Downloads Search Language

Data protection

Introduction and term definitions

We take the protection of your personal data very seriously. We provide you with these notes on data processing in order to inform you about the nature, scope and purpose of the processing of personal data for our services and offers, as well as within the scope of our online content and the web pages and functions associated with it, and explain to you what rights you have as a data subject with regard to the protection and the enforcement of protection of your personal data.

Term definitions

The definitions of the data protection terms used here correspond to the definitions as per Art. 4 of the EU General Data Protection Regulation (GDPR). To the extent that the term "data" is used in the notes on data processing, this term refers to personal data within the meaning of the GDPR.

Data controller and data protection officer

The data controller according to Art. 4, para. 7 GDPR is:

Streck Transport AG
represented by the managing directors Bernd Schäfer (chairman), Manfred Haas

Industriestrasse 30
CH-4313 Möhlin
Phone: +41 61 855 11 11
Email: info@streck.ch

Data protection officer

Dresden Institute for Data Protection
a foundation under civil law
represented by its director, Dr. Ralph Wagner
Hospitalstraße 4
DE-01097 Dresden
Phone: +49 (0) 351 655 722 0
Email: datenschutz@streck.de
Internet: www.dids.de
 

Contact us and your data protection rights

If you wish to exercise your rights or need more information about our use of your personal data, please contact us, as the data controller, or contact our data protection officer using the specified contact details.

You have the following rights:

a) Right to revoke consent according to Art. 7, para. 3 GDPR

If the processing is based on consent, you can revoke your consent to the processing of personal data in accordance with Art. 7, para. 3 GDPR at any time with effect for the future. As a result, the data processing based on this consent may no longer be continued in the future. This revocation will not affect the lawfulness of any processing done beforehand.

b) Right to information according to Art. 15 GDPR

In accordance with Art. 15 GDPR, you have the right to request information about your processed personal data at any time. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or a right of objection, the existence of a right of appeal to a supervisory authority, the origin of your personal data if it has not been collected from you, the existence of automated decision-making including profiling in accordance with Art. 22, para. 1-4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject. The restrictions according to Section 34 Federal Data Protection Act (BDSG) apply.

c) Right to rectification according to Art. 16 GDPR

According to Art. 16 GDPR, you can request the immediate rectification of incorrect data or the completion of stored personal data.

d) Right to deletion according to Art. 17 GDPR

According to Art. 17 GDPR, you are entitled to demand the deletion of the stored personal data, unless the processing is required for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims. The restrictions according to Section 35 BDSG apply.

e) Right to restriction of processing according to Art. 18 GDPR

According to Art. 18 GDPR, you can request the restriction of processing of your personal data insofar as the accuracy of the data is disputed, the processing is unlawful, but its deletion is refused and your personal data is no longer needed and you need this data for the assertion, exercise or defense of legal claims.

f) Right to objection against direct marketing

You can object to the processing of your personal data for advertising purposes at any time. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

g) Right to objection according to Art. 21 GDPR

You have the right to object, at any time, for reasons arising from your particular situation, to the processing of your personal data on the basis of Art. 6, para. 1, sentence 1, lit. f) GDPR (data processing on the basis of legitimate interests). If you intend to exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. After you lodge your objection, we will no longer process the personal data unless we can prove that we have a compelling legitimate interest in its continued processing that outweighs your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of our legal claims.

h) Right to data portability according to Art. 22 GDPR

You have the right to request a copy of the data provided by you in a structured, common and machine-readable format in accordance with Art. 20 GDPR, provided that the processing is carried out using automated procedures and on the basis of consent in accordance with Art. 6, para. 1, sentence 1, lit. a) or Art. 9, para. 2, lit. a) GDPR or on the basis of a contract in accordance with Art. 6, para. 1, sentence 1, lit. b) GDPR.

i) Right to lodge a complaint according to Art. 77 GDPR

If you suspect that the processing of your personal data is unlawful, according to Art. 77 GDPR in conjunction with Section 19 BDSG you have the option to lodge a complaint with us or with a data protection supervisory authority, in particular in the EU member state where your place of residence, your place of work or the place where the alleged infringement has occurred is located.

Children

We do not make direct offers to persons under the age of 16. Persons under the age of 16 may not transmit any personal data or a declaration of consent to us without the consent of their legal representative.
 

Visits to our website

Processing purposes and legal basis

Every time you visit our web pages, your browser transmits data to our web server (so-called "server log files"), which may enable your identification.

The data processing is required for the website visit to take place. In order to enable the provision of the web pages, a technical connection must be established between your browser and our website. Other processing purposes include the optimization of the stability and functionality of our web pages, ensuring the security of our information technology systems, and detecting and tracking misuse. The legal basis is in accordance with Art. 6, para. 1, sentence 1, lit. c) GDPR, our legal obligation to ensure data security and our overriding legitimate interest in direct marketing and in the security of our offer according to Art. 6, para. 1, sentence 1, lit. f) GDPR, as long as this is done in accordance with the data protection requirements.

Data categories and data origin

Depending on the configuration of your browser, the following data is processed:

  • Retrieved web pages
  • Date and time of the retrieval
  • Amount of data transferred
  • Notification of successful retrieval
  • Browser used
  • Operating system used
  • Internet service provider
  • IP address of the retrieving system of the user
  • Web page from which the system of the user has reached the retrieved web page

Recipients of personal data

We use external service providers such as hosting service providers as data processors for the provision of our web pages, which means that they can obtain access to your personal data. 

Duration of storage

The data is stored for a period of 30 days. We reserve the right to inspect the files if concrete indications justify the legitimate suspicion of unlawful use or of a concrete attack against our website. Data whose further storage is necessary for record-keeping purposes will be deleted as soon as it is no longer necessary to achieve the purpose of its processing.
 

Cookies

Processing purposes and legal basis

Our website uses so-called "cookies". Cookies perform various different functions. Numerous cookies are technically necessary because certain website functions would not work without them. Other cookies are used to evaluate user behavior or to display advertising.

Cookies that are necessary to carry out the electronic communication process or to optimize the website are stored on the basis of Section 25, para. 2, No. 2 Federal Telecommunications Telemedia Data Protection Act (TTDSG). We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our offer.

We use all other cookies on the basis of your consent, which you can grant or deny in the privacy settings on your first visit to our website. The legal basis is Section 25, para. 1 TTDSG in conjunction with Art. 6, para. 1, lit. a) and Art. 7 GDPR. The consent can be revoked at any time with effect for the future.

Data categories and data origin

Cookies are data sets that are stored either temporarily for the duration of a session or permanently on the hard drive of your end device and assigned to the browser you are using so that certain information can be transmitted to the website that sets the cookie. Cookies are used primarily to make the Internet offer faster and more user-friendly. When you visit our website and at any point in time after that, you have the choice of whether to generally allow the setting of cookies or which individual additional functions you wish to select.

Recipients of personal data

We use external service providers, such as hosting service providers, as data processors for the provision of our web pages, which means that they can obtain access to your personal data. When you visit our website, third-party cookies (external content) may also be stored on your end device. These allow us or you to use certain third-party services.

Duration of storage, revocation of consent

Session cookies are automatically deleted at the end of your visit to our website. Permanent cookies remain stored on your device until you delete them or your web browser deletes them automatically. You can find information about the storage period of cookies in the cookie settings.

In the cookie settings, you can also change the cookie settings and in this way revoke your consent, with the exception of consent for cookies that belong to the "Essential" category, since these are technically necessary to ensure the correct display of our web pages. You can configure your browser in such a way that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or in general and activate the automatic deletion of cookies when the browser is closed. Cookies that have already been saved can be deleted via the system settings of your browser at any time. If cookies are deactivated, the functionality of this website may be limited.

Web analytics with Matomo Analytics

Processing purposes and legal basis

We use the open-source Matomo web analytics service on our web pages to analyze visitor traffic. No data is transmitted to Matomo. Among other things, Matomo enables us to determine from which web page you came to our website and how often or for how long you visited a sub-page. It is not possible to assign the web statistics to your end device or access point. Only an assignment to individual regions is visible. By evaluating the obtained data, we aim to further improve our web pages and their user-friendliness and adapt them to the needs of website visitors. If you consent to the web analytics by ticking the "Analytics & Performance" box in the privacy settings (Art. 6, para. 1, sentence 1, lit. a) in conjunction with Art. 7 GDPR), your usage behavior is recorded anonymously. Your consent is voluntary and not required for using our web pages.

Data categories and data origin

We use Matomo without setting cookies on your end device.

Instead, Matomo uses the visitor config_id, a random, time-limited hash of a limited set of visitor settings and attributes. The config_id is a string that is calculated for a specific visitor based on their operating system, browser, browser plugins, IP address and browser language. The config_id is only valid for a maximum of 24 hours and only for a specific website domain. The config_id calculation changes randomly every 24 hours, which means that the same visitor is assigned a different config_id every day. The config_id is completely anonymized every 24 hours. The randomly generated seed is discarded every day and cannot be restored. The website ID is also to create the config_id, which means that a particular user/visitor always has a different config_id when visiting different websites and domains.

Furthermore, we have configured Matomo in such a way that your IP address is only recorded in shortened form by masking the last two bytes (e.g., 192.168.xxx.xxx). This anonymized IP address is also used for the config_id calculation. We therefore process your personal user data anonymously, and it is not possible for us to draw any conclusions about your person.

Duration of storage, revocation of consent

The data is as soon as it is no longer needed for our logging purposes. We have configured Matomo in such a way that it deletes the collected analytics data after 6 months.

You can revoke your consent to data processing via Matomo at any time with effect for the future by unchecking "Analytics & Performance" here
 

Login options

Processing purposes and legal basis

We offer our customers the opportunity to log in to restricted areas in order to use additional services such as shipment recording and tracking. Registration is usually done through us. 

The data is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating or implementing further contracts. The legal basis is Art. 6, para. 1, sentence 1, lit. b) GDPR.

Data categories and data origin

When you use the restricted areas, we collect and process your personal data that is necessary for the fulfilment of the contract, such as your name, contact details, address data and the data necessary for your identification and use.

Recipients of personal data

If we use external service providers as data processors to provide these services, they may have access to your personal data.

Duration of storage

We process and store your personal data as long as it is necessary to achieve the above-mentioned purposes. In certain cases, personal data may be stored for the period of time during which legal claims may be asserted, exercised or defended (statutory limitation periods of three to thirty years). In addition, we store your personal data if and to the extent that we are legally obliged to do so. Corresponding record-keeping and data retention obligations arise, for example, from commercial, tax and social security regulations. The storage period for data stored under tax and commercial law according to Section 147 of the Federal Taxation Regulation (AO), Section 257 of the Federal Commercial Code (HGB) is normally 6 or 10 years to the end of a financial year.
 

Newsletter service, newsletter analysis

Processing purposes and legal basis

We offer you the option to register for our free email newsletter service and thereby regularly receive emails from us with information about our services to the email address provided by you. The legal basis for processing of your personal data is your consent according to Art. 6, para. 1, sentence 1, lit. a) GDPR. This consent may be revoked at any time with effect for the future. When you register for the newsletter, we document the issued consent on the basis of Art. 6, para. 1, sentence 1, lit. f) GDPR. Newsletter analysis by means of link tracking enables us to analyze the success of our newsletter campaigns and determine, for example, whether the newsletter was opened at all or whether any links were clicked. In this way, we can determine, for example, what content in our newsletter was particularly appealing to recipients. The newsletter analysis is carried out with anonymized data so that the data cannot be linked to any individual persons. Unfortunately, it is not possible to object to the newsletter analysis separately. Please unsubscribe from our newsletter service if you do not wish to participate in the newsletter analysis.

Data categories and data origin

When you register for the newsletter service on our website, the data from the contact form is transmitted to us. To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter your salutation, first and last name and company name so that we can address you personally in the newsletter. We use the so-called double opt-in procedure for the registration process. After registration, you receive an e-mail with a confirmation link. You are included in the newsletter mailing list only after this link has been clicked. In this way, we prevent unauthorized third parties from registering with your e-mail address. We maintain records for the registration process in order to comply with the legal requirements. The data from the contact form as well as the date and time of the registration confirmation are stored.

Recipients of personal data

We use an external service provider as a data processor who processes your personal data on our behalf for the provision of newsletters and for newsletter analysis.

Duration of storage

If you do not confirm your registration to our newsletter service after receiving the corresponding registration e-mail, your information is deleted automatically after 30 days. We process your personal data for the duration of the newsletter subscription. You can cancel the subscription at any time with effect for the future and in this way revoke your consent to receive newsletters/object to the processing of your personal data for advertising purposes. A corresponding unsubscribe option is provided for this purpose on our website and in every newsletter. After revocation of your consent/objection to advertising, no further newsletters will be sent out to you and your personal data will be removed from our active mailing list.
 

External links

Our web pages contain links to third-party websites. When you click these links, you leave our sphere of influence. The responsibility for the processing of personal data lies with the respective operators of the linked websites. We recommend that you read the applicable notes on data processing there before using linked websites.
 

OpenStreetMap

We include maps of the OpenStreetMap service of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom as external content on our web pages in order to make our web pages more appealing and interesting.

If you consent to the privacy settings by ticking off the "External content" box (Art. 6, para.1, sentence 1, lit. a) in conjunction with Art. 7 GDPR), a connection is established to the servers of the provider and your IP address is automatically transmitted to the provider to enable the display of the maps and the map functions. We have no influence over the data processing operations at OpenStreetMap. For more information on data processing by Open Street Maps, please visit https://wiki.osmfoundation.org/wiki/Privacy_Policy.

The consent is voluntary. However, we would like to point out that you cannot use this function without consent.  

You can revoke your consent for the future at any time, e.g. by unchecking "External content" in the data protection settings. 
 

Social Media

The LinkedIn and Instagram logos displayed on our web pages are linked to our respective profiles on these social networks, but no data transmission to these social networks takes place through the integration of these logos. If you click any of the logos, you will be redirected to the external website of the respective social network. Notes on data processing via our profiles within the social networks can be found in our "Social Media Privacy Policy".
 

Youtube

We integrate videos from the "YouTube" platform of the provider YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, on our web pages in order to make our web pages more appealing. YouTube is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

YouTube videos are embedded via the integration of the URL using iframes in the privacy-enhanced mode offered by YouTube. The videos are retrieved via "youtube-nocookie.com".

If you have not consented to the use of cookies in the privacy settings of our website, YouTube videos on our websites will be deactivated and will only be loaded and displayed by the YouTube servers after you click the "Load external content" button. By clicking this button, you grant your consent – in accordance with Section 25, para. 1 TTDSG in conjunction with Art. 6, para.1, sentence 1, lit. a), Art. 7 and Art. 49, para. 1, sentence 1, lit. a) GDPR – that your IP address will be transmitted to YouTube and that YouTube may set cookies on your end device. In this way, YouTube initiates data processing operations over which we have no influence. For more information on data processing by YouTube, please see YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy/.

The consent is voluntary. However, we would like to point out that you cannot use this function without providing your consent. 

You can revoke your consent at any time with effect for the future, e.g., by unchecking "External content" in the privacy settings. 
 

Contact

Processing purposes and legal basis

When you contact us (e.g., via our contact form, by e-mail, by telephone), the personal data provided by you is processed and stored for the purpose of processing your request or establishing contact with you. If your request requires the involvement of another company in our group of companies in order to process your request in the best possible way, it may be necessary to share your request-related data with this company.

The legal basis within the scope of contractual/pre-contractual relationships is Art. 6, para. 1, sentence 1, lit. b) GDPR and for other requests, your consent in accordance with Art. 6, para. 1, sentence 1, lit. a) GDPR or our overriding legitimate interest in the efficient, customer-friendly processing of your request in accordance with Art. 6, para. 1, sentence 1, lit. f) GDPR, as long as this is done in accordance with the data protection requirements.

Data categories and data origin

We process the data provided by you (e.g., your e-mail address, your name, your telephone number). Please only send us the data and information necessary to process your request.

Recipients of personal data

In individual cases, your request may concern a company of our group of companies that is located outside the EU/EEA (Switzerland). In these cases, we will only forward your data with your consent (Art. 49, para. 1, sentence 1, lit. a) GDPR) or if this is expressly stipulated in the contract with you or your company (Art. 49, para. 1, sentence 1, lit. b,c) GDPR).

Duration of storage

If your request is associated with a contract, we will delete your personal data after the end of the contract term. Otherwise, we will delete your personal data if you withdraw your consent and we no longer have a legal obligation or a legitimate interest in processing your data.
 

Notes on data processing for customers, suppliers and business partners

Processing purposes and legal basis

We process personal data in accordance with the provisions of the GDPR and the national data protection regulations:

a) On the basis of your consent (Art. 6, para. 1, sentence 1, lit. a) GDPR)

Insofar as you have given us your consent to process your personal data for certain purposes in individual cases (e.g., to access video and photo content, to subscribe to our newsletter), this processing is lawful on the basis of your consent. Your consent may be revoked by you at any time with effect for the future.

b) Within the scope of contract fulfillment or for the implementation of pre-contractual measures (Art. 6, para. 1, sentence 1, lit. b) GDPR)

We process personal data primarily for the fulfilment of contractual obligations and the provision of the associated services or within the scope of a corresponding contract initiation (e.g., contract negotiations, preparation of an offer). The specific purposes here depend on the respective service to which the business relationship or the contract initiation refers, in particular in connection with orders from customers. We also process personal data when executing the provided services, in particular with regard to invoices, accounts receivable management, payment reminders and debt collection.

In particular, data is processed for the following purposes:

  • Initiation, implementation and execution of transport, forwarding and logistics services, including land transport, air and sea freight, logistics and outsourcing, supply chain management and customs management
  • Within the scope of the provided services, in particular transport and logistics services, personal data is processed on the basis of contracts concluded with you, the senders or the recipients. This data is used, for example, for the execution of (transport) contracts, for the management of customer data, for payment processing and, if necessary, for the execution of creditworthiness checks. Certain shipment data is provided to the authorities of transit or destination countries for customs and tax clearance or for security screening, as required by the laws of the respective countries. Such data usually includes the name and address of the consignor, the name and address of the consignee, a description of the goods, the number of items, the weight and value of the consignment.
  • Communication with customers, service providers, subcontractors, business partners and authorities
  • Support, in particular for the purpose of responding to inquiries from our contact persons, interested parties, customers or partners
  • The organization, planning, implementation and management of the business relationship between us and our customers, suppliers and business partners as well as our affiliates and cooperation partners.

c) Due to legal obligations (Art. 6, para. 1, sentence 1, lit c) GDPR)

The purposes of the processing include, among other things, the fulfilment of tax and social security control and reporting obligations. This also includes statutory reporting obligations for the provision of services and the posting of employees abroad in accordance with A1 procedures. The same applies to the processing of personal data insofar as this is necessary for the implementation of the technical and organizational measures according to Art. 32 GDPR.

d) To safeguard legitimate interests (Art. 6 para. 1, sentence 1, lit. f) GDPR)

If necessary, we process your data beyond the actual fulfillment of the contract in order to safeguard our legitimate interests or those of third parties, namely:

  • Data processing for the purposes of ensuring security, quality assurance and process optimization: To the extent permitted by law, we process the personal data collected in the course of contract fulfillment for (data) security purposes (e.g., for the purpose of detecting criminal offences or misuse), for compliance measures, for the creation of statistics as well as for quality assurance, process optimization and planning security on the basis of our legitimate interest in ensuring a smooth operation and the continuous improvement of the respective products and services. Based on our assessment, there is no overriding legitimate interest of the data subjects, because the intensity of the impact of processing is minimized as much as possible, for example through the use of pseudonyms. The legal basis for this data processing is Art. 6, para.1, sentence 1 lit. f) GDPR.
  • Settlement of disputes, enforcement of existing contracts and the assertion, exercise and defense of legal claims
  • Maintaining and protecting the security of our systems and IT operations
  • Measures for building security and system security (e.g., access control or video surveillance)
  • Exchange of control and planning data
  • Creditworthiness checks
  • Sales and marketing activities
  • Customer care and communication with potential clients  

Data categories and data origin

(a) The categories of processed personal data include:

  • Master data (salutation, first and last names, address, function, department)
  • Contact details (telephone number, mobile number, fax number and e-mail address)
  • Contract data (services used, contract content, contractual communication, names of contact persons)
  • Necessary data for the processing of requests, possibly also creditworthiness data
  • CRM data, in particular customer history, customer statistics
  • Advertising and sales data and other data from comparable categories
  • Support requests
  • Other information required for the fulfillment of our contractual relationship or a project with our customers or sales partners (such as payment data, order data, etc.)
  • When our online services are used, the IP address, the data required for your identification and use, the time of the respective user action

b) We process personal data that we have obtained from business relationships (for example with customers or suppliers) or inquiries. We usually receive this data directly from the contractual partner or the person making the inquiry. However, personal data can also originate from public sources (e.g., the commercial register) to the extent that the processing of such data is permitted. Personal data may also have been transmitted to us by other companies. Depending on the individual case, we also store our own information for this data (e.g., within the scope of an ongoing business relationship).

Obligation to provide data

Within the scope of contract initiation or implementation, you must provide the personal data that is necessary for the implementation of pre-contractual measures and for the fulfilment of the contract and the obligations associated with it. If this data is not provided, we will not be able to conclude a new contract or fulfill an existing contract with you. Furthermore, you must provide the personal data that we are legally obliged to collect. In cases where the collection of data is based on consent, the provision of data by you is voluntary and not mandatory.

Recipients of personal data

The persons within our company who receive access to your personal data are the persons who need your personal data in order to fulfil our contractual and legal obligations or to safeguard our legitimate interests.

Personal data is transferred to the third parties involved in the respective order insofar as this is necessary to achieve the purposes of data processing or we have to transmit the data for legal reasons.

We may transfer personal data to courts, authorities or law firms insofar as this is legally permissible and necessary to comply with the applicable law or to assert, exercise or defend legal claims.

Furthermore, service providers and vicarious agents employed by us may receive data for these purposes. We may only pass on information about you if this is required by the statutory provisions, if you have given your consent, if we are legally authorized to provide or pass on information and/or the data processors commissioned by us guarantee compliance with the confidentiality obligations and the requirements of the General Data Protection Regulation and the Federal Data Protection Act to the same extent.

External service providers that process data on behalf of Streck offer sufficient guarantees that appropriate technical and organizational measures are implemented in such a way that the processing is carried out in accordance with the data protection requirements. In accordance with Art. 28 GDPR, they are contractually obliged to maintain strict confidentiality and are bound by instructions. In these cases, we are still responsible for the protection of your personal data.

Under these conditions, the following recipients can receive data

  • Affiliated companies, as data processors within the scope of financial controlling or data processing
  • Customers, suppliers, business and cooperation partners as well as authorities within the scope of order processing and cooperation
  • Data processors, in particular cloud services
  • IT service providers within the scope of the (remote) maintenance of IT systems
  • Subcontractors for order fulfillment, in particular with regard to transport and logistics
  • Customers within the scope of business correspondence and order documentation
  • Auditors
  • Service providers for creditworthiness checks
  • Compliance screening service providers
  • Public authorities for the fulfilment of statutory notification obligations, e.g., tax authorities, competent authorities in A1 procedures
  • Data destruction service providers
  • Lawyers, tax consultants and auditors
  • Debt collection service providers
  • Banks, payment card processors (credit cards) and payment service providers
  • Telephony providers
  • Insurance companies

Data transfers to third countries

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is permitted or prescribed by law, if you have given us your consent or if the special requirements of Art. 44 et seq. GDPR are met within the scope of order processing.

Duration of storage

We process and store your personal data as long as it is necessary for the fulfilment of the above-mentioned purposes and, in particular, for the fulfillment of contractual and legal obligations. In certain cases, personal data may be stored for the period of time during which legal claims may be asserted, exercised or defended (statutory limitation periods of three to thirty years). In addition, we store your personal data if and to the extent that we are legally obliged to do so. Corresponding record-keeping and data retention obligations arise, for example, from commercial, tax and social security regulations. The storage period for data stored under tax and commercial law according to Section 147 of the Federal Taxation Regulation (AO), Section 257 of the Federal Commercial Code (HGB) is normally 6 or 10 years to the end of a financial year. If the processing of your personal data is based on your consent, we will delete the data if the consent is revoked by you and there is no other applicable legal basis.

Automated decision-making and profiling

In principle, we do not use fully automated decision-making according to Art. 22 GDPR for the establishment and implementation of the business relationship. No profiling operations take place.
 

application procedure

The personnel administration of Streck Transport AG will process your application. You can apply, for example, by e-mail, by post or via the applicant portal on our website.

Processing purposes and legal basis

We process your personal data only for the purposes and within the scope of the application procedure in accordance with the legal requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant laws (e.g., the Works Constitution Act). Your personal data is processed for the purpose of implementing the application procedure and deciding on the establishment of an employment relationship on the legal basis of Art. 88, para. 1 GDPR in conjunction with Art. 26, para. 1 BDSG. Insofar as special categories of personal data within the meaning of Art. 9, para. 1 GDPR are processed, the processing is done on the basis of Section 26, para. 3, 4 BDSG, unless consent has been granted separately according to Section 26, para. 2 BDSG. The processing of data that you voluntarily provide to us and that is not absolutely necessary for the implementation of the application procedure is based on your consent given through the transmission of the application in accordance with Art. 6, para. 1, sentence 1, lit. a) in conjunction with Art. 7 GDPR for the aforementioned purposes. You can revoke your consent at any time and without specifying any reasons with effect for the future. Your personal data is also processed for the fulfilment of legal obligations according to Art. 6, para. 1, sentence 1, lit. c) GDPR (e.g., sanction list checks on the basis of Art. 6, para. 1, sentence 1, lit. c) GDPR in conjunction with regulations under EU law on economic sanctions as well as other binding international resolutions, (if applicable) reliability testing according to Section 7 of the Federal Aviation Security Act (LuftSiG)) and, if necessary, to safeguard legitimate interests in accordance with Art. 6, para. 1, sentence 1, lit. f) GDPR. These include: ensuring compliance with security regulations, requirements, industry standards and contractual obligations, the assertion, exercise or defense of legal claims.

Data categories and data origin

The categories of processed personal data include, in particular:

  • Master, contact and communication data,
  • Data on the content of former/current employment relationships, e.g., work tasks, performance data, occupied positions. (This data may be derived from your cover letter/CV/attached references),
  • Various other types of information, such as the earliest starting date, regional mobility, desired number of hours and duration of employment, previous employment, additional qualifications, references or information indicating how you became aware of this position,
  • Other types of voluntarily provided information, such as data on non-professional interests: hobbies, volunteer work
  • Other data that you voluntarily provide to us during the application process, e.g., in your application letter, CV or certificates, photographs

In addition, we collect and process data as part of personnel screening within the scope of the application process (e.g., police clearance certificates, sanctions list checks, reliability checks, if applicable) and, if applicable, data on health suitability.

As a general rule, your personal data is collected directly from you as part of the application process. You have the option to send us your application via the applicant portal on our website. The data is encrypted and transmitted to us according to the technical state of the art. If you send us your application via e-mail, please note that e-mails are generally not sent in encrypted form and it is up to you to ensure that they are encrypted. We do not assume any responsibility for the transmission of your application until we receive it on our server and therefore recommend that you either use the applicant portal or you send us your application by regular mail. If you use the applicant portal, the required data is marked accordingly; in all other cases, you can find out what data is required from the job description. Under certain circumstances, your personal data may also be collected from other entities on the basis of legal regulations. In addition, we may receive personal data from third parties (e.g., from recruitment agencies), who pass it on to us under their own responsibility.

Obligation to provide data

You are not obliged to provide us with personal data. However, the application process requires that you provide us with the personal data necessary to implement the application process and to assess your suitability. Without this personal data, we cannot consider your application.

Recipients of personal data

Your personal data will only be passed on to the persons and entities (e.g., departments, works councils) who need it for the implementation of the application process, for making the recruitment decision, and for fulfilling our (pre-)contractual and legal obligations and requirements. Furthermore, service providers and vicarious agents employed by us may receive personal data for these purposes. We will only pass on your personal data if this is required by statutory provisions, if you have given your consent, if we are legally authorized to pass it on and/or the data processors commissioned by us guarantee compliance with the confidentiality obligations and the requirements of the General Data Protection Regulation and the Federal Data Protection Act to the same extent.

Data transfers to third countries

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is permitted or prescribed by law, if you have given us your consent or if the special requirements of Art. 44 et seq. GDPR are met within the scope of order processing.  

Further processing

If your application is successful, your personal data can be further processed by us for the purposes of the employment relationship.

Within the scope of the application process, we offer you the opportunity to be included in our "talent pool" for a period of two years on the basis of your consent within the meaning of Art. 6, para. 1, sentence 1, lit. a) in conjunction with Art. 7 GDPR.

The application documents in the talent pool are processed exclusively within the scope of future job advertisements and the search for employees and will be destroyed at the latest upon expiry of the above-mentioned period. Your consent to be included in the talent pool is voluntary and does not affect the current application process: you can revoke your consent at any time with effect for the future.

Duration of storage

If the application for a job offer is unsuccessful or your personal data is not necessary for the establishment, implementation and termination of the employment relationship, your personal data will be deleted. Your personal data will also be deleted if your application is withdrawn (you are entitled to withdraw your application at any time).

The deletion will take place, unless we are legally obliged or entitled to store the data for a longer period of time, at the latest upon expiry of a period of six months after the end of the application process in order to ensure that we are able to answer any follow-up questions pertaining to the application and meet our obligations under the General Equal Treatment Act (AGG), unless you have expressly given your consent to the further storage of your personal data for the purpose of being contacted by us in the event of future job advertisements. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Automated decision-making and profiling

In principle, we do not use automated decision-making according to Art. 22 GDPR for the initiation and implementation of the application procedure. No profiling operations take place. 
 

Notes on data processing within the scope of prize draws

Processing purposes and legal basis

We collect, process and use your personal data in accordance with the applicable data protection regulations only to the extent necessary for the implementation and processing of the prize draw/with the consent of the data subjects. The personal data that has to be provided within the scope of the prize draw is used for implementing and processing the prize draw, for determining and notifying the winners, for enabling the exercise of the granted rights of use and for mailing of the prize. The legal basis for data processing here is the consent of the participants in accordance with Art. 6, para. 1, sentence 1, lit. a) GDPR.

Furthermore, we process personal data in accordance with Art. 6, para. 1, sentence 1, lit. f) GDPR to ensure the proper implementation of the prize draw (e.g., for age verification) and in accordance with Art. 6, para. 1, sentence 1, lit. c) GDPR insofar as this is necessary for the fulfilment of legal obligations. This includes, for example, the obligation to comply with data retention periods under commercial and tax law.

Data categories and data origin

The following data is collected by us within the scope of participation in the prize draw: User ID, possibly contact details. In the event of a win, we have to collect the first and last name, the address data and possibly the date of birth of the winner. This data is sent to us by the data subject via direct message or by email.

Recipients in the event of data transfers

The personal data is only received by persons and departments within our company who need this data in order to implement and process the prize draw and possibly publish the winner(s).

The personal data is only passed on to third parties if and to the extent that this is necessary for the implementation and processing of the prize draw or the transfer or provision of the prize.

Duration of storage

We process and store the personal data of the data subjects as long as this is necessary for the fulfilment of the above-mentioned purposes and, in particular, for the fulfillment of contractual and legal obligations. If the data is no longer necessary for the fulfilment of the purposes, it is deleted on a regular basis, unless its temporary further processing is necessary (due to the application of statutory retention periods or for safeguarding our legal claims). However, posts on social media platforms may remain and continue to be publicly visible. If the data processing is based on consent, we will delete the respective data if the consent is revoked by the data subject and there is no other applicable legal basis.
 

Notes on data processing for social media profiles

In order to actively communicate with users and to provide information about our company, we maintain a number of different social media profiles, partly under joint responsibility with social network operators listed below.

The use of social media is not required to communicate with us or to obtain information about our company. You can get in touch with us at any time via homepage@streck.ch. We would like to point out that you use the services offered here and their functions under your own responsibility.

Please note that when you use our social media profiles in the social networks mentioned below, the social network operators may potentially process your personal data outside the European Union and outside the European Economic Area. This can result in potential risks for users, e.g., by making it more difficult for data subjects to enforce their data protection rights. At the same time, however, we would like to point out that, to the extent that this is supported by the operators of the social networks, we strive to work towards the conclusion of agreements on joint responsibility in accordance with Art. 26 GDPR and of standard data protection clauses in accordance with Art. 46, para. 2, lit. d GDPR.

In addition, we would like to draw attention to the fact that social network operators usually process the personal data of users for their own market research and advertising purposes. Any usage profiles generated from usage behavior can be used to display interest-based advertisements outside the social networks. For this purpose, the operators of social networks generally store cookies on the users' computers so that device information, user behavior and user interests can also be processed if the users do not have profiles in the respective network.

You can find more information in this regard and with regard to potential options to lodge an objection in the privacy policies and in further information provided by the respective operators of social networks, which we have linked for you below.

The following also applies to the processing of personal data:

Processing purposes and legal basis

Insofar as data is processed under our responsibility, it is processed for the purposes of information provision, communication, marketing and reach measurement. The operation of social media profiles is based on our legitimate interest according to Art. 6, para. 1, sentence 1, lit. f GDPR, whereby the respective interests arise from the aforementioned purposes.

Categories of data

The processed data categories include basic personal data (e.g., names), contact data (e.g., e-mail addresses), content data (e.g., text entries), usage data (e.g., interest in content) as well as meta and communication data (e.g., device information and IP addresses).

Storage period

The data categories processed by us are stored solely within the respective social network. In most cases, we have no influence over the specific storage period, because this period is determined by the social network providers. You can find more information in this regard in the privacy policy of the respective provider. If the storage period can be influenced by us in individual cases, the data is deleted after the purpose has been fulfilled in compliance with the statutory retention obligations.

Services and service providers used by us and network-specific information

Below, we inform you about the services and service providers we use as well as about network-specific information by stating the respective responsible bodies within and outside the EU / EEA. We do not transfer any further data.

Instagram, Facebook Ireland Limited / Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA

  • Privacy information
    LinkedIn, LinkedIn Ireland Unlimited Company / LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA
  • Privacy information
  • Possibility to object against targeted advertisements
    YouTube, Google Ireland Limited / Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Privacy information
  • Possibility to object against targeted advertisements
  • Browser add-on to disable Google Analytics
    kununu, New Work SE
  • Privacy information
  • Possibility to object against tracking and other analyses of user data

Notes on data subject rights

With regard to the assertion of data subject rights, we would like to point out that the notices should be addressed directly to the respective social network operators so that comprehensive measures can be initiated. Only the operators have access to all of the collected personal data of users and can therefore provide more comprehensive information and institute potential actions. If you need assistance with this, you can, of course, contact our data protection officer at any time.

Changes to the notes on data processing

We reserve the right to adapt our notes on data processing at any time in accordance with changes to our services, the way your personal data is processed or the applicable law. Therefore, always make sure to consult the most current version of our notes on data protection.