Privacy Policy

milch & zucker AG Data Privacy Policy

Thank you for visiting the website of milk & sugar · Talent Acquisition & Talent Management Company AG (hereinafter “milch & zucker AG”). The protection of your privacy and your personal data as well as compliance with the General Data Protection Regulation (hereinafter “GDPR”) and local data protection rules and regulations are a top priority for us!

The following Privacy Policy is intended to inform you in detail of the type, scope and purpose of the processing of personal data on the websites milchundzucker.de (.com) and hr-marketing.com.

Furthermore, it is intended to comprehensively inform data subjects of their rights.

On the milchundzucker.de website you have the option to go to karriere.milchundzucker.de website. This site has its own privacy policy, which is accessible there.

Notice: 
Please note that this Privacy Policy may be amended from time to time. Potential amendments will be posted here. You can use this page at any time to obtain information in this regard.

1. Definitions

This Privacy Policy uses terms used by the European Regulatory Authority when adopting the GDPR.

In order to make the Privacy Policy easy to read and understand for all visitors* of our website, we would like to first provide the definitions of terms used.

Most of the terms are listed in Article 4 GDPR and defined as follows:

a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
A data subject means any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or erasure of personal data.

d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling
Profiling means any form of automated processing of personal data consisting of using those personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.

f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separate and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable natural person.

g) Controller
Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor
Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others, determines the purposes and means of the processing of personal data.

i) Recipient
Recipient means a natural or legal person, public authority, agency or any other body to whom the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party
Third means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

k) Consent
Consent means any freely given, specific, informed and unambiguous indication of his/her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to the processing of the personal data relating to him/her.

Who is responsible for data processing (controller)?

milch & zucker · Talent Acquisition & Talent Management Company AG
Friedrich-List-Straße 23
35398 Gießen, Germany

Executive Board:
Ingolf Teetz, Kai Pawlik, David Rosenberg

Tel.: 
49 (0) 641 30020 500

Fax: 
49 (0) 641 30020 565

E-mail:   
info@milchundzucker.de

Website: 
https://www.milchundzucker.de (.com)

3. Contact information of the data protection officer

If you believe that we do not comply with the provisions of this privacy policy or data protection laws and regulations, please contact our data protection officer at:

milch & zucker · Talent Acquisition & Talent Management Company AG
Friedrich-List-Straße 23
35398 Gießen, Germany

Tel.: 
+49 (0) 641 30020 500

Fax: 
+49 (0) 641 30020 565

E-mail:   
datenschutz@milchundzucker.de

4. Which data is processed?

a) milchundzucker.de (.com)
With every access to our website milchundzucker.de (.com) and every retrieval of content stored on this website, certain information about this process is saved to a log file. This information includes:

i IP adress
i Date and time of access
i Accessed page/name of retrieved file
i Transferred data volume
i Report if the access/retrieval was successful.

Users can contact the person responsible for the processing of data with milch & zucker AG via the above-mentioned website. In this context, the following data is also processed automatically:
 

i The user’s e-mail address
i Other information of the user transmitted to us through e-mail communication.

Such personal data transmitted by a data subject to the controller are forwarded to the relevant staff for the sole purpose of processing a request or contacting the data subject. At no time will such personal data be disclosed to third parties.

b) hr-marketing.com
milch & zucker AG offers users the possibility to leave comments on individual blog posts. A blog is a web-based, usually publicly accessible portal, in which one or more people can post articles or write down their thoughts in so-called blog posts. Blog posts can usually be commented on by third parties. Before a comment is published, it is reviewed by the editorial team.

In the context of the hr-marketing.com blog operated by milch & zucker AG, the following data is stored:

i Comments
i E-mail address
i Name

5. Who uses the processed personal data and to whom are they disclosed?

We process your personal data in accordance with the provisions of the European GDPR and the revised version of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG, new).

We do not disclose your personal data to third parties for contract processing or to any other third parties, unless you have consented to the transfer of your data or unless we are obliged by law and/or official or judicial order to disclose the data.

The personal data are processed in the Federal Republic of Germany only. Data transfers to third countries are currently not planned. Should such a data transfer become necessary in the future, this will be done exclusively in accordance with the provisions of the GDPR.

6. What are the purposes and the legal basis of our processing of your personal data?

a) milchundzucker.de (.com)
The following table provides an overview of which of your personal data we use on the milchundzucker.de (.com) website and on the legal basis and purposes of their use and processing:

Data categories Purpose of data processing/ Legitimate interest Legal basis of data processing
IP adresse,

Time and date of access,

Name of the accessed document,

Browser types and versions used

Prevention of/defence against cyber-attacks (to provide law enforcement authorities with information necessary for prosecution in case of a cyber-attack)

(Safer) operation of the website and to ensure the security of the data of data subjects/applicants

Legitimate interest in processing in accordance with Art. 6 (1) lit. f GDPR

E-mail adress,

Other information that you provide in the context of e-mail communication

Communication/swift contact for users

Swift response to user request/processing of the request

Legitimate interest in processing in accordance with Art. 6 (1) lit. f GDPR

Notice:
The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

milch & zucker AG does not process personal data for marketing purposes, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR.

b) hr-marketing.com
The following table provides an overview of which of your personal data we use on hr-marketing.com website and on the legal basis and purposes of their use and processing:

Data categories Purpose of data processing/ Legitimate interest Legal basis of data processing
IP adress,

Time and date of access,

Name of the accessed document,

Browser types and versions used

Prevention of/defence against cyber-attacks (to provide law enforcement authorities with information necessary for prosecution in case of a cyber-attack)

(Safer) operation of the website and to ensure the security of the data of data subjects/applicants 

Security interest: Possibility of establishing the author’s identity in case of unlawful comments (insults, prohibited propaganda, etc.) and exculpation of the person responsible

Legitimate interest in processing in accordance with Art. 6 (1) lit. f GDPR

Comments,

E-mail adresse,

Name/user name

Veröffentlichung des Hinweises bzw. Kommentars des Bloggers 

Sicherheitsinteresse: Möglichkeit der Feststellung der Verfasseridentität für den Fall widerrechtlicher Kommentare (Beleidigungen, verbotene Propaganda uä) und Exkulpation des Verantwortlichen

Legitimate interest in processing in accordance with Art. 6 (1) lit. f GDPR

milch & zucker AG does not process personal data for marketing purposes, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR.

7. How long will the data be retained?

a) milchundzucker.de (.com)

Data categories Duration of retention
IP-adress,

Time and date of access,

Name of the accessed document,

Browser types and versions used

Maximum of 4 months

The log files are overwritten after 4 weeks. In the backup, the data is kept for a maximum of another three months.

E-mail address,

Other information that you provide in the context of e-mail correspondence

Incoming e-mails are archived for 10 years in an audit-proof manner

Data whose further retention is necessary for evidentiary purposes are excluded from the deletion until the final clarification of the relevant incident.

b) hr-marketing.com

Data categories Duration of retention
IP address,

Time and date of access,

Name of the accessed document,

Browser types and versions used

Maximum of 4 months

The log files are overwritten after 4 weeks. In the backup, the data is kept for a maximum of another three months.

Comments,

E-mail address,

Name

Comments left on the hr-marketing.com website are stored indefinitely. The user can at any time initiate a deletion the provided data by contacting the responsible person.

Data whose further retention is necessary for evidentiary purposes are excluded from the deletion until the final clarification of the relevant incident.

8. How do we ensure legal security with regard to the handling of your personal data?

In order to ensure the most seamless protection of personal data processed via the milchundzucker.de and hr-marketing.com websites, milch & zucker AG has taken numerous technical and organizational measures to protect your personal data from loss and misuse. Nevertheless, security gaps cannot be ruled out in the case of Internet-based data transmissions, and complete protection of the data against third-party access cannot be guaranteed.

9. Rights of the data subject

a) Right to confirmation
Each data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him/her are being processed. If a data subject wishes to exercise this right, he/she may at any time contact our data protection officer or another employee of the controller.

b) Right to obtain information about

i the purposes of the processing
i the categories of personal data being processed
i the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
i where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine this period
i the existence of the right to request from the controller rectification or erasure of personal data or restriction of the processing of personal data concerning the data subject or to object to such processing by the controller
i the right to lodge a complaint to a supervisory authority
i where the personal data are not collected from the data subject, any available information as to their source
i where applicable, the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) of the GDPR and—at least in these cases—meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

Each data subject also has the right to request information about the personal data stored by the controller at any time and free of charge, and to be given a copy of this information. In addition, the controller has to provide the following information in particular:

Where personal data are transmitted to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR, which shall be suitable for ensuring an adequate level of protection.

If a data subject wishes to exercise this right, he/she may contact our data protection officer or another member of the data controller at any time.
 

c) Right to rectification
Each data subject has the right to obtain from the controller without undue delay the rectification of personal data concerning him/her which are inaccurate. Furthermore, having regard to the purposes for which data were processed, the data subject has the right to obtain completion of incomplete personal data, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right, he/she may contact our data protection officer or another member of the data controller at any time.

d) Right to erasure (right to be forgotten)
Each data subject has the right to obtain from the controller the erasure of personal data concerning him/her without undue delay if one of the following grounds applies and processing is not necessary:

i The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
i The data subject withdraws the consent on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and there is no other legal ground for the processing of the data.
i The data subject objects to the processing of personal data pursuant to Art. 21 (1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing of personal data pursuant to Art. 21 (2) GDPR.
i The personal data have been unlawfully processed.
i The data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
i The data have been collected in relation to the offering of information society services referred to in Art. 8 (1) GDPR.

If any of the above grounds apply and erasure of personal data stored by milch & zucker AG is desired, the data subject may at any time contact our data protection officer or another employee of the data controller.

If milch & zucker AG has made the personal data public and if our company as the controller of the data is responsible for erasing the data pursuant to Art. 17 (1) GDPR, it takes appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform the processors who processes the published personal data that a data subject has requested the deletion of all links to such personal data or of copies or replications thereof.

e) Right to restriction of processing
Any data subject affected by the processing of personal data has the right to obtain from the controller the restriction of the processing of data where:

i the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
i the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead,
i the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise of or defence against legal claims,
i The data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

In order to restrict processing, the data subject may, at any time, contact our data protection officer or another employee of the controller.

f) Right to data portability
The data subject has the right to receive the personal data concerning him/her, which he/she has provided to a controller, in a structured and commonly used machine-readable format. The data subject also had the right to transmit those data to another controller without hindrance from the controller to which the data have been provided, where

i the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR;
i the processing is carried out by automated means and
i the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.

In exercising their right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to request that the personal data be transmitted directly from one controller to another, insofar as this is technically feasible and does not affect the rights and freedoms of others.

In order to exercise this right, the data subject may, at any time, contact our data protection officer or another employee of the controller.

g) Right to object
The data subject has the right to object, on grounds relating to his/her particular situation, at any time to the processing of personal data concerning him/her, which is based on Article 6 (1) (e) or (f) GDPR. This also includes profiling based on these provisions.

Milch & zucker will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise of or defence against legal claims.

milch & zucker AG does not process personal data for direct marketing purposes. Such processing is also not intended.
Where personal data will be processed by milch & zucker for direct marketing purposes in the future, the data subject has the right to object at any time to the processing of personal data concerning him/her for such marketing. This also includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

In order to exercise this right to object, the data subject may, at any time, contact our data protection officer or another employee of the controller. Furthermore, in accordance with Art. 21 (5) GDPR, the data subject can exercise his/her right of objection by means of automated procedures which use technical specifications.

Further information on your right to object are provided at the end of this Privacy Notice under “Your to right object pursuant to Art. 21 General Data Protection Regulation (GDPR)“.

h) Automated decision-making in individual cases including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.

This right does not apply if the decision

i is necessary for entering into or the performance of a contract between the data subject and a data controller, or
i is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
i is based on the data subject’s explicit consent.

If the decision to conclude or perform a contract between the data subject and the controller is required or made with the express consent of the data subject, milch & zucker AG will take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject which includes, at least, the right to obtain human intervention on the part of the controller, to express one’s own position and to contest the decision.

In order to exercise this right, the data subject may, at any time, contact our data protection officer or another employee of the controller.

i) Right to withdraw consent
Any person affected by the processing of personal data (data subject) has the right to withdraw his/her consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Data subjects wishing to assert their right to withdraw consent may contact our data protection officer or another employee of the controller at any time.

The declaration of withdrawal and other requests should be sent to:

milch & zucker · Talent Acquisition & Talent Management Company AG
Friedrich-List-Straße 23
35398 Gießen, Germany

Tel.: +49 (0) 641 30020 500

Fax: +49 (0) 641 30020 565

E-mail: datenschutz@milchundzucker.de

j) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence, place of work or place of alleged infringement, if the data subject considers that the processing of personal data relating to him/her does not comply with the GDPR.

The supervisory authority with which the complaint has been lodged will then inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

10. Cookies

The milchundzucker.de (.com) and hr-marketing.com websites use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser and which allow an analysis of the use of the website by you. Cookies and other technologies allow us to gather more information, which help us make our website even more user-friendly. This information is not related to personally identifiable information but stored anonymously.

The websites indicated use Matomo (formerly Piwik), an open-source software used for statistical analysis of visitor access. We do not use cookies for simple web analytics. Without using cookies, only a so-called digital fingerprint is saved. This is changed every 24 hours.

The software runs only on the servers of our milch & zucker website. This data is only processed on those servers. Data will not be passed on to third parties. The software is set so that complete IP addresses are not saved. Instead, the last byte of the IP address is masked (ex.: 192.168.134.xxx). This makes it impossible to associate the abbreviated IP address to the accessing computer.

We also use the function cookies “_icl_current_language” and sclb_compliance_cookie (please see the table below for details).

The legal basis for the use of the aforementioned cookies is a legitimate interest in accordance with. Art. 6 (1) lit. f GDPR, namely the pursuit of our business purposes (data protection-compliant, needs-based/user-friendly design) of the website. A detailed list can be found under a) and b) in section 10.

The information generated by the cookie about the use of this website is stored on a server of milch & zucker AG in Germany. The IP address is anonymized immediately after processing and prior to its storage.

You as the data subject can decline the setting of cookies by our website at any time through dedicated settings in your browser software and thereby also permanently object to the setting of cookies. Furthermore, previously set cookies can be deleted via an Internet browser or other software programs. This is possible in all commonly available Internet browsers.

We would like to point out, however, that if you do this, you may not be able to use all the features of our website to the full extent.

a) milchundzucker.de (.com)

COOKIE Intended purpose/ Legitimate interest Legal basis Valid
sclb_compliance_cookie

This cookie records that the user has been made aware of the use of cookies/data privacy-compliant design.

Art. 6 (1) lit. f GDPR

2 weeks
_pk_id 

_pk_ref 

_pk_ses 

Web analytics using Matomo for user behavior and needs-based website design.

Art. 6 (1) lit. f GDPR 24 hours

b) hr-marketing.com

COOKIE Intended purpose/ Legitimate interest Legal basis Valid
sclb_compliance_cookie

This cookie records that the user has been made aware of the use of cookies/data privacy-compliant design

Art. 6 (1) lit. f GDPR

2 weeks
_icl_current_language This cookie stores the currently used language version/user-friendly design Art. 6 (1) lit. f GDPR

24 hours
 _pk_id  

_pk_ref  

_pk_ses   

Web analytics using Matomo for user behavior and needs-based website design. Art. 6 (1) lit. f GDPR

24 hours

11. External links / social plug-ins / additional services

This website contains links to external websites, such as the websites of manufacturers, YouTube, Facebook or Twitter. milch & zucker does not disclose any personal data when a link to a third-party website is activated.
As soon as you go to these websites (after clicking on the link), the privacy policy of the respective website operator will apply.

When the website milchundzucker.de (.com) or hr-marketing.com is called up, the visitor’s browser does not load content from external websites not operated by milk & zucker AG. This prevents personal data from being passed on to third parties unintentionally, simply by calling up external content through the browser (e.g. no tracking pixels).

12. Automated decision-making

We do not use automatic decision-making or profiling on the websites milchundzucker.de (.com) and hr-marketing.com.

13. Change of privacy policy / change of purpose

We reserve the right to change this privacy policy in compliance with the data protection regulations. The current version can always be found in this place on our website.

If, in the future, we intend to process the personal data for a purpose other than the one for which the personal data was collected, we will inform you about it and about any other relevant information pursuant to Art. 13 (2) GDPR.

Your right to object pursuant to Art. 21
General Data Protection Regulation (GDPR)

You as the data subject data have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

In this case, we as controller will no longer process your personal data unless we have evidence of compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves to establish, exercise or defend against legal claims.

The objection can be submitted in an informal manner as long as it references the subject as “Objection”, stating your name, address and date of birth. The objection should, if possible, be directed to the following address:

milch & zucker Talent Acquisition & Talent Management Company AG
Friedrich-List-Straße 23
35398 Gießen, Germany

E-mail:  datenschutz@milchundzucker.de

*The simultaneous use of male and female phrases is omitted for the sake of readability. However, all descriptions apply to both sexes.