Data protection.

Data privacy statement for the processing of data in accordance with Art. 13 EU General Data Protection Regulation (GDPR)

We at Knorr-Bremse AG (hereinafter referred to as “the Company”) are delighted that you have decided to visit our website at www.merak-hvac.com .

Data protection and data security for those using our website are very important to the Company. We would therefore like you to notify you here about which of your personal data we collect when you visit our website and for what purposes it is used.

This data privacy statement is designed to inform you about the processing of your personal data by the Company and your related data privacy rights. Should you have any questions about the contents of this data privacy statement, please direct them to the following address at any time:

info@knorr-bremse.com

Since legislative amendments or changes to our internal processes may require amendments to this data privacy statement, we ask that you review this data privacy statement regularly.

This data privacy statement applies to the Company’s Internet offering, which can be viewed at https://www.knorr-bremse.com , as well as the various subdomains and individual pages (hereinafter collectively referred to as the "website").

§ 1 Definitions

The Company’s data privacy statement is based on the terms used by the European legislator and regulator for the adoption of the General Data Protection Regulation (GDPR). Our data privacy statement is designed to be easily read and understood for the general public, as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data privacy statement we have used the following terms, among others:

1) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristics specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2) Data subject

A data subject is any identified or identifiable natural person whose personal data is collected and/or processed by the controller.

3) Processing

Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.

5) Profiling

Profiling means any form of automated processing of personal data involving the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6) Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7) Controller or controller responsible for the processing

The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s nomination may be provided for by Union or Member State law.

8) Processor

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

9) Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data as part of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11) Consent

The data subject’s consent refers to any specific freely given, informed and unambiguous indication of the data subject's wishes by which the data subject indicates, by means of a declaration or by otherwise taking clear affirmative action, that he or she is in agreement with the processing of personal data relating to him or her.

§ 2 Contact

1) Name and address of the controller

The controller under the General Data Protection Regulation is:
Knorr-Bremse España, S.A.
Parque Empresarial "La Carpetania"
C/Miguel Faraday, 1
28906 GETAFE (Madrid)
Phone: +34 911 459 400
E-mail: merak@merak-hvac.com

§ 3 Rights of the data subject

We take the protection of your personal data seriously and want to protect your rights. We therefore only store your personal data for as long as this is permitted by law for the purposes stated below.

The stored personal data will therefore be deleted if the storage of this data is no longer necessary to fulfil the purpose for which it was stored.

We would like to point out that the provision of your data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. However, failure to provide the data may result in you not being able to use certain functions/services on our website.

We would also like to draw your attention to your rights, in particular the right to:

  • Information on what data we have stored about you;
  • Rectification, should we hold incorrect data despite our effort to maintain accurate and up-to-date data;
  • The deletion of your data, unless there are exceptional circumstances that justify further processing;
  • The restriction of processing, should there be a justified reason to do so.
  • Object to the processing of your data;
  • A copy of the data and, if necessary, the transfer of the data to other controllers;
  • Revoke your consent into the future, should you have given us your consent for the processing of your data.

In all of the above cases, please contact us at:
Knorr-Bremse AG
Moosacher Str. 80
80809 München
Deutschland (Germany)
Phone: +49 89 3547-0
E-mail: info@knorr-bremse.com

If you have any questions, please do not hesitate to contact us and our data protection officer.

Should you have reason to complain, you can also contact a supervisory authority. The supervisory authority primarily responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Deutschland (Germany)
Phone: +49 981 53-1300
Fax: +49 981 53-981300
E-mail: poststelle@lda.bayern.de

§ 4 Purpose of data collection

Depending on which of the functions or services of our website you use, we may need to use your personal data. Your personal data will not be used for the types of use specified in this data privacy statement.

When using the website for information purposes only, if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (the legal basis for this is contained in Art. 6 (1) lit. f) GDPR):

  • IP address
  • Date and time of request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • The amount of data transferred in each case
  • The website from which the request comes
  • Browser
  • The operating system and its interface
  • The language and version of the browser software

§ 5 Cookies

In addition to the above data, we use so-called “cookies”. Cookies are small text files that are sent to your browser by our web server during your visit to our website and stored by it on your device for subsequent retrieval. Cookies cannot run any programmes or transfer viruses to your computer. They are used to make the Internet offering more effective and user-friendly overall.

In particular, the cookies used allow us to determine the frequency of use and the number of users of our websites, and to continue to identify your device when you visit our website or when you switch from one of our websites to another one, and to determine the end of your visit. This tells us which area of our website and which other websites our users have visited.

However, this usage data does not allow any conclusions to be drawn about the user. All of this anonymously collected usage data will not be merged with your personal data according to § 4 of this data privacy statement and will be deleted immediately once the statistical evaluation has been completed. At the end of the session, in other words, as soon as you stop browsing, the cookies on your device are also deleted.

1) This website uses the following types of cookies, the scope and functioning of which are explained below:
– Transient cookies (see 2)
– Persistent cookies (see 3).

2) Transient cookies

Transient cookies are automatically deleted when you close your browser. This includes the session cookies, in particular. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

3) Persistent cookies

Persistent cookies are deleted automatically after a defined period of time, which can vary from one cookie to another. You can delete the cookies at any time in your browser’s security settings.

4) Browser settings

You can configure your browser settings according to your requirements and e.g., decline to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all of the functions of this website.

5) Language and country details

We use cookies to store your chosen language and country details.

§ 6 Types of use

Due to statutory provisions, the Company’s website contains details that allow people to rapidly get in contact with our company electronically and to communicate directly with us, which also includes a general address for so-called ‘electronic mail' (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored for processing or in order to establish contact with the data subject. This personal data is not transferred to third parties. Transmission using the contact form is encrypted using TLS 1.2. We have no influence on the form of encryption when people contact us directly by e-mail.

The legal basis for this type of use is Art. 6 (1) lit. a) GDPR.

1) Job applications on our website

As part your online application, we collect and process the following personal application data, where provided by you:

  • Surname (mandatory field), first name
  • Date of birth
  • Address
  • Telephone number
  • E-mail (mandatory field)
  • Internet reference
  • Last employer
  • Highest completed level of education
  • Application documents (letter of application, CV, references, certificates, and similar documents)

The data that you provide when you register in our applicant portal will only be collected, processed and stored for purposes relating to your application and your interest in working for the Company. As a matter of principle, the data will not be passed on to third parties and will only be processed within the Company in the context of your application. Data will be collected pursuant to Art 6 (1) a) GDPR.

Your personal application data will generally be deleted automatically three months after the conclusion of the application process. This does not apply if such deletion conflicts with statutory provisions, if continued storage is required for evidential reasons or if you have explicitly consented to the longer-term storage of your data.

Should your application be unsuccessful we will – only with your consent – continue to store your application data beyond the end of the application process so that the Company can contact you if another suitable position arises and continue the application process. This consent relates to applicant data including, in particular, your CV, references, applicant interviews and data that is collected by us as part of your application process. Data is collected pursuant to Art 6 (1) lit. a) GDPR.

2) Data privacy provisions relating to the application and use of YouTube

The controller has integrated components of YouTube into this website.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each call-up to one of the individual pages of this website, which is operated by the controller and into which a YouTube component (YouTube video) has been integrated, the Internet browser on the data subject’s information technology system is automatically prompted by the relevant YouTube component to download a display of the corresponding YouTube component. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/ . As part of this technical process, YouTube and Google obtain knowledge about what specific sub-page of our website has been visited by the data subject.

If the data subject is simultaneously logged in to YouTube, each time a sub-page is called up that contains a YouTube video, YouTube recognises which specific sub-page of our website has been visited by the data subject. This information is collected by YouTube and Google and assigned to the relevant YouTube account of the data subject.

YouTube and Google will always receive information via the YouTube component that the data subject has visited our website if the data subject is also logged in to YouTube at the time that our website is accessed. This occurs regardless of whether the person clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google in this way, the data subject can prevent this information from being transmitted by logging out of their YouTube account before accessing our website.

The data privacy terms published by YouTube, which can be viewed at https://www.google.de/intl/de/policies/privacy/ , provide information about the collection, processing and use of personal data by YouTube and Google.

§ 7 Legal basis for the processing

Art. 6 (1) lit. a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

Art. 6 (1) lit. b) GDPR provides the legal basis for the processing of personal data to fulfil a contract that includes the data subject as a contractual party, or to carry out pre-contractual measures.

Art. 6 (1) lit. c) GDPR provides the legal basis for processing personal data where there is a statutory obligation.

Article 6 (1) lit d) GDPR provides the legal basis for processing personal data where vital interests of the data subject or another natural person must be protected.

Article 6 (1) lit. f) GDPR provides the basis for processing personal data where we have a legitimate interest. Such an interest can be assumed when it relates to the performance of our business activities and if a balancing of interests has found that the performance of our business activities outweighs the rights of the data subject.

§ 8 Period for which the personal data will be stored

The criterion used to determine the period for which personal data will be stored is generally the relevant statutory retention period. Once that period has expired, the corresponding data is routinely deleted, provided that it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

If the purpose for collecting and processing personal data no longer applies, the data will be deleted.

§ 9 Transmission of the data to recipients

Your personal data will not be transmitted to third parties without your consent, with the exception of the cases outlined in this data privacy statement, unless we are statutorily obliged to issue this data (information to law enforcement authorities and courts; information to public bodies in receipt of data due to statutory provisions, e.g., social insurance agencies, financial authorities, etc.) or where we employ third parties, who are bound to professional confidentiality, in order to enforce our claims.

§ 10 Safeguarding measures for protecting the data we store

We are concerned with the protection of your privacy and we are keen to handle your personal data confidentially. We have taken extensive security precautions to prevent the loss or misuse of the data we have stored. We check these precautions on a regular basis and satisfy ourselves that they meet the latest technical standards. Your data will be stored in our databases. These databases are accessible only to us and to those of our employees who have received specific data protection training.

We attach the utmost importance to the standards that we must adhere to. Nevertheless, we draw your attention to the fact that we cannot guarantee that the rules around data privacy and our security precautions will be similarly observed by other persons or institutions that do not fall under our responsibility. For this reason, it is possible that data disclosed over the Internet in unencrypted form may be intercepted by third parties. We have no way to influence this technically. You are responsible for protecting the data that you provide against misuse, either by encryption or by other means.

§ 11 Data storage abroad

We safeguard the data privacy that is mandatory by law in the European Union. In a number of cases, it is possible – particularly for technical reasons – that the data you entrust to us may be stored on servers outside the country (and even outside the European Union) in which you originally entered the data. In this case, and where there is a risk that countries to which your data is transmitted are not subject to the same strict data privacy that applies in your home country or in the country from which you are using our services, we will ensure that your data is handled according to the provisions of this data privacy statement.

§ 12 Hyperlinks to external websites

Our website includes so-called ‘hyperlinks’ to websites from other providers. When these hyperlinks are activated, our website brings you directly to the website of the other provider. One of the ways you can tell that this has happened is that the URL will change.

We cannot assume any responsibility for the confidential handling of your data on third-party websites, because we have no way to ensure that these third parties adhere to data privacy rules. Please refer directly to the corresponding websites to find out how these third parties handle your personal data.

§ 13 Automated decision-making

The Company does not use automatic decision-making or profiling.