Data protection

Information on data protection

1. INTRODUCTION
With the following information we would like to give you as a “data subject” an overview of the collection, use and processing of your personal data by us and your rights under data protection laws. In principle, it is possible to use our Internet pages without entering personal data. However, if you want to use special services of our company via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or e-mail address, shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the data protection provisions applicable to the Vignold Group GmbH.
As the responsible entity, we have implemented numerous technical and organizational measures to ensure the protection of personal data processed through this website. Nevertheless, Internet-based data transmissions may be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or by mail.

2. RESPONSIBLE ENTITY
Responsible entity in accordance to GDPR is:

Vignold Group GmbH
Balcke-Dürr-Allee 1
40882 Ratingen
Tel +49 2102 944-4
Fax +49 2102 944-944
E-Mail info[AT]vignold.de
Website www.vignold.de

Represented by CEOs: Jörg Poplawsky, Patrick Metzler

3. DATA PROTECTION OFFICER
You can reach the data protection officer as follows:

Carsten Knoop
audatis Consulting GmbH
Luisenstr. 1
32052 Herford, Germany
E-Mail: datenschutz@vignold.de

You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

4. LEGAL BASIS OF PROCESSING
Article 6 (1) lit. a GDPR (in conjunction with Section 25 (1) TTDSG) serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfillment of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Article 6 (1) lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR.

Ultimately, processing operations could be based on Art. 6 (1) lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned bases. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).

5. TRANSMISSION OF DATA TO THIRD PARTIES
We do not transfer your personal data to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:

  1. You have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a GDPR,
  2. The disclosure is permissible under Art. 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an outweighing interest worthy of protection in the non-disclosure of your data,
  3. In the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) c GDPR, and
  4. This is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 lit. b GDPR.

Within the scope of the processing operations described in this privacy policy, personal data may be transferred to the USA. The USA does not have an adequate level of data protection (ECJ: Schrems II ruling). In particular, U.S. investigative authorities can oblige U.S. companies to hand over or disclose personal data without the data subjects being able to effectively take legal action against this. Thus, in principle, there is a possibility that your personal data will be processed by U.S. investigative authorities. We have no influence on these processing activities. In order to protect your data, we have concluded commissioned processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent can serve as a legal basis for the transfer to third countries in accordance with Art. 49 (1) a) GDPR. This sometimes does not apply in the case of a data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

6. TECHNICAL
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). Our website collects a series of general data and information with each call of a page by you or an automated system. This general data and information is stored in the server log files. The following data may be collected:

  1. The browser types and versions used,
  2. The operating system used by the accessing system
  3. The website from which an accessing system arrives at our website (so-called referrer),
  4. The sub-websites that are accessed via an accessing system on our website,
  5. The date and time of an access to the Internet site,
  6. The Internet protocol address (IP address) and
  7. The Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is needed to deliver the content of our website correctly, to optimize the content of our website as well as the advertising for it, to ensure the long-term functionality of our IT systems and the technology of our website as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Therefore, the data and information collected is, on the one hand, statistically analyzed by us and, on the other hand, it is evaluated with the aim of increasing the data protection and data security of our enterprise to ultimately ensure an optimal level of protection for the personal data we process. The data of the server log files are stored separately from any personal data provided by a data subject and are automatically deleted after 7 days.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above.

7. COOKIES
We use cookies on our website. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, trojans or other malware.
In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.
The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time. The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as the legitimate interests of third parties pursuant to Art. 6 (1) p. 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

8. BORLABS COOKIE (CONSENT MANAGEMENT TOOL)
We use the WordPress cookie plugin “Borlabs Cookie” from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service allows us to obtain and manage the consent of website users for data processing.
Borlabs Cookie uses cookies to collect data generated by end users who use our website. When an end user provides consent, the plugin automatically logs, among other things, the following data:

  1. Cookie Runtime,
  2. Cookie version,
  3. Domain and path of the WordPress site,
  4. Selection in the cookie banner,
  5. UID (a randomly generated ID),

The consent status is also stored in the end user’s browser so that the website can automatically read and follow the end user’s consent in all subsequent page requests and future end user sessions for up to 12 months. Consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period according to § 195 BGB. The data is then deleted immediately.

The functionality of the website is not guaranteed without the described processing. There is no possibility for the user to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations, Art. 7 para. 1, 6 para. 1 p. 1 lit. c GDPR.
The collected data will not be forwarded to Borlabs GmbH, nor will it be accessed.
You can find more information at: https://de.borlabs.io/borlabs-cookie/.

9. GOOGLE ANALYTICS
On our websites, we use Google Analytics, a web analytics service provided by Google Inc (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). The service uses “cookies” (see under item 6), which are stored on your accessing device. The information collected by the cookies is usually transmitted to a Google server in the USA and stored there.
IP anonymization is used on this website. The IP address of the user is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. Under the terms of the commissioned data agreement that we have concluded with Google, the latter uses the information collected to create an evaluation of website use and website activity and provides services associated with internet use.
These processing operations are carried out exclusively with the granting of explicit consent in accordance with Art. 6 (1) lit. a GDPR.

You have the option to prevent the storage of the cookie on your device by making the appropriate settings in your browser; however, we would like to point out that in this case not all functions of this website may be used to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). You may also opt to use an opt-out cookie. An opt-out cookie will be set that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For more information on data protection in connection with Google Analytics, see for example the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).

10. GOOGLE SEARCH CONSOLE
For the purpose of continuously optimizing the Google ranking of our website, we use Google Search Console, a web analytics service provided by Google. Through Google Search Console, we can perform search analytics that tell us how often our website appears in Google search results. This allows us to monitor and manage our website in the search index.
No personal user or tracking data is processed or transmitted to Google as part of the use of Google Search Console.

11. Matomo
We have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, i.e. for collecting, collating and evaluating data on the behavior of visitors to websites. Among other things, data is collected about the website from which a data subject has accessed a website (so-called referrer), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. This is used to optimize the website and for cost-benefit analysis of Internet advertising.
The software is operated on a server of Vignold Group, and the log files, which are sensitive under data protection law, are stored exclusively on this server.
Matomo sets a cookie on your IT system. By setting the cookie, we are enabled to analyze the use of our website. Each time one of the individual pages of this website is called, the Internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical procedure, we obtain knowledge of personal data, such as the IP address of the person concerned, which we use, among other things, to trace the origin of visitors and clicks.

By using of the cookie, personal information, for example access time, the location from which an access originated and the frequency of visits to our website are stored. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, is transmitted to our server. This personal data is stored by us. We do not pass on these personal data to third parties.
These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a GDPR.
The privacy policy of Matomo can be viewed at: https://matomo.org/privacy/.

12. CONTENTS OF OUR WEBSITE
Contacting/contact form:
When contacting us (e.g. via contact form or e-mail), personal data is collected to the extent necessary. Which data is specifically collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request and the associated technical administration.
The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. f GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations.

13. GOOGLE TAG MANAGER
On this website we use the Google Tag Manager service. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Through this tool, “website tags” (i.e. keywords that are embedded in HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which contents of our website are of particular interest to you.
The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have made a deactivation at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a GDPR.
Further information on Google Tag Manager and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

14. ADOBE TYPE KIT

We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Ltd. which grants us access to a font library. To integrate the
fonts used by us, your browser must establish a connection to a server of Adobe in the
USA and download the font required for our website.
Adobe thereby receives the information that our website was accessed from your
IP address.
More information about Adobe Typekit can be found in the Adobe privacy policy, which you can access here: www.adobe.com/privacy/typekit.html

15. LINKEDIN INSIGHT TAG
This website uses Insight Tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
With the help of the LinkedIn Insight tag, we can obtain information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure which actions our website visitors take (e.g. conversion measurement). Conversion measurement can also be done across devices (e.g., PC to tablet).

LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising outside the website to visitors to our website, whereby, according to LinkedIn, no identification of the advertising addressee takes place. LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days. The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator.
For details, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

The use of LinkedIn Insight is based on Art. 6 (1) lit. f GDPR. The purpose of the data collection is to analyze visits to our website and campaign results in order to provide you with interesting information. Insofar as a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DS-GVO; the consent can be revoked at any time.
Within the scope of processing via LinkedIn, data may be transmitted to the USA and Singapore. The security of the transfer is regularly secured via so-called EU standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in accordance with Art. 49 (1) lit. a GDPR. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

16. NEWSLETTER
16.1 NEWSLETTER SUBSCRIPTION
If you subscribe to our newsletter using the functions available on our website for this purpose, the personal data you provide will only be processed by us for the purpose of sending you a personalized newsletter. Your IP address and the time of subscription are also stored.
The personal data you enter will be stored until your subscription is cancelled. We do not combine this personal data with other data sources. You are not obliged to provide this personal data, but the subscription to our newsletter is not possible without providing said data.

16.2 SENDING NEWSLETTERS TO EXISTING CUSTOMERS
If you have provided us with your e-mail address when purchasing services or downloading our marketing services, we reserve the right to regularly send you offers for similar services by e-mail. In accordance with Section 7 (3) of the German Unfair Competition Act (UWG), we do not need to obtain separate consent from you for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR. However, if you have initially objected to the use of your e-mail address for this purpose, no mail will be sent by us. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. For this, you will only incur transmission costs. After receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.

17. USE OF OUR MARKETING SERVICES
If you wish to use our marketing services, such as downloading ebooks, whitepapers, guides, or registering for video sessions, webinars, etc., the personal data required for this purpose will be requested by us and processed solely for this purpose. Your IP address and time of registration are also stored. You are not obligated to provide this personal data, but the request for downloads and free consultations as part of our marketing services will not be possible.

18. YOUR RIGHTS AS A DATA SUBJECT
If you as a data subject would like to exercise your rights as defined below, please contact our data protection officer at any time.

18.1 RIGHT TO CONFIRMATION
As a data subject, you have the right to request confirmation from us as to whether personal data relating to you is being processed.

18.2 RIGHT OF ACCESS BY THE DATA SUBJECT; ART. 15 GDPR
As a data subject, you have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of such data.

18.3 RIGHT TO CORRECTNESS, ART. 16 GDPR
You have the right to request that inaccurate personal data concerning you be corrected. You also have the right to request that incomplete personal data be completed, considering the purposes of the processing.

18.4 RIGHT TO ERASURE, ART. 17 GDPR
You have the right to request that we erase the personal data concerning you without undue delay, provided that one of the grounds provided for by law applies and to the extent that the processing is not necessary.

18.5 RIGHT TO RESTRICTION ON PROCESSING, ART. 18 GDPR.
You have the right to request us to restrict processing if one of the legal conditions is met.

18.6 RIGHT TO DATA PORTABILITY, ART. 20 GDPR
You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another entity without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exertion of rights by official authority.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from one entity to another entity, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

18.7 RIGHT OF OBJECTION ACCORDING TO ART. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweighs your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we process personal data to conduct direct marketing. You may object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. You are free to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

18.8 REVOCATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to revoke any consent you may have given for the processing of personal data at any time with effect for the future.

19. ROUTINE STORAGE, DELETION AND BLOCKING OF PERSONAL DATA
We process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by legal provisions to which our company is subject.
If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.

20. APPLICANT DATA MANAGEMENT INFORMATION
Purposes of the processing activity:
Selection of suitable external applicants to fill a vacant position.

Legal basis of the processing activity:
The processing is necessary for the initiation of the employment relationship pursuant to Art. 88 GDPR in conjunction with. § Section 26 (1) BDSG.
For storage beyond the current application procedure or a transfer to third parties, we may obtain your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Categories of recipients:
Internal recipients (HR department, potential supervisors, management).

Data transfer to a third country:
There is no planned transfer to third countries.

Additional information requirements:

Storage period of personal data:
6 months (application).
Deletion takes place after 6 months, unless there is consent for longer storage. (This consists of the retention period of 2 months according to § 21 para. 5 AGG plus a reasonable processing time).

Rights of the data subject:
You have a right to information (pursuant to Art. 15 GDPR) on the part of the entity about the personal data concerning you, as well as to rectification (Art. 16 GDPR), erasure (Art. 17 DS-GVO), and to restriction of processing (Art. 18 (1) GDPR). Furthermore, you have the right to object to processing (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR).
If you would like to make use of your rights, please contact the data protection officer mentioned above.

Right of complaint:
You have a right to file a complaint, with the competent supervisory authority.
Obligation to provide the personal data:
The data subject is obliged to provide the personal data.

Consequences of failure to provide:
No employment possible.

Automated decision-making:
There is no automated decision-making or profiling.

21. UPDATE AND AMENDMENT OF THE PRIVACY POLICY
This data protection declaration is currently valid and has the status of August 2023.
Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://vignold-group.com/en/data-protection/.