Privacy Policy of Jebsen & Jessen (GmbH & Co.) KG

Effective Date: 01.02.2024

The provisions of the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply across Europe. We would like to inform you about the processing of personal data by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments regarding this privacy policy, you can address them at any time to the following email address: datenschutz@jebsen-jessen.de

Table of Contents:
I. Overview
Scope
Controller
Data Protection Officer
Data Security
II. Details of Data Processing
Accessing the Services
Privacy Notices for Applicants
Contacting Us
Cookies and Services
Social Networks
Transmission to Government Authorities
Storage Duration
III. Rights of Data Subjects
Right to Object
Right to Information
Right to Rectification
Right to Erasure (“Right to be Forgotten”)
Right to Restrict Processing
Right to Data Portability
Right to Withdraw Consent
Right to Lodge a Complaint
IV. Changes to this Privacy Policy

I. Overview This section of the privacy policy provides information on the scope, the controller responsible for data processing, their Data Protection Officer, and data security.

1. Scope
This privacy policy applies to the following offerings:
Our online offering available at www.jebsen-jessen.de;
Other offerings (e.g., websites, subdomains, mobile applications, web services, including third-party integrations), to the extent that they expressly refer to this privacy policy, regardless of the medium;
Direct communication with you.
All these offerings are collectively referred to as “Services.”

2. Controller
The controller responsible for data processing—i.e., the entity that determines the purposes and means of processing personal data—in connection with the Services is:

Jebsen & Jessen (GmbH & Co.) KG

Rödingsmarkt 16
20459

Hamburg

Email: datenschutz@jebsen-jessen.de

3. Data Protection Officer

You can contact our Data Protection Officer as follows:
DS EXTERN GmbH

Dipl.-Kfm. Marc Althaus

Frapanweg 22

D-22589

Hamburg
anfragen@dsextern.de

II. Details of Data Processing

In this section of the privacy policy, we inform you in detail about the processing of personal data within the framework of our services. For better clarity, we structure this information according to specific functionalities of our services. When using the services, different functionalities and thus different data processing operations may come into play sequentially or simultaneously.
1. Accessing the Services Here we describe how we process your personal data when you access our services. Each time our services are accessed, we automatically collect a series of information to correctly display the services on the respective end device and to detect unusual activities or errors in our services. This helps us optimize our services and provide law enforcement authorities with the necessary information in the event of a cyberattack.

These are the access data collected:
Date and time of access to our service;
The website from which the accessing system reached our service (referrer URL);
Subpages accessed by you;
Session identification data (session ID);
Information about the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system, and similar technical information.
These general data and information are stored in the server log files. The data of the server log files are stored separately from all other personal data (details in the following sections).

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, as we need the access data to provide the services you requested, and Art. 6 para. 1 lit. f GDPR, as the processing serves our legitimate interest in offering the services, displaying them correctly on your device, and ensuring their functionality and security. A secure and uninterrupted access to our services is in your interest, so your confidentiality interests do not override our interests in this regard.
You can object to data processing based on legitimate interests at any time (see section III, point 1), but you will no longer be able to use our services as the processing is technically necessary to display them to you.

In some cases, our data processing is carried out with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and process personal data (access data) on our behalf according to our instructions. Likewise, IT security service providers have access to access data as necessary. All involved service providers are processors acting according to our instructions, with whom we have concluded a processing agreement (Art. 28 GDPR). These service providers either process data exclusively within the EU in a region with an adequate level of data protection according to Art. 45 GDPR or we have ensured an adequate level of data protection using the EU standard data protection clauses.

Privacy Notices for Applicants
We are pleased that you are interested in us and are applying or have applied for a position in our company. We would like to provide you with information on the processing of your personal data in connection with your application.

a. Who is responsible for data processing?

The controllers responsible for applicant data processing differ from those responsible for general data processing. Joint controllers within the meaning of data protection law are:
Jebsen & Jessen (GmbH & Co.) KG
Rödingsmarkt 16
20459 Hamburg
(“Jebsen & Jessen”)
and their subsidiaries at the same address:
Jebsen & Jessen Trading Solutions GmbH
Jebsen & Jessen Life Science GmbH
Jebsen & Jessen Chemicals GmbH
Jebagro GmbH
Ruhr Petrol GmbH
Juritex Import-Export GmbH
GMA Garnet (Europe) GmbH
Jebsen & Jessen Industrial Services GmbH
Jebsen & Jessen Industrial Solutions GmbH
Jebsen & Jessen Metals GmbH
(each individually referred to as “Jebsen & Jessen subsidiary”)
(Jebsen & Jessen and Jebsen & Jessen subsidiaries collectively referred to as “Jebsen & Jessen Group”, “we”, “us”).

You can find more information about our company, details of the authorized representatives, and further contact options in the imprint of our website https://www.jebsen-jessen.de/en/impressum/ as well as on the websites of the Jebsen & Jessen subsidiaries.

b. Which personal data of yours do we process? And for what purposes?
We process personal data that you have sent us in connection with your application in order to check your suitability for the position (or, if applicable, other open positions in our companies) and to conduct the application process. This information includes, in particular, your contact details, the information contained in your resume, and your certificates.

c. On what legal basis is this processing based?
The legal basis for processing your personal data in this application process is Art. 6 para. 1 lit. b GDPR in conjunction with § 26 BDSG. According to this, data processing is permissible if it is necessary in connection with the decision on the establishment of an employment relationship.
You have the option in our application form on our website to have resume data extracted automatically from documents or your profile on Xing.com or LinkedIn.com by a tool and transferred in a structured form into the appropriate form fields (“CV parsing”). Offering you the use of CV parsing is intended to make the application process more user-friendly and is based on Art. 6 para. 1 lit. b GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. The tool is not intended to evaluate applications. Each decision about a candidate’s suitability is made by one of our employees.
If you apply to us outside the applicant management system, we will transfer your application to the system and also use CV parsing to extract your data from the resume into the system. This processing is also based on Art. 6 para. 1 lit. b GDPR in conjunction with § 26 para. 1 sentence 1 BDSG and is necessary to conduct the application process effectively and securely.
When you apply for a specific position, you may consent to us checking your application for other opportunities within our company. This processing is based on Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.
Furthermore, you have the option to consent to your application being included in our general applicant pool. We will then store your application based on Art. 6 para. 1 lit. a GDPR for newly opening positions. You can revoke your consent at any time with effect for the future.
If the data may be necessary for legal prosecution after the conclusion of the application process, data processing can take place on the basis of Art. 6 para. 1 lit. f GDPR to protect legitimate interests. Our legitimate interest then lies in asserting or defending claims, which outweighs your interest in non-processing.

d. How long will the data be stored?
Applicant data will be deleted 6 months after a rejection.
If you have consented to your data being included in the applicant pool, your data will be deleted after two years.
If you receive a job offer and are hired as part of the application process, we will transfer your personal data from the applicant data system to our personnel information system.

e. To whom are the data disclosed?
Your applicant data will be reviewed by the HR department at Jebsen & Jessen, which is responsible for all subsidiaries, upon receipt of your application.
In addition to the HR department at Jebsen & Jessen, the respective employees responsible at the subsidiaries will have access to those applications that concern their subsidiary. Only individuals who need your data for the proper conduct of our application process have access to it.
We use specialized applicant management software from the provider d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg (“d.vinci”) for the application process. D.vinci acts as a service provider for us and may also gain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called order processing contract with this provider, which ensures that data processing is carried out in a permissible manner.
The provider of the CV parsing tool and our processor in this regard is Textkernel BV, Nieuwendammerkade 28/a17, 1022, Amsterdam, Netherlands (“Textkernel”). Textkernel processes the received data immediately and sends it back without any storage by entering it into the form fields and displaying it to the user after analysis.

f. Where are the data processed?
The data are primarily processed in data centers within the Federal Republic of Germany and partly in other EU or EEA states.
If you contact us via the contact form on our website or through other means (e.g., by email or phone), we process the data you provide to handle your request. This may include:
Name;
Company;
Email address;
Phone number;
Address;
Information about business activities;
Request.

This processing is based on Art. 6 para. 1 lit. b GDPR if you are a party to a contract with us and your request relates to its fulfillment or if your request is intended to initiate pre-contractual measures. In all other cases, it is based on Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in reviewing and responding to the information and requests you have provided, and your interest in the confidentiality of your personal data does not outweigh this due to your voluntary use of the function. You can object to data processing based on legitimate interests at any time (see Section III, Item 1).
We delete your information as soon as the purpose of processing is fulfilled and we are not legally obligated to retain it.

4. Cookies and services
We also use cookies in our services. Cookies are small text files that are stored on your device via a web browser. This happens either permanently (persistent cookies) or temporarily for the duration of a session (session cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or an automatic solution by your web browser occurs.
Many cookies contain a unique identifier (cookie ID) that allows services to recognize a specific browser that accesses them. This enables the service to be tailored to the individual use of the respective browser.
To generally agree to the setting of cookies, generally reject them, or set individual preferences, please use the consent management tool that is displayed at the beginning of the website visit and is permanently available by clicking the button displayed at the bottom of the screen.
Please note that your selection is usually stored via cookies. If you use our services on a new device or in a different browser, or if you have deleted the cookies set by your browser, you will need to make the selection again.
You can also set your browser to inform you about the setting of cookies, allow cookies only in individual cases, only accept certain cookies or none at all, or automatically delete cookies when closing the browser.
Additionally, cookies that have already been set can be deleted at any time via your browser or other software programs. This is possible in all common web browsers. If you deactivate the setting of cookies in the web browser you use, it may not be possible to use all functions of our services to their full extent.

a. Purposes of processing
Analyzing user behavior using cookies helps us to review the effectiveness of our services, optimize them, and tailor them to users’ needs as well as to fix errors. It also serves to statistically determine metrics on the use of our services (reach, usage intensity, user surfing behavior) based on uniform standard procedures, thus obtaining market-wide comparable values.
In connection with advertising campaigns, cookies can measure their success and help us and our advertising partners optimize ads for the future. This aims to show users ads tailored to their interests, increase the success of advertising, and consequently also the advertising revenue.

b. Legal basis of processing
The legal basis for setting and reading technically necessary cookies for the provision of our services is either a legal obligation (Art. 6 para. 1 lit. c GDPR) or our legitimate interest in providing our services, Art. 6 para. 1 lit. f GDPR. Your interests do not outweigh this since you use our services voluntarily.
The legal basis for processing personal data through all other cookies is your consent according to Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTSG. You can revoke your consent at any time with effect for the future (see Section III, Item 7 for details).

c. Specific services
CookieFirst (Cookie Consent Management Tool)
To obtain and properly document your valid consent to the use and storage of cookies in the browser you use to access our services, we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, Netherlands (“CookieFirst”). Website: https://cookiefirst.com referred to as CookieFirst. When you access our services, a connection to CookieFirst’s server is established to allow us to obtain valid consent from you for the use of certain cookies. CookieFirst then stores a cookie in your browser to only activate the cookies you have consented to and to properly document this. The processed data are stored until the predetermined storage period expires or you request the deletion of the data. Different statutory retention periods may apply.
CookieFirst serves to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 para. 1 lit. c GDPR in conjunction with § 25 para. 2 TDDDG.

We have concluded an order processing agreement with CookieFirst according to Art. 28 GDPR. This is a data protection contract that ensures that the data of our visitors are only processed according to our instructions and in compliance with the GDPR.

Our services and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data are collected:
Your consent status or the withdrawal of consent;
Your anonymized IP address;
Information about your browser;
Information about your device;
The date and time of your visit to our services;
The URL of the webpage where you saved or updated your consent declaration;
Your approximate location;
A universally unique user ID (UUID).
Information about the cookies used by us in the services can be accessed at any time via the fingerprint symbol where you can view and manage your consents.

Google Analytics
We use the Google Analytics component (with anonymization function) from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics is a web analysis service. Web analysis involves the collection, gathering, and evaluation of data about the behavior of visitors to the services. In the context of this reach analysis, the following data are processed: the browser type and version you use, your operating system, your country of origin, the date and time of the server request, the number of visits, your time spent on the website, and the external links you clicked. The user’s IP address is anonymized before being stored. This usually happens within the European Economic Area. Only in exceptional cases is the full IP address transmitted to a server of Google LLC in the USA and shortened there. According to Google’s statements, the transmitted IP address is not merged with other information.
Google Analytics uses cookies stored on the user’s computer that allow the analysis of the use of our online offer by users. Pseudonymous user profiles of the users can be created from the processed data.
Users can object to the data collection by Google Analytics at any time with effect for the future by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.
The information generated by the cookie and transmitted about your use of this website will be deleted after a maximum of 14 months. The cookies themselves expire after a maximum of 2 years.
The legal basis for this processing is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.
We have concluded an order processing agreement with Google according to Art. 28 GDPR. This is a data protection contract that ensures that the data of visitors to our services are only processed according to our instructions and in compliance with the GDPR.
To the extent that Google exceptionally processes the data outside the EEA, an adequate level of data protection is ensured through adequacy decisions or standard contractual clauses.

Vimeo (Do-Not-Track)
We have embedded video content through the video player of Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA (“Vimeo”) in our services. When you access a subpage with embedded video, a connection to Vimeo’s servers is established to display the video. We transmit certain information to Vimeo, especially a unique identifier that provides insights into your user behavior on the services, information about the security and stability of the services, and whether the user of the services is a bot or a human.
This data processing is based on our legitimate interest in displaying the video, Art. 6 para. 1 lit. f GDPR, which outweighs your interest in non-processing of your personal data.
Your personal data enjoys an adequate level of protection at Vimeo according to Art. 45 GDPR, as Vimeo is certified under the EU-US Data Privacy Framework.
Vimeo does not set cookies on your device in the Do-Not-Track variant implemented by us.
For more information about Vimeo’s data processing, please visit https://vimeo.com/privacy.

Microsoft Clarity
We use the Microsoft Clarity component (with anonymization function) from Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Microsoft Clarity is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data about the behavior of visitors to the services. The following data are processed: access times, IP addresses, cursor movements, and scroll movements.
To recognize users of the services, Microsoft Clarity sets cookies on the user’s computer. The information generated by the cookie and transmitted about your use of the services will be deleted after a maximum of twelve months. The cookies themselves expire after a maximum of one year.
The legal basis for processing is your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG). We have concluded an order processing agreement with Microsoft according to Art. 28 GDPR. This is a data protection contract that ensures that the data of visitors to our services are only processed according to our instructions and in compliance with the GDPR. To the extent that Microsoft exceptionally processes the data outside the EEA, an adequate level of data protection is ensured through adequacy decisions or standard contractual clauses.

Social Networks
We maintain profiles on social networks, which we have linked in the header of our website. After clicking the link, you will be redirected to our profile on the respective network. Information is transmitted to the respective network provider only when the respective link (symbol) is clicked. For information on how your personal data is handled when using these websites, please refer to the privacy policies of the respective social network as well as our network-specific privacy statements.

6. Transmission to Government Authorities
We transmit personal data to government authorities (including law enforcement agencies) when it is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) GDPR) or when it is necessary to assert, exercise, or defend legal claims and your interest in non-processing does not outweigh this (legal basis: Art. 6 para. 1 lit. f) GDPR).

7. Storage Duration
We do not store your data longer than we need it for the respective processing purposes. These are regularly deleted unless their temporary retention is still necessary. Reasons for this can be, for example:
Fulfillment of commercial and tax retention obligations or
Preservation of evidence for legal disputes within the framework of statutory limitation periods.
We may also continue to store your data if you have expressly consented to this.

III. Data Subject Rights

1. Right to Object
Under the conditions of Art. 21 GDPR, you have the right to object to the processing of your personal data at any time with effect for the future if the processing is based on Art. 6 para. 1 lit. e) or f) GDPR or for the purpose of direct marketing or for purposes under Art. 21 para. 6 GDPR. If the respective conditions are met, we will no longer process your personal data.

2. Right to Access
You have the right to know whether we are processing personal data concerning you, what personal data this might be, and other information as per Art. 15 GDPR.

3. Right to Rectification
You have the right to request the immediate correction of incorrect personal data concerning you (Art. 16 GDPR). Considering the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

4. Right to Erasure (“Right to be Forgotten”)
You have the right to request the immediate deletion of personal data concerning you if one of the reasons listed in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 GDPR.

5. Right to Restriction of Processing
You have the right to request a restriction of the processing of your personal data if one of the conditions in Art. 18 para. 1 lit. a) to d) GDPR is met.

6. Right to Data Portability
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us or to have it transmitted directly by us, where technically feasible. This right applies whenever the basis of data processing is consent or a contract and the data is processed by automated means.

7. Right to Withdraw Consent
If the processing is based on your consent, you have the right to withdraw this consent at any time. We will then no longer process your personal data. The legality of the processing carried out based on the consent until the withdrawal is not affected by this.

8. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority at any time according to Art. 77 GDPR. The responsible supervisory authority for us is the Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str. 22, 20459 Hamburg, Tel. +4940 428 54 4040,
Email: mailbox@datenschutz.hamburg.de.

IV. Changes to this Privacy Policy
We reserve the right to change this privacy policy as we update our processes. Please visit this page regularly and review the current privacy policy. This privacy policy was last updated on July 8, 2024.