cosnova GmbH (hereinafter: "we") appreciates your interest in our company and our products. It is important to us that you feel secure when visiting the websites operated by us (hereinafter: "website"), also with regard to the protection of your personal data.
The controller within the meaning of the General Data Protection Regulation ("GDPR") and other national data protection laws of the member states as well as other data protection provisions is:
At the Limes Park 2
Phone: +49 6196 76156-0
Fax: +49 6196 76156-1298
You can find more information about us in the imprint https://www.cosnova.com/de/impressum
Phone: +49 6151 394272
Fax: +49 6151 394277
When using the website for information purposes only, i.e. if you do not send us any other information, we only collect the personal data that your browser sends to our server. We collect the following data, which is technically necessary for us to display our website in the version and language that suits you and to ensure stability and security and to create general reports on the use of our website (legal basis is Art. 6 para. 1 s. 1 lit. f GDPR):
The above data will be deleted immediately when it is no longer needed for the aforementioned purposes, at the latest 30 days after we have collected it.
Insofar as you provide us with further personal data, e.g. within the scope of a registration, a contact form, we use this data for the purposes mentioned and for customer administration purposes, in each case to the extent necessary for this.
If you contact us by e-mail (e.g. to the address given above) or by other means (e.g. messenger), the personal data transmitted with your message will be stored and used for processing the conversation.
The legal basis for the processing of data transmitted in the course of sending a message is Art. 6 para. 1 s. 1 lit. b and lit. f GDPR. This data is used solely for processing the contact; this also constitutes the necessary legitimate interest in processing the data within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, which is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
In addition to the aforementioned data, cookies are stored on your computer when you use our website and comparable technologies are used. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.
The vast majority of cookies are only set with your consent (Art. 6 para. 1 s. 1 lit. a GDPR). For other cookies, the legal basis is our legitimate interests (Art. 6 para. 1 s. 1 lit. f GDPR). Our cookie banner informs you which cookies fall into which category.
This website uses the following types of cookies, the scope and functionality of which are explained below:
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Stored cookies can be deleted in the system settings of the browser. Please note that you may not be able to use all the functions of this website.
On our website you will find a small cookie symbol at the bottom right, which you can use to change your cookie settings at any time.
In some cases, we use service providers bound by instructions for certain data processing activities, who process the data on our behalf and according to our instructions (commissioned processing).
If it is necessary to clarify illegal or abusive use of our website or for legal prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are indications of illegal or abusive behaviour.
The legal basis for this is Art. 6 para. 1 s. 1 lit. b, Art. 6 para. 1 s. 1 lit. c, Art. 6 para. 1 s. 1 lit. d and Art. 6 para. 1 s. 1 lit. f GDPR.
As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be passed on to the acquirer or legal successor together with the part of the company to be transferred.
We may transfer personal data to countries outside the EU ("third countries"). Any transfer of data to a recipient in a third country is carried out in compliance with the applicable data protection law. If the European Commission has not established the existence of an adequate level of protection for a third country, we provide appropriate safeguards to ensure adequate protection of the personal data relating to you. This can be done in particular by entering into data processing contracts that contain EU standard data protection clauses and provide adequate safeguards as decided by the European Commission (available at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). Please contact us for further details, such as the text of the EU standard data protection clauses.
Our website may also contain offers from third parties. If you click on such an offer, data will be transmitted to the respective provider to the extent necessary (e.g. the information that you found this offer on our website and, if applicable, further information that you have already provided for this purpose on our website).
The videos on our website are partially embedded from the Vimeo platform (Vimeo LLC, based in New York City, USA). This means that the video is played directly on vimeo.com but displayed on our site. In the process, Vimeo cookies are set, via which personal data relating to you is transmitted to Vimeo if you are logged in to Vimeo via your end device. This is necessary to enable you to save the videos in your "Watch later" playlist in order to view them at a later time. You can prevent such data transfer by logging out of Vimeo beforehand. The cookies are used on the basis of your consent (Art. 6 para. 1 s. 1 lit. a GDPR).
We want to tailor the content of our website as precisely as possible to your interests and in this way improve our offer for you. In order to recognise user preferences and particularly popular areas of the website, we use so-called tracking technologies.
In order to be able to tailor our online marketing (e.g. banner advertising) more specifically to your usage-based interests, we use so-called (re-)targeting technologies. These are read when you visit other websites that cooperate with the providers of these (re-)targeting technologies and are used to provide you with the most interest-related information possible.
When the above technologies are used, cookies on our website and (in the case of retargeting) on third-party websites are used to record your interest in our products and services. This involves the use of random identifiers (cookie IDs) and similar technologies that we do not associate with your name, address or similar details, even if we know these details (e.g. from an existing contractual relationship), unless you have consented to this.
This website uses the analysis service Fathom. Fathom is not based on "cookies". No personal information about you is stored.
The legal basis for the processing of the users' personal data is Art. 6 para. 1 s. 1 a) GDPR.
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of the website. This helps us to continuously improve the website and its user-friendliness. The collection and storage of data only takes place after explicit consent according to Art. 6 para. 1 s. 1 lit. a) GDPR.
This session cookie is deleted again when the browser is closed.
With your consent, we activate on our website the tool "LinkedIn Inisght Tag" or cookies from LinkedIn (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland), Article 6(1)(a) GDPR. The Insight Tag reports to LinkedIn which actions you have performed on our website and possibly identifying data. With the data, LinkedIn can recognize that you have visited our website, what you have clicked on and if you have clicked on a link on LinkedIn that connects you to our website. This allows LinkedIn to show you interest-based content. LinkedIn may associate this data with your user account and use it for its own purposes. The processing of your data by LinkedIn is explained in the data protection information at https://www.linkedin.com/legal/privacy-policy.
We do not receive data about you or other users from LinkedIn, but only statistics that show us aggregated for all users in a certain period of time how they have used our offers and ads on other platforms of LinkedIn. This helps us to analyze which of our ads were successful and which were not.
We only use Google Marketing products (e.g., Google Ads) with your express consent, which you can declare by clicking on the “Accept all ” button in the website’s cookie banner. We store your consent in a cookie on your device so that you are not asked for your consent every time you visit our website, and we also store it on our servers, together with the IP address and time, for le-gal reasons; we will erase this information or restrict its processing if you withdraw your consent. Google uses personal data to personalise advertisements, and cookies can be used for both personalised and non-personalised advertising. Further information is available at https://policies.google.com/technologies/partner-sites.
(a) The purpose and legal basis of the processing operation
We process your personal data for the purpose of establishing an employment relationship in compliance with Article 6 (1) s. 1 b) GDPR in conjunction with Article 88 GDPR and Section 26 BDSG. The data is processed solely for the purpose of assessing your suitability, ability and professional performance with regard to the position for which you are applying.
We also process your personal data for certain purposes (e.g. for longer storage) if you have given us your consent to data processing within the meaning of Art. 6 para. 1 s. 1 a) GDPR in conjunction with Art. 7 GDPR.
If applicable, we are obliged to process your personal data pursuant to Art. 6 para. 1 s. 1 c) GDPR. Various legal obligations may exist in this regard (e.g. obligations under the German Commercial Code; the German Fiscal Code; to store tax-relevant data; under the German Social Security Code; under the General Equal Treatment Act; or other relevant regulations).
(b) The nature of the categories of data processed
We process personal data that we receive from you as part of the application process, e.g. through letters of application, CVs, certificates, correspondence, telephone or verbal information.
The following data categories, among others, may be affected:
(c) Recipients or categories of recipients of the data
Our HR department has access to your data, but also the specialist department of the position for which you have applied. Our administrators and the order processor rexx Systems GmbH have the technically necessary possibility to access data processed by IT. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases, we have to disclose your personal data to third parties, such as our bank if you receive a reimbursement or the post office if we communicate with you by letter. Furthermore, third parties may receive data for certain purposes if this is required by law in the context of your application (e.g. notification to the Federal Employment Agency).
(d) Duration of data storage
Your personal data will be stored for as long as is necessary to fulfil our contractual and legal obligations in the application process. In the event of a successful application, your personal data will be placed in your personnel file and used for the implementation and termination of the employment relationship.
If we are currently unable to offer you employment, we will continue to process your data on the basis of our legitimate interests pursuant to Art. 6 para. 1 s. 1 f) GDPR for up to 6 (six) months after sending the rejection in order to be able to defend ourselves against any legal claims.
In the event of your consent to the storage of your data beyond the prescribed duration, the duration may be correspondingly longer.
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted, unless storage is required due to legal retention periods (e.g. for the fulfilment of commercial and tax retention periods of ten years).
We also maintain corporate presences on social networks, such as Facebook and LinkedIn, which we link to on our website. When calling up the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply, over which we have no influence. In the process, data may also be processed outside the European Union. For certain processing at Facebook and LinkedIn, Meta Platforms Ireland Limited and Linkedin Ireland Limited and we are so-called "joint controllers". Our data protection notices on the respective social networks provide you with more detailed information on this.
The data protection notices in the respective networks apply to the activities of cosnova's corporate influencers.
You have the right to request information from us at any time about the personal data we process about you within the scope of Art. 15 GDPR. For this purpose, you can submit a request, e.g. by post or by e-mail to the contact address provided.
You have the right to demand that we immediately correct the personal data concerning you in accordance with Art. 16 GDPR if it is incorrect. To do so, please contact us at the address provided.
You have the right to request that we delete the personal data concerning you under the conditions described in Article 17 of the GDPR. These conditions provide in particular for the right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. To exercise your right to erasure, please contact us at the address provided.
You have the right to demand that we restrict processing in accordance with Article 18 of the GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data are no longer necessary for the purposes pursued by us, but the user requires them for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact address provided.
You have the right to receive from us the personal data concerning you that you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the address provided.
You have the right to object at any time to the processing of your personal data on the basis of Art. 6 (1) sentence 1 lit. e or lit. f GDPR for reasons arising from your particular situation in accordance with Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
You have the right to revoke your consent in accordance with Art. 7 (3) GDPR with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You also have the right to contact a supervisory authority for data protection in the event of complaints. The supervisory authority responsible for us is:
The Hessian Data Protection Commissioner
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
PO Box 31 63, 65021 Wiesbaden
Phone: +49 611 14080
Fax: +49 611 1408 - 900