privacy policy
1. general
GRASS GmbH appreciates your visit to our website and your interest in our company and our services/products. We take the protection of your personal data seriously. The protection of your privacy when processing personal data is an important concern for us, which we take into account in our business processes. We process personal data collected during visits to our websites in accordance with the data protection regulations of the Federal Republic of Germany. GRASS websites may contain links to websites of other providers to which this data protection declaration does not extend. We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.
1.1 Collection and processing of personal data
When you visit our websites, our web servers store by default the IP address assigned to you by your Internet service provider, the website from which you visit us, the web pages you visit on our site, and the date and duration of your visit. Further personal data is only stored if you have given us your express consent to do so, e.g. as part of a registration, a survey, a competition or for the performance of a contract.
You can also visit this website without providing any personal information. However, in order to improve our online offer, we store (without personal reference) your access data to this website. This access data includes, for example, the file you requested or the name of your Internet provider. By anonymizing the data, it is not possible to draw conclusions about your person.
1.2 Use and disclosure of personal data and purpose limitation
Insofar as personal data (e.g. name, address or e-mail/IP addresses) is collected on our websites, this is always done on a voluntary basis as far as possible. GRASS will use your personal data for the sole purpose of technical administration of the website and, where applicable, for marketing purposes to the extent necessary in each specific case. Personal data will only be transmitted to governmental institutions and authorities within the scope of mandatory legal provisions. Otherwise, this data will not be passed on to third parties without your express consent.
1.3 Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
•Browser type and version
• Operating system used
• Referrer URL
•Host name of the accessing computer
•Time of the server request
This data cannot be assigned to specific persons. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
1.4 SalesViewer® technology
This website uses SalesViewer® technology from SalesViewer® GmbH, Nikolaistraße 2, 44866 Bochum, Germany, to collect and store data for marketing, market research and optimization purposes on the basis of legitimate interests. For this purpose, so-called tracking scripts (in particular here a javascript-based code) are used to collect company-related data. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). Usage profiles can be created from this data under a pseudonym. The data collected with this technology will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. The collection and storage of data can be objected to at any time with effect for the future. To prevent the collection by SalesViewer® within this website in the future, please visit the link https://www.salesviewer.com/opt-out . This will place an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click this link again.
1.5 Transfer of data to third countries
The data transfer to third countries takes place exclusively for marketing purposes through the social media links of the website listed below. According to Art.6 para.1 letter a.
1.5.1 Social media links
GRASS websites contain links to providers of other websites to which this data protection declaration does not extend.
Xing and Kununu
Our websites offer the XING and kununu links. kununu is an application of the XING service. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
When you call up a page of our advertising presence, your browser establishes a direct connection to the XING servers. The content is transmitted by XING directly to your browser and integrated into the page. Through the integration, XING receives the information that your browser has called up the corresponding page of our advertising presence, even if you do not have a profile on XING or are not currently logged in to XING. This information (including IP address) is transmitted by your browser directly to a XING server in Hamburg and stored there.
If you are logged in to XING, XING can directly assign your visit to our website to your XING account. If you interact with the button, the corresponding information is also transmitted directly to a XING server and stored there.
For the purpose and scope of data collection and the further processing and use of the data by XING, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection notices of XING or kununu.
https://www.xing.com/app/share?op=data_protection
http://www.kununu.com/info/datenschutz
Our websites offer links of the social network LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). You can recognize the LinkedIn buttons by the LinkedIn logo on this website.
When you call up a page of our advertising presence, your browser establishes a direct connection to the servers of LinkedIn. The content is transmitted by LinkedIn directly to your browser and integrated into the page. Through the integration, LinkedIn receives the information that your browser has accessed the corresponding page of our advertising presence, even if you do not have a profile on LinkedIn or are not currently logged in to LinkedIn. This information (including IP address) is transmitted by your browser directly to a LinkedIn server in the USA and stored there.
If you are logged in to LinkedIn, LinkedIn can directly assign your visit to our website to your LinkedIn account. If you interact with the button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. The information is also published on your LinkedIn account and displayed to contacts there.
The purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, can be found in LinkedIn’s privacy policy.
Grass GmbH assumes no liability for the data that LinkedIn collects when the link is used.
Facebook and Instagram
Our websites offer links to the social networks Facebook and Instagram, which is operated by Meta Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The buttons are marked with a Facebook or Instagram logo.
When you call up a page of our website that contains such a button, your browser establishes a direct connection to Meta’s servers. The content is transmitted by Meta directly to your browser and integrated into the page. Through this integration, Meta receives the information that your browser has called up the corresponding page of our advertising presence, even if you do not have a Facebook or Instagram profile or are not currently logged in to Facebook or Instagram. This information (including your IP address) is transmitted by your browser directly to a Meta server in the USA and stored there.
If you are logged in to Facebook or Instagram, Meta can directly associate your visit to our website with your Facebook or Instagram profile. If you interact with the link, this information is also transmitted directly to a Meta server and stored there.
The purpose and scope of the data collection and the further processing and use of the data by Meta, as well as your rights in this regard and setting options for protecting your privacy, can be found in Meta’s privacy policy.
If you do not want Meta to directly assign the data collected via our website to your Facebook or Instagram profile, you must log out of Facebook or Instagram before visiting our website. You can also completely prevent the loading of Meta plugins with add-ons for your browser, e.g. with the “Facebook Blocker”.
Grass GmbH assumes no liability for the data that Meta collects when using the link.
1.5.2 Piwik Pro
Due to our legitimate interests, this website uses the service “Piwik Pro” for the optimization and analysis of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO the service “Piwik Pro”, which is provided by Piwik PRO GmbH.
(Kurfürstendamm 21, 10719 Berlin). The service (Piwik Pro) uses “cookies” – text files that are stored on your terminal device. The information collected by the cookies is usually sent anonymously to a cloud server in Germany and stored there.
IP anonymization is used on this website. The IP address of the user is shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. This shortening eliminates the personal reference of your IP address. The user’s IP address transmitted by the browser is not combined with other data.
The data collected by Piwik Pro on our behalf is used to evaluate the use of our online offering by individual users, e.g. to create reports on website activity in order to improve our online offering.
You have the option of preventing cookies from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you can access all functions of this website without restrictions if your browser does not allow cookies.
Furthermore, you can use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to and used by Piwik Pro.
If you delete your cookies regularly, you will need to click on the link again each time you visit this website.
Here you can find more information about data usage by Piwik Pro:
•https://piwikpro.de/
IP anonymization
We have activated the IP anonymization function on this website. On behalf of the operator of this website, Piwik Pro will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Piwik Pro will not be merged with other data.
Reach measurement & cookies
This website uses cookies for pseudonymized reach measurement, which are transmitted to the user’s browser either by our server or the server of a third party. Cookies are small files that are stored on your terminal device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website.
If you do not want cookies to be stored on your end device for the purpose of measuring reach, you can object to the use of these files here:
– Cookie deactivation page of the Network Advertising Initiative: http://optout.networkadvertising.org/?c=1#!/
– Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/
Common browsers offer the setting option to not allow cookies. Note: It is not guaranteed that you will be able to access all functions of this website without restrictions if you make the appropriate settings.
Collection and processing of personal data
The website operator collects, uses and discloses your personal data only if this is permitted by law or if you consent to the collection of data
You can also visit this website without providing any personal information. However, we store your access data to this website (without personal reference) in order to improve our online offering. This access data includes, for example, the file you have requested or the name of your internet provider. By anonymizing the data, it is not possible to draw conclusions about your person.
Objection to data collection
You can prevent the collection of your data by Piwik Pro.de For more information on how Piwik Pro handles user data, please see the Piwik Pro privacy policy: https://piwikpro.de/datenschutz/
1.6 Objection to advertising mails
The use of contact data published within the framework of the imprint obligation to send advertising and information materials not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
1.7 SSL encryption
For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, this site may use SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
1.8 Contact form
If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass this data on to third parties without your consent, unless we are legally obliged to do so.
2. your rights
You have the following data protection rights, for the exercise of which you can contact us or our data protection officer at any time using the data specified in sections 1 and 2:
GRASS GmbH, represented by Frank Hahn (Managing Director), Kreuzstraße 24, 55543 Bad Kreuznach (hereinafter referred to as “we”), is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”).
Data protection officer: Norbert Stein, bdsb(at)grass-gmbh.de, phone +49-671-9289-236, Kreuzstraße 24, 55543 Bad Kreuznach.
2.1 Information
You have the right to obtain information about your personal data processed by us and to request access to and/or copies of your personal data. This includes information about the purpose of the use, the category of data used, its recipients and authorized persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.
2.2 Correction, deletion or restriction of processing
You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
2.3 Right of objection
Insofar as the processing of personal data concerning you is carried out on the basis of Art. 6 (1) (f) DSGVO, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
2.4 Right of withdrawal
If the processing is based on consent, you have the right to revoke the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do this, you can contact us or our data protection officer at any time using the above data.
2.5 Right to deletion
You have the right to request that we delete personal data concerning you without undue delay and we are obliged to delete personal data without undue delay if one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You object to the processing in accordance with point 8.c above and there are no overriding legitimate grounds for the processing.
The personal data have been processed unlawfully.
The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
This does not apply insofar as the processing is necessary:
for compliance with a legal obligation which requires processing under the law of the Union or the Member States to which we are subject.
for the assertion, exercise or defense of legal claims.
2.6 Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
The accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data,
The processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data;
We no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims, or
you have objected to the processing in accordance with point 8.c above, as long as it has not yet been determined whether our legitimate grounds outweigh yours.
Where processing has been restricted in accordance with this point (f), such personal data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If you have obtained a restriction on processing, we will inform you before the restriction is lifted.
2.7 Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority having jurisdiction over you:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Postfach 3040
55020 Mainz
Phone: +49-6131-8920-0
Mail: poststelle@datenschutz.rlp.de
3. Newsletter
3.1. Newsletterdata
The following information explains the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described. Content Newsletter We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users.
3.2 Double opt-in and logging
Registration for our newsletter takes place in a so-called double opt-in process, i.e. after registration you will receive an e-mail in which you are asked to confirm your registration. The confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your stored data are also logged.
3.3 Login data
To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to enter your first and last name. This information is only used to personalize the newsletter.
3.4 Termination and revocation
You can cancel the receipt of our newsletter at any time, i.e. revoke your consents.
3.5 Legal basis Data Protection Regulation
In accordance with the requirements of the Basic Data Protection Regulation (DSGVO) applicable as of May 25, 2018, we inform you that the consent to the sending of e-mail addresses is based on Art. 6 Ia7. DSGVO as well as § 7 II No. 3, respectively III UWG. We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Grass GmbH privacy policy regarding the processing of applications
We are pleased that you have applied to GRASS GmbH.
In the following, we explain how we process your personal data in the context of an application and provide further relevant information in this context.
1. who is responsible for processing your personal data?
GRASS GmbH, represented by Frank Hahn (Managing Director), Kreuzstraße 24, 55543 Bad Kreuznach (hereinafter referred to as “we”), is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”).
2. data protection officer
For all questions related to the processing of your personal data and the exercise of your rights under the GDPR, you can consult our company data protection officer (DPO), whom you can contact by e-mail via bDSB(at)grass-gmbh.de or by mail to Grass GmbH, attn. Data Protection Officer, Kreuzstraße 24, 55543 Bad Kreuznach, Germany, or by phone at +49-671-9289-236.
For what purposes and on what legal basis do we process personal data?
We process personal data about you for the purpose of your application for employment to the extent necessary to decide whether to establish an employment relationship with us. We process these in the “softgarden” applicant management system. You can find Softgarden’s privacy policy at: https://network.softgarden.io/#/privacy-policy/de
The legal basis for this is Section 26 (1) in conjunction with (8) sentence 2 BDSG.
Furthermore, we may process personal data about you to the extent necessary to defend asserted legal claims against us arising from the application process.
The legal basis for this is Art. 6 para. 1, letter c DSGVO; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Insofar as an employment relationship arises between you and us, we may, in accordance with Section 26 (1) of the German Federal Data Protection Act (BDSG), further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representative body resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).
4. what categories of personal data do we process?
We process data related to your application. This may be general personal data (such as name, address and contact details), information on your professional qualifications and school education or information on professional training or other information that you provide to us in connection with your application. In addition, we may process job-related information that you have made publicly available, such as a profile on professional social media networks.
5. what are the sources of personal data if we do not collect it from you?
Insofar as we do not collect the data directly from you and you have an active applicant profile with an Internet provider (e.g. Stepstone), or disclose an inactive or only partially active profile to us as part of the application process, we may also collect personal data from them.
6. what are the categories of recipients of the data?
We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out in section 3.
7. is the transfer to a third country intended?
A transfer to a third country is not intended.
8. how long will your data be stored?
We store your personal data for as long as is necessary to make a decision about your application, but for no longer than three months. Insofar as an employment relationship between you and us does not come about, we may continue to store data beyond this, insofar as this is necessary for the defense against possible legal claims. In this case, the application documents will be deleted six months after notification of the rejection decision, unless longer storage is required due to legal disputes or we have your express consent to retain your data for a further 12 months (e.g. for consideration in future job advertisements).
9. what rights do you have?
As an applicant with us, you have the following data protection rights, which you can exercise by contacting us or our data protection officer at any time using the data specified in items 1and 2:
a. Information
You have the right to obtain information about your personal data processed by us and to request access to and/or copies of your personal data. This includes information about the purpose of the use, the category of data used, its recipients and authorized persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.
b. Correction, deletion or restriction of processing
You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
c. Right of objection
Insofar as the processing of personal data concerning you is carried out on the basis of Art. 6 (1) (f) DSGVO, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
d. Right of withdrawal
If the processing is based on consent, you have the right to revoke the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do this, you can contact us or our data protection officer at any time using the above data.
e. Right to deletion
You have the right to request that we delete personal data concerning you without undue delay and we are obliged to delete personal data without undue delay if one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed
You object to the processing in accordance with point 8.c above and there are no overriding legitimate grounds for the processing.
The personal data have been processed unlawfully.
The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
This does not apply insofar as the processing is necessary:
for compliance with a legal obligation which requires processing under the law of the Union or the Member States to which we are subject.
for the assertion, exercise or defense of legal claims.
f. Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
The accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data,
The processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data;
We no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims, or
you have objected to the processing in accordance with point 8.c above, as long as it has not yet been determined whether our legitimate grounds outweigh yours.
Where processing has been restricted in accordance with this point (f), such personal data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If you have obtained a restriction on processing, we will inform you before the restriction is lifted.
g. Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority competent for you:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Postfach 3040
55020 Mainz
Phone: +49-6131-8920-0
Mail: poststelle@datenschutz.rlp.de
10. necessity of providing personal data
The provision of personal data is neither legally nor contractually required, nor are you obliged to provide the personal data. However, the provision of personal data is required for the conclusion of a contract of employment with us.
This means that unless you provide us with personal data when applying for a job, we will not enter into an employment relationship with you.