VS

Data privacy statement

at VS Vereinigte Spezialmöbelfabriken GmbH und Co. KG, Tauberbischofsheim

Preliminary note on data protection

We are very happy that you have decided to visit our web site and for your interest in our company. We take the protection of your personal data very seriously and are committed to protecting your private life and treating your data as confidential.

With this statement on data protection, our company wishes to inform the public about the nature, scope and purpose of the personal data that we collect, use and process. In addition, this data protection statement informs the persons concerned (data subjects) of their rights.

As the entity responsible for processing the data (the “data controller”), our company has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible of the personal data processed via this web site.

Despite this, Internet-based data transfers can always be subject to security shortfalls (for example during e-mail communication), with the result that absolute protection cannot be guaranteed. Consequently, all persons concerned are also free to communicate their personal data to us by alternative channels, for example by telephone.

1. Name and address of the data controller

The data controller for the purposes of the General Data Protection Regulation and other national data protection legislation of the member states and other regulations relating to data protection is

VS Vereinigte Spezialmöbelfabriken GmbH & Co. KG
Hochhäuser Straße 8 
97941 Tauberbischofsheim 
Germany
Tel: +49 9341 88-0
Fax: +49 9341 88-107
E-mail: vs@vs-moebel.de
Web site: www.vs-moebel.de

2. Name and address of the data protection officer 

Data controller
VS Vereinigte Spezialmöbelfabriken GmbH und Co. KG
Hochhäuser Straße 8
97941 Tauberbischofsheim
Germany
Tel.: +49 9341 88-168
E-mail: datenschutzbeauftragter@vs-moebel.de

3. Scope of processing of personal data

It is possible to use our web sites without supplying any personal data However, if a visitor to the web site wishes to make use of specific services provided by our company via the web site then it may be necessary to process the visitor's personal data.

If it is necessary to process personal data and there is no lawful basis for such processing then we will always ask the data subject for their authorization.

We also process personal data as part of our everyday business activities. This data is communicated to us via inquiries and orders as well as by telephone and e-mail or at the trade fairs that we attend and is stored to enable us to perform our (pre-)contractual tasks for as long as is necessary to perform these tasks or is set out in legal requirements.

Personal data, for example the name, postal address, e-mail address or telephone number of a data subject, is always processed in conformity with the General Data Protection Regulation (GDPR) as well as with other data protection regulations and the specific national data protection provisions applicable to our company.

4. Lawful basis for the processing of personal data

In all cases where we obtain the authorization of the data subject for the processing of personal data, art. 6 para. 1, point a of the GDPR serves as the lawful basis.

When we process personal data that is required in order to fulfil a contract to which the data subject is party, art. 6 para. 1, point b of the GDPR serves as the lawful basis. This also applies to processing operations that are necessary in order to undertake pre-contractual measures.

If the processing of personal data is necessary in order to fulfil a legal obligation that is imposed on us, art. 6 para. 1, point c of the GDPR serves as the lawful basis.
If the vital interests of the data subject or of another natural person render the processing of personal data necessary, art. 6, para. 1, point d of the GDPR serves as the lawful basis.

If processing is necessary in order to protect a legitimate interest of our company or a third-party and the interests, fundamental rights and basic freedoms of the data subject do not override the above-mentioned interest then art. 6, para., point f of the GDPR serves as the lawful basis.

5. Deletion of data and period of retention

The data subject’s personal data is deleted and locked as soon as the purpose for which it was stored has been fulfilled. It may be stored beyond this period if this is provided for in European or national legislation in accordance with EU regulations, laws or other requirements to which the data controller is subject. The data is also locked and deleted when a retention period set out in the above-mentioned regulations expires, except in cases where the continued storage of the data is required for the purposes of concluding or executing a contract.

6. Provision of the web site and generation of log files

When you visit our web site, we automatically collect a range of general data and information that your browser automatically sends us in so-called log files on our server.

The server automatically logs:

- Information on the employed browser and browser version
- The user’s operating system
- The user’s IP address
- The date and time of the visit

We neither analyze this data nor communicate it to third-parties and it is deleted at regular intervals provided that there are no legal retention requirements to the contrary. 
This information is required in order to provide the necessary law enforcement information to law enforcement agencies in the event of cyber attacks.

7. Use of cookies

Some of our web pages use so-called cookies. Cookies are text files that are saved in the user’s web browser or on the user’s computer system by the web browser.

Many web sites and servers use cookies. Many cookies have a so-called cookie ID. A cookie ID uniquely identifies the cookie. It consists of a character string which makes it possible to assign the web site and server to the specific web browser in which the cookie was stored. This allows the visited web sites and servers to distinguish between the data subject’s individual browser and other web browsers that contain other cookies. A given web browser can be recognized again and identified via the unique cookie ID.

Cookies make it possible for us to recognize visitors to our web site. We do this in order to make it easier for visitors to use our web site.

On our site, we primarily use so-called “session cookies”. These are automatically deleted when you leave our web site. Other cookies continue to be stored on your terminal device until you delete them.

Cookies are stored on the user’s computer, from where they are transferred to our web site. Therefore, as the user, you have complete control over the use of cookies.

By changing the settings in your web browser, you can be informed whenever a cookie is to be written and only accept cookies on a case-by-case basis, authorize the acceptance of cookies in certain cases or exclude cookies and specify that cookies are to be automatically deleted when you close the browser. If you disable the writing of cookies in the web browser that you use, you may sometimes not be able to use all the functions of our web site.

8. Registration

a) Description and scope of data processing

We offer users of our web site the possibility of registering by informing us of their personal data. This data is entered in an input screen, sent to us and stored. It is not transmitted to third-parties. The following data is collected during the registration process.

- Name
- Street, post code, city and country
- Sector
- Phone number
- E-mail address

At the time of registration, the following data is also stored:

- Date and time of registration

At the time of registration, the user is asked to give approval for the processing of this data.

b) Lawful basis for data processing

Art. 6, para. 1, point a of the GDPR forms the lawful basis for the processing of the data. If registration is performed in order to fulfil a contract to which the user is a party or to undertake pre-contractual measures then art. 6, para. 1, point b of the GDPR forms the lawful basis for the processing of the data.

c) Purpose of processing

User registration is required for the provision of certain contents and services on our web site or for the execution of a contract with the user or for the undertaking of pre-contractual measures.

d) Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the registration procedure intended for the execution of a contract or the undertaking of pre-contractual measures, this occurs when the data is no longer needed for the fulfilment of the contract. Even after conclusion of the contract, it may be necessary to save the contractual partner's personal data in order to fulfil contractual or legal obligations.

e) Possibility of opposition and elimination of errors

As a user, you can cancel your registration at any time. You can request the modification of your stored personal data whenever you wish. We will be happy to correct or delete this data on request provided that there is no legal obligation to retain it. For information on any related matters, please contact our marketing department at marketing@vs-moebel.de.

9. Contact options on the web page

On our web site, you can contact us directly by sending an e-mail. If you contact us by e-mail, we only store or use the data for the purposes of communicating with you following your contact. This personal data is not transmitted to third-parties.

10. SSL encryption

Our web site uses SSL encryption in order to ensure security and protect the transmission of confidential content. You can tell if a connection is encrypted by the fact that the http:// in your browser’s address line changes to https:// and by the presence of a padlock symbol in the browser bar. If SSL encryption is enabled, third-parties are not able to read any of the data you send us. We only save and use the data in order to communicate with you following your contact.

11. Rights of data subjects

As required by the GDPR, we draw your attention to the rights you possess. You have the following rights:

a. Right to confirmation

The European guidelines and directives give all data subjects the right to demand confirmation from the data controller of whether it processes personal data relating to them. Should any data subject wish to make use of this right of confirmation, they can address an employee of the data controller at any time.

b. Right to information of data subjects

Data subjects have the right to obtain, free-of-charge, from the responsible person in our company information about the personal data stored in their regard and to receive a copy of this information. You are also able to request information on:

- the purposes for which the information is processed
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular with regard to recipients in third countries or in international organizations
- if possible, the planned period for which the personal data will be stored and, if this is not possible, the criteria for defining this period
- the existence of the right to correct or delete personal data relating to you or the right to restrict processing by the data controller or the right to oppose such processing
- the right to lodge complaints with a supervisory authority
- if the personal data is not obtained from a data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling, as set out in article 22, paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information about the logic used, the scope and the intended effects of this type of processing for the data subject

The data subject also has the right to be informed if the personal data has been transferred to a third country or an international organization. If this is the case, the data subject also has the right to be informed of appropriate guarantees relating to this transfer.

The responsible entity will provide a copy of the personal data that is the object of the processing. For all further copies requested by the data subject, the data controller may demand appropriate reimbursement based on the administrative costs. If the data subject makes the request in electronic form then the information will be supplied in a habitual electronic format unless requested otherwise by the data subject. The right to receive a copy must not impair the rights and freedoms of other persons.

c. Right to correction

Data subjects have the right to demand that we immediately rectify incorrect personal data relating to them. While taking into account the purposes of data processing, data subjects have the right to demand the completion of incomplete personal data – including by means of an additional statement.

d. Right to deletion (“Right to be forgotten”)

Data subjects have the right to demand that the personal data relating to them be deleted with immediate effect. We are also required to delete personal data immediately if any of the following causes arises:

- the personal data is no longer necessary for the purposes for which it was collected or processed in whatsoever way
- the data subject withdraws the consent on which processing was based in accordance with article 6, para 1, point a of the DGPR or article 9, para 2, point a of the DGPR and there is no other lawful basis for processing
- the data subject opposes processing in accordance with article 21, para 1 of the DGPR and there are no legitimate reasons for processing that take precedence or the data subject opposes processing in accordance with article 21, para 2 of the DGPR.
- the personal data has been processed illegally
- the deletion of the personal data is necessary in order to comply with an obligation under EU legislation or under the legislation of the Member States to which the data controller is subject
- the personal data was collected in connection with 
information society services as set out in article 8, para 1 of the GDPR.

If the data controller has made the personal data public and is required to delete it in accordance with paragraph 1 then, while taking account of the available technology and implementation costs, it will take appropriate measures, including those of a technical nature, to inform the parties responsible for data processing that a data subject has requested them to delete all links to this personal data or has demanded copies or duplicates of this personal data.

Paragraphs 1 and 2 do not apply in cases where processing is necessary

- in order to exercise the right to free statement of opinion and information
- in order to fulfil a legal obligation requiring processing in accordance with EU legislation or the legislation of the Member States to which the data controller is subject or to undertake an activity of public interest or resulting from the exercise of official authority and entrusted to the data controller.
- for the purposes of public interest in the area of public health in accordance with article 9, para 2, points h and i of the GDPR, as well as article 9, para. 3 of the GDPR
- for the purposes, in the public interest, of archival, scientific or historical research or for statistical purposes in accordance with article 89, para. 1 of the GDPR, insofar as the right set out in paragraph 1 would be expected to make it impossible to achieve these aims or would seriously impair them, or
- for the enforcement, exercise or defense of legal claims.
e. Right to restriction of processing

The data subject has the right to demand that we restrict processing if one of the following conditions is met:

- the correctness of the personal data is disputed by the data subject, for a period that enables the data controller to verify the correctness of the personal data
- processing is unlawful and the data subject refuses deletion of the personal data and instead demands the restriction of the use of the personal data
- the data controller no longer needs the personal data for processing purposes and the data subject nevertheless still requires the data in order to enforce, exercise or defend legal claims.
- the data subject has opposed processing in accordance with article 21, para. 1 of the GDPR and it has not yet been determined whether the legitimate interests of the data controller override those of the data subject.

If processing has been restricted as set out in paragraph 1, then this personal data may – apart from being stored – not be processed except with the agreement of the data subject or for the purpose of enforcing, exercising or defending a legal claim or to protect the rights of another natural or legal person or for reasons relating to an important public interest of the EU or a Member State.

Any data subject that has caused processing to be restricted will be informed by the data controller before the restriction is lifted.

f. Right to transferability of data

Data subjects have the right to receive the personal data that they have provided to us in a structured, habitual, machine-readable format and also have the right to transfer this data to another data controller without being hindered by the data controller to which the personal data was initially provided, if

- processing is based on consent in accordance with article 6, para. 1, point a of the GDPR or article 9, para. 2, point a of the GDPR or on a contract in accordance with article 6, para. 1, point b of the GDPR.
- processing is performed using automated procedures.

If exercising the right to the transferability of data in accordance with paragraph 1, the data subject has the right to demand that the personal data be transferred directly from one data controller to another data controller provided that this is technically feasible. Article 17 of the GDPR is unaffected by the exercise of the right set out in paragraph 1 of the current article. This right does not apply to processing required in order to perform a task that is in the public interest or results from the exercise of official authority and has been entrusted to the data controller.

The right in accordance with paragraph 2 must not impair the rights and freedoms of other persons.

g. Right to opposition

Data subjects have the right at any time, for reasons resulting from their own specific situation, to oppose the processing of their personal data pursuant to article 6, para. 1, point e and point f of the GDPR.

In the event of opposition, we no longer process the personal data unless we are able to demonstrate vital reasons requiring protection for such processing that override the interests, rights and freedoms of the data subject or processing is performed in order to enforce, exercise or defend legal claims.

h. Right to withdraw consent given under data protection legislation

European guidelines and legislation confer on every data subject whose personal data is processed the right to withdraw consent for the processing of their personal data at any time.

i. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority at any time. If you wish to make use of this right to lodge a complaint, you can do so at the following or another authority:

Landesbeauftragter für den Datenschutz und die Informationsfreiheit in Baden-Württemberg
Dr. Stefan Brink
Postfach 102932
70025 Stuttgart
Tel. +49 711 615541-0
poststelle@lfdi.bwl.de

12. Handling of applicants’ data

We offer you the opportunity to apply to us for employment (e.g. by e-mail, by post or via our online application form). In this article, we will inform you about the scope, purpose and usage of your personal data collected during the application process. We assure you that the collection, processing and usage of your data is carried out in accordance with the relevant data protection laws and all other legal provisions, and that your data will be treated in strict confidence.

a) Scope and purpose of the data collection

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary for making a decision on the establishment of an employment relationship. The German legal basis for this is § 26 of the new version of the FDPA (German Federal Data Protection Act, initiation of an employment relationship), Art. 6, para. 1 (b) of the GDPR (EU General Data Protection Regulation, general contract initiation) and – if you have given your consent – Art. 6, para. 1 (a) of the GDPR. You can revoke your consent at any time. Your personal data will only be passed on to persons within our company who are involved in processing your application.

If your application is successful, the data submitted by you will be stored in our data processing systems in compliance with § 26 of the new version of the FDPA and Art. 6, para. 1 (b) of the GDPR for the purpose of implementing the employment relationship.

b) Retention period of the data

If we are unable to make you a job offer, or if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6, Para. 1 (f) of the GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will subsequently be deleted and the physical application documents will be destroyed. Data retention mainly serves as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the reason for its continued storage no longer exists.

A longer storage period may also take place if you have given us the relevant consent (Art. 6, para. 1 (a) of the GDPR), or if legal storage obligations do not permit the deletion of the data.

c) Acceptance in the applicant pool

If we do not make you a job offer, it may nevertheless be possible to include you in our pool of applicants. If this occurs, all documents and information from your application will be transferred to the applicant pool. This will enable us to contact you quickly if suitable vacancies arise.

Acceptance in the applicant pool will only take place if you have given us your explicit consent for such acceptance (Art. 6, para. 1 (a) of the GDPR). The submission of this consent is voluntary and is not related to any ongoing application process. The applicant may revoke such consent at any time, in which case the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention. The data from the applicant pool will be irrevocably deleted no later than two years after the applicant’s consent has been given.

13. Data security and modification of the data protection statement

Information transfer via the Internet is not completely secure. Despite the protection provided, by means of appropriate technical and organizational measures for our web site and the other mechanisms with which data is transferred to us, we cannot therefore guarantee the data sent to our web site via the Internet against loss of availability, confidentiality or integrity. We therefore additionally refer to point 10 of the present statement on data protection.

We reserve the right to modify the present statement on data protection at any time, in part or in full, with future effect. The current version of our statement on data protection can be consulted on our web site at any time.

14. Opposition to advertising e-mails

The use of the contact data published in the obligatory legal information for the sending of advertising and information material that has not been expressly requested is herewith opposed. The operators of the site expressly reserve the right to take legal action in the event of the unrequested
transmission of advertising information, for example in the form of spam e-mails.

Version 01.01.2021