Information on data protection when using our social media channels in accordance with Articles 13 and 14 of the GDPR
Below, we provide information about how our company processes your personal data when you visit and use our social media channels on LinkedIn (hereinafter referred to as “social media platforms”), as well as the data protection rights to which you are entitled in this regard.
I. Principles
a) Please carefully review the personal data you exchange and share with us via social media platforms. If you wish to prevent the operator of a social media platform from processing the personal data you have provided to us, please contact us by other means, such as via the address listed below.
b) You can also learn more about us and our offerings and services on our website
In this case, the service providers do not provide any information.
II. Data Controller
“Data controllers” as defined in Article 4(7) of the GDPR are:
a) Strojmetal Singen GmbH, Alusingen-Platz 1, 78224 Singen, Phone: +49 773196 953-0, E-Mail: ralf.saenger(at)strojmetal.com
b) and the relevant service provider
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
When users visit our social media channels, the service providers collect personal data and information that is used, in particular, for data analysis and evaluation and is made available to us in the form of aggregated statistics (so-called Page Insights). Specifically for these cases and in connection with the provision and use of our social media channels, we have entered into a joint controller agreement with the service provider in accordance with legal requirements, pursuant to Article 26 of the GDPR.
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
III. Data Protection Officer
Herr Matthias Herkert, reichert & reichert steuer- und rechtsberatungsgesellschaft mbH, Max-Porzig-Straße 1, 78224 Singen, E-Mail: dsb(at)reichert-reichert.de
IV. Cookies
When operating social media platforms, service providers regularly use services that involve data processing through technologies that enable the storage and processing of users’ personal data for various purposes. These technologies include cookies, which are small text files stored on your device by your web browser.
You can find all information regarding the cookies used by the service provider, the use of cookies by other websites, and your options for revoking consent, objecting, and deleting cookies in the respective provider’s cookie policy:
LinkedIn: https://de.linkedin.com/legal/cookie-policy
You can also configure your browser settings according to your preferences and thus make a general decision regarding the use of cookies. Further information on this can be found in the help section of the browser you are using.
If you wish to restrict or prevent processing by the service providers, you should log out of your accounts or disable the “stay logged in” feature, delete the cookies stored on your device, and close and restart your browser or app.
In addition, on mobile devices (smartphones, tablets, laptops), you can use the device’s settings to restrict service providers’ access to contact and calendar data, photos, location data, etc. However, this depends on the operating system used.
We have no influence over the data processing carried out by the service provider in connection with cookies. We also do not have access to personal data, with the exception of the Insights data mentioned above.
V. Processing of Personal Data
Category of data subjects: Visitors and users of our social media pages
Page Insights are aggregated statistics generated based on specific events.
As the site operator, we receive these events—summarized in Page Insights—as aggregated statistics in the form of anonymized or pseudonymized data, which help us gain insights into the types of actions people take on our site. Page Insights do not allow us to identify you as an individual. Events are determined exclusively by the service provider. We cannot set up, change, or otherwise influence events, and we cannot access the individual data. We can only view your public social media profile. The information visible here depends on your settings in your profile.
We do not combine this data with any personal data we may have stored, even if we were able to do so. However, we cannot determine which service providers—regardless of whether you are logged in or registered as a user of the social media platform—use web tracking tools and utilize your profile and behavioral data to analyze your habits, personal relationships, or preferences and link them to your existing Facebook profile. However, you should assume that service providers combine and analyze your visits to and interactions with our social media channels.
You can find all information regarding Insights data in the privacy policy of the respective service provider:
LinkedIn Analysis data: https://www.linkedin.com/help/linkedin/answer/a547077
Purposes of processing: Providing social media channels, presenting the company, conducting marketing campaigns, fostering user engagement through communication on social media platforms, processing and responding to contact requests and job applications, interacting via direct messages / comments / recommendations / shares and similar, recruitment, promotional activities, implementation of pre-contractual measures, deletion of inappropriate content, analysis and statistical evaluation of user behavior based on insights data provided by the platform, optimization of our content and promotional activities
You can find all information regarding the purposes of data processing by the service providers in the privacy policy of the respective service provider:
LinkedIn: https://de.linkedin.com/legal/privacy-policy
Legal basis: Article 6(1)(b) of the GDPR for pre-contractual measures as part of the application process and for the implementation of pre-contractual measures, Art. 6(1)(f) GDPR for communication via social media platforms, to respond to contact requests, to carry out promotional activities, and to analyze and statistically evaluate user behavior using insights data provided by the platform for the purpose of promoting our company and with the intent to generate profit, Article 9(2)(e) of the GDPR in the case of transmitted health data
You can find all information regarding the legal basis for data processing by service providers in the privacy policy of the respective service provider:
LinkedIn: https://de.linkedin.com/legal/privacy-policy
Categories of recipients: Within our company, access to personal data is granted to those individuals responsible for managing our social media pages, as well as to those for whom the data is relevant, e.g., in the hiring process. We do not disclose the data to third parties or otherwise disseminate it, unless you have consented to the data transfer or the data transfer is required by law.
In some cases, we rely on the support of external service providers to process personal data. These service providers act as data processors on our behalf. In accordance with Article 28 of the GDPR, data processors are contractually bound by our instructions and are regularly monitored. We have entered into a data processing agreement with all of them to ensure the protection of your personal data. In the case of service providers who are not data processors, they have been carefully selected and commissioned by us.
Data sources: We process the personal data that you provide to us via the respective social media platform or that we receive from the respective social media provider.
Transfers to third countries: We will only transfer personal data to countries outside the EU or the EEA if this is necessary for the operation of the social media channel or for communicating with you, if required by law, if the user has given their consent, or in the context of data processing on behalf of a client. In these cases, a transfer is only permissible if the European Commission has determined that the third country in question provides an adequate level of data protection, or if appropriate safeguards are in place and the data subject has enforceable rights and effective legal remedies available.
For information about data recipients, data transfers, the data sources used by service providers, and, in particular, how these providers combine your personal data, please refer to the privacy policy of the respective service provider:
LinkedIn: https://de.linkedin.com/legal/privacy-policy
If personal data is transferred within the service provider’s group, it may be transmitted to servers operated by the parent company in the United States and processed there. In cases where personal data is transferred to the United States, the service providers have obtained certification under the EU-US Transatlantic Data Privacy Framework, https://www.dataprivacyframework.gov. This certification confirms an adequate level of data protection in accordance with the EU Commission’s Implementing Decision.
Retention period: As a general rule, we delete personal data from social media platforms once storage is no longer necessary. For personal data derived from communication, we assume that further storage on social media platforms is no longer necessary if the circumstances indicate that the matter in question has been conclusively resolved or our legitimate interest in processing has ceased to exist. Exceptions to the obligation to delete data apply if statutory retention obligations preclude deletion or if storage is still necessary, e.g., to enforce or defend legal claims.
Information regarding the management and deletion of processed data by the service providers can be found in the privacy policies of the respective service providers:
LinkedIn: https://de.linkedin.com/legal/privacy-policy
VI. Data Subject Rights
You have the right to access the personal data stored about you, as well as the right to have inaccurate data corrected or deleted, provided that one of the grounds specified in Article 17 of the GDPR applies, e.g., if the data is no longer necessary for the purposes for which it was collected. You also have the right to restrict processing if one of the conditions listed in Article 18 of the GDPR applies, and, in the cases specified in Article 20 of the GDPR, the right to data portability. Pursuant to Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you.
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations. In particular, you may exercise this right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, your place of work, or the place where the alleged infringement occurred. A list of contacts for state data protection authorities can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information at the link www.bfdi.bund.de/ DE/Service/Anschriften/Laender/Laender-node.html; a list of all data protection authorities in the European Union and the European Economic Area can be found at the link edpb.europa.eu/about-edpb/about-edpb/members_de.
Your Right to Object on Grounds of Legitimate Interests
Under Article 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is collected on the basis of Article 6(1)(f) of the GDPR. We will then no longer process the personal data unless there are demonstrable compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.
You may exercise your data subject rights at any time, either with us or with the relevant service provider.
If you wish to exercise your rights with us, you can reach us and our Data Protection Officer using the contact information provided above.
We are required to forward your request to the relevant service providers. They will inform you and ensure that your rights can be enforced (including information obligations under Articles 12–13 of the GDPR, data subject rights under Articles 15–22 of the GDPR, and data security and reporting of data breaches under Articles 32–34 of the GDPR). We have no influence over how service providers fulfill their obligations and implement decisions.
You can find the data protection officer for the respective service provider or a contact form for exercising your rights as a data subject in the privacy policy of the respective service provider
LinkedIn: https://www.linkedin.com/help/linkedin/ask/TSO-DPO