Data Protection LinkedIn

Privacy Policy for the Use of LinkedIn as a Company (LinkedIn Pages)

We are pleased about your visit to our LinkedIn Page Mahler AGS GmbH (https://de.linkedin.com/company/mahler-ags-gmbh, hereinafter also referred to as “Page”) and your interest in our company. In order to offer you the highest possible level of transparency, we would like to inform you below about the type, scope, and purpose of the collection, processing, and storage of personal data that arise in connection with the use of our LinkedIn Page. You can access the General Data Protection Regulation (hereinafter referred to as “GDPR”) as a complete document here.

There is of course no obligation for you to provide us with personal data; however, we would like to point out that this may be necessary for certain functions of our LinkedIn Page and that you may not be able to use these functions at all or only to a limited extent in such cases.

When visiting our LinkedIn Page, personal data is collected, processed, used, and stored not only by us, but also by LinkedIn itself—even if you do not have a LinkedIn profile. This is the company

LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland
Imprint: https://www.linkedin.com/legal/impressum

The parent company of this Ireland-based company is:
LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA
(hereinafter collectively referred to as “LinkedIn”).

As not all individual data processing operations and their scope are known to us in detail, we refer to LinkedIn’s data policy at certain points in this privacy policy:
https://de.linkedin.com/legal/privacy-policy

We expressly point out that when using LinkedIn Pages, personal data may be transferred to the USA. Since the parent company LinkedIn Corporation is a US-based company, a data transfer to a third country (Art. 44 et seq. GDPR) takes place or cannot be ruled out. From a data protection perspective, the USA is considered an insecure third country.

There is currently no data protection level in the USA that is equivalent to that of the EU, which means that your personal data is less well protected and therefore poses a risk to your rights and freedoms. In particular, due to the legal situation in the USA, it cannot be ruled out that government authorities may gain access to data that is transferred to the USA or processed/stored by US companies. Such a legal basis for US authorities is provided by Section 702 of the Foreign Intelligence Surveillance Act (“FISA”), a law that regulates foreign intelligence gathering and counterintelligence in the United States.

In addition to this legal regulation, US companies in the telecommunications sector and “remote computing services” (this includes cloud providers in particular) are subject to the so-called “Cloud Act” (Clarifying Lawful Overseas Use of Data Act). This is a legal clarification stating that the access rights also apply if this data is processed outside the USA, provided that the data is controlled by US companies.

For the USA, an adequacy decision exists under the Trans-Atlantic Data Privacy Framework pursuant to Art. 45 GDPR, which allows U.S. companies to certify and thereby demonstrate that they offer an adequate level of data protection.
LinkedIn Corporation has received corresponding certification for non-HR data and HR data under the Trans-Atlantic Data Privacy Framework.
Information on the various legal remedies against the processing of your data by certified U.S. companies can be found at https://www.dataprivacyframework.gov/s/

Contents

Definitions
Joint Controllers (Article 4 No. 7 GDPR) under Article 26 GDPR
Data Protection Officer – LinkedIn
Legal Basis of Processing
Data Storage / Deletion
Collection of Personal Data
6.1. Purely Informational Use of Our LinkedIn Page (Without Log-in)
6.2. Purely Informational Use of Our LinkedIn Page (With Log-in)
6.3. Use of Special Features on Our LinkedIn Page
Page Insights
Your Rights
Right to Object

1. Definitions
The following terms used in our privacy policy are defined in Article 4 of the GDPR. The following is only an excerpt from Article 4 GDPR. All definitions can be found in the GDPR (available here).

• Personal data (Art. 4 No. 1 GDPR): Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Processing (Art. 4 No. 2 GDPR): Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Pseudonymisation (Art. 4 No. 5 GDPR): Pseudonymisation means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• Controller (Art. 4 No. 7 GDPR): The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• Processor (Art. 4 No. 8 GDPR): A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Third party (Art. 4 No. 10 GDPR): A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• Consent (Art. 4 No. 11 GDPR): Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• Undertaking (Art. 4 No. 18 GDPR): An undertaking means any natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations regularly engaged in an economic activity.

2. Joint Controllers (Art. 4 No. 7 GDPR) under Art. 26 GDPR
Mahler AGS GmbH
Hedelfinger Straße 60
70327 Stuttgart
Phone: +49 (711) 87030-0
Fax: +49 (711) 87030-200
Email: info@mahler-ags.com
You can access our full legal notice here: https://www.mahler-ags.com/de/impressum/

LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
Imprint: https://www.linkedin.com/legal/impressum

The parent company of this Ireland-based business is:
LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

The basis for data processing is an agreement between us and LinkedIn pursuant to Art. 26(1) and (2) GDPR. You can view this agreement at the following link:
https://www.linkedin.com/legal/l/page-joint-controller-addendum
as well as the underlying terms of use at:
https://de.linkedin.com/legal/l/linkedin-pages-terms

Pursuant to Art. 26(3) GDPR, you may assert your rights under this privacy policy both against us and against LinkedIn.

3. Data Protection Officer – LinkedIn
You can contact LinkedIn’s Data Protection Officer here:
https://www.linkedin.com/help/linkedin/ask/TSO-DPO

The contact details of our Data Protection Officer are:
RA Kai Schützle
Schützle Rechtsanwaltsgesellschaft mbH
Gutbrodweg 6/3
74074 Heilbronn
Phone: +49 7131 12087300
Email: datenschutz@ra-schuetzle.de

4. Legal Basis of Processing
For each type of processing described in this privacy policy, we inform you of the corresponding legal basis on which the processing is carried out. The following categories of cases are considered lawful under data protection law:

• You have given us your consent to the processing of your personal data for one or more specific purposes (Art. 6(1)(a) GDPR).
• A contract exists between you and us, and processing is necessary for its performance or to carry out pre-contractual measures at your request (Art. 6(1)(b) GDPR).
• The processing is required to comply with a legal obligation to which we are subject (Art. 6(1)(c) GDPR).
• The processing is necessary in order to protect your vital interests or those of another natural person (Art. 6(1)(d) GDPR).
• The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Art. 6(1)(e) GDPR).
• The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6(1)(f) GDPR).

With regard to data processing by LinkedIn, we refer to LinkedIn’s privacy policy, which is available at: https://de.linkedin.com/legal/privacy-policy,
LinkedIn’s cookie policy: https://de.linkedin.com/legal/cookie-policy,
and the LinkedIn cookie table: https://de.linkedin.com/legal/l/cookie-table.

5. Data Storage / Deletion of Data
For each processing activity described in our privacy policy, we indicate the respective storage duration or the time at which data is deleted or blocked. If no explicit storage duration is specified, data will be deleted or blocked as soon as the purpose or legal basis for storing it no longer applies.

Storage may extend beyond the defined periods if legal regulations to which we are subject (e.g., § 147 AO, § 257 HGB) specify otherwise. After the retention period has expired, personal data will be deleted or blocked unless further storage is required on the basis of a legal provision.

In addition, storage beyond the specified time may take place in the event of (impending) legal disputes with you or other legal proceedings.

Regarding data storage or deletion by LinkedIn, we again refer to LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy,
LinkedIn’s cookie policy: https://de.linkedin.com/legal/cookie-policy,
and the LinkedIn cookie table: https://de.linkedin.com/legal/l/cookie-table.

6. Collection of Personal Data
Below, we inform you about the collection of personal data (such as name, email address, postal address, or user behavior).

6.1 Purely Informational Use of Our LinkedIn Page (Without Log-in)
You can generally access our LinkedIn Page even if you do not have a LinkedIn profile or are not logged into your account at the time of access. However, in this case, certain functions may not be available. We do not collect any data from you in this context. However, please note that data is collected by LinkedIn. At a minimum, LinkedIn collects the personal data that your browser transmits to LinkedIn’s server.

LinkedIn logs usage data when you visit or otherwise use LinkedIn pages, such as viewing or clicking on content or advertisements (on or off LinkedIn websites and apps), performing a search, downloading or updating one of the LinkedIn apps, sharing articles, or applying for jobs via LinkedIn. LinkedIn uses login data, cookies, device information, and IP addresses to identify visitors and record usage.

LinkedIn uses cookies and similar technologies (such as pixels and ad tags) to collect data (e.g., device IDs), identify visitors and users, and may also allow third parties to set cookies.

For further information, please refer to LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy.
In addition, when you visit our LinkedIn Page, LinkedIn places so-called cookies on your device, which allow LinkedIn to create user profiles based on your preferences and interests. This enables LinkedIn to display targeted advertising to you (both on and off LinkedIn).

Further information can be found in LinkedIn’s cookie policy at: https://de.linkedin.com/legal/cookie-policy
and in the LinkedIn cookie table: https://de.linkedin.com/legal/l/cookie-table.
You can manage your cookie preferences and targeted advertising settings on LinkedIn here: https://www.linkedin.com/psettings/guest-controls

Please note that you can prevent the storage of cookies at any time by adjusting your browser settings. We have compiled further information on this for the most commonly used browsers below. However, we also point out that doing so may limit the functionality of our LinkedIn Page.

• Mozilla Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
• Microsoft Edge: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/chrome/answer/95647
• Opera: https://help.opera.com/de/latest/web-preferences/#cookies
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

6.2 Purely Informational Use of Our LinkedIn Page (With Log-in)
If you are registered with LinkedIn and logged into your LinkedIn profile, additional (personal) data is collected by LinkedIn. This may include personal data such as your name, email address, mobile number, general location, potentially payment and billing information, as well as other data. For details on what data LinkedIn processes, please refer to LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy

6.3 Use of Special Features on Our LinkedIn Page / Job Applications
If you contact us via LinkedIn, we will receive a corresponding notification. We process and store the contact data you voluntarily provide in order to handle your inquiry. The legal basis for this is the fulfillment of potential (pre-)contractual obligations and our legitimate interest pursuant to Art. 6(1)(b) and (f) GDPR.

You also have the option to apply for open positions in our company via LinkedIn.
If you submit an application to us, we process the associated personal data (e.g., contact and communication data, application documents, interview notes, etc.) as far as necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and—if you have given your consent—Art. 6(1)(a) GDPR. Consent can be revoked at any time.

Your personal data will only be shared within our company with those individuals involved in processing your application. We also work with an external recruitment agency during the application process, and your application data will be forwarded to this agency. A data processing agreement pursuant to Art. 28 GDPR has been concluded for this purpose.

If your application is successful, the data you submitted will be stored in our data processing systems for the purpose of carrying out the employment relationship, based on § 26 BDSG and Art. 6(1)(b) GDPR.

Data Retention Period
If we are unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you submitted for up to 6 months after the conclusion of the application process (rejection or withdrawal) based on our legitimate interests (Art. 6(1)(f) GDPR). The data will then be deleted and any physical application documents destroyed. The retention serves, in particular, as evidence in the event of a legal dispute.

If it becomes apparent that the data will still be required after the 6-month period (e.g., due to a pending or threatened legal dispute), deletion will only take place once the purpose for continued storage no longer applies.

Longer storage may also occur if you have given your consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

If you interact with content and posts from our LinkedIn Page (e.g., by using the comment function), we also receive a notification. We do not receive any further information or personal data beyond what is publicly visible in your profile and the content of your interaction.

7. LinkedIn Page Insights
Through Page Insights, LinkedIn provides us with statistics about our LinkedIn Page. These statistics include, among others, analyses of our content and its effectiveness, demographic evaluations and sources of followers and visitors, evaluations of reactions from employees and members to recommended content, and more.

For more detailed information about LinkedIn Page Insights and which data is processed, please refer to:
https://www.linkedin.com/help/linkedin/answer/a541972/analysedaten-zu-unternehmensseiten?lang=de
and
https://www.linkedin.com/legal/l/page-joint-controller-addendum

We use these statistics to optimize and tailor our LinkedIn Page to user needs. We do not have access to the usage data collected by LinkedIn via cookies for the purpose of generating these statistics. The legal basis for processing this data is our legitimate interest pursuant to Art. 6(1)(f) GDPR in improving the user experience of visitors to our LinkedIn Page in a targeted manner.

8. Your Rights

Below we inform you about your rights under the GDPR. You can access the full text of the GDPR here.

Right of Access (Art. 15(1) GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to receive information on the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients to whom the personal data has been or will be disclosed (in particular in third countries or to international organisations), the envisaged period of storage or the criteria used to determine that period, the existence of a right to rectification or erasure of personal data or restriction of processing by us, the existence of a right to object to such processing, the existence of a right to lodge a complaint with a supervisory authority, all available information on the source of the data (if not collected by us), the existence of automated decision-making including profiling, and, where applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing.

Right to Rectification (Art. 16 GDPR)
You have the right to request the immediate rectification of inaccurate personal data concerning you and the completion of incomplete personal data.

Right to Erasure (“Right to be Forgotten”) (Art. 17(1) GDPR)
You have the right to request the immediate deletion of personal data concerning you. This right does not apply, however, under Art. 17(3) GDPR if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest, or for the establishment, exercise, or defence of legal claims.

Right to Restriction of Processing (Art. 18(1) GDPR)
You have the right to request the restriction of the processing of your personal data if you contest the accuracy of your personal data (the restriction applies for the period enabling us to verify the accuracy), the processing is unlawful and you oppose the erasure of the data, we no longer need the data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims, or you have objected to the processing pursuant to Art. 21(1) GDPR (the restriction applies pending verification of whether our legitimate grounds override yours).

Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, where the processing is based on consent or on a contract and is carried out by automated means.

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us (or to request a direct transmission from us to another controller, where technically feasible), if the processing is based on your consent or a contract and is carried out by automated means.

Right to Withdraw Consent (Art. 7(3) GDPR)
You have the right to withdraw any consent given at any time with effect for the future. As a result, any data processing based on this consent may no longer be continued in the future. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data relating to you infringes the GDPR. You can usually contact the supervisory authority of your habitual residence, your workplace, or the place of the alleged infringement.
Further information can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information: https://www.bfdi.bund.de

9. Right to Object
In addition to the rights mentioned above, you also have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR) or for the purposes of legitimate interests pursued by us (Art. 6(1)(f) GDPR), with effect for the future.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

If your personal data is processed for the purposes of direct marketing or profiling related to such direct marketing, you have the right to object at any time without providing reasons. In the event of such an objection, we will immediately stop processing your personal data for these purposes.

To exercise your right of withdrawal or objection, please send an email to: info@mahler-ags.com
or contact LinkedIn’s Data Protection Officer using the following form:
https://www.linkedin.com/help/linkedin/ask/TSO-DPO

In the event of discrepancies or contradictions between the German and English versions, only the German version shall be authoritative and legally binding.