Data privacy

Privacy Notice of
SAVANNA Ingredients GmbH

On this website we, SAVANNA Ingredients GmbH, inform you about our offer. The protection of your personal data is very important to us. Our company therefore collects and processes your personal data exclusively within the framework of data protection regulations. On this page we inform you acc. Art. 13, 14 EU General Data Protection Regulation (GDPR) on the processing of your personal data.

Controller – responsibility and contact:

SAVANNA Ingredients GmbH
Duerener Strasse 67
50189 Elsdorf
Germany

Phone: +49 (0) 2274 701-438
e-mail: info@savanna-ingredients.com

You can reach our data protection officer via:
e-mail: datenschutz@savanna-ingredients.com

External service provider

We also benefit from the advantages of a society and corporate world based on the division of labour. In terms of data processing, this means that we do not carry out all data processing in-house, but rather work in part with external service providers:

When operating the website with its wide range of services, we work together with external service providers which we have carefully selected and obligated in accordance with the legal requirements pursuant to Art. 28 GDPR. Our web pages are hosted by the Manitu GmbH in Germany. Manitu GmbH operates its own computer centre at its German corporate location (St. Wendel Saarland) and does, within the scope of the hosting services provided to us, not transfer any personal data to third parties.

Furthermore, eukalyptusdesign GbR, based in Cologne, also has access to the server log files since it has access to the server. eukalyptusdesign GbR takes care of the design and technical implementation of this website and thereby doesn’t transfer any of your personal data to third parties. We will under no circumstance transfer your personal data to countries outside the European Economic Area by ourselves.

Transfer of your Personal Data within the Group

SAVANNA Ingredients GmbH is part of the corporate group of Pfeifer & Langen GmbH & Co. KG. The IT services are provided by the sister company ISG Informatik Service Gesellschaft mbH by way of order processing on the basis of an order processing contract pursuant to Art. 28 GDPR.

I. Website

When you visit this website and use the various offers, we process your personal data as described in detail below.

1. Server log files

Every time you visit our website, your web browser automatically transfers data produced upon your access (so-called server log files), which we process in order to guarantee system security and to compile usage statistics.

These are used to transmit the following data to us:

  • time of your visit request,
  • the page from which you are visiting us (referrer URL),
  • the subpages visited,
  • the names of the requested files,
  • your IP address,
  • the data volume,
  • the browser you are using.

This data is required to ensure system security, e.g. to identify and block the attacker in a hacker attack. This is in our overriding, legitimate interest in averting attacks and avoiding data loss (Art. 6 (1) 1 lit. f) GDPR).

These data may also be used for an evaluation for statistical purposes (scope of use and user behavior, e.g. total visits to our website in one month and related to various sub-pages), which we use to optimize the design of the website. This is also in our overriding, legitimate interest (Art. 6 (1) 1 lit. f) GDPR).

We delete or anonymize this data record no later than 45 days after your visit to our website.

2. Cookies

We do not use any cookies when you visit our website.

3. Newsletter

If you would like to receive the newsletter offered on the website, we need your email address. If you enter this in the registration form and send it to us, we will record your email address, the time of sending, the associated IP address and which of our pages you registered on.

In order to ensure that you would like to subscribe to the newsletter, we use the double opt-in procedure to verify your email address: After you have registered as a subscriber on our website, we will send you a confirmation-Mail. The address will only be actively included in the mailing list if you click on the dedicated link to confirm that you actually want to receive our newsletter. We record the time of your confirmation. If you do not click the confirmation link, we will delete the data recorded during registration after 7 days.

We use this data exclusively for sending our newsletter and to prove that you have consented to receiving the newsletter. The legal basis for sending the newsletter is your consent (Art. 6 Abs. 1 Satz 1 a EU-DSGVO) and our legitimate interest (Art. 6 Abs. 1 Satz 1 f EU-DSGVO) to provide evidence of your consent (dates, IP address, registration website). You can revoke your consent at any time for the future; we enable you to do this in every newsletter via a „unsubscribe“ link stored there, alternatively you can also contact us informally using the data mentioned above. You can object to the processing of your data for legitimate interests at any time in accordance with the explanations under “Rights of data subjects” if there is a particular reason.

We process your data for sending the newsletter, as long as you have not revoked your consent. In addition, we process your data to prove that you have given your consent until the expiry of all limitation and complaint periods, usually up to three years after revocation of your consent (§ 31 OwiG), unless there are longer-term statutory retention requirements.

For the dispatch of the newsletter, we have integrated Sendinblue GmbH, Germany, as an external service provider in accordance with data protection regulations on the basis of an order processing contract. Further information can be found here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go

4. Social media presence (with confirmation)

We use social media offers from Facebook and LinkedIn: on the one hand we maintain company presences there, on the other hand we link to these offers on our website via the corresponding icons.

Through our presentation on the social media platforms Facebook and LinkedIn and the links on our website to our offers there, we enable you to share our offer with others or to contact us and to exchange information about our offer with us. If you click on the respective icon on our website or visit our offers on the social media platforms directly, you can log in to the respective provider with your account and then interact according to the respective social media offer.

When we provide information on social media offerings on our website, such as icons, we always work with the 2-click solution. That means: information from you, usually your IP address, will only be transmitted to these third-party providers when you click on the icon or the link. These icons and links are therefore “deactivated”. We also inform you about corresponding info texts that appear when you click on the corresponding icons or links that lead you to the third party offer.

If you click on an icon, you will be redirected from our website to our presence at the respective social media provider and your data will be transmitted to this third party. This usually covers your IP address, but not the page from which you come, based on our referrer policy. This also applies if you do not have your own account with the respective provider or are not logged in. If you have your own account, the provider will regularly link the information to your account, possibly even if you are not logged in.

We have no control which personal data these third-party providers collect and how they deal with the data when you use the social media platforms. We are not aware of this either.

Facebook usage evaluation

We use usage reports transmitted by Facebook („page insights“) to continuously improve our Facebook page. This data is only collected by Facebook and transmitted to us if you have a Facebook account and visit our page on Facebook. Insofar, we jointly control data processing together with Facebook. We have concluded an agreement with Facebook that transparently determines the respective responsibilities (Art. 26 GDPR; available at https://www.facebook.com/legal/terms/page_controller_addendum). The essential content of this agreement is that Facebook is primarily responsible for the processing of visitor data and fulfills all relevant obligations of the GDPR with regard to the processing of visitor data (including but not limited to the fulfillment of the rights of the data subject). Below we show you where you can get more information about data processing on Facebook.

Legal basis

Through our social media offers, including links to them, we enable you to receive even more attractive offers from us on other channels and to communicate directly on these platforms and with their users. We make our website and our information offer more attractive and interesting for you. The use of social media offers is therefore in our legitimate interest (Art. 6 (1) 1 lit. f) GDPR). By actively clicking, you can decide yourself whether your personal data will be transmitted to the third party providers. The evaluation of the analyzes transmitted to us by Facebook (“page insights”) is also in our legitimate interest (Art. 6 (1) 1 lit. f) GDPR). The usage data is provided via Facebook in anonymous form.

Data processing by third parties

For the rest, we cannot influence which personal data these third-party providers collect and how they deal with the data. We are not aware of this either. Please note that the providers are based outside the EU and your data will therefore probably be transferred to third countries for which an adequate level of data protection is not necessarily guaranteed. You can obtain further information on the handling of your data from the respective third-party providers:

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, data protection declaration: https://de-de.facebook.com/about/privacy/, Cookie information: https://de-de.facebook.com/policies/cookies

LinkedIn, Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, data protection declaration: https://www.linkedin.com/legal/privacy-policy
The parent companies of the social media providers are based in the United States. Insofar as personal data is transmitted there, a sufficient level of data protection is ensured via the EU-US Privacy Shield under which the providers are certified (list available at https://www.privacyshield.gov/list).

5. No profiling

Savanna Ingredients GmbH does not use “profiling” on this website. Profiling describes a fully automated data processing that aims to assess a person (e.g. in terms of their personal preferences) or to analyze or predict their behavior.

6. Contact: e-mail form

You can contact us in different ways, for example by telephone or e-mail. You will find the contact addresses on our website, where we also link our e-mail address. If you click on the specified e-mail addresses on our website, your e-mail program will open and you can send us a message to our pre-registered e-mail address. We have no influence on the data processing by the e-mail program you use. We only create a link to your e-mail program.

We process the information that you send to us in order to process your contact requests. We do not pass on this information to third parties, unless this is absolutely necessary for the processing of your request. We will delete the personal data processed in the context of our correspondence after your request has been processed, unless legal storage obligations or rights require longer storage. For example, longer storage may be necessary, if we establish a business relationship, start a contract or if we are legally obliged to retain it due to the nature of the information exchanged, for example in the case of commercial letters.

This processing of the information you provide to us is in our legitimate interest (Art. 6 (1) 1 lit. f) GDPR), otherwise we could not handle your request. Depending on the issue, processing is also carried out to initiate a contract (Art. 6 (1) 1 lit. b) GDPR) or to fulfill legal obligations (Art. 6 (1) 1 lit. c) GDPR).

7. Data security

In order to protect your personal data in the best possible way, we use technical and organizational security measures with TLS encryption (https standard), which are also adapted to reflect the current state of the art in terms of risk.

II. Information on data protection law regarding the processing of applicant data

We also process your personal data for submitted application documents and other data collected in the course of the application process, which can be assigned to you personally as an applicant. The submission of such application documents (whether for advertised positions or initiative applications) is completely voluntary for you and is not a prerequisite for the use of the website.
If you click on our job advertisements under „Jobs“, you will be redirected to an applicant portal through which you can send us your application documents.
Processing of your personal data is particularly permitted in this context if this is necessary for the decision on establishing an employment relationship or after establishing the employment relationship for its implementation or termination (Section 26 (1) BDSG, Art. 6 (1) 1 lit.b) GDPR). The same applies insofar as data processing is necessary to protect the legitimate interests of SAVANNA Ingredients GmbH for purposes other than the employment relationship and there is no reason to assume that your legitimate interest as the data subject outweighs the exclusion of processing or use (Art. 6 (1) 1 lit. f) GDPR

1. Application for an advertised position

In order for us to be able to participate in the application process for a specific position, we need application documents that are customary and meaningful and inform us of your personality profile and your qualifications. As a matter of principle, we only use your application documents to decide whether to fill the position for which you have expressly applied. For this purpose, we will evaluate your application documents in the HR department and forward them to the possible future manager. In addition, the management, who also receives your application documents, is involved when filling managerial positions. We process your application documents electronically in our e-mail system and, if necessary, also by using printouts or copies (paper form). In the course of the application process, further personal data can be collected from you personally, from generally accessible sources or from former employers and trainers for this information purpose. The legal basis for data processing in this case is Article 6 (1) 1 lit. b) GDPR, Section 26 (1) BDSG. Because without the processing, we would not be able to carry out the job filling procedure.
In addition, we are legally obliged to subject your person to a so-called „sanctions list check“ or a so-called „anti-terror screening“. In doing so, we compare the personal details you have provided to us with the sanction lists of the EU and the USA. This check is carried out to fulfill a legal obligation (Art. 6 Para. 1 S. 1 c) EU GDPR; VO 2580/2001 / EG and VO 881/2002 / EG). If the application process does not result in your being hired, we will delete and destroy your applicant data as soon as a period of six months has passed after you or our company have given you a final rejection.
Should an application process lead to a hiring, we will include your application documents in your personnel file as far as necessary on the basis of Art. 6 (1) 1 lit. b) GDPR, Section 26 (1) BDSG, in order to inform about your personality profile and your qualifications for the purpose of the employment relationship. In this case, your application documents will only be deleted and destroyed when your employment relationship is terminated and a further three years have passed since the end of the year in which the employment relationship ended.

2. Initiative applications

If you submit an initiative application that does not relate to a specific position, we can use your application documents in the context of staffing decisions for all eligible positions. For this purpose, we will first evaluate your application documents in the HR department and then involve colleagues from the department or departments and send them your documents in which a later job is considered. We process your application documents electronically in our e-mail system and, if necessary, also by using printouts or copies (paper form). As soon as your application documents have been consulted for a recruitment process, we can collect further personal data from you personally, from generally accessible sources or from former employers and trainers in order to inform us in more detail about your personality profile and your qualifications. The legal basis for this data processing is Art. 6 (1) 1 lit. b) GDPR, Section 26 (1) BDSG.
We will regularly delete and destroy your applicant data after a period of one year from the receipt of your initiative application, but not before a six month period has elapsed in all application processes to which your application documents have been consulted, after you or our company has finally given up has passed. Should an application process lead to a hiring, we will include your application documents in your personnel file as far as necessary on the basis of Art. 6 (1) 1 lit. b) GDPR, Section 26 (1) BDSG, in order to inform about your personality profile and your qualifications for the purpose of the employment relationship. In this case, your application documents will only be deleted and destroyed when your employment relationship is terminated and a further three years have passed since the end of the year in which the employment relationship ended.

3. Applications via our career platform

You can apply online using the platform available on our website under “Jobs”.
You are required to provide your first and last name, e-mail, telephone and your application documents, as we need this data to process your application. You can also voluntarily state your title, home address, start of work and salary expectations, as well as information as to whether you are internally applying for an advertised position.
This data is recorded electronically via the career platform and transmitted to us. To do this, we use the services of P&I Personal & Informatik AG, Wiesbaden, which we have integrated as a processor within the meaning of Art. 28 GDPR in compliance with data protection regulations.
P&I AG processes personal applicant data within the EU and, exceptionally, in Switzerland, whereby an adequate level of data protection within the meaning of Art. 45 GDPR is guaranteed on the basis of the adequacy decision issued by the EU Commission for Switzerland.
After submitting the application data, you will receive a confirmation email as well as login information with which you can log into the career platform and find out about the status of your application. There you will see the job posting to which you have applied.
In addition, we process your application documents for the internal review and processing of your application electronically in our e-mail system and, if necessary, additionally by using printouts or copies (paper form).

III. Rights of data subjects

Insofar as your personal data is processed, you have various data protection claims against us. In accordance with Section 34 BDSG, Art. 15 GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, access to the personal data and the specific information, esp. about their origin, the recipients or categories of recipients to whom the data are passed on, and the purpose of the processing.

In addition, you may have the right to rectification, erasure or restriction of processing of your personal data in accordance with Section 35 BDSG, Art. 16 – 18 GDPR. In addition, you can request the transfer of the data to another responsible body in accordance with Art. 20 GDPR.
You can also object to the further processing of your data if we process your data in terms of a legitimate interest (Art. 6 (1) 1 lit. f) GDPR). If we do not process your data for advertising purposes, this requires a reason that results from your particular situation. In the event of an objection, we will no longer process your personal data from the time of receipt during the subsequent check and will delete it after the check has been completed – if the objection is justified (Section 36 BDSG, Art. 21 GDPR).

You can revoke any given consent to data processing (Art. 6 (1) 1 lit. a) GDPR) at any time. We will then no longer process your personal data unless there is a legal permission to do so.

An objection or revocation does not affect the admissibility of data processing in the past.

We will fulfill your rights immediately and free of charge. To do this, please contact us or our data protection officer; our contact details can be found at the beginning of this privacy policy.

Finally, according to Art. 77 EU GDPR, Section 19 BDSG, you have the right to lodge a complaint with any responsible data protection supervisory authority. For us responsible is: LDI NRW, Kavalleriestraße 2-4, 40213 Düsseldorf, www.ldi.nrw.de

Status of this privacy policy: Aprl 2021