cosnova GmbH (hereinafter: "we") appreciates your interest in our company and our products. It is important to us that you feel secure when visiting the websites operated by us (hereinafter: "website"), also with regard to the protection of your personal data.
This privacy policy informs you about the type, scope and purpose of the personal data we process when you use our website and all sub-pages. If you wish to make use of certain services on our website, e.g. if you wish to apply for a job with us, it is necessary to process your personal data. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
You can navigate directly to the relevant topics via the links below to find out how we process personal data relating to you. You can also read, save and print this privacy policy as a whole document.
Contents of the privacy policy
Please click on the links below to go directly to the relevant topics.
1. Information on the responsible person, data protection officer
2. Collection and processing of personal data when visiting our website
3. Cookies and similar technologies
4. Disclosure of personal data in general
5. Integration of third party content
6. Evaluation of usage data ("tracking") and usage-based information ("(re)targeting")
8. Our appearances in social media, Influencer
9. Your rights as a data subject
10. Updating the privacy policy
1. Information on the controller, data protection officer
(a) Controller
The controller within the meaning of the General Data Protection Regulation ("GDPR") and other national data protection laws of the member states as well as other data protection provisions is:
cosnova GmbH
At the Limes Park 2
65843 Sulzbach
Phone: +49 6196 76156-0
Fax: +49 6196 76156-1298
E-mail: info@cosnova.com
You can find more information about us in the imprint https://www.cosnova.com/de/impressum
(b) The Data Protection Officer of the Controller is:
Moritz Görmann
CTM-COM GmbH
Marienburgstraße 27
D-64297 Darmstadt
Phone: +49 6151 394272
Fax: +49 6151 394277
www.ctm-com.de
2. Collection and processing of personal data when visiting our website
When using the website for information purposes only, i.e. if you do not send us any other information, we only collect the personal data that your browser sends to our server. We collect the following data, which is technically necessary for us to display our website in the version and language that suits you and to ensure stability and security and to create general reports on the use of our website (legal basis is Art. 6 para. 1 s. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Content of the request (concrete page)
- Website from which the request comes
- Browser
- Operating system
The above data will be deleted immediately when it is no longer needed for the aforementioned purposes, at the latest 30 days after we have collected it.
Insofar as you provide us with further personal data, e.g. within the scope of a registration, a contact form, we use this data for the purposes mentioned and for customer administration purposes, in each case to the extent necessary for this.
If you contact us by e-mail (e.g. to the address given above) or by other means (e.g. messenger), the personal data transmitted with your message will be stored and used for processing the conversation.
The legal basis for the processing of data transmitted in the course of sending a message is Art. 6 para. 1 s. 1 lit. b and lit. f GDPR. This data is used solely for processing the contact; this also constitutes the necessary legitimate interest in processing the data within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, which is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
3. Cookies and similar technologies
In addition to the aforementioned data, cookies are stored on your computer when you use our website and comparable technologies are used. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.
The vast majority of cookies are only set with your consent (Art. 6 para. 1 s. 1 lit. a GDPR). For other cookies, the legal basis is our legitimate interests (Art. 6 para. 1 s. 1 lit. f GDPR). Our cookie banner informs you which cookies fall into which category.
(a) General
This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies. Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This means that your computer can be recognised when you return to our website. Session cookies are deleted when you log out or close your browser. Such a cookie can, for example, store the contents of a shopping basket in an online shop or a login status.
- Persistent cookies. Persistent cookies are automatically deleted after a predefined period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
(b) Browser settings
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Stored cookies can be deleted in the system settings of the browser. Please note that you may not be able to use all the functions of this website.
(c) List of cookies
A list of the cookies and similar technologies used can be found at the end of this privacy policy.
(d) Revoke cookies
On our website you will find a small cookie symbol at the bottom right, which you can use to change your cookie settings at any time.
4. Disclosure of personal data in general
(a) Transfer to service providers
In some cases, we use service providers bound by instructions for certain data processing activities, who process the data on our behalf and according to our instructions (commissioned processing).
(b) Disclosure to public authorities, injured parties and for legal proceedings
If it is necessary to clarify illegal or abusive use of our website or for legal prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are indications of illegal or abusive behaviour.
Disclosure may also occur if it serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities.
The legal basis for this is Art. 6 para. 1 s. 1 lit. b, Art. 6 para. 1 s. 1 lit. c, Art. 6 para. 1 s. 1 lit. d and Art. 6 para. 1 s. 1 lit. f GDPR.
(c) Disclosure in the context of corporate transactions
As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be passed on to the acquirer or legal successor together with the part of the company to be transferred.
Whenever we disclose personal data to the extent described above, we will ensure that this is done in accordance with this Privacy Policy and applicable data protection law.
(d) Transfer to recipients outside the EU
We may transfer personal data to countries outside the EU ("third countries"). Any transfer of data to a recipient in a third country is carried out in compliance with the applicable data protection law. If the European Commission has not established the existence of an adequate level of protection for a third country, we provide appropriate safeguards to ensure adequate protection of the personal data relating to you. This can be done in particular by entering into data processing contracts that contain EU standard data protection clauses and provide adequate safeguards as decided by the European Commission (available at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). Please contact us for further details, such as the text of the EU standard data protection clauses.
5. Integration of third-party content
(a) General
Our website may also contain offers from third parties. If you click on such an offer, data will be transmitted to the respective provider to the extent necessary (e.g. the information that you found this offer on our website and, if applicable, further information that you have already provided for this purpose on our website).
(b) Vimeo videos
The videos on our website are partially embedded from the Vimeo platform (Vimeo LLC, based in New York City, USA). This means that the video is played directly on vimeo.com but displayed on our site. In the process, Vimeo cookies are set, via which personal data relating to you is transmitted to Vimeo if you are logged in to Vimeo via your end device. This is necessary to enable you to save the videos in your "Watch later" playlist in order to view them at a later time. You can prevent such data transfer by logging out of Vimeo beforehand. The cookies are used on the basis of your consent (Art. 6 para. 1 s. 1 lit. a GDPR).
For more information about Vimeo's processing of personal data, please see Vimeo's privacy policy at Privacy Policy on Vimeo.
6. Evaluation of usage data ("tracking") and usage-based information ("(re-)targeting")
(a) General
We want to tailor the content of our website as precisely as possible to your interests and in this way improve our offer for you. In order to recognise user preferences and particularly popular areas of the website, we use so-called tracking technologies.
In order to be able to tailor our online marketing (e.g. banner advertising) more specifically to your usage-based interests, we use so-called (re-)targeting technologies. These are read when you visit other websites that cooperate with the providers of these (re-)targeting technologies and are used to provide you with the most interest-related information possible.
When the above technologies are used, cookies on our website and (in the case of retargeting) on third-party websites are used to record your interest in our products and services. This involves the use of random identifiers (cookie IDs) and similar technologies that we do not associate with your name, address or similar details, even if we know these details (e.g. from an existing contractual relationship), unless you have consented to this.
(b) Web analytics through Fathom Analytics
This website uses the analysis service Fathom. Fathom is not based on "cookies". No personal information about you is stored.
The use of Fathom is based on Art. 6 para. 1 s. 1 lit. f GDPR. cosnova has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both the web offer and marketing campaigns. The Fathom privacy policy can be found here: https://usefathom.com/privacy.
(c) Web analysis through Matomo on the careers page
On the careers website, data is collected and stored for marketing and optimisation purposes using the Matomo web analytics service software (www.matomo.org). This data is used to create user profiles under a pseudonym, and cookies are used for this purpose (see section 3 of this data protection policy). The cookies enable the recognition of the internet browser. The data collected using Matomo technology (including your anonymised IP address) is transmitted to our server and stored for usage analysis purposes, which serves to optimise our website. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
The legal basis for the processing of the users' personal data is Art. 6 para. 1 s. 1 a) GDPR.
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of the website. This helps us to continuously improve the website and its user-friendliness. The collection and storage of data only takes place after explicit consent according to Art. 6 para. 1 s. 1 lit. a) GDPR.
This session cookie is deleted again when the browser is closed.
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. You can find more information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.
(d) LinkedIn (Insight Tag):
With your consent, we activate on our website the tool "LinkedIn Inisght Tag" or cookies from LinkedIn (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland), Article 6(1)(a) GDPR. The Insight Tag reports to LinkedIn which actions you have performed on our website and possibly identifying data. With the data, LinkedIn can recognize that you have visited our website, what you have clicked on and if you have clicked on a link on LinkedIn that connects you to our website. This allows LinkedIn to show you interest-based content. LinkedIn may associate this data with your user account and use it for its own purposes. The processing of your data by LinkedIn is explained in the data protection information at https://www.linkedin.com/legal/privacy-policy.
We do not receive data about you or other users from LinkedIn, but only statistics that show us aggregated for all users in a certain period of time how they have used our offers and ads on other platforms of LinkedIn. This helps us to analyze which of our ads were successful and which were not.
(e) Google Marketing
We only use Google Marketing products (e.g., Google Ads) with your express consent, which you can declare by clicking on the “Accept all ” button in the website’s cookie banner. We store your consent in a cookie on your device so that you are not asked for your consent every time you visit our website, and we also store it on our servers, together with the IP address and time, for le-gal reasons; we will erase this information or restrict its processing if you withdraw your consent. Google uses personal data to personalise advertisements, and cookies can be used for both personalised and non-personalised advertising. Further information is available at https://policies.google.com/technologies/partner-sites.
7. (Online) application
(a) The purpose and legal basis of the processing operation
We process your personal data for the purpose of establishing an employment relationship in compliance with Article 6 (1) s. 1 b) GDPR in conjunction with Article 88 GDPR and Section 26 BDSG. The data is processed solely for the purpose of assessing your suitability, ability and professional performance with regard to the position for which you are applying.
We also process your personal data for certain purposes (e.g. for longer storage) if you have given us your consent to data processing within the meaning of Art. 6 para. 1 s. 1 a) GDPR in conjunction with Art. 7 GDPR.
If applicable, we are obliged to process your personal data pursuant to Art. 6 para. 1 s. 1 c) GDPR. Various legal obligations may exist in this regard (e.g. obligations under the German Commercial Code; the German Fiscal Code; to store tax-relevant data; under the German Social Security Code; under the General Equal Treatment Act; or other relevant regulations).
(b) The nature of the categories of data processed
We process personal data that we receive from you as part of the application process, e.g. through letters of application, CVs, certificates, correspondence, telephone or verbal information.
The following data categories, among others, may be affected:
- Personal details (surname, first name, date of birth)
- Address data (address, place of residence)
- Contact details (telephone no., e-mail address)Application data (cover letter, references, CV)
- Special personal data (health data such as diseases and disabilities)
(c) Recipients or categories of recipients of the data
Our HR department has access to your data, but also the specialist department of the position for which you have applied. Our administrators and the order processor rexx Systems GmbH have the technically necessary possibility to access data processed by IT. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases, we have to disclose your personal data to third parties, such as our bank if you receive a reimbursement or the post office if we communicate with you by letter. Furthermore, third parties may receive data for certain purposes if this is required by law in the context of your application (e.g. notification to the Federal Employment Agency).
(d) Duration of data storage
Your personal data will be stored for as long as is necessary to fulfil our contractual and legal obligations in the application process. In the event of a successful application, your personal data will be placed in your personnel file and used for the implementation and termination of the employment relationship.
If we are currently unable to offer you employment, we will continue to process your data on the basis of our legitimate interests pursuant to Art. 6 para. 1 s. 1 f) GDPR for up to 6 (six) months after sending the rejection in order to be able to defend ourselves against any legal claims.
In the event of your consent to the storage of your data beyond the prescribed duration, the duration may be correspondingly longer.
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted, unless storage is required due to legal retention periods (e.g. for the fulfilment of commercial and tax retention periods of ten years).
8. Our appearances in social media, Influencer
We also maintain corporate presences on social networks, such as Facebook and LinkedIn, which we link to on our website. When calling up the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply, over which we have no influence. In the process, data may also be processed outside the European Union. For certain processing at Facebook and LinkedIn, Meta Platforms Ireland Limited and Linkedin Ireland Limited and we are so-called "joint controllers". Our data protection notices on the respective social networks provide you with more detailed information on this.
The data protection notices in the respective networks apply to the activities of cosnova's corporate influencers.
9. Your rights as a data subject
(a) Right to information
You have the right to request information from us at any time about the personal data we process about you within the scope of Art. 15 GDPR. For this purpose, you can submit a request, e.g. by post or by e-mail to the contact address provided.
(b) Right to rectify inaccurate data
You have the right to demand that we immediately correct the personal data concerning you in accordance with Art. 16 GDPR if it is incorrect. To do so, please contact us at the address provided.
(c) Right to erasure
You have the right to request that we delete the personal data concerning you under the conditions described in Article 17 of the GDPR. These conditions provide in particular for the right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. To exercise your right to erasure, please contact us at the address provided.
(d) Right to restrict processing
You have the right to demand that we restrict processing in accordance with Article 18 of the GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data are no longer necessary for the purposes pursued by us, but the user requires them for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact address provided.
(e) Right to data portability
You have the right to receive from us the personal data concerning you that you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the address provided.
(f) Right of objection
You have the right to object at any time to the processing of your personal data on the basis of Art. 6 (1) sentence 1 lit. e or lit. f GDPR for reasons arising from your particular situation in accordance with Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
(g) Right of withdrawal (in case of consent given)
You have the right to revoke your consent in accordance with Art. 7 (3) GDPR with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
(h) Right of appeal
You also have the right to contact a supervisory authority for data protection in the event of complaints. The supervisory authority responsible for us is:
The Hessian Data Protection Commissioner
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
PO Box 31 63, 65021 Wiesbaden
Phone: +49 611 14080
Fax: +49 611 1408 - 900
E-mail: poststelle@datenschutz.hessen.de
Internet: http://www.datenschutz.hessen.de
10. Updating the privacy policy
This privacy policy is valid as of June 2022. Changes to our offer may make it necessary to also change this privacy policy. Therefore, please inform yourself regularly about the content of our data protection declaration. We will also inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
