We're pleased about your interest in our websites at www.thosco.de and www.thosco.com (“Website”) and our company. The website is operated by Thosco^® Thode + Scobel GmbH & Co. KG (“Controller”, “we” or “us”) and provides you, as a user of our web services (hereinafter referred to as “User” or “you”), the opportunity to find out more about our products and services. You can contact us as at any time using our contact form, via telephone or email.

The following information is provided to inform you about the data we collect, and for what purpose, when you access our website or order a product or service. This Privacy Statement explains the legal basis and purpose for this data collection. In addition, we would like to inform you of your rights with regard to the use of personal data. Should you have any questions regarding our use of your personal data, please contact our Controller (for Data Privacy pursuant to GDPR, contact details in No. 1).

1. Controller

The operator of this website and thus the Controller for data processing is:

Thosco^® Thode + Scobel GmbH & Co. KG

Schlossstrasse 8E

22041 Hamburg

Tel. +49 / 40 / 6 58 00 80

Fax +49 / 40 / 65 80 08 2

Email: .

Some data processing may only be conducted with your express consent. You can withdraw your consent at any time with future effect. You only need to send us an informal email (contact details in No. 1). The legality of any data processing carried out prior to the withdrawal of your consent remains unaffected.

We have appointed a Data Protection Officer, who can be contacted at

Thosco^® Thode + Scobel GmbH & Co. KG

Corporate Data Protection Officer

Schlossstrasse 8E

22041 Hamburg

Tel. +49 / 40 / 6 58 00 80

Fax +49 / 40 / 65 80 08 2

Email: .

When you access this website, a range of personal data is collected.

Personal data includes information that can be directly or indirectly linked to you individually, e.g., your name, address, email address, IP address and user behaviour.

The collection and processing of personal data only occurs where it is permitted by law, or where you have provided your consent. Data will be deleted as soon as the purpose for which it was collected has been fulfilled, unless you have consented to an additional use thereof, or we are unable to delete it due to statutory retention requirements. This data processing includes the following:

5.1 Description of data processing

Users can access our website without registering. When you access our website, and every time you open a page or a file, the browser on your device automatically sends information to our website server, which is stored temporarily as so-called log files. We have no influence over this process. The following information is collected and stored until it is automatically deleted, without any intervention on your part:

• § the shortened IP address of the requesting internet-enabled end device,
• § the date and time of access,
• § the name and the URL of the data accessed,
• § the referrer URL (the website accessed prior to accessing our website),
• § the browser you are using and, if applicable, the operating system of your internet-enabled end-device as well as the name of the access provider.

This data is collected automatically once you access our website, and is not merged with any other data sources.

5.2 Legal basis and purpose

The legal basis for processing the shortened IP address is Art. 6 S1 para. f) of the German General Data Protection Regulation (GDPR), which permits processing for legitimate purposes, provided this does not conflict with prevailing interests, fundamental user rights or fundamental user freedoms.

The temporary storage of this data is necessary to present website information to the user. Therefore, this data is required to present our website. For this purpose the user IP address also must be stored for the duration of the session. This data is stored as log files to preserve and optimise website functionality and to guarantee the security of our IT systems. We therefore reserve the right to examine our server log files should any subsequent indications of illegal use arise. These purposes constitute a legitimate interest for data processing for the Controller pursuant to Art. 6 (1) (f) GDPR.

5.3 Retention period

This data will be deleted when it is no longer required for the purpose for which it was stored. For the presentation of our website, this occurs at the end of the individual session. In the case of data stored as log files, deletion will occur after seven days. Data may be stored beyond this time if the user IP address is deleted or masked so that it cannot be assigned to any individual user.

5.4 Opportunity to object

Data collected for the presentation of the website and the storage of that data in log files is mandatory for the operation of the website. Users do not have the opportunity to object.

6.Using the contact form, email or telephone to send an enquiry

6.1 Description of data processing

When you use the contact form on the website, email or telephone to send us an inquiry, the data you provide to us, including your contact details, will be stored by us for the purpose of processing your inquiry and in case of further questions. This data will not be provided to third parties without your consent.

For this purpose, the following data will be sent to and stored by us: your first and last name, the name of your company, address, email address and any personal information you have included in the inquiry text.

6.2 Legal basis for data processing

The processing of this data is based on your consent pursuant to Art. 6 (1) (a) GDPR. If, in the event of contact via a telephone call, no consent has been granted, this processing is legitimate pursuant to Art. 6 (1) (f) GPDR, as without this information the inquiry cannot be processed.

6.3 Purpose of processing

Processing of this information is required to process the inquiry and in case of follow-up questions. For contact made by telephone, this also constitutes a legitimate interest in processing the data.

6.4 Retention period

We will only retain the data provided by you per email or by telephone until such time as it has fulfilled its purpose. For data collected when making contact by post, email or telephone, this will occur when the specific inquiry has been processed and resolved. We will also delete this data prior to resolution should you so request, or if you withdraw your consent to the storage of that data. Mandatory statutory provisions—particularly retention periods—remain unaffected.

6.5 Potential to object or remove

Users can withdraw their consent to the processing of their data with immediate future effect. This only requires sending us an informal message, by post or email (see contact details in No. 1). We will then delete the data you have shared with us via email or telephone and we will cease processing the inquiry.

7. Transfer of personal data to service providers, purpose and legal basis; opportunity to object

7.1 We treat all personal data as confidential and do not transfer to third parties as a matter of principle, unless this is required for the presentation of our website, to answer or resolve an inquiry, you have consented to the processing of your data, or we are legally obliged to do so.

7.2 We use external IT service providers for the presentation of our website. These service providers have been carefully selected and contracted, are bound to act in accordance with our instructions and are regularly monitored.

7.3 We work with external service providers to process purchase orders, who assist us wholly or in part in fulfilling contractual obligations. These service providers assist us in payment processing. Personal data is only provided to these service providers for the purposes of fulfilling contractual obligations.

7.4 This provision of data is conducted pursuant to Art. 6 (1) (b) GDPR. Individual service providers are only provided with the specific data required by them for the service they are to provide. All service providers are obliged to treat your data as confidential.

8. Dealing with applicant data

8.1 Description of data processing

You can apply for a position with us via electronic means per email or online form, or by post. Please be aware that unencrypted emails are not protected from access by third parties. All applications are voluntary. In order to carry out the application process, we require, at a minimum, the information requested in the position description, in addition to your name and contact details.

Your information can only be accessed by our internal human resources department and the head of the department in which the position was advertised. Our accounts department will be provided with the reports necessary for processing under tax law.

8.2 Purpose and legal basis for processing

The collection, storage and processing of your personal data is only carried out for the purpose of processing your application. We do not share this information with third parties. This processing is lawful for the purposes of initiating an employment contract pursuant to § 26 German Federal Data Protection Act (Bundesdatenschutgesetz - BDSG).

8.3 Retention period

We will delete your personal data according to the following criteria:

• - Your application information will be deleted after the conclusion of the application process or after a maximum of six months if you have not consented to a longer period of storage and no employment contract has been signed.
• - Where we have paid for your travel to and from the interview, we are obliged to retain the data concerning your arrival and departure for the full duration of the statutory retention period. We will delete this personal data at the latest after the conclusion of the statutory retention period (Section 147 (3) German Fiscal Code (Abgabeordnung - AO), i.e., after a period of ten years from the date of departure.
• - If you have granted us your consent to retaining your application data indefinitely, we will retain your data until you withdraw your consent or you apply for the information to be deleted.

8.4 Right to grant and withdraw consent

Under certain circumstances, we will ask you to consent to the retention of your application data beyond the completion of the application process for use in future application processes.

The data and documents collected with your consent will only be used for the purpose of future application processes. This data processing is lawful as it is subject to your consent, pursuant to Art. 6 (1) (a) GDPR.

You may withdraw your consent at any time with future effect via email or by using our online contact form. We will delete all your application data after receiving the withdrawal of your consent.

We record your declaration(s) of consent for the purposes of verification. You may examine the declarations of consent you have issued us at any time.

For more information on the way your data is treated during the application process, please see (Information for Applicants).

9. Use of Cookies

9.1 Description of data processing

Our website uses cookies. Cookies are small text files that are saved by your browser on your end-device. When a user accesses a website, a cookie will be saved on the user's operating system, which allows for the individual browser to be identified when the website is accessed again.

We use cookies to make our website more user-friendly, effective and secure. Some elements of our website require that the browser can be identified even after another website has been accessed.

The data collected in this way is anonymised, making it impossible to attribute to the user or to any of the user's other personal data.

On first accessing this website, users are informed about the use of cookies and referred to this Privacy Statement. The user will also be informed of ways to prevent cookies from being stored. [KS1]

9.2 Third party cookies

When you visit our website, cookies from our partner organisations are also stored on your device (third-party cookies). This happens in order to enhance your experience of our website. The use of such cookies and the extent of the data collected this way is explained in more detail in sections 10 and 11 below. The third party cookies we use are partly subject to data processing in the USA. These third parties (e.g. Google) have committed to respecting the data protection regulations of the EU-US Privacy Shield, the legal framework for transferring data across the Atlantic, agreed by the European Commission and the United States (Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176). Furthermore, these third parties are registered under the “Privacy Shield Program” of the U.S. Department of Commerce.

9.3 Purpose and legal basis for data processing

Technical cookies are used for the purpose of making our website easier to use.

All website functions can still be utilised even where cookies are not enabled, but some user defined properties and settings will not be available, as the browser must be able to be recognised even after accessing another page. In some cases, cookies are used to make the website easier to use (e.g., remembering language settings, search terms, etc.) The user data collected through technical cookies is not used to create user profiles.

The processing of personal data using cookies is lawful pursuant to Art. 6 (1) (f) GDPR. We have a legitimate interest in storing these cookies to ensure error-free and optimal presentation of our services.

Third party cookies are used to improve the quality of our website and to optimise the services we offer. We do not collect any data ourselves relating to the use of third party cookies. In particular, we make use of the services of the third-party providers listed below in order to help making inquiries more secure and to facilitate access to our locations for you. For these purposes, the legitimate interest in the processing of personal data is pursuant to Art. 6 (1) para. f, DSGVO.

9.4 Retention period, opportunity to object

Cookies are stored on your end-device. “Session cookies” are automatically deleted at the end of each session. Other cookies, so-called “permanent cookies” remain stored on your end-device until you delete them. These cookies allow us to recognise your browser the next time you access our website. Permanent cookies are automatically deleted after a specific retention period, which may vary from cookie to cookie.

You can use the settings in your browser to be informed when a cookie is being set, and only allow cookies in one-off cases, in specified cases, or generally block cookies or delete cookies on closing your browser. Deactivating cookies may affect the functionality of this website.

If the user does not want to allow cookies to be stored on the user's end device, wants to delete a cookie or wants to be informed when cookies are stored, the user can use the appropriate settings in the browser. Information on how to use these settings can be found in the Help section of the individual browser.

10. Google reCAPTCHA

10.1 Description of the data processing

This website makes use of “Google reCAPTCHA” (“reCAPTCHA”). reCAPTCHA is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA is a free Google app, which protects websites from spam and misuse. With reCAPTCHA it can be checked if data entered onto our website, e.g. via our contact form, is coming from a human or an automated programme (bots). To do this, reCAPTCHA analyses the visitor’s behaviour based on various characteristics. This analysis begins automatically as soon as the visitor goes onto the website. Data collected from this analysis is transferred to Google. In order to establish whether the visitor to the website is a human or an automatic programme, reCAPTCHA assesses various information. To the best of our knowledge, this includes IP address, length of visit to the website, or user mouse movement.

Further information about Google reCAPTCHA as well as Google’s Date Protection Policy can be found at: https://www.google.com/intl/de... and https://www.google.com/recaptcha/intro/android.html.

10.2 Purpose of and legal basis for the data processing

reCAPTCHA is used for the purpose of protecting our website from misuse, particularly the use of spam and automated spyware (Bots). Data processing is based on Art. 6 S1 para. f, DSGVO. The controller has a legitimate interest in protecting its website offering from misuse by automated spyware (Bots) and from spam.

11. Google Maps

11.1 Description of the data processing

Google Maps is embedded into this website to show you our location and to help you get there. The “Google Maps” app is provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

When accessing Google Maps through our website, your data might be transferred to a server in the USA and stored there. Google might also transfer this data to third parties, provided this is legally permitted and that this data is being processed by third parties on behalf of Google. We have no influence over this data processing. We not collect any personal data ourselves relating to the use of Google Maps.

By using this service on our website, you agree to the collection, processing and use of the data automatically collected by Google Inc. Using “Google Maps” and the information obtained from “Google Maps” is subject to the Google Terms of Use.

http://www.google.de/intl/de/policies/terms/regional.html as well as the additional terms and conditions for “Google Maps” https://www.google.com/intl/de_de/help/terms_maps.html.

11.2 Purpose of and legal basis for the data processing

Embedding Google Maps is solely for the purposes of user-friendly functionality of our website and to facilitate access to our locations on the basis of Art. 6 S1 par. f, DSGVO.

You can prevent data collection and processing by Google Maps by not accessing this Google service from our website.

12. Fonts

This website uses fonts from Fonts.com, a font store from Monotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg.

The font types are installed locally, rather than loaded from a font.com server. Every time this website is accessed, a webfont tracking script activates, which connects to fonts.com, for statistical and accounting purposes. The code anonymously transfers the identification number for the webfont project, the URL of the licensed website (which is associated with our customer ID as controller and which enables fonts.com to identify the licence and the licensed webfonts) and the referrer URL.

The webfont tracking code does not collect, process or store any personal information.

Detailed information can be obtained from Monotype GmbH, see https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/.

13. Links to other websites

The website may contain links (interactive reference points) to third-party websites, for which we are not responsible. We do not have any influence whatsoever over the content and presentation of external links or the internet presence accessed by them. The relevant provider is responsible for the content and presentation of these internet presences, as well as ensuring it meets data protection regulations.

14. Protection of your data:

For security reasons, and to protect confidential content such as orders or inquiries you may send us, this website uses SSL or TLS encryption. An encrypted connection is recognisable in that the address line in the browser changes from “http://” to “https://”, and a lock symbol is also displayed in the browser address line.

The information you send to us when SSL or TLS encryption is activated cannot be read by third-parties.

We would like to advise that the transfer of data via the Internet (e.g., vie email communication) may have security gaps. It is not possible to completely protect data against access by third parties.

15. Data protection and rights of the data subject

As the data subject, you have the right to receive information about the origin, recipient of and purpose for your stored personal data at any time, free of charge. You also have the right to have this data corrected, blocked or deleted at any time. If you have any questions regarding data protection, you can contact us at any time using the contact information provided in No. 1. In addition, you have a right of appeal to the competent supervisory authority. A list of the rights available to you as a data subject against us as the Controller are as follows:

15.1 Right of access

You may request a confirmation of whether we are processing your personal data. Should this be the case, you have the right to the following information:

• - processing purpose;
• - the recipients or categories of recipients to whom your personal data has been or will be disclosed;
• - where available, the planned retention period of the personal data, or where not available, the criteria for determining that retention period;
• - your additional rights (see below);
• - all available information regarding the origin of the data, if the personal data has not been collected from you;
• - the existence of automated decision-making, including profiling, and where existent, further relevant information.

You have the right to be informed of the appropriate safeguards available pursuant to Art. 46 GDPR against the transfer of your data to a third country or international organisation.

15.2 Right to rectification

You have the right to have incorrect or incomplete personal data concerning you to be corrected without delay.

15.3 Right to restriction of processing

You have the right to request a restriction of data processing activities when one of the following conditions is met:

• - you are contesting the accuracy of the personal data;
• - the data processing is unlawful, but you do not agree to the deletion of that data, requesting instead a restriction of its use;
• - we no longer need the personal data for the purpose for which it was collected, but it is required by you to establish, exercise or defend legal claims; or
• - you have lodged an objection to the processing (see below) but it is not yet clear whether our legitimate grounds will prevail.

15.4 Right to erasure (right to be forgotten)

You have the right to have your personal data immediately erased, and we are obliged to delete said data without delay where one of the following grounds applies:

• - Your personal data are no longer required for the purpose for which they were collected or otherwise processed.
• - You withdraw your consent and there is no other legal grounds for processing that data.
• - You have lodged an objection (see below) against the data processing.
• - Your personal data was unlawfully processed.
• - The deletion of your personal data is necessary to fulfil an obligation under EU law of the law of the Member States.
• - The personal data was collected based on consent granted by a child.

15.5 Right to notification

If you have exercised your right to rectification, erasure or restriction of processing, we are required to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing unless less this proves impossible or requires a disproportionate effort. You have the right to be informed by us of those recipients.

15.6 Right to data portability

You have the right to receive personal data that you have provided to use in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another Controller without interference on our part provided:

• - the processing is based on consent granted in accordance with Art. 6 (1) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
• - the processing is carried out using automated methods.

In the exercise of this right, you may request that your personal data is transferred directly from one Controller to another Controller, in so far as this is technically feasible and does not infringe on the rights and freedoms of any other person. The right to data portability does not apply to the processing of personal data that is required for the fulfilment of a task in the public interest or in the exercise of an official authority conferred on the Controller.

15.7 Right to object

You have the right, for reasons arising from your own personal situation to object at any time to the processing of your personal data based on one of the following grounds:

• - our processing of your personal data is required for the performance of a task in the public interest or in the exercise of a public authority conferred onto us; or
• - the processing is necessary to safeguard our legitimate interests or those of a third-party, unless your interests or basic rights require that the protection of your personal data prevail.

You also have the right to object to profiling based on this processing.

If the personal data being processed is used for direct marketing purposes, you have the right to object to that processing for such marketing purposes. This also applies to profiling, insofar as it is associated with such direct marketing.

You also have the right to object on reasons arising from your own personal situation against the processing of your personal data by us for purposes of scientific or historical research or statistics, unless that processing is required for performing a task in the public interest.

15.8 Right to appeal to a supervisory authority

If there has been a breach of data protection legislation, the affected person may lodge an appeal with the supervisory authority. A list of Data Protection Commissioners and their contact details can be found under the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

16. Changes

To ensure that this Privacy Statement meets statutory requirements, we retain the right to make changes at any time. This also applies should the Privacy Statement need to be adapted to reflect changes in our website and services. The new Privacy Statement applies from the next time the user accesses our website.

Last updated January 2019

Copyright Thosco^® Thode + Scobel GmbH & Co. KG © 2019. All rights reserved.