Processing of personal data

Various personal data is collected when you use this website. This refers to data with which you can be personally identified. We take the protection of your personal data seriously. We therefore process your data in accordance with the EU General Data Protection Regulation (GDPR). This privacy policy informs you below about the processing of your personal data and the rights to which you are entitled.

Unless otherwise stated below, the terms "process" and "processing" also include, in particular, the collection, use, storage, disclosure and transmission of personal data (see Article 4 No. 2 of the EU General Data Protection Regulation ("GDPR")).

Responsible person and data protection officer

Mosca GmbH
Mosca 1
69429 Waldbrunn

Represented by: Timo Mosca (Managing Director), Simone Mosca (Managing Director), Alfred Kugler (Managing Director)

Phone: +49 6274 932-0

E-mail: info@mosca.com

You can reach our data protection officer at: datenschutz@mosca.com.

1. your rights [for business partners, applicants and employees]

You have extensive rights with regard to the processing of your personal data.

RIGHT TO INFORMATION:

You have the right to information about the data stored by us, in particular for what purpose the data is processed and how long the data is stored (Article 15 GDPR).
Right to rectification of incorrect data:

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Article 16 GDPR).

RIGHT TO ERASURE:

You have the right to request that we erase the personal data concerning you. These conditions stipulate that you can request the deletion of your data if, for example, we no longer need the personal data for the purposes for which it was collected or otherwise processed, if we process the data unlawfully or if you have legitimately objected to it or if there is a legal obligation to delete it (Article 17 GDPR).

RIGHT TO RESTRICTION OF PROCESSING:

You have the right to request that the processing of your data be restricted. This right exists in particular for the duration of the review if you have disputed the accuracy of the data concerning you and in the event that you wish to restrict processing instead of deletion in the case of an existing right to deletion. Furthermore, processing will be restricted in the event that the data is no longer required for the purposes pursued by us, but you need the data to assert, exercise or defend legal claims and if the successful exercise of an objection is disputed between us and you (Article 18 GDPR).

RIGHT TO DATA PORTABILITY:

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format (Article 20 GDPR), unless it has already been erased.

RIGHT TO OBJECT:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Article 21 GDPR). We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims. If you wish to object to the processing of your personal data, please send us an e-mail or write to the above-mentioned contact address of the controller. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

RIGHT OF REVOCATION:

A given consent can be revoked at any time, whereby the revocation does not affect the legality of the processing carried out until then on the basis of the consent.

RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY:

You have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority.

You can find a list of data protection supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

2. information for business partners and interested parties

2.1 Voluntary nature of the data provided

The provision of your personal data is generally voluntary. However, it is absolutely necessary to process certain data about you in order to conclude and conduct the business relationship.

2.2 General data from the business relationship

We process the data that you provide to us as part of our business relationship. This includes the following data in particular:

Contact details of the business partner's contact persons, in particular title, name, business address, telephone number and e-mail address; bank and billing data; master data changes made by you, e.g. address changes.

2.3 Data from other sources

We only process personal data from publicly accessible sources (e.g. commercial register, authorities, Internet) to the extent permitted by law, for example because this is necessary for the provision of our services.

This includes the following data in particular:

Name and business address of the managing directors and shareholders, as far as available from public sources and the commercial registers.

2.4 Purpose and legal basis of the processing

We collect and process your personal data described in more detail above in the context of entering into and fulfilling our contractual obligations towards you (Article 6(1)(b) GDPR). For example, we process your contact data when you contact us to conclude a contract. By entering into a business relationship as an interested party, supplier or customer (business partner), we will store or otherwise process your contact details and information about business processes and communication with you.

In addition, we process your personal data insofar as this is necessary to protect our legitimate interests or those of a third party or to assert legal claims and defend ourselves in legal disputes (Article 6 (1) (f) GDPR). We have a legitimate interest in processing the data in order to process the contractual relationship, e.g. to carry out credit checks or sanction list checks and to be able to collect receivables, also in the context of commissioning debt collection companies.

In addition, we process your data insofar as this is necessary and required to fulfill legal obligations (Art. 6 para. 1 c) GDPR).

2.5 Will my data be passed on?

The processing and forwarding of data takes place exclusively for the fulfillment of contractual, business or legal obligations. We use processors to provide special services. Your data is passed on to them in strict compliance with the obligation of confidentiality and the requirements of the GDPR. As a globally active group, personal data is also passed on to subsidiaries and other recipients outside the EU as part of our business relationships, in accordance with the legally permissible regulations. Possible categories of recipients are Shipping service providers, debt collection service providers, financial and tax authorities, police and investigating authorities (with existing legal basis), official bodies (if transmission is required by law), insurance companies, banks and credit institutions (payment processing, auditors, printing service providers.

2.6 How long will my data be stored?

We only process and store your personal data for as long as we need it to fulfill contractual, legal or internal process obligations. If there is no longer a legal basis for storage, we will delete the data. This includes the statutory retention obligations of 6 and 10 years for accounting and tax reasons.

3. information for applicants

We use your data exclusively for the purpose of your application. During the application process, there are clear rights of access: only the person responsible and the decision-makers regarding recruitment will see your application documents. Your application will only be passed on, e.g. for other vacancies in our company, with your prior consent for inclusion in our applicant pool. If you are not hired, we will delete your data after six months from the date of rejection. If you are hired, we will transfer the relevant data to your personnel file.

3.1 Data protection of applicant data at the controller

According to Art. 4 No. 1 GDPR, your personal data includes all information that relates or can be related to your person, in particular by means of assignment to an identifier such as a name or an applicant number with which your person can be identified within the company.

3.2 Where does my data come from and what data is processed?

Through your application, the person responsible receives information (either in paper format and/or in digital form). This is data that you provide to us yourself as part of your application. This includes the following data in particular:

Image data, name, address, date of birth, place of birth, details of school and vocational education, further education and training and qualifications, certificates, ...)

3.3 Purpose and legal basis of the processing

Your data is required for the implementation of the decision on the establishment of an employment relationship (§26 para. 1 BDSG). This means that we need and therefore process your data for the purpose of a possible recruitment. In individual cases, we may obtain your consent (Art. 6 para. 1 a GDPR) to the processing or transfer of your data. This may be the case, for example, if your application is kept for a longer period of time or if your application is considered for another position within our company or another Group company. In these cases, your consent is voluntary and can be revoked by you at any time in the future.

In addition, we process your data insofar as this is necessary for the assertion of legal claims and defense in legal disputes and this is necessary for the fulfillment of legal obligations (Art. 6 para. 1 c) GDPR).

3.3.1 Will my data be passed on?

As a globally operating group/group of companies, we may also be interested in passing on your applicant data to other group companies/group companies. In these cases, we will obtain your consent to the processing and transfer of your data before transferring it. The recipients of personal data are providers of our online applicant portal, personnel service providers and tax consultants. 

3.3.2 Where and for how long will my data be stored?

Applicant data is stored and processed in personnel data processing systems. Access to applicant data is designed in such a way that only authorized persons have access. Your personal data will only be stored for as long as knowledge of the data is required for the initiation or, if applicable, execution of an employment relationship. If a contractual relationship is not established, we will store your application data for a maximum of six months for the purposes of AGG verifiability. If a contractual relationship is established (= employment), we will transfer the necessary information to the personnel file.

4. information for employees

4.1 Voluntary nature of the provision of data

The processing of personal data in the context of the employment relationship is largely subject to the fulfillment of contractual requirements from the employment contract and regulatory tasks that are imposed on the employer (controller) to fulfill a legal obligation.

4.2 Data from the employment relationship

We process data that you provide to us in the context of the employment relationship, but also data that arises in the context of the employment relationship. This includes the following data in particular:

1. Business contact data, in particular title, name, business address, telephone number, mobile telephone number and e-mail address; personnel number and access data for information and communication systems
2. Private contact details, in particular private address, private telephone numbers, private e-mail address, contact information for emergencies
3. Personal information (e.g. date of birth, marital status, health data, bank details, ...)

Data from the employment relationship (e.g. information on employee status and position, start of employment, payroll data, citizenship and nationality, qualification data, ...).

4.3 Legal bases

We collect and process your personal data as part of the employment relationship (Section 26 BDSG) to fulfill our contractual and legal obligations (Article 6 (1) (b) and (c) GDPR).

In addition, we process your personal data insofar as this is necessary to safeguard our legitimate interests or those of a third party (Article 6 (1) (f) GDPR), e.g. when implementing measures to secure our operational infrastructure when using login data or checking communication data using vulnerability scanners (virus scanners, spam filters, etc.), implementing measures to improve and develop services and products, telematics data, investigating criminal offenses, using your data anonymously or pseudonymously for analysis purposes.

In individual cases, we may obtain your consent (pursuant to Art. 6 para. 1 a GDPR or Art. 9 para. 2 a GDPR) to the processing or transmission of your data. This may be the case, for example, before taking employee photos or including you in a birthday list.

4.4 Will my data be passed on?

Within the group of companies, we process your data in connection with centrally provided infrastructure services (electronic communication networks and services, security technologies) to ensure the availability of the networks and services, to safeguard functionality (availability, confidentiality, authenticity and integrity) and to identify and rectify faults. Also, depending on the individual case, to: Print service providers for payroll accounting, financial and tax authorities, police and investigating authorities (only if a legal basis exists), public authorities (if transmission is required by law), insurance companies, banks and credit institutions (payment processing), auditors, clients and suppliers as well as contractual partners as required.

4.5 How long will my data be stored?

We only process and store your personal data for as long as we need it to fulfill contractual, legal or internal process obligations. In most cases, the statutory retention obligations for social security, accounting and tax reasons amount to 10 years from the date of leaving the company.