Processing of personal data

When you use our website, we collect personal data from you. This refers to data which can be used to personally identify you. We take the security of your personal data seriously. That is why we process your data in accordance with the EU General Data Protection Regulation (GDPR). This privacy policy will inform you of how your personal data are processed and what your rights are.

However, please note that data transmission over the Internet (e.g. email communications) can have security gaps. It is not possible to guarantee complete protection of data from third party access.

Controller and data privacy officer

Controller in accordance with EU General Data Protection Regulation (GDPR):

Mosca GmbH
Gerd-Mosca-Straße 1
69429 Waldbrunn

Represented by: Timo Mosca (CEO), Simone Mosca (CEO), Alfred Kugler (CEO)

Phone+49 6274 932-0
Email: info@mosca.com

Contact our data privacy officer at: datenschutz@mosca.com.

1. Your rights [for customers, applicants and employees]

You have many rights with regard to the processing of your personal data.

Right to access information:

You have the right to obtain information on the personal data we collect, particularly the purpose of processing the data and how long they will be stored (Article 15 GDPR).

Right to rectification of inaccurate data:

You have the right to request that we immediately correct any personal data pertaining to you, if the data are incorrect (Article 16 GDPR).

Right to deletion:

You have the right to request that we delete any personal data pertaining to you. Under these terms, you can request to have your data deleted, e.g. if we no longer need the personal data for the purposes for which they were collected or otherwise processed, if we processed the data illegally or if you have legitimately objected or if there is a legal obligation to delete the data (Article 17 GDPR).

Right to restrict processing:

You have the right to request that the processing of your personal data be restricted. This right applies in particular if you dispute the accuracy of the personal data, during the time it is being verified, as well as in the event that you have a right to deletion but instead request restricted data processing. Moreover, data processing shall be restricted in the event that, while we no longer require the data for our intended purposes, you still need the data in order to enforce, exercise or defend legal claims, or pending the verification whether our legitimate grounds override yours (Article 18 GDPR).

Right to data portability:

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format (Article 20 GDPR), if the data have not yet been deleted.

Right to object:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Article 21 GDPR). We will then cease processing your personal data, unless we are able to demonstrate compulsory and legitimate reasons which take precedence over your interests, rights and freedoms or demonstrate that the data is being processed in order to enforce, exercise or defend legal claims. If you wish to object to the processing of your personal data, send us an email or write to the Controller's contact address indicated above. This shall not affect the legality of the data processing performed prior to the revocation of consent.

Right to revoke consent:

You can revoke your consent at any time. The legality of any data processing which took place prior to the revocation shall not be affected.

Right to appeal through a controlling authority:

You have the option of contacting the aforementioned data privacy officer or a data protection agency, if you believe that the processing of your personal data violates the General Data Protection Regulation.

See here for a list of the data protection agencies:

https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

2. Information for current and potential customers

2.1.  Voluntary basis of data provision

Personal data is always provided on a voluntary basis. However, in order to conclude and implement the business relationship, it is necessary for us to process certain per-taining to you.

2.2.  General data from the business relationship

We process the data which you provide us in conjunction with our business relationship. In particular, this includes the following data:

Contact information of the customer's contact person, particularly their title, name, business address, phone number and email address; bank account details and invoicing information, master data changes made by you, e.g. address changes

2.3.  Data from other sources

We do not process personal data from publicly available sources (e.g. commercial registers, public agencies, Internet) unless this is legally permissible, for example because it is necessary in order for us to provide our services.

In particular, this includes the following data:

Name and business address of the CEO and shareholder, if available from public sources and commercial registers.

2.4.  Purpose and legal bases for data processing

We collect and process your aforementioned personal data as necessary for the acceptance and performance of our contractual obligations to you (Article 6 Sect. 1 lit. b GDPR). For instance, we process your contact information in order to establish contact for the purpose of concluding a contract. If you establish a business relationship with us as a prospective customer, supplier or customer, we will save or otherwise process your contact information as well as information pertaining to business transactions and communication with you.

We also process your personal data where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, or in order to enforce legal claims and defend against claims in legal disputes (Article 6 Sect. 1 lit. f GDPR). In line with contract performance, we have a legitimate interest in processing the data, e.g. in order to perform credit checks or sanctions list checks and collect debts, including in partnership with debt collectors.

We also process your data where processing is necessary for compliance with a legal obligation on our part (Art. 6 Sect. 1 c GDPR).

2.5.  How are my data transferred?

Your data are processed and shared exclusively for the purpose of meeting contractual, business and/or legal obligations. We use processors in order to provide special services. Your data are transferred to them strictly in accordance with the obligation of confidentiality and the terms of the GDPR. As a globally active corporation, in conjunction with our business relationships, we transfer personal data to subsidiaries and other recipients, including outside of the EU, as legally permissible. Potential categories of recipients include: shipping service providers, collection service providers, financial and tax authorities, police and investigative authorities (with valid legal basis), regulatory bodies (if the transfer is legally required), insurance providers, banks and credit institutions (payment processing, auditors, printing service providers).

2.6.  How long will my data be stored?

We only process and store your personal data for as long as necessary in order to fulfil our contractual, legal or in-process obligations. If there is no longer a legal basis for storing the data, it will be deleted. This includes the legal retention requirements of 6 and 10 years for accounting and tax reasons.

3. Information for job applicants

We use your data exclusively for the purpose of the job application. Throughout the application process, you have clearly defined rights: Your application documents will only be viewed by those staff who process applications and those who make hiring decisions. Unless you first agree to be added to our applicant pool, your application will not be forwarded within our company, e.g. for other vacancies. If you are not hired, we will delete your data within six months from the date of the decision. If you are hired, we will copy the relevant data to your personnel files.

3.1.  Protection of applicant data by the Controller

Your personal data is any information which is or can be associated with you, in particular an identifier such as a name or an applicant number, which can be used inhouse to identify you.

3.2.  Where do my data come from and which data are processed?

Through your application (as a hard copy and/or electronic), the Controller obtains information. These are data which you yourself provide us as part of your application. In particular, this includes the following data:

image data, name, address, date of birth, city of birth, information on primary schooling and vocational training, continued education and qualifications, certifications, etc.)

3.3.  Purpose and legal basis for data processing

We need your data in order to decide whether or not to hire you (§26 Sect. 1 BDSG (German Federal Data Protection Act). This means that we need your data for the purpose of potentially hiring you and shall use it accordingly. In individual cases, we can request your consent (Art. 6 Sect. 1 a GDPR) to the processing or transfer of your data. For example, we might do this in order to store your application for a longer period or in order to consider your application for a different position within our company or at another subsidiary. In such cases, your agreement is voluntary and can be revoked by you for the future at any time.

We also process your data where processing is necessary in order to enforce legal claims and defend against claims in legal disputes and is required for compliance with a legal obligation on our part (Art. 6 Sect. 1 c GDPR).

3.3.1.  How are my data transferred?

As a global corporation/group of companies, we might wish to forward your applicant data to other companies in our corporation/group. In such cases, before transferring the data, we will obtain your permission to process and transfer your data. The recipi-ents of personal data are service providers of our online application portal, human re-sources service providers and tax consultants. 

3.3.2.  Where and how long will my data be stored?

Applicant data are stored and processed in personnel data processing systems. Applicant data can only be accessed by authorised persons. Your personal data are only store to the extent necessary in order to initiate or implement an employment relationship. If no contractual relationship is established, we shall retain your application data for a maximum of six months for the purposes of demonstrating compliance with the German General Act on Equal Treatment (AGG). If a contractual relationship (=hiring) is established, we will transfer the necessary information to your personnel files.

4. Information for employees

4.1.  Voluntary basis of data provision

The processing of personal data in conjunction with the employment relationship is largely subject to compliance with contractual requirements stipulated in the employment contract and regulatory tasks imposed on the employer (controller) in order to fulfil a legal obligation.

4.2.  Data from the employment relationship

We process data which you provide to us in conjunction with the employment relationship but also data generated in conjunction with the employment relationship. In particular, this includes the following data:

  1. Business contact information, particularly title, name, business address, phone number, mobile number and email address; personnel number and access data for information and communication systems
  2. Personal contact details, particularly home address, personal phone numbers, personal email address, emergency contact information
  3. Personal information (e.g. date of birth, marital status, health information, bank account details, etc.)

Data from the employment relationship (e.g. information on employment status and position, employment contract start date, salary information, citizenship and nationality, qualification information, etc.)

4.3.  Legal bases

We collect and process your personal data in conjunction with the employment relationship (§ 26 BDSG (German Federal Data Protection Act)) in order to fulfil our contractual and legal obligations (Article 6 Sect. 1 lit. b and c GDPR).

In addition, we also process your personal data where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Article 6 Sect. 1 lit. f GDPR), e.g. in the implementation of measures to secure our operational infrastructure in the use of login data or the verification of communication data by vulnerability scanners (virus scanners, spam filters, etc.), to implement measures to improve and develop services and products, telematics data, criminal investigations, to use your data in anonymised or pseudonymised form for analysis purposes.

In individual cases, we can request your consent (as per Art. 6 Sect. 1 a GDPR or Art. 9 Sect. 2 a GDPR) to the processing or transfer of your data. For example, we might do so before preparing employee photos or adding an entry to a birthday list.

4.4.  How are my data transferred?

Within the corporate group, we process your data in conjunction with centrally available infrastructure services (electronic communication networks and services, security technologies) in order to ensure the availability of the networks and services, in order to ensure functionality (availability, confidentiality, authenticity and integrity) and in order to identify and rectify faults. In individual cases, also: printing service providers for payroll, financial and tax authorities, police and investigative authorities (only with valid legal basis), regulatory bodies (if transfer is legally required), insurance providers, banks and credit institutions (payment processing), auditors and suppliers as well as contract partners.

4.5.  How long will my data be stored?

We only process and store your personal data for as long as necessary in order to fulfil our contractual, legal or in-process obligations. The legal retention requirements based on social insurance, accounting and tax purposes are typically limited to 10 years from the time you leave the company.

Mosca's road to the future!
Social Bookmarks