Data Protection Information Sheet_GmbH_en-de
Data protection notice for applicants

Privacy policy

Thank you for visiting our website. The protection and security of your personal information when using our website is very important to us. Therefore, we would like to take this opportunity to tell you about the personal data we collect during your visit on our website, and the purposes for which we use the data.

This data privacy notice applies for our Internet offering that is accessible under this domain and the various sub-domains (“our website”).

Objection to advertising emails

We hereby object to the use of the contact data published in the legal notice, the data protection notice and other contact data published on the website for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Who is responsible and how can I contact you?

The person responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

PEK3 GmbH
Hans-Urmiller-Ring 24
82515 Wolfratshausen

Data Protection Officer

Stephan Krischke, privacy@pek3.com

What is it about?

This data privacy notice meets the legal requirements for transparency in the processing of personal data. That means any information relating to an identified or identifiable natural person. For example, this includes information such as your name, age, address, phone number, date of birth, e-mail address, IP address or user behaviour while visiting a website. Information that we cannot relate to you personally (or only with unreasonable effort), for example, due to anonymisation, does not constitute personal data. The processing of personal data (for example, collecting, requesting, using, storing or transmitting) always requires a legal basis and a defined purpose.

Stored personal data are erased as soon as the purpose of processing has been achieved and there are no legitimate grounds for continued storage of the data. Please see the descriptions of the specific processing procedures for concrete storage durations and criteria for storage. Regardless, we store your personal data in specific cases for the establishment, exercise or defence of legal claims and to comply with statutory retention obligations.

Who receives my data?

There is no transmission of your personal data to third parties for purposes other than those identified below.

We only transfer your personal data to third parties when:

  • you have given your express consent pursuant to point(a) of Art. 6(1) GDPR,
  • dissemination is permissible pursuant to point(f) of Art. 6(1) for the purposes of the legitimate interests pursued by us and there is no reason to assume that you have a predominant legitimate interest in the non-dissemination of your data,
  • there is a legal obligation of dissemination pursuant to point(c) of Art. 6(1) GDPR, or
  • this is legally permitted and required for the performance of contractual relationships with you pursuant to point(b) of Art. 6(1) GDPR.

To protect your data and, where applicable, to enable the transmission of data by us to third countries (outside the EU/EEA), we have concluded agreements for commissioned data processing based on the standard contractual clauses of the European Commission. Insofar as the standard contractual clauses are not sufficient to establish an adequate level of security, your consent in accordance with point (a) of Art. 49(1) GDPR can serve as the legal basis for transmission to third countries. This may not apply for data transmission to third countries for which the European Commission has issued an equivalence decision according to Art. 45 GDPR.

Personal data may be transmitted to the USA in the course of the data processing procedures described in this data privacy notice. In particular, US investigative authorities may require US companies to release or disclose personal data, with no effective legal defence against this for the data subjects. Therefore, it is possible in principle for your personal data to be processed by US investigative authorities. We have no influence on these processing activities. Data transmission to the USA takes place in accordance with Art. 45(1) GDPR based on the equivalence decision of the European Commission. The participating US companies and/or their US subcontractors are certified according to the EU-US Data Privacy Framework (EU-US DPF). In cases where no equivalence decision of the European Commission exists (including US companies that are not certified according to the EU-US DPF), we have agreed on other appropriate guarantees as defined by Art. 44 ff GDPR with the recipients. Unless otherwise specified, these are standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. You can review a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. Insofar as the standard contractual clauses are not sufficient to establish an adequate level of security or a conclusion of the standard contractual clauses is not possible, your consent in accordance with point (a) of Art. 49(1) GDPR can serve as the legal basis for transmission.

Do you use cookies?

Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programmes or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. You can find detailed information on the cookies used in the cookie settings or in the Consent Manager of this website.

What rights do I have?

Under the legal provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:

  • Right to information according to Art.15 GDPR regarding stored personal data concerning you, in the form of meaningful disclosure of the details of processing and a copy of the data.
  • Right to rectification according to Art.16 GDPR, of incorrect or incomplete data stored by us.
  • Right to erasure according to Art.17 GDPR, of the data stored by us, insofar as processing is not required to exercise the right to freedom of expression and information, to meet a legal obligation, for reasons of the public interest or for the establishment, exercise or defence of legal claims.
  • Right to restriction of processing according to Art.18 GDPR, insofar as the accuracy of the data is contested, the processing is unlawful, we no longer need the personal data and you oppose their erasure because they are required by you for the establishment, exercise or defence of legal claims, or you have objected to the processing according to Art. 21 GDPR.
  • Right to data portability according to Art.20 GDPR, insofar as you have provided us with personal data based on your consent according to point (a) of Art. 6(1) GDPR or on the basis of a contract according to point (b) of Art. 6(1) GDPR, and the processing is carried out by us using automated means. You shall receive your data in a structured, commonly used and machine-readable format, or we shall transmit the data directly to another controller, where technically feasible.
  • Right to object to the processing of your personal data according to Art.21 GDPR, insofar as this is done based on point (e) or (f) of Art. 6(1) GDPR and there are grounds relating to your particular situation or the objection is to direct marketing. The right to object does not apply if we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or in case of processing for the establishment, exercise or defence of legal claims. Where the right to object does not apply for specific processing procedures, this is specified for those procedures.
  • Right to withdraw your consent with future effect according to Art.7(3).
  • Right to lodge a complaint with a supervisory authority according to Art.77 GDPR if you consider that the processing of personal data relating to you infringes the GDPR. As a rule, you can contact the supervisory authority for your usual place of abode or place of work, or our registered office.

How are my data processed in detail?

In the following, we inform you about the specific processing procedures, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage duration. There is no automated individual decision-making, including profiling.

Delivery of the website

Type and scope of processing

During access and use of our website, we collect the personal data your browser automatically sends to our servers. The following information is temporarily stored in a log file:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the accessed file
  • Website from which the access took place (referrer URL)
  • The browser being used, possibly the operating system of your computer, and the name of your access provider

Our website is not hosted by us, but by a service provider that processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis

The processing is done for the purposes of our legitimate interest to display our website and to ensure its security and stability based on point (f) of Art. 6(1) GDPR. Collecting the data and storing the data in log files is essential for the operation of the website. Due to the exception according to Art. 21(1) GDPR, there is no right to object to the processing. To the extent the continued storage of the log files is prescribed by law, the processing is based on point (c) of Art. 6(1) GDPR. There is no legal or contractual obligation to provide the data. However, accessing our website without providing the data is technically not possible.

Storage period

The aforementioned data are stored for the duration of displaying the website and, for technical reasons, beyond that for a maximum of 7 days.

Contact form

Type and scope of processing

Personal data are collected in the course of contacting us (for example, using the contact form or by e-mail). What data are collected in case of a contact form is apparent from the respective contact form. Beyond that, you may voluntarily provide additional information that is required in your view in order to respond to the contact request.

There is no dissemination of your personal data to third parties in the course of contacting us.

Purpose and legal basis

The processing of your data is for the purpose of communication and for responding to your enquiry, based on your consent according to point (a) of Art. 6(1) GDPR. Insofar as your enquiry pertains to an existing contractual relationship with us, the processing is for the purpose of contractual performance based on point (b) of Art. 6(1) GDPR. There is no legal or contractual obligation to provide the data. However, responding to your enquiry is not possible unless the information in the mandatory fields is provided. If you do not want to provide this information, please contact us by other means.

Storage period

When contact is established based on your consent, we store the collected data for each enquiry for a period of three years, beginning on the date the enquiry is completed, or until you revoke your consent.

If contact is established within the scope of a contractual relationship, we store the collected data for each enquiry for a period of three years from the end of the contractual relationship.

Contact form for applicants

Type and scope of processing

We collect and process the personal data of job applicants. Corresponding data processing in this case may also take place electronically, for example, if the applicant transmits application documents to us by e-mail or through an online form on our website. We offer you the option on our website of sending applications for posted job openings to us by e-mail.

Beyond the current application procedure, your data are only stored in an applicant database if you have given us your separate consent for this.

Purpose and legal basis

The processing of your data in connection with your application is carried out for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of Section 26 BDSG. If your application documents are passed on to third parties, in particular to companies affiliated with us, and if your data is stored beyond the current application process, your data will be processed on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information.

Storage period

In case of rejection, applicant data are erased after 6 months. If you have given your consent for the continued storage of your personal data, we include your data in our applicant pool. Then the data are erased after period of 24 months.

Presence on social media platforms

We maintain fan pages, accounts or channels in the networks mentioned below in order to also provide you with information and offers within social networks, and to provide you with additional channels for contacting us and informing yourself about our offers. In the following, we inform you about your data that we and/or the respective social network process in the context of accessing and using our fan pages/accounts.

Your data processed by us

If you want to contact us via messenger or by direct message through the respective social network, we generally process your username under which you contact us and, where applicable, store additional data disclosed by you to the extent this is necessary to process/respond to your request.

The legal basis is sentence 1, point (f) of Art. 6(1) GDPR (the processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Statistical) usage data we receive from the social networks

Via insights functionality, we receive automatically provided statistics regarding our accounts. Among other things, the statistics include the total number of page impressions, information about likes, page activities and post interactions, coverages, video access/views and information about the proportion of men/woman among our fans/followers.

The statistics only contain aggregated data that cannot be related to specific persons. You are not identifiable by us though these data.

Drawing conclusions about individual users is not possible for us by means of the transmitted statistical usage information. We only use this information to respond to the interests of our users and to continuously improve our online presence and maintain its quality.

Your data processed by the social networks

You do not need to be a member of the respective social network to view the contents of our fan pages/accounts, which means that a user account for the respective social network is not required.

However, please note that the social networks also record and store data from website visitors without a user account when the respective social network is accessed (for example, technical data so the website can be displayed to you) and that they use cookies and similar technologies, over which we have no influence whatsoever. For details, see the data privacy provisions of the respective social network (corresponding links are provided above).

If you want to interact with the contents of our fan pages/accounts, for example, to comment on, share or like our posts/contributions, and/or if you want to contact us using messenger functions, you first have to register with the respective social network and provide personal data.

We have no influence on data processing by the respective social networks in the course of your use of these networks. To the best of our knowledge, your data are stored and processed in particular in the context of providing the respective social network’s services, and for the analysis of usage behaviour (using cookies, pixel/web beacons and similar technologies), on the basis of which advertising tailored to your interests is delivered both within and outside the respective social network. Here the possibility that your data are also stored outside the EU/EEA and disseminated to third parties by the social networks cannot be excluded.

Due to the fact that the actual processing of the data is performed by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to have full access to your data. Therefore, only the provider can directly take and implement corresponding measures to fulfil your rights as a user (request for information, erasure request, objection etc.). The most effective way to assert corresponding rights is therefore directly against the respective provider.

Purpose and legal basis

We only collect your data through our profile for the purpose of offering communication and interaction with us. As a rule, the collection of data includes your name, message contents, comment contents and “public” profile information provided by you.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business management and communication interests in the course of providing an information and communication channel in accordance with point (f) of Art. 6(1) GDPR. If you as a user have given the respective provider your consent for data processing, the legal basis for processing is point (a) of Art. 6(1) and Art. 7 GDPR.

Facebook page

When you visit our Facebook page, Facebook (Meta) among other things records your IP address and other information existing on your device in the form of cookies. This information is used to provide us as the operator of the Facebook page with statistical information about the use of the Facebook page. Further information is provided by Facebook under the following link: https://facebook.com/help/pages/insights.

Drawing conclusions about individual users is not possible for us by means of the transmitted statistical usage information. We only use this information to respond to the interests of our users and to continuously improve our online presence and maintain its quality.

We only collect your data through our fan page for the purpose of offering communication and interaction with us. As a rule, the collection of data includes your name, message contents, comment contents and “public” profile information provided by you.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business management and communication interests in the course of providing an information and communication channel in accordance with point (f) of Art. 6(1) GDPR. If you as a user have given the respective provider your consent for data processing, the legal basis for processing is point (a) of Art. 6(1) and Art. 7 GDPR.

Due to the fact that the actual processing of the data is performed by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to have full access to your data. Therefore, only the provider can directly take and implement corresponding measures to fulfil your rights as a user (request for information, erasure request, objection etc.). The most effective way to assert corresponding rights is therefore directly against the respective provider.

We are jointly responsible with Facebook for the personal contents of the fan page. Data subject rights can be asserted against Meta Platforms Ireland Ltd. and against us.

According to the GDPR, the primary responsibility for the processing of insights data lies with Facebook, and Facebook meets all obligations arising from the GDPR with regard to the processing of insights data. Meta Platforms Ireland Ltd. makes the essentials of page insights supplementation available to data subjects.

We make no decisions regarding the processing of insights data and the storage duration of cookies on user devices.

More information is available directly from Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

For more information about the exact scope and purposes of processing your personal data, the storage duration/erasure and policies for the use of cookies and similar technologies within the scope of registration and use, among other things, see the Facebook data privacy policy/cookie policies:
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
https://www.facebook.com/policies/cookies

YouTube channel

When you visit our YouTube channel, Google collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the YouTube channel, with statistical information about the use of the YouTube channel.

We are jointly responsible with Google for the personal content of the channel. Data subject rights can be asserted with Google Ireland Limited and with us.

We do not make any decisions regarding the processing of personal data and the storage duration of cookies on user devices.

Further information can be found directly at Google: https://cloud.google.com/terms/data-processing-addendum

For more information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Google’s privacy policy/cookie policy: https://policies.google.com/privacy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

LinkedIn page

LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA that enables the creation of private and professional profiles by natural persons as well as business profiles. Users can maintain their existing contacts and establish new ones within the social network. Companies and other organisations can create profiles where photos and other company information are uploaded in order to present themselves as employers and to recruit employees. Other LinkedIn users have access to this information, and can write their own articles and share this content with others. The network focuses on professional exchanges about specialist topics with people who have similar professional interests.

When a user visits or uses the network, LinkedIn automatically collects data from the users or visitors during this use/visit, for example, the username, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides users with information, offers and recommendations, among other things based on the data collected in this way.

We only collect your data through our company profile for the purpose of offering communication and interaction with us. As a rule, the collection of data includes your name, message contents, comment contents and “public” profile information provided by you.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business management and communication interests in the course of providing an information and communication channel in accordance with point (f) of Art. 6(1) GDPR. If you as a user have given the respective provider your consent for data processing, the legal basis for processing is point (a) of Art. 6(1) and Art. 7 GDPR.

Due to the fact that the actual processing of the data is performed by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to have full access to your data. Therefore, only the provider can directly take and implement corresponding measures to fulfil your rights as a user (request for information, erasure request, objection etc.). The most effective way to assert corresponding rights is therefore directly against the respective provider.

We are jointly responsible with LinkedIn for the personal contents of our company profile. Data subject rights can be asserted against us and against LinkedIn Inc.

We do not make any decisions with regard to the data collected on the LinkedIn page using tracking technologies.

More information about LinkedIn is available here: https://about.linkedin.com.

For further information about data protection at LinkedIn, visit: https://www.linkedin.com/legal/privacy-policy.

For more information about the storage duration/erasure and policies for the use of cookies and similar technologies by LinkedIn within the scope of registration and use, see: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

Technology

SSL/TLS encryption

This website uses SSL/TLS encryption to ensure the security of data processing and to protect the transfer of confidential content, such as orders, login data or contact requests, that you send to us as the site operator. An encrypted connection is identified by “https://” instead of “http://” in your browser’s address bar and by the lock symbol in your browser.

When SSL/TLS encryption is active, data you transmit to us cannot be read by third parties.

AAABIT

Type and scope of processing

This site uses a cutting optimisation service. The provider is AAABIT, 7 Northumberland Street, Huddersfield, HD1 1RL, England. When you use the functions of AAABIT, session cookies and your IP address are stored. Information about your location, the language selected and the browser used is also collected in order to further improve the service. The data is not passed on.

Purpose and legal basis

AAABIT is used based on your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG).

Storage period

The concrete storage duration for the processed data is determined by AAABIT and cannot be influenced by us. See the AAABIT data privacy notice for more information: https://aaabit.com/Legal#Privacy-policies.

Borlabs

Type and scope of processing

We have integrated Borlabs on our website. Borlabs is a consent solution of Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany that is used to obtain and document consent for the storage of cookies. Borlabs uses cookies or other web technologies to identify users and to store the given or revoked consent.

Purpose and legal basis

This service is used based on the legal requirement to obtain consent for the use of cookies according to point (c) of Art. 6(1) GDPR and Section 25(2), no. (2) of the Telecommunications and Telemedia Data Protection Act (TDDDG).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Borlabs GmbH. Further information can be found in the privacy policy for Borlabs: https://de.borlabs.io/datenschutz/.

Google Fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a service to provide fonts for our online offering. In order to obtain these fonts, you establish a connection to the servers of Google Ireland Limited and your IP address is transmitted in the process.

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage duration

The concrete storage duration for the processed data is determined by Google Ireland Limited and cannot be influenced by us. Further information is found in the Google Fonts data privacy statement: https://policies.google.com/privacy.

Google Maps

Type and scope of processing

We use the map service Google Maps to create directions. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website.

When you access this content on our website, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google Maps.

Purpose and legal basis

The use of Google Maps is based on your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG).

Storage duration

The concrete storage duration for the processed data is determined by Google Ireland Limited and cannot be influenced by us. For more information, see the data privacy notice for Google Maps: https://policies.google.com/privacy.

Matomo

Type and scope of processing

We use the open-source software tool Matomo (formerly PIWIK) on our website. When individual pages on our website are accessed, the following data are stored:

  • Two bytes of the IP address of the user’s accessing system (anonymised IP address)
  • The website that is accessed
  • The website from which the user accessed our website (referrer URL)
  • The pages of our website that are accessed
  • The dwell time on our website
  • The frequency of accessing our website

The software runs exclusively on the servers of our website. Your personal data are only stored there. There is no dissemination of the data to third parties.

Purpose and legal basis

We process your data with the help of the analysis software Matomo for the purpose of evaluating the use of individual components and contents of our website and to improve our offering. This constitutes a legitimate interest according to point (f) of Art. 6(1) GDPR and Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG). The use of Matomo is also based on your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG).

Storage duration

The concrete storage duration is 12 months.

November 2025

Start typing and press enter to search

Scroll to Top

Search