Data Protection Information
We are pleased to welcome you to our website and appreciate your interest in RECASE Regenerative Energien GmbH. Not only is wind energy and renewable energy concepts important to us, but also the compliant handling of your personal data. This privacy policy informs you about how, to what extent, and for what purposes we process personal data when you use our website and beyond.
The subject of data protection is personal data. According to Article 4 of the GDPR, personal data refers to all information relating to an identified or identifiable natural person. This includes, for example, details such as name, address, email address, or telephone number, as well as usage data such as your IP address or content data such as the messages you send to us via forms. We process personal data only in accordance with the legal regulations, particularly the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
1. Responsible Party
The responsible party is:
RECASE Regenerative Energien GmbH
Rendsburger Str. 54 C
24866 Busdorf
Telephone: +49 (0) 4621 4216 640
Fax: +49 (0) 4621 4216 648
Email: info@recase.de
2. General
Insofar as we obtain your consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
For the processing of your personal data necessary for the fulfillment of a contract between you and RECASE Regenerative Energien GmbH, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which RECASE Regenerative Energien GmbH is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority vested in the controller, Article 6(1)(f) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not outweigh the aforementioned interest, Article 6(1)(e) of the GDPR serves as the legal basis.
3. Data Collection on Our Website
In the course of using our website for informational purposes, for example, when you register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following data, which is technically necessary for us to display our website and ensure its stability and security. The legal basis is Article 6(1)(f) of the GDPR. As the website operator, we have a legitimate interest in the technically flawless presentation and optimization of our website; for this purpose, the following server log files must be collected:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which the access occurs (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
3.1. Content Delivery Network (CDN)
We use a network of regionally or internationally connected servers (Content Delivery Network) to ensure the proper delivery of content on our website. A CDN is a service that maintains the functionality and availability of graphics or scripts, helping to ensure optimal data throughput even during peak loads, such as when handling large media files. By accessing this content, you connect to the servers of the respective service provider. This transmits your IP address and, if applicable, other identification features such as your user agent. The following CDN and service providers are used:
3.3.1. JQure CDN
The service provider is StackPath, 2021 McKinney Ave, Suite 1100, Dallas, TX 75201. The legal basis is Article 6(1)(f) of the GDPR. As the website operator, we have a legitimate interest in secure and efficient delivery and optimization of our website offerings. We have no influence over this processing activity. For more information on data processing by StackPath, please visit: www.stackpath.com/legal/privacy-statement.
4. Contact via Email, Mail, Phone, Fax, Social Media, etc.
When you contact us via email, mail, phone, fax, social media, etc., your personal data (e.g., name, inquiry) will be stored and used for the purpose of processing your request and for communication related to it. The legal basis is Article 6(1)(b) of the GDPR, provided that your contact is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In other cases, the processing is based on your consent pursuant to Article 6(1)(a) of the GDPR and/or our legitimate interests under Article 6(1)(f) of the GDPR, as we have a legitimate interest in effectively handling inquiries directed to us.
5. Processing of Prospective, Customer, and Contract Data
We process your personal data to fulfill a contract and to carry out pre-contractual measures (e.g., preparing and sending a quote) or to terminate our contract. The data processing is carried out at your request and is necessary for both parties to fulfill their obligations under the contract. The legal basis is Article 6(1)(b) of the GDPR.
6. Processing of Contact Data from Contacts, etc.
We process contact data of contacts, employees, service providers, or agents of our contractual partners. The legal basis is Article 6(1)(f) of the GDPR. Processing under Article 6(1)(f) of the GDPR may only take place to the extent necessary to protect the legitimate interests of us or third parties and does not override the interests, fundamental rights, and freedoms of the data subject requiring protection of personal data. Business contacts (e.g., the name of a contact person, employee, etc.) do not include very sensitive data. Therefore, it is not apparent what legitimate interest contacts, employees, etc., would have in not being contacted in the context of the business relationship. Our legitimate interest lies in the smooth handling of the business relationship and outweighs the interest of the contacts, employees, service providers, or agents.
7. Processing of Business Contacts, Trade Shows, Events, etc.
We process your personal data that we have received from you, for example, in the context of business contacts, a trade show, event, etc. (e.g., handover of your business card and other data) for the purpose of fulfilling a contract and carrying out related pre-contractual measures (e.g., preparing a quote). The data processing is carried out at your request and is necessary for both parties to fulfill their obligations under the contract. The legal basis is Article 6(1)(b) of the GDPR.
8. Application Procedure
We process the data you provide in connection with your application to assess your suitability for the position or any other vacant positions, for the purpose of contacting you, and to carry out the application process. This includes applications that either refer to a specific job offer or unsolicited applications. Upon receipt of your application, the data will be reviewed by the HR personnel. Suitable applications will then be forwarded internally to the department heads for the respective open position. The subsequent process will be coordinated accordingly. Generally, only those individuals who need access to your data for the proper conduct of our application process will have access.
Applicants are not obligated to provide their personal data. However, providing personal data is necessary for the decision regarding an application. Applicants should only provide personal data that is necessary for the initiation and conduct of the application. If applicants do not provide us with personal data as part of an application, we cannot make a selection. There are no further consequences for you.
The legal basis for processing your personal data in this application procedure is § 26 of the Federal Data Protection Act (BDSG). According to § 26 BDSG, the processing of data related to the decision on establishing an employment relationship is permissible. If the data may be required for legal enforcement after the application process, data processing may occur under Article 6 of the GDPR, particularly to pursue legitimate interests under Article 6(1)(f) of the GDPR. The legitimate interest would then be the assertion or defense of claims, for example, in a procedure under the General Equal Treatment Act (AGG). Our interest lies in asserting or defending claims. If consent has been obtained (e.g., for using your data for future vacancies), processing will occur solely on the basis of Article 6(1)(a) of the GDPR.
9. Categories of Personal Data and Sources
We process the following categories of personal data: contact data (e.g., name, email address, phone number), employee data, professional or job titles (e.g., Dipl.-Ing., Managing Director, etc.), personal master data, communication data, contract master data, billing and payment data, supplier data, information from third parties (e.g., credit agencies or publicly available sources), etc. This list is not exhaustive.
10. Transmission to Third Parties
We sometimes use external service providers to process your data. These providers have been carefully selected and contracted by us, are bound by our instructions, and are regularly monitored. This is usually based on a data processing agreement in accordance with Article 28 of the GDPR. Furthermore, we transmit personal data to third parties only if there is a legal basis for doing so or if you have previously given your consent. Disclosure or transmission of your personal data occurs solely for the previously mentioned purposes to the following recipients or categories of recipients:
- IT service providers
- Credit institutions for payment processing
- Insurance companies in the context of claims processing
- Collection agencies and lawyers, e.g., to collect receivables and enforce claims in court
- Lawyers, notaries, banks, tax advisors, etc.
- Potential buyers or interested parties in corporate transactions
- Controllers, processors
- Other authorized entities (e.g., authorities and courts) where there is a legal obligation or entitlement to do so
- Depending on the assignment, to additional recipients, which we may coordinate with you.
11. Transmission to Countries Outside the EU or EEA
If we process data outside the EU or the EEA or if this occurs in the context of utilizing services from third parties or disclosing or transmitting data to third parties, this will only take place if it is necessary for the fulfillment of our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests.
Moreover, we will only transmit data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and that there are no other legitimate interests opposing the data transmission. We use standard contractual clauses to ensure an adequate level of data protection at the recipient of the data, base the data transmission on so-called Binding Corporate Rules (internal data protection regulations), and check for additional guarantees regarding the transmission of personal data to a third country, such as the USA. The standard contractual clauses remain generally valid even after the ECJ ruling on July 16, 2020 (C-311/18) concerning the EU-US Privacy Shield. Furthermore, we check for additional guarantees and obtain the consent of the data subjects for data transmission in accordance with Article 49(1)(a) of the GDPR.
We use tools and services from service providers based in the USA on our website and beyond. According to the ruling of the European Court of Justice on July 16, 2020 (C-311/18) regarding the EU-US Privacy Shield, there is no adequate level of data protection in the USA. The USA is not a safe third country within the meaning of the GDPR. US service providers and their subsidiaries are subject to US laws and are obliged to disclose personal data to US authorities (e.g., intelligence services). Affected individuals cannot take legal action against this. There is a possibility that US authorities may access personal data for surveillance purposes, process, evaluate, and store this data. In terms of the GDPR, this constitutes an unlawful disclosure of personal data. We cannot influence this processing activity.
12. Duration of Storage
Your personal data will be stored for the stated purposes as long as necessary to fulfill those purposes. After that (e.g., after your request has been processed; when the relevant matter has been conclusively clarified; after the completion of the contract or termination of the business relationship, etc.), your personal data will be deleted unless we are required by law (e.g., commercial or tax retention obligations) to store it for a longer period. In this case, your personal data will first be blocked and deleted after the retention period expires.
Storage may also occur if this has been stipulated by European or national legislators in EU regulations, laws, or other provisions to which our company is subject. Blocking or deleting the data will occur when the storage period prescribed by the mentioned regulations expires unless there is a necessity for further storage of the data. Additionally, storage may occur if you have given consent in accordance with Article 6(1)(a) of the GDPR.
In the case of obligations to permanently observe objections, we reserve the right to store your personal data (contact details such as email address, phone number, name, first name, address, etc.) solely for this purpose in a blocking list (commonly referred to as a "deny list").
Data from applicants will be deleted six months after a rejection. If you have consented to further storage of your personal data, we will include your data in our applicant pool. Data in this pool will be deleted after two years. We have established a separate email address for this purpose at bewerbungen@recase.de.
Further information regarding the duration of storage and deletion of your personal data may be provided within the individual data protection notices of this privacy policy.
13. Rights of Data Subjects
You have the right, within the framework of the legal provisions, to request from us:
- Confirmation of whether your personal data is processed by us and information about the circumstances of the processing (Art. 15 GDPR),
- Correction of your personal data if it is incorrect (Art. 16 GDPR),
- Deletion of your personal data, provided that there is no longer any justification for processing and no obligation to retain it (Art. 17 GDPR),
- Restriction of processing if one of the conditions specified in Art. 18(1)(a) to (d) of the GDPR is met (Art. 18 GDPR),
- Data portability of your personal data in a structured, commonly used, and machine-readable format (Art. 20 GDPR),
- Filing a complaint with a supervisory authority (Art. 77 GDPR).
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time in accordance with Art. 7(3) GDPR, which will make the processing of your personal data unlawful in the future. This does not affect the lawfulness of the processing based on the consent prior to its withdrawal. The withdrawal of consent can be communicated informally via email to widerruf@recase.de or by post to the address listed at the beginning of this privacy policy.
Furthermore, you can object to processing based on legitimate interests according to Art. 6(1)(f) GDPR in accordance with Art. 21 GDPR, where you must state a specific reason unless it is for direct marketing. The objection can be communicated informally via email to widerruf@recase.de or by post to the address listed at the beginning of this privacy policy.
14. Obligation to Provide Data
In the context of fulfilling a contract and carrying out pre-contractual measures for contracts with you, it is necessary for you to provide the personal data required to establish or perform the contract and thus to fulfill contractual obligations. You are not obliged to provide your personal data; however, if you do not provide it, establishing and executing the contractual relationship is not possible.
15. No Automated Decision-Making, Including Profiling
We do not process your personal data for the purpose of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) GDPR.
16. Links to Other Websites
Our website contains links to other websites. Please note that our privacy policy does not apply to these other websites unless explicitly stated otherwise.
17. Data Security
We have taken the necessary technical and organizational measures to protect the personal data you provide from loss, destruction, manipulation, and unauthorized access. All our employees and all persons involved in data processing are obliged to comply with the GDPR, the BDSG (Federal Data Protection Act), and other data protection-related laws, as well as to handle personal data confidentially. Our employees are trained accordingly. Both internal and external audits ensure compliance with all data protection-related processes.
To protect the personal data of our users, we use a secure online transmission method known as "Secure Socket Layer" (SSL) or "Transport Layer Security" (TSL) transmission. You can recognize this by the addition of an "s" to the address component http:// ("https://") or by the display of a green, closed padlock symbol in your browser. By clicking on the symbol, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption ensures the secure and complete transmission of your data.
18. Changes to the Privacy Policy
New legal requirements, business decisions, or technical developments may necessitate changes to our privacy policy. The privacy policy will then be adjusted accordingly. The latest version can be found on our website.
Status: October 2021