended for citizens of the Russian Federation who are resident in Russia.
If you are a Russian citizen resident in Russia, you are expressly informed that all personal data that you make available to us over our internet offering, is exclusively at your own risk and on your own responsibility. You further agree that you will not hold us responsible for a possible breach of Russian Federation law.
The CHG-MERIDIAN AG (CHG) is committed to process personal data responsibly and in compliance with the applicable data protection laws in all countries in which the company operates.
This European Union (“EU”) Customer/Vendor Data Protection Notice (the “Notice”) describes the types of personal data CHG collects, how CHG uses that personal data, with whom the CHG shares your personal data, and the rights you, as a data subject, have regarding the CHG`s use of the personal data. This notice also describes the measures CHG takes to protect the security of the data and how you can contact us about our data protection practices.
The CHG-entities responsible for the collection and use of your personal data (the Data Controllers) in your home country for the purposes described in this notice are:
Contact information can be found here.
A Data Protection Officer (“DPO”) is designated. The DPO is involved in all issues related to the protection of your personal data. In particular, the DPO is in charge of monitoring and ensuring compliance with this notice and the applicable data protection laws. They will also provide advice on data protection matters upon request.
For any clarification or additional information you may need in order to fully understand this Notice, please contact:
CHG processes personal data in accordance with applicable data protection laws and regulations and only for limited, explicit and legitimate purposes. CHG will not use personal data for any purpose that is incompatible with the original purpose for which it was collected unless you provide your prior explicit consent for further use.
Personal data relating to customers/vendors may be processed for the purposes of:
CHG ensures that our internal governance procedures clearly specify the reasons behind decisions to use personal data for alternative processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.
The provision of personal data is a requirement necessary to enter into a contract with CHG or a requirement by law or regulation for the CHG to administer your customer/vendor relationship. The personal data processed is limited to the data necessary for carrying out the purpose for which such personal data is collected.
Personal data processed includes the following:
CHG will not collect personal data if such collection is prohibited under the applicable data protection laws.
In no case will personal data revealing religious beliefs, racial or ethnic origin, political opinions, philosophical beliefs, trade union membership or concerning sex life be processed in the customer/vendor context.
CHG will maintain personal data in a manner that ensures it is accurate, complete and up-to-date.
CHG has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the data subject, costs of implementation, and the nature, scope, context and purposes for data processing.
The measures include
(i) encryption of personal data where applicable/appropriate;
(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
CHG will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the function for which such access is granted.
Authorization to access personal data will always be linked to the function so that no authorization will be extended to access personal data on a personal basis. Service providers will only receive personal data according to the purposes of the service agreement with the Company.
International data transfers refer to transfers of personal data outside of the European Economic Area (“EEA”). The international footprint of CHG involves the transfer of personal data to and from other group companies or third parties, which may be located outside the EEA. CHG will ensure that when personal data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the personal data are implemented to secure such data transfers in compliance with applicable data protection laws. CHG has implemented Data Transfer agreements based on EU model clauses to cover international data transfers and a copy of these agreements can be obtained by contacting the DPO.
CHG will not retain your Personal data for longer than is allowed under the applicable data protection laws and regulations or for longer that is justified for the purposes for which it was originally collected or otherwise processed, subject to applicable local retention requirements.
Under applicable data protection laws, you will benefit from the following rights:
This notice may be revised and amended from time to time and appropriate notice about any amendments will be given.
CHG is allowed to adapt the text of this notice only in order to be compliant with local legislation by means of an addendum attached to this notice. In case of any discrepancies between this notice and a specific local addendum made in accordance with local law, the terms of the latter will prevail.
Dear applicant we are pleased that you are interested in the CHG-MERIDIAN and applied for a job in our company. Subsequently we want to inform you about the processing of personal data in connection with your application.
Please read the information and regulations listed below carefully before transmitting your data to us.
Who is in charge of data processing
Franz-Beer Straße 111
Telephone +49 751 5030
Fax +49 751 50366
You will find further information regarding our company, details on the authorized representatives and moreover further contact opportunities in our imprint on our website: https://www.chg-meridian.com/de/tools/imprint-data-protection.html
Which data is processed by us? And for what reason?
We process the data, which was sent to us with your application, in order to examine your suitability for the position and execute the application procedure.
What´s the legal basis for that ?
The legal basis for processing your personal data in this application procedure primarily is section 26 BDSG-neu (Germany), article 6 (1) lit. b) GDPR . As set out there, the processing of that data is permitted, which is necessary in connection with the decision of an explanation of an employment.
If data, e.g. to enforce rights, should be necessary after the termination of the application procedure, data processing based on the requirements of article 6 GDPR, especially for the percipience of justified interest stated in article 6 (1) GDPR will take place. We are interested in claiming or defending demands.
How long will the data be stored?
The data of applicants will be, in case of a letter of refusal, deleted after 6 months.
If you received a confirmation for a spot in our company within our application procedure, your data will be transmitted from our applicant-data-system into our Human resource management system.
To which recipients will data be transmitted.
For our application procedure we use a specialized Software provider. The provider operates as a service provider and it is possible that in connection with maintenance of the systems they receive knowledge of your personal data. We concluded a so called contract data processing with the provider, which secures the valid usage of the data.
Your application data will be sighted by the HR-Department after its entry. Suitable applications will be transferred to the responsible people, regarding the respective vacant spot, internally. Following that the further process will be decided. Inside the company only people have access to your data, to whom it is necessary to ensure a proper procedure of the applicant procedure.
Where will the data be processed?
The data will exclusively be processed in computer centers in Germany.
Your rights as an affected.
You have the right-get information about your personal data processed by us
Should an information inquiry not be made in writing, please understand that we will require, if necessary, proof that verifies that you are the person you are impersonating.
Furthermore you have the right of correction, deletion or restriction of spreading as far as you are legally allowed.
Furthermore have the right of objection regarding the spreading within the frame of the legal requirements.
The revocation has to be sent to the responsible, Frank Schreiber by mail or E-mail at email@example.com
Our Data Protection officer
We have named a Data protection officer in our company. You are able to contact him as following.
Right of appeal
You have the right to complain at the responsible supervisory authority for data protection about personal data being processed.
By ticking the check-box you give your express consent for CHG-MERIDIAN AG to collect, process and use the data you sent to us, in compliance with section 26 BDSG-neu (Germany), article 6 (1) lit. b), and for the purpose of processing applications. Your data will only be shared if you give your consent by ticking the check-box.
About sensitive data: We expressly point out that applications, especially CVs, credentials and any other information you send to us, may contain especially sensitive details on mental and physical health, racial and ethnic background, political opinions, religious and philosophical convictions, memberships in unions and political parties, and sexual life. When you share such information with us in your online application, you expressly agree to permit CHG-MERIDIAN AG to collect, process and use these details for the purpose of processing applications. The processing of such data takes place in compliance with the data protection agreement and any other relevant legislation.
Contact point/Data protection manager
If you have any questions with regard to data protection or would like to exercise you right to information or withdrawal of consent, please contact (firstname.lastname@example.org).
Amendments to this privacy statement
CHG-MERIDIAN AG reserves the right to amend this privacy statement at any time. We furthermore draw your attention to the general data protection provisions for our websites .
Name and contact details of the data controller
Tel: +49 (0)751 5030
Contact details of the data protection officer
Tel: +49 (0)751 503 246
Purpose and legal basis of data processing
Article 6(1) (f) GDPR in conjunction with section 4 FDPA (new)
Enhancing the sense of security
Prevention of vandalism
Prevention of theft
Duration of storage
Data collected is stored for seven days
Recipients of data and categories of recipients (if data collection takes place)
No transmission of data to non-EU countries or international organizations is intended.
Notice regarding the rights of data subjects
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. Where that is the case, the data subject has the right of access to personal data concerning him or her, and to the information listed in Article 15 GDPR.
The data subject has the right to request that the controller rectify any incorrect personal data or complete any incomplete personal data (Article 16 GDPR).
The data subject has the right to request that the controller erase personal data concerning him or her without undue delay, provided that the reason given is listed in Article 17 GDPR, e.g. the personal data is no longer required in relation to the purposes for which it was collected or otherwise processed (right to erasure).
The data subject has the right to request that the controller restrict processing if one of the conditions listed in Article 18 GDPR applies (for example, the accuracy of the personal data is contested by the data subject), for a period enabling the controller to verify its accuracy.
The data subject has the right to object to the processing of personal data concerning him or her at any time on grounds relating to his or her particular situation. The controller may then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims (Article 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory body if the data subject considers that the processing of personal data concerning him or her infringes the GDPR (Article 77 GDPR). The data subject may lodge the complaint with any supervisory body in the Member State of his or her habitual residence, place of work, or place of the alleged infringement. In Baden-Württemberg, the supervisory authority is the State Representative for Data Protection and Freedom of Information for Baden-Württemberg.
The postal address is Postfach 10 29 32, 70025 Stuttgart, Germany.
Please use the street address for parcels: Königstrasse 10a, 70173 Stuttgart, Germany.