GUSE Transport + Logistik

1. DEFINITION OF TERMS

The data privacy notice of Paul Guse GmbH Transport und Logistik is based on the terms used by the European legislative and regulatory authorities in the adoption of the General Data Protection Regulation (GDPR). Our data privacy notice should be easy to read and understand, both for the general public and for our customers and business partners. In order to guarantee this, we would like to explain the terms used, as follows:

a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics which are expressions of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b) Data subject
Data subject means any identified or identifiable natural person whose personal data is processed by the responsible controller, i.e. the entity responsible for processing the data.

c) Processing
Processing means any operation or set of operations which is carried out with or without the aid of automated means relating to personal data, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or interconnection, qualification, erasure or deletion.

d) Limitation of processing
Limitation of processing is the marking of stored personal data with the aim of limiting its future processing.

e) Profiling
Profiling is any kind of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person.

f) Pseudonymization
Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data cannot be attributed to an identified or identifiable natural person.

g) Responsible controller or controller responsible for the processing
The responsible controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are dictated by EU law or by the laws of individual EU member states, responsible controller or controller responsible for the processing may be designated in accordance with EU law or by the laws of individual EU member states on the basis of certain criteria.

h) Designated processor
A designated processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible controller or controller responsible for the processing.

i) Recipient
The recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not that person is a third party. However, authorities which may receive personal data under a particular investigation mandate in accordance with EU law or by the laws of individual EU member states shall not be deemed to be recipients of such data.

j) Third party
Third party means any natural or legal person, public authority, agency or body other than the data subject, responsible controller or controller responsible for the processing, the designated processor and the persons who, under the direct responsibility of the responsible controller or controller responsible for the processing or designated processor, are authorized to process personal data.

k) Consent
Consent means any voluntary, informed and unequivocal expression of the data subject's will in a particular case, in the form of a statement or other unequivocal confirmatory act, by which the data subject indicates that they consent to the processing of personal data concerning them.

2. Name and address of the responsible controller

The responsible party within the scope of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other provisions regarding data protection is:
Paul Guse GmbH Transport und Logistik
Angelser Str. 30
28844 Weyhe/Bremen
Deutschland
Phone: +49(0)421 / 80799-0
E-Mail: info@guse.eu
Website: www.guse.eu

3. Name and address of the Data Protection Officer

The Data Protection Officer for the responsible controller is:
Herr Thees Fock
Paul Guse GmbH Transport und Logistik
Angelser Str. 30
28844 Weyhe/Bremen
Bremen
Phone: +4915141288532
E-Mail: thees@tfoit.de
Website: www.guse.eu
All data subjects may contact our Data Protection Officer directly at any time with any questions and suggestions regarding data protection.

4. Cookies

The internet pages of Paul Guse GmbH Transport und Logistik use cookies. Cookies are text files which are stored on a computer system via an internet browser.
Numerous internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited internet pages and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A particular internet browser can be recognized and identified by its unique cookie ID.

By using cookies, Paul Guse GmbH Transport und Logistik can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.

By means of a cookie, the information and offers on our website can be optimized in the interests of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this automatically done by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

At any time, the data subject can prevent the setting of cookies by our website by means of an appropriate setting of the internet browser they are using and thus permanently prevent the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all standard internet browsers. If the data subject deactivates the setting of cookies in their internet browser, not all functions of our website may be fully accessible under certain circumstances.

5. Collection of general data and information

The website of Paul Guse GmbH Transport und Logistik collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server. The following information can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used to avoid risk in the event of attacks on our information technology systems.

When using this general data and information, Paul Guse GmbH Transport und Logistik does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and the advertising for it, (3) ensure the long-term operability of our information technology systems and the technology of our website and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. Paul Guse GmbH Transport und Logistik therefore evaluates this anonymously-collected data and information both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by the data subject.

6. Routine deletion and blocking of personal data

The responsible controller shall process and store the personal data of the data subject only for the period of time necessary to achieve the storage purpose or where provided for by the European legislative and regulatory authorities or other legislative bodies in laws or regulations to which the responsible controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European legislative and regulatory authorities or other competent legislative body expires, the personal data shall be routinely blocked or deleted in accordance with all statutory provisions.

7. Rights of data subjects

a) Right to confirmation
Every data subject shall have the right, granted by the European legislative and regulatory authorities, to obtain from the responsible controller confirmation as to whether personal data relating to them is being processed. If a data subject wishes to exercise this right of confirmation, they may at any time do so by contacting an employee of the responsible controller.

b) Right to information
Any person subject to the processing of personal data has the right, granted by the European legislative and regulatory authorities, to obtain at any time, free of charge, from the responsible controller, information on the personal data relating to them which has been stored and to receive a copy of that information. In addition, European legislative and regulatory authorities have granted the data subject access to the following information:

• the purpose of the processing
• the categories in which the personal data has been processed
• the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
• if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
• the existence of a right to the correction or erasure of personal data concerning them or to the limitation of the processing carried out by the responsible controller or of a right to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data is not directly collected from the data subject: all available information about the origin of the data
• the existence of automated decision-making, including profiling, in accordance with Article 22 paragraphs (1) and (4) of the General Data Protection Regulation (GDPR) and, at least in these cases, meaningful information on the logic involved, the scope and the intended effects of such processing on the data subject.

The data subject also has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right to information, they may at any time contact a member of staff of the responsible controller.

c) Right to correction
Any person subject to the processing of personal data has the right, granted by the European legislative and regulatory authorities, to request the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject shall have the right, with regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
If a data subject wishes to exercise this right of correction, they may at any time contact an employee of the responsible controller for this purpose.

d) Right to deletion (Right to be forgotten)
Any person data subject to the processing of personal data shall have the right, granted by the European legislative and regulatory authorities, to require the responsible controller to immediately erase any personal data concerning them which is subject to one of the following conditions and to the extent that the processing is not necessary:

• The personal data has been collected for such purposes or processed in a way which makes it no longer necessary.
• The data subject withdraws their consent on which the processing was based pursuant to Article 6 paragraph 1 letter a of the General Data Protection Regulation (GDPR ) or Article 9 paragraph 2 letter a of the GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing under Article 21 paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Article 21 paragraph 2 of the GDPR.
• The personal data has been processed contrary to the provisions of the law.
• The deletion of personal data is necessary to fulfil a legal obligation under EU law or the law of an individual member state to which the responsible controller is subject.
• The personal data was collected in relation to information society services offered pursuant to Article 8 paragraph 1 of the GDPR.
  If one of the above reasons applies and the data subject wishes to have personal data which has been stored at Paul Guse GmbH Transport und Logistik deleted, they can contact an employee of the responsible controller at any time. The employee of Paul Guse GmbH Transport und Logistik will ensure that the request for deletion is complied with immediately.

If personal data has been made public by Paul Guse GmbH Transport und Logistik and if our company is the responsible party pursuant to Article 17 paragraph 1 of the GDPR, Paul Guse GmbH Transport und Logistik, taking into account the implementation costs and the available technology, shall take appropriate measures, including technical measures, to inform other persons responsible for data processing who process the published personal data that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data from these other persons responsible for data processing, insofar as the processing is not necessary. The employees of Paul Guse GmbH Transport und Logistik will take necessary steps in individual cases.

e) Right to the limitation of processing

Any person subject to the processing of personal data has the right, granted by the European legislative and regulatory authorities, to request the responsible controller to limit the data processing if any one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject for a period of time which allows the responsible controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject refuses the deletion of their personal data and instead requests the limitation of the use of their personal data.
• The responsible controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
• The data subject has lodged an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and it is not yet clear whether the legitimate reasons of the responsible controller outweigh those of the data subject.

If any of the above conditions is met and the data subject wishes to request the limitation of personal data stored at Paul Guse GmbH Transport und Logistik, they can contact an employee of the responsible controller at any time. The employee of Paul Guse GmbH Transport und Logistik will arrange for the processing to be limited.

f) Right to data portability
Any person subject to the processing of personal data has the right, granted by the European legislative and regulatory authorities, to obtain personal data concerning them which has been provided by the data subject to the responsible controller in a structured, standard and machine-readable format. The data subject also has the right to communicate this data to another data controller without being hindered by the responsible controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6 paragraph 1 letter a of the GDPR or Article 9 paragraph 2 letter a of the GDPR or on a contract pursuant to Article 6 paragraph 1 letter b of the GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the responsible controller.

Furthermore, when exercising the right to data portability pursuant to Article 20 paragraph 1 of the GDPR, the data subject shall have the right to effectuate that the personal data be transferred directly from one responsible controller to another data controller insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

In order to assert the right to data portability, the data subject may at any time contact an employee of Paul Guse GmbH Transport und Logistik.

g) Right to objection
Any person subject to the processing of personal data has the right, granted by the European legislative and regulatory authorities, to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them on the basis of Article 6 paragraph 1 letters e or f of the GDPR. This also applies to profiling based on these provisions.

Paul Guse GmbH Transport und Logistik will no longer process personal data in the event of an objection unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If Paul Guse GmbH Transport und Logistik processes personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling as far as it is connected with such direct advertising. If the data subject objects to the processing of personal data by Paul Guse GmbH Transport und Logistik for direct marketing purposes, Paul Guse GmbH Transport und Logistik will no longer process the personal data for these purposes.

In addition, the data subject has the right to object to the processing of personal data relating to them by Paul Guse GmbH Transport und Logistik for scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph 1 of the GDPR for reasons arising from their particular situation, unless such processing is necessary for the performance of a task in the public interest.

In order to exercise the right to object, the data subject may directly contact an employee of Paul Guse GmbH Transport und Logistik or any other employee. The data subject is also free to exercise their right to objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

h) Automated decisions in individual cases including profiling
Any person subject to the processing of personal data has the right, granted by the European legislative and regulatory authorities, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon them or significantly affects them in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the responsible controller, or (2) is authorized by EU or national law or by the member states to which the responsible controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the responsible controller or (2) is made with the express consent of the data subject, Paul Guse GmbH Transport und Logistik shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a data subject from the responsible controller, to present his or her point of view and to contest the decision.

If the data subject wishes to exercise rights relating to automated decisions, they may at any time do so by contacting an employee of the responsible controller.

i) Right to revoke consent under data protection law
Any person subject to the processing of personal data has the right, granted by the European legislative and regulatory authorities, to revoke consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may at any time do so by contacting an employee of the responsible controller.

8. Data privacy for applications and in the application process

The responsible controller collects and processes the personal data of applicants for the purpose of processing the application. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example by e-mail or via a web form on the website, to the responsible controller. If the responsible controller concludes an employment contract with an applicant, the data transmitted shall be stored for the purpose of processing the employment relationship in compliance with statutory provisions. If the responsible controller does not conclude a contract of employment with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the responsible controller. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).

9. Legal basis for processing

Article 6 l (a) of the GDPR serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6 l (b) of the GDPR. The same shall apply to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Article 6 l (c) of the GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our site were injured and their name, age, health insurance information or other vital information would have to be disclosed to a doctor, hospital or other third party. Then the processing would be based on Article 6 l (d) of the GDPR. Ultimately, processing operations could be based on Article 6 l (f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are recognized on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not take precedence. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislative body. In this respect, EU law takes the view that a legitimate interest could be assumed if the data subject is a customer of the responsible controller (Recital 47 sentence 2 of the GDPR).

10. Legitimate interests in processing pursued by the responsible controller or by a third party

If the processing of personal data is based on Article 6 I (f) of the GDPR, our legitimate interest is the conduct of our business for the benefit of all our employees and equity holders.

11. Duration of storage for personal data

The criterion for the duration of the storage of personal data is the respective legal retention period. After this period has expired, the corresponding data will be routinely deleted, provided it is no longer required for the fulfilment or initiation of a contract.

12. Legal or contractual provisions governing the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of not providing data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual partner). Sometimes it may be necessary for the conclusion of a contract that a data subject makes personal data available to us which we must subsequently process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would mean that the contract could not be concluded with the data subject. The data subject must contact one of our employees before providing personal data. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences not providing the personal data would have.