Data privacy statement

Data privacy statement

Thank you for visiting our website and for your interest in the RECASE Regenerative Energien GmbH. Not only wind energy or regenerative energy concepts are important to us, but also the data protection compliant handling of your personal data. With this privacy policy, we inform you about how, to what extent and for what purposes we process personal data when using our website and beyond.

The subject of data protection is personal data. According to Art. 4 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, details such as name, address, e-mail address or telephone number but also usage data such as your IP address or content data such as messages written by you and sent to us via forms. We process personal data only in accordance with the legal regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1. Controller

Controller is:

RECASE Regenerative Energien GmbH
Rendsburger Str. 54 C
D-24866 Busdorf

Telefon: +49 (0) 4621 4216 640
Fax: +49 (0) 4621 4216 648

E-mail: info@recase.de

2. General

Insofar as we obtain your consent for processing operations of personal data, Art. 6 (1) p. 1 lit. a GDPR serves as the legal basis.

When processing your personal data that is necessary for the performance of a contract between you and RECASE Regenerative Energien GmbH, Art. 6 (1) p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which RECASE Regenerative Energien GmbH is subject, Art. 6 (1) p. 1 lit. c GDPR serves as the legal basis.

If the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Article 6 ((1) p. 1 lit. e GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 (1) p. 1 lit. s GDPR serves as the legal basis.

3. Data Collection on our Website

In the context of the informative use of our website, e.g. if you register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security. The legal basis is Art. 6 (1) p. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the technically error-free display and optimization of our website - for this purpose, the following server log files must be collected:

IP address of the requesting computer
Date and time of access
Name and URL of the accessed file
Website from which the access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

3.1. Content Delivery Network (CDN)

We use a network of regional or international servers connected via the Internet (Content Delivery Network) to properly deliver content to our website. CDN is a service to maintain the functionality and availability of graphics or scripts and helps to ensure optimal data throughput, for example of large media files, even during peak load periods. By accessing this content, you establish a connection to servers of the respective service provider. This means that your IP address and, if applicable, other identification features such as your user agent are transmitted. We use the following CDN and service providers:

3.3.1. JQure CDN

The service provider is StackPath, 2021 McKinney Ave. Suite 1100 Dallas, TX 75201. The legal basis is Art. 6 (1) p. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the secure and efficient provision and optimization of our website offering. We have no influence on this processing activity. You can find more information about data processing by StackPath at: https://www.stackpath.com/legal/privacy-statement.

4. Contact by E-Mail, Mail, Telephone, Fax, Social Media, etc.

In the context of contact by you via e-mail, mail, telephone, fax, social media, etc., your personal data (e.g. name, inquiry) will be stored and used for the purpose of processing your request or for contacting you and the associated processing. The legal basis is Art. 6 (1) p. 1 lit. b GDPR, insofar as your contact is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR and/or on our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, as we have a legitimate interest in the effective processing of the inquiries addressed to us.

5. Processing of Prospective Customer, Customer and Contract Data.

We process your personal data for the fulfillment of a contract and the related implementation of pre-contractual measures (e.g. for the preparation and sending of an offer), or termination of our contract. The data processing is carried out upon your request and is necessary for the aforementioned purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 (1) p. 1 lit. b GDPR.

6. Data Processing Contact Data of Contact Persons etc.

We process contact data of contact persons, employees, service providers or vicarious agents of our contractual partners. The legal basis is Art. 6 (1) p. 1 lit. f GDPR. Processing pursuant to Art. 6 (1) p. 1 lit. f GDPR may only take place if this is necessary to protect the legitimate interests of us or third parties and if the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override this. Business contacts (e.g. the name of a contact person, an employee, etc.) do not contain very sensitive data. It is therefore not apparent what legitimate interest contact persons, employees, etc. would have in not being contacted in the course of the business relationship. Our legitimate interest lies in the smooth handling of the business relationship and outweighs the interest of the contact persons, employees, service providers or vicarious agents.

7. Data Processing Business Contacts, Trade Fairs, Events, etc.

We process your personal data that we have received from you, e.g. in the context of business contacts, a trade fair, event, etc. (e.g. handing over your business card and other data) for the fulfillment of a contract and the related implementation of pre-contractual measures (e.g. preparation of an offer). The data processing is carried out upon your request and is necessary for the aforementioned purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 (1) p. 1 lit. b GDPR.

8. Application Procedure

We process the data that you have provided to us in connection with your application in order to check your suitability for the position or possible other vacant positions, for the purpose of contacting you and to carry out the application procedure. These are applications that relate either to a specific job offer or to unsolicited applications. Once your application has been received, the data will be viewed by the personnel managers. Suitable applications are then forwarded internally to the department responsible for the respective vacancy. The further procedure is then coordinated. In principle, only those persons who require your data for the proper conduct of our application process have access to it.

The legal basis for the processing of your personal data in this application procedure is Section 26 BDSG. According to Section 26 BDSG, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after completion of the application process, data processing may be carried out in accordance with Art. 6 GDPR, in particular for the purpose of safeguarding legitimate interests in accordance with Art. 6 (1) p. 1 lit. f GDPR. The legitimate interest then consists of the assertion or defense of claims, for example, in proceedings under the General Equal Treatment Act (hereinafter "AGG"). Our interest then consists in the assertion or defense of claims. If a corresponding consent has been obtained (e.g. for the use of your data for subsequent vacancies), the processing is carried out exclusively on the basis of Art. 6 (1) p. 1 lit. a GDPR.

9. Categories of Personal Data and Source

We process the following categories of personal data: Contact data (e.g. name, e-mail address, telephone number), employee data, job or function titles (e.g. graduate engineer, managing director, etc.), personal master data, communication data, contract master data, contract billing and payment data, supplier data, information data (from third parties, e.g. credit agencies or from publicly accessible sources), etc. This list is not exhaustive.

10. Transmission to Third Parties

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. As a rule, this is done on the basis of commissioned processing in accordance with Art. 28 GDPR. In addition, we only transfer personal data to third parties if this is permitted by law or if you have given your prior consent. A disclosure or transfer of your personal data takes place exclusively within the scope of the aforementioned purposes to the following recipients or categories of recipients:

IT service providers,
Credit institutions for the processing of payments,
Companies in the insurance industry in the course of settling claims,
Collection service providers and lawyers, e.g. to collect receivables and enforce claims in court,
Lawyers, notaries, banks, tax consultants, etc.,
Corporate buyers/interested parties in corporate transactions,
Persons in charge, order processors,
other authorized persons (e.g. authorities and courts), insofar as there is a legal obligation or authorization to do so,
depending on the order, to other recipients, which we may coordinate with you.

11. Transmission to Countries outside the EU or the EEA

Insofar as we process data outside the EU or the EEA or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.

Otherwise, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and no other interests worthy of protection speak against the transfer of data. To ensure an adequate level of data protection at the recipient of the data, we use standard contractual clauses, base the transfer of data on so-called Binding Corporate Rules (internal data protection regulations) and check the existence of additional guarantees regarding the transfer of personal data to a third country, such as the USA. The standard contractual clauses are in principle still effective even after the ECJ ruling of July 16, 2020 (C-311/18) on the EU-US Privacy Shield. Furthermore, we check the existence of additional safeguards and obtain the consent of the data subjects for the data transfer pursuant to Art. 49 (1) p. 1 lit. a GDPR.

12. Duration of Storage

Your personal data will be stored for the aforementioned purposes for as long as is necessary for the fulfillment of these purposes. Thereafter (e.g. after the processing of your inquiry has been completed; when the facts concerned have been conclusively clarified; after completion of the order or termination of the business relationship, etc.), your personal data will be deleted, unless we are obliged to store it for a longer period of time due to legal requirements (e.g. obligations to maintain records under commercial or tax law). In this case, your personal data will initially be blocked and deleted upon expiration of the retention period.

Data may also be stored beyond this period if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject. Data will be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data. In addition, storage may take place if you have consented in accordance with Art. 6 (1) p. 1 lit. a GDPR.

In the event of obligations to permanently observe objections, we reserve the right to store your personal data (contact data, e.g. e-mail address, telephone number, surname, first name, address, etc.) in a blocking list (so-called "denylist") for this purpose alone.

Applicants' data will be deleted after 6 months in the event of rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years. For this purpose, we have set up a separate e-mail address at bewerbungen@recase.de.

Further information on the duration of storage and deletion of your personal data can be found in the individual data protection notices of this privacy policy.

13. Data Subject Rights

Within the framework of the legal requirements, you have a right against us to the following

Confirmation as to whether your personal data is being processed by us and to information about the circumstances of the processing (Art. 15 GDPR),
Retification, insofar as your personal data is incorrect (Art. 16 GDPR),
Deletion of your personal data, insofar as there is no justification for the processing and there is no obligation to retain it (any longer) (Art. 17 GDPR),
Restriction of processing if one of the conditions listed in Art. 18 (1) a to d GDPR is met (Art. 18 GDPR),
Data Portability of your personal data in a structured, common and machine-readable format (Art. 20 GDPR),
Complaint to a supervisory authority (Art. 77 GDPR).

Insofar as the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time in accordance with Art. 7 (3) GDPR, with the consequence that the processing of your personal data becomes unlawful for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. The withdrawal of consent can be communicated informally by e-mail to widerruf@recase.de or by mail to our postal address listed at the beginning of this privacy policy.

In addition, pursuant to Article 21 GDPR, in the event of processing based on a legitimate interest pursuant to Article 6 (1) sentence 1 lit. f GDPR, you may object to the processing, whereby you must provide a specific reason, except in the case of direct advertising. The objection can be communicated informally by e-mail to widerruf@recase.de or by mail to our postal address listed at the beginning of this privacy policy.

14. Obligation or Duty to Provide the Data

In the context of the fulfillment of a contract and the related implementation of pre-contractual measures of contracts with you, it is necessary that you provide those personal data that are required for the establishment or the implementation of the contract and thus for the fulfillment of contractual obligations. You are not obliged to provide your personal data, but if you do not provide them, the establishment and performance of the contractual relationship is not possible.

15. No automated individual Decision-Making including Profiling

We do not process your personal data for the purpose of automated individual decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR.

16. Links to other Websites

Our website contains links to other websites. Please note that our privacy policy does not apply to these other websites unless it is expressly stated.

17. Data Security

We have taken the necessary technical and organizational measures to protect the personal data you provide against loss, destruction, manipulation and unauthorized access. All our employees or all persons involved in data processing are obliged to comply with the GDPR, the BDSG and other laws relevant to data protection and to handle personal data confidentially. Our employees are trained accordingly. Both internal and external audits ensure compliance with all data protection-relevant processes.

To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) or "Transport Layer Security" (TSL) transmission. You can recognize this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed lock symbol is displayed in the browser. Clicking on the symbol provides information about the SSL certificate used. The appearance of the symbol depends on the browser version you are using. SSL encryption ensures the secure and complete transmission of your data.

18. Change of the Privacy Policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The Privacy Policy will then be adapted accordingly. You can find the latest version on our website.

Status: October 2021