Data protection

As the operator of these pages, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with data privacy information.

When you use this website, various personal data are collected. Personal data is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. This privacy notice explains which information we collect and how we use it. It also explains how and for which purpose this is done.

Personal data is only collected, used and, if necessary, passed on by the provider if this is expressly permitted by law or if the user consents to the collection, processing, use and passing on of the data.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

1. General information
1.1 Provider and responsible entity within the meaning of the Data Privacy Act

SIMONA AG

Teichweg 16
55606 Kirn
Germany

Phone +49 (0) 67 52 14-0
Fax +49 (0) 67 52 14-211
mail(at)simona-group.com

You can address general inquiries about data protection, such as the enforcement of data subject rights, as well as confidential data protection inquiries to our data protection officer by telephone, post or e-mail:

Ronald Baranowski
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
D – 61118 Bad Vilbel
Tel: +49 6101 982 9422
rb(at)six-datenschutz.de

1.2 Scope of application

This data privacy information applies to the following offers:

  • our online offer, available in particular at website www.sustainability.simona.de,
  • whenever otherwise from one of our offers (e.g. websites, subdomains, mobile applications, web services or integrations in integration into third-party sites) refers to this data privacy notice regardless of how you access or use it.

All of these offers are collectively also referred to as “services”.

1.3 Integration of third-party services and content

Our offer sometimes includes content and services of other providers. In order for this data to be called up and displayed in the user’s browser, the transmission of the IP address is mandatory. The providers (hereinafter referred to as “third party providers”) therefore perceive the IP address of the respective user.

Even though we endeavour to use only third-party providers who only need the IP address to be able to deliver content, we have no influence on whether the IP address may be stored. In this case, this process serves statistical purposes, among other things. If we are aware that the IP address is stored, we inform our users of this fact.

1.4 Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements.

If the transfer of data to a third country is not for the purpose of fulfilling our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defence of legal claims and no other exemption under Article 49 of the GDPR applies, we will only transfer your data to a third country if an adequacy decision under Article 45 of the GDPR or appropriate safeguards under Article 46 of the GDPR are in place.

An adequate level of data privacy in the USA has been declared most recently by the adequacy decision “Data Privacy Framework (DPF)” adopted in July 2023 which you can find here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. U.S. companies must certify to be listed within the DPF. We have agreed so-called EU standard data protection clauses with the providers in third countries, as well as partially data processing on European and German servers. Timely data deletion reduces the risk of third-party access.

Alternatively or in addition, by entering into the EU standard data protection clauses adopted by the European Commission with the receiving entity, they create appropriate safeguards in accordance with Article 46(2)(c) of the GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the website of the European Commission, available here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de

1.5 Disclosure of data to third parties

Your data will not be passed on to unauthorized third parties. Where external service providers receive your personal data we have ensured that they implement appropriate technical and organizational measures and that they comply with the applicable data protection regulations and laws.

1.6 Data minimisation

In accordance with the principles of data avoidance and data minimization, we only store personal data for as long as is necessary or prescribed by law (statutory storage period). If the purpose of the information collected no longer applies or the storage period ends, we block or delete the data.

2. The processing operations in detail

In the following we inform you for what purpose, in what way and to what extent, your personal data may be processed when you visit our website.

2.1 Cookies

This website uses so-called cookies. These are text files that are stored on your computer from the server. They may contain information about the browser, the IP address, the operating system and the internet connection. We do not pass this data on to third parties or link it to personal data without your consent.

Cookies fulfil two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or to launch programs.

Users have the option of accessing our website without cookies. To do this, the corresponding settings must be changed in the browser. Please use the help function of your browser to find out how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and reduce user comfort.

The site www.aboutads.info/choices/ (USA) and www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage online ad cookies.

2.2 Collection of personal data when visiting our website

In the case of merely informative use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 p. 1 lit. f) GDPR), legitimate interest:

  • IP address
  • host name
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request came (referrer)
  • The specific pages of our website that you have accessed
  • Browser: Type, version and language
  • Operating system: type and version

If JavaScript is enabled, also:

  • Screen resolution
  • colour depth
  • Size of the browser window
  • Installed browser plug-ins
2.3 Use of essential cookies

Essential cookies do not require your consent and are processed by us in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is the smooth and optimal use and presentation of our website.

2.4 Cookie-Consent

On our website we use the cookie consent tool „Complianz“ der Complianz BV, CoC 717814475, Kalmarweg 14-5, 9723 JG, Groningen (NL). The purpose of this processing is to request your consent for the non-technical cookies used on our website and to document it in accordance with applicable data protection regulations and laws.

When you visit our website, a cookie is stored in your browser to document the consents you have given or the revocation of these consents.

The legal basis for this data processing is Art. 6 para. 1 lit. c) GDPR – legal obligation, which is that consent must be obtained for non-technically necessary cookies before they are used in accordance with the ECJ ruling of 1 October 2019, AZ C-673/17.

The collected data will be stored until you request us to delete it or until you delete the cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

More information can be found here.

2.5 WordPress

Our website has been created using the WordPress open source content management system. This service is provided by Automattic Inc (60 29th Street #343, San Francisco, CA 94110, USA) (hereinafter: ‘WordPress’).

WordPress provides us with statistics when using this service so that we can analyse and optimise our website. Only anonymised data is collected and stored for these statistics (e.g. IP address). This means that WordPress cannot establish any reference to your person.

  • Furthermore, transaction data is collected for this purpose:
  • the address of the page accessed
  • Browser and browser version
  • the operating system used
  • the address of the previously visited website (referrer URL)
  • Host name of the device from which access is made
  • Date and time
  • Country/city information
  • Number of visitors coming from a search engine
  • Duration of the website visit
  • Clicks on the website

We also use WordPress extensions, offered by various service providers, with which we can design the website in a visual and user-friendly way.

We have integrated the following services to extend the functionalities of WordPress:

‘WPML’ is a cookie that is used to save the language settings on our website. The cookie is stored for 1 day.

‘Elementor’ is a service for designing our websites. Elementor provides us with various functionalities for website creation so that our pages can be displayed correctly and optimally on the respective end devices. This service is provided by Elementor Ltd, 9 Clare Street, Dublin 2, D02 HH30, Ireland (with headquarters in Ramat Gan, Israel). Further information can be found here.

The legal basis for this type of processing is your consent in accordance with Art. 6 para. 1 lit. f) GDPR and the data is stored locally until it is no longer required for the above-mentioned purposes.

You can find further information here: https://automattic.com/de/privacy

2.6 etracker

We use the services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyse usage data. etracker first receives the information transmitted by your browser. This is done in so-called “cookie-less” mode. No data is transmitted that enables the user to be identified. The purpose is to statistically analyse the use of this website by its visitors and to display usage-related content or advertising. This type of processing is carried out in our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimisation of our online offering and our website.

etracker also provides additional functionalities for analysis purposes. For this purpose, a cookie is set for “anonymous recognition” to enable further analyses. As the privacy of our visitors is particularly important to us, etracker anonymises the IP address as early as possible and converts login or device identifiers into a unique key that is not assigned to a person. No other use, merging with other data or transfer to third parties is carried out by etracker. This further processing takes place with your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time in the cookie settings.

The data generated with etracker is processed and stored by etracker on our behalf exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and has been awarded the ePrivacyseal data protection seal of approval.

Further information on data protection at etracker can be found here.

2.7 Google Fonts

We use the fonts of the provider Google Web Fonts (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) for the graphically standardised display of fonts.

We only use locally pre-installed fonts ourselves. This means that the fonts are initially loaded and installed by us and no personal data is required for the operation of these services and is also not transmitted to the providers.

The use of the above-mentioned services is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of the legal basis of Art. 6 para. 1 lit. f) GDPR.

Further information on data processing by Google can be found at

https://developers.google.com/fonts/faq

https://www.google.com/policies/privacy

2.8 Social Media

We maintain publicly accessible profiles in the social networks to which we provide links on our website. The controller is therefore responsible for the respective presence in the respective social network.

As a rule, social networks comprehensively analyse your user behaviour when you visit their websites. Visiting social media sites therefore triggers numerous data protection-relevant processing operations over which we have no influence.

If you are logged into your social media account and visit a social media presence, the operator of the social network can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social network. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social networks can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social networks. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing operations of the social networks. Depending on the provider, further processing operations may therefore be carried out. For details, please refer to the terms of use and data protection provisions of the respective social network (see below).

The purpose of our social media presence is to ensure that our company, goods and services are presented as comprehensively as possible on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. on your consent within the meaning of Art. 6 para. 1 lit. a) GDPR).

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete your data, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions and retention periods remain unaffected.

We have no influence on the duration of the storage of your personal data by the operators of the social networks for their own purposes. Please obtain information directly from the operators of the social networks (e.g. in their data protection notices, see below).

Social networks in detail:
Instagram

The operating company of the Instagram services is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data collected is also transferred to the USA and other third countries and stored on servers in the USA or other third countries. We have concluded an agreement with Meta on joint responsibility (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit the Instagram page. You can view this agreement at the following link

www.facebook.com/legal/terms/page_controller_addendum

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:

https://help.instagram.com/131112217071354

Details can be found in Instagram’s privacy policy:

https://about.instagram.com/de-de/safety

Further information and Instagram’s applicable privacy policy can be found at help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/

LinkedIn

The platform is provided by LinkedIn Corporation (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 Ireland). LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn profile.

We have entered into a Data Processing Agreement with LinkedIn that governs the following operations: the processing of personal data that we upload or otherwise provide to LinkedIn in connection with the Services, the processing of personal data by LinkedIn on our behalf in connection with the Services, and the processing of any personal data that LinkedIn uploads or otherwise provides to us in connection with the Services. The agreement is available at: https://de.linkedin.com/legal/l/dpa.

Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. According to its own information, LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

Further information on the processing of personal data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy

Xing

We have a presence on the company evaluation platform ‘Xing’. Xing is a service provided by New Work SE, Am Strandkai 1, 20457 Hamburg (hereinafter referred to as ‘Xing’).

Xing offers users the opportunity to make and view reviews of employers. At the same time, we use our own online presence on Xing to provide information about our company, career opportunities, our products and services.

When you visit our page on Xing and during other interactions with our page on Xing, Xing collects personal data from users through the use of cookies. Xing may also collect such data from users who are not logged in or registered with Xing.

We do not receive any account data from registered users. However, we do receive anonymous statistics about our site from Xing. The following information is made available to us, among other things:

  • Statistics on visitors and followers of our company page
  • the number of hits on our company page; traffic analysis that shows how visitors became aware of our company page
  • the search engine enquiries of the last 180 days.

We cannot draw any conclusions about individual users from these statistics. We use the statistics to continuously improve our online offering on Xing.

Information about data collection and further processing by Xing can be found in the data protection information at

https://privacy.xing.com/de/datenschutzerklaerung

2.9 Online application

The data controller collects and processes the personal data of applicants for the purpose of handling the application process and for the decision on the establishment of an employment relationship. This is done on the basis of Art. 88 para. 1 GDPR in conjunction with (in conjunction with) Section 26 of the Federal Data Protection Act (BDSG) and Art. 6 para. 1 lit. b) GDPR – pre-contractual measures. Processing can also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. Your data will only be forwarded to the departments responsible for the application process.

If the controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any contractual, legal or other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in a defense in proceedings under the General Equal Treatment Act (AGG).

Read our note on this subject

 

3 Your rights to information, correction, blocking, deletion and objection

As a data subject, you have the following rights:

  • Pursuant to Art. 15 of the GDPR, the right to request information about your personal data processed by us to the extent specified therein;

 

  • pursuant to Art. 16 GDPR, the right to demand the correction of inaccurate or incomplete personal data stored by us without undue delay;

 

  • in accordance with Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is necessary
  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation;
  • for reasons of public interest; or
  • necessary for the assertion, exercise or defence of legal claims;

 

  • Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if
  • the accuracy of the data is disputed by you;
  • the processing is unlawful, but you object to its erasure;
  • we no longer require the data, but you need it to assert, exercise or defend legal claims; or
  • you have objected to the processing in accordance with Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it shall be transferred to another controller;
  • pursuant to Art. 77 GDPR, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. Authorities can be found here: https://www.edpb.europa.eu/notify-data-breach_en

The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz

e-mail: poststelle(at)datenschutz.rlp.de
phone: +49 6131 8920-0, fax: +49 6131 8920-299
https://datenschutz.rlp.de

4 Changes to our privacy policy

In order to ensure that our data privacy information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data privacy information has to be adapted due to new or revised services, for example new services. The new data privacy information will then apply the next time you visit our website. This data privacy notice is valid as of September 2024.