Privacy Policy

Protecting your data

We are pleased that you visit our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point about which of your personal data we collect when you visit our website and for what purposes it is used. This data protection declaration applies to the Graphite Materials website, which can be accessed under the domain www.graphite-materials.com and the various subdomains (“our website”).

Who is responsible and how can I contact you?

Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) Graphite Materials GmbH Rothenburger Str. 76 90522 Oberasbach +49 911 999 01 03-0 info@graphite-materials.com Data Protection Officer Datenschutz Pöllinger GmbH Dresdner Straße 38 92318 Neumarkt +49 9181 2705770 datenschutz@datenschutz-poellinger.de

What is it about?

This data protection declaration meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or user behavior when visiting a website. Information that we cannot (or only with a disproportionate amount of effort) relate to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. collection, querying, use, storage or transmission) always requires a legal basis and a defined purpose. Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We inform you in the individual processing operations about the specific storage periods or criteria for storage. Irrespective of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory storage obligations.

Who gets my data?

We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then be, for example, law enforcement agencies, lawyers, auditors, courts, etc. Insofar as we use service providers for the operation of our website who process personal data on our behalf within the scope of order processing in accordance with Art. 28 DSGVO, these can be recipients of your personal data. More information on the use of processors and web services can be found in the overview of the individual processing operations.

Do you use cookies?

Cookies are small text files that are sent to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by understanding how you use our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not damage your end device. They cannot run programs and do not contain viruses. We provide information about the respective services for which we use cookies in the individual processing operations. You can find detailed information on the cookies used in the cookie settings or in the Consent Manager of this website.

What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you as the data subject have the following rights: Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data. Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us. Deletion in accordance with Art. 17 DSGVO of the data stored by us, insofar as the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. Restriction of processing in accordance with Art. 18 GDPR if the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you have raised an objection to the processing pursuant to Art. 21 GDPR. Data transferability Data transferability in accordance with Article 20 GDPR, insofar as you have given us personal data within the framework of consent in accordance with Article 6 Paragraph 1 lit. a GDPR and Section 25 Paragraph 1 TTDSG or on the basis of a contract in accordance with Article 6 Paragraph 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transmit the data directly to another person in charge, insofar as this is technically feasible. Objection pursuant to Article 21 GDPR against the processing of your personal data, insofar as this is based on Article 6 Paragraph 1 lit. e, f GDPR and there are reasons for this that arise from your particular situation or the objection against direct mail. The right to object does not exist if predominantly compelling reasons worthy of protection for the processing can be proven or the processing is carried out to assert, exercise or defend legal claims. If there is no right to object to individual processing operations, this is stated there. Complaint in accordance with Article 77 GDPR with a supervisory authority if you believe the processing.

How is my data processed in detail?

Below we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

Type and scope of processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who processes data on our behalf for the above purposes in accordance with Article 28 GDPR.

Purpose and Legal Basis

The processing is carried out to protect our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Article 6 (f) GDPR. The collection of the data and the storage in log files is absolutely necessary for the operation of the website. A right to object to the processing does not exist due to the exception under Article 21 (1) GDPR. Insofar as further storage of the log files is required by law, processing is carried out on the basis of Article 6 (1) (c) GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to access our website without providing the data.

Storage duration

The aforementioned data is stored for the duration of the website display and, for technical reasons, for a maximum of 7 days.

Contact form for applicants

Type and scope of processing

We collect and process the personal data of applicants. Corresponding data processing can also take place electronically, for example if applicants send us application documents by e-mail or via a web form on our website. On our website we offer you the opportunity to send us applications for advertised vacancies by e-mail. Your data will only be stored in an applicant database beyond the current application process if you have given us your separate consent to do so.

Purpose and Legal Basis

The processing of your data in connection with your application takes place for the purpose of processing your application and making a decision on the establishment of an employment relationship on the basis of § 26 BDSG. If your application documents are passed on to third parties, in particular to companies affiliated with us, and if your data is stored beyond the current application process, your data will be processed on the basis of Article 6 (1) sentence 1 lit. a GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information.

Storage duration

We store the collected data for a period of six months from the date the position was filled.

Newsletter

Type and scope of processing

If you register on our website to receive our newsletter, we collect your e-mail address and your name… and store this information together with the date of registration and your IP address. You will then receive an e-mail in which you must confirm your subscription to the newsletter (double opt-in). If you do not confirm your registration within XX hours, it will automatically expire and the data will not be processed for sending the newsletter. To send the newsletter, we use a service from Newsletter2Go, which processes your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not be passed on to third parties. We use a service provided by the service providers to send the newsletter, who process your personal data on our behalf in accordance with Art. 28 DSGVO. Your data will not be passed on to third parties.

Purpose and Legal Basis

We process your data for the purpose of sending the newsletter on the basis of your consent in accordance with Article 6 (1) (a) GDPR. By unsubscribing from the newsletter, you can declare your revocation at any time with effect for the future in accordance with Article 7 (3) GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.

Storage duration

After registering for the newsletter, we store the data for a maximum of XX hours until the registration is confirmed. After successful confirmation, we will store your data until you revoke your consent (unsubscribe from the newsletter) and, for technical reasons, for a maximum of 7 days. Registration on this site

Google Ads

Type and scope of processing

We have integrated Google Ads into our website. Google Ads is a service provided by Google Ireland Limited that displays targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider. If you are registered with a Google Ireland Limited service, Google Ads can associate your visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider may find out and store your IP address and other identifiers. In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and Legal Basis

The use of Google Ads is based on your consent in accordance with Art. 6 Para. 1 lit. a. DSGVO and § 25 Para. 1 TDDDG We intend to transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data is transferred to the United States in accordance with Article 45(1) of the GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have agreed with the recipients of the data on other suitable guarantees within the meaning of Art. 44 et seq. of the GDPR. These are – unless otherwise stated – standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa. eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent for such a third-country transfer in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third-country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not be aware).

Storage duration

We have no influence over the specific storage duration of the processed data; this is determined by Google Ireland Limited. Further information can be found in the Google Ads privacy policy: https://policies.google.com/privacy.

Google Analytics

Type and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online services. This includes, for example, the number of visits to our online services, the sub-pages visited and the length of time visitors stay on our site. Google Analytics uses cookies and other browser technologies to analyze user behavior and recognize users. This information is used, among other things, to compile reports on website activity.

Purpose and Legal Basis

The use of Google Analytics is based on your consent in accordance with Art. 6 Para. 1 lit. a. DSGVO and § 25 Abs. 1 TDDDG. We intend to transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data is transferred to the United States in accordance with Article 45(1) of the GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have agreed with the recipients of the data on other suitable guarantees within the meaning of Art. 44 et seq. of the GDPR. These are – unless otherwise stated – standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa. eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent for such a third-country transfer in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third-country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not be aware).

Storage duration

We have no influence over the specific storage duration of the processed data; this is determined by Google Ireland Limited. Further information can be found in the Google Analytics privacy policy: https://policies.google.com/privacy.

Google DoubleClick

Type and scope of processing

We have integrated components from Google DoubleClick into our website. DoubleClick is a Google brand that is used primarily to market specialized online marketing solutions to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with every impression, click or other activity. Each of these data transfers triggers a cookie request to the data subject’s browser. If the browser accepts this request, DoubleClick sets a cookie in your browser. DoubleClick uses a cookie ID that is required to carry out the technical process. The cookie ID is needed, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which ads have already been displayed in a browser to avoid duplication. Furthermore, the cookie ID enables DoubleClick to record conversions. For example, conversions are recorded when a user has previously been shown a DoubleClick ad and then makes a purchase on the advertiser’s website using the same internet browser. A DoubleClick cookie does not contain any personal data, but it may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns that you have already been in contact with on other websites. As part of this service, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google can see that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google may be retrieved under https://policies.google.com/privacy.

Purpose and Legal Basis

We process your data using the DoubleClick cookie for the purpose of optimizing and displaying advertising based on your consent in accordance with Art. 6 (1) a GDPR and Section 25 (1) TDDDG. Among other things, the cookie is used to place and display user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie is used to avoid multiple insertions of the same advertisement. Each time you access an individual page of our website that has an integrated DoubleClick component, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purposes of online advertising and billing of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, you can visit our website without restriction, but not all functions may be fully available. We intend to transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data is transferred to the United States in accordance with Article 45(1) of the GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have agreed with the recipients of the data on other suitable guarantees within the meaning of Art. 44 et seq. of the GDPR. These are – unless otherwise stated – standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa. eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent for such a third-country transfer in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third-country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not be aware).

Storage duration

We have no influence over the specific storage duration of the processed data; this is determined by Google Ireland Limited. For more information, please see the Google DoubleClick privacy policy: https://policies.google.com/privacy.

Google Tag Manager

Type and scope of processing

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through a single interface and allows us to control the precise integration of services on our website. This allows us to flexibly integrate additional services to analyze user access to our website.

Purpose and Legal Basis

Google Tag Manager is used on the basis of your consent in accordance with Art. 6 Para. 1 lit. a. DSGVO and § 25 Para. 1 TDDDG. We intend to transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data is transferred to the United States in accordance with Article 45(1) of the GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have agreed with the recipients of the data on other suitable guarantees within the meaning of Art. 44 et seq. of the GDPR. These are – unless otherwise stated – standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa. eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent for such a third-country transfer in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third-country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not be aware).

Storage duration

We have no influence over the specific storage duration of the processed data; this is determined by Google Ireland Limited. Further information can be found in the Google Tag Manager privacy policy.

Cookies