Data privacy

Privacy Policy

General

In the below statement we would like to inform you about when, how and which personal data we collect and how we handle the collected data. You can use the navigation menu to quickly and easily find the information you are looking for. We collect and process your personal data in accordance with national and European laws, in particular the German Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (EU-GDPR) as well as the Telecommunications Telemedia Data Protection Act (TTDSG). If you have any further questions about data protection at SAVANNA Ingredients, please contact us at one of the telephone numbers, fax numbers or e-mail addresses listed below.

Entity responsibility for data processing

SAVANNA Ingredients GmbH
Duerener Strasse 67
50189 Elsdorf
Germany

Phone: +49 (0) 2274 701-400
e-mail: info@savanna-ingredients.com

Our data protection officer

2B Advice GmbH, info@2b-advice.com

Websites

In this section you will find information on data collection, data processing, data deletion, data security and involvement of third-party providers in connection with your visit to our website www.savanna-ingredients.com.

1. Server log files

Your browser automatically transmits access data (so-called „server log files“) to our server each time you visit one of our websites. The server log files contain the following information:

  • the time of your visit,
  • the page from which you visit us (referrer URL),
  • the subpages visited,
  • the names of the requested files,
  • your IP address,
  • the data volume,
  • the browser you are using and

We need the aforementioned information to ensure system security and to compile usage statistics. Both purposes are in our overriding legitimate interest (Art. 6 I 1 f EU-GDPR). The respective data record will be deleted immediately after the respective purpose ceases to apply, but no later than 90 days after its collection.

2. Newsletter

On our website we offer you to register for our newsletter. In the course of registration, we request your e-mail address in order to be able to send you the newsletter. If you enter this in the registration form and send it, we record, in addition to your e-mail address, the time of sending, the associated IP address and on which of our pages exactly you have registered.
To ensure that you want to subscribe to the newsletter yourself, we use the so-called double opt-in procedure to verify your e-mail address: After you have registered as a subscriber on our website, we will send you a confirmation e-mail. Only if you confirm that you actually wish to receive our newsletter by clicking on the link contained in this e-mail, will the address be actively added to the distribution list. We record the time of your confirmation. If you do not click the confirmation link, we will delete the data collected during registration after seven days.

The collection and processing of your e-mail address is based on your consent (Art. 6 I 1 a EU-GDPR). The legal basis for the proof of your consent (times, IP address, registration website) is our legitimate interest (Art. 6 I 1 f EU-GDPR). The data is processed solely for the purpose of delivering the subscribed newsletter. For the dispatch of our newsletter, we use external service providers that we have carefully selected and obligated in accordance with the requirements of data protection law by means of order processing contracts pursuant to Art. 28 EU-GDPR and whose activities we monitor. These service providers are based in Germany or in the EU.

You can revoke your consent at any time by unsubscribing from the newsletter you have subscribed to. We process your data for sending the newsletter as long as you have not revoked your consent. In addition, we process your data for the purpose of proving that you have given your consent until the expiry of all periods of limitation and complaint periods, generally up to three years after revocation of your consent (§ 31 OWiG), unless there are longer-term statutory retention obligations.

3. Data security

In order to protect your personal data as best as possible when you visit our website, we use SSL encryption (https standard). This also applies to the transmission of data using the contact form. This type of encryption is a risk-appropriate and state-of-the-art technical and organizational security measure.

4. External service providers

For the provision and operation of our website we work with external service providers that we have carefully selected and obligated in accordance with the data protection requirements by means of order processing contracts pursuant to Art. 28 EU-GDPR and whose activities we monitor. These service providers are based in Germany or in the EU.

5. Linking to external content

Insofar as our website link to third-party websites we point out that we are not responsible for the content provided by the other providers and have no influence on the type and scope of data collection and data processing on the corresponding website. Please inform yourself in this regard on the respective website.

Social media

If you publish data or content (for example, comments, videos, images or likes) on our social media presences (Facebook, LinkedIn, XING), these will be used exclusively for the purpose of our public relations work. Processing for the purpose of publicity is in our legitimate interest (Art. 6 I 1 f EU-GDPR). You can delete this data or content in accordance with the respective terms of use of the respective platform. Storage and processing of the personal content outside the respective social media platform does not take place.

We use services of the respective providers to evaluate the use of our company profiles and thereby improve our appearance and the respective offer. These are the following services:

  • XING Brand Manager
  • LinkedIn Analysis
  • Facebook Page Insights

When you visit our company profiles, we process your data collected by means of the respective service as jointly responsible parties together with the respective provider. This data includes information about your visit or your interaction on or with our fan page, which can be related to you and can therefore be personal data. The legal basis for the data processing within the scope of our responsibility is insofar our legitimate interest within the meaning of Art. 6 I 1 f EU-GDPR in opening a platform for exchange with you as well as in the evaluation of who visits our Fanpage in order to be able to align our content accordingly. By actively clicking, you can decide yourself whether personal data will be transmitted to the third-party providers.

The respective provider undertakes to us to fulfill your rights as a data subject under Chapter 3 of the EU-GDPR. You can obtain further information on the processing of your personal data within the scope of the respective services under the following links:

Cookies may also be set by the provider on the respective company profile. The processing of data collected by means of cookies is not our responsibility. Please note that we have no insight into these types of data processing.

Please also note that the providers Meta and LinkedIn are located outside the EU and your data will therefore probably be transferred to third countries for which an adequate level of data protection is not necessarily ensured. You can obtain further information on the handling of your data from the respective third-party providers:

In particular, since the parent companies are US companies, information may also be transferred to the USA. In the event of a possible transfer of data to US servers of Meta Platforms (Facebook) and LinkedIn, an appropriate level of data protection is ensured through the widest possible use of standard contractual clauses recognized by the EU Commission. You can request a copy of the standard contractual clauses used by Facebook at the following link: https://www.facebook.com/help/566994660333381/, from LinkedIn at: https://de.linkedin.com/legal/l/dpa. Furthermore, we ask you to use these tools only if you agree to the possible transfer of data to the USA despite a possible inadequate level of data protection there (Art. 49 I 1 a EU-GDPR).

When you apply to us

We are pleased if you send us your application. We collect and process the personal data submitted in the application documents on the basis of your consent (Art. 6 I 1 a EU-GDPR) and for the purpose of deciding whether to establish an employment relationship (Art. 6 I 1 b EU-GDPR). If we contact you following an application, you can find out here how we handle the contents of the communication.

1. Position advertised

If you apply for a specific, advertised position, we will only process your application documents for the purpose of deciding whether to fill the position to which the application relates. In the course of the application process, further personal data may also be collected and processed from you personally, from generally accessible sources or from former employers and trainers (Art. 6 I 1 b EU-GDPR). In addition, we are required by law to subject your person to a so-called „sanctions list check“ or a so-called „anti-terror screening“. In this process, we compare the personal data you have provided with the sanctions lists of the EU and the USA. This check is carried out to fulfill a legal obligation (Art. 6 I 1 c EU-GDPR; VO 2580/2001/EG and VO 881/2002/EG).

If the application process does not lead to your employment, your personal data will be deleted after six months, calculated from the time the position is filled. If the application process leads to your employment, the data collected, including your application documents, will be included in your personnel file (Art. 6 I 1 b EU-GDPR) and will be processed in accordance with our internal requirements.

2. Unsolicited applications

Applications that do not relate to a specific position (unsolicited applications) are processed for the purpose of deciding whether to fill all vacancies that match your qualifications (Art. 6 I 1 a, b EU-GDPR). In the course of the application process, further personal data may also be collected and processed from you personally, from generally accessible sources or from former employers and trainers (Art. 6 I 1 b EU-GDPR). In addition, we are required by law to subject your person to a so-called „sanctions list check“ or a so-called „anti-terror screening“. In this process, we compare the personal data you have provided with the sanctions lists of the EU and the USA. This check is carried out to fulfill a legal obligation (Art. 6 I 1 c EU-GDPR; VO 2580/2001/EC, VO 881/2002/EC and VO 2017/1420/EU).

Your personal data will be deleted after one year, calculated from the date of receipt of your application, unless they are still the subject of ongoing application procedures. If none of the application procedures leads to your employment, your personal data will be deleted after six months, calculated from the date on which the last position for which we considered you was filled. If an application procedure leads to your employment, the data collected, including your application documents, will be included in your personnel file (Art. 6 I 1 b EU-GDPR) and will be processed in accordance with our internal requirements.

3. Disclosure of your applicant data

Personal data that you provide to us in the course of an application and / or that we collect from generally accessible sources or from former employers and trainers will be processed exclusively by us. Data will only be passed on to affiliated companies of the Pfeifer & Langen group of companies if and insofar as you expressly express this wish in your application (Art. 6 I 1 a EU-GDPR).

4. Applications via our career platform

You can apply online via the platform accessible on our website under „Jobs“.

You are required to provide your first and last name, e-mail, telephone and your application documents with your salary expectations, as we need this data to process your application. You can also voluntarily provide your title, home address and start date, as well as information on whether you are applying internally for an advertised position. This data is recorded electronically via the career platform and transmitted to us. After submitting the application data, you will receive a confirmation e-mail.

In addition, we process your application documents for the internal review and processing of your application electronically in our e-mail system and, if necessary, additionally through the use of printouts or copies (paper form).

For the provision and operation of our career platform, we work together with external service providers that we have carefully selected and obligated in accordance with data protection requirements through order processing contracts pursuant to Art. 28 EU-GDPR and whose activities we monitor. These service providers are based in Germany or in the EU.

5. External career platforms and professional social networks

Insofar as we place job advertisements on external career platforms and you apply via the functions available there, we receive your documents from the operators of the corresponding platform. As soon as we have received your personal data, we process it in the manner just described. No further cooperation will take place. Please note that we have no influence on the data collection and data processing by the provider of the respective career platform. Please inform yourself on the respective platform about the type and scope of the data collection and data processing there.

We also use our accounts on external career platforms and professional social networks to search specifically for suitable candidates and to contact them. When we view your profile and / or contact you via the platform, we only use the existing functions of the platform and take note of the personal data you provide there. If we export your personal data from the platform (for example, via a download function offered on the platform), we process this data in the same way as documents that you have sent us for the purpose of a speculative application.

Contact and cooperation

We are pleased that you are seeking contact with us or working with us as a business partner. In this section you will find information on data collection, data processing, data deletion, data security and involvement of third-party providers in connection with a business contact.

1. Data collection, data processing and data deletion

In the course of business contact, we regularly collect and process the following personal data:

  • Full name
  • Professional contact details (address, telephone, e-mail, position, position in the company)

In addition, we ask you for further information about yourself in individual cases, for example private contact data or dates of birth, although we limit such queries to the absolutely necessary minimum. In particular, we make sure that there is a technical or organizational necessity behind any additional data requested.

If you communicate with us via portals or software applications, the IP address of the device from which you access the portal or software application is also collected. This collection happens automatically and without your intervention. You can find out whether and which cookies such portals or software applications set on your end device via the cookie banner of the respective application.

We process your personal data in particular for the initiation of future or implementation of existing business relationships (Art. 6 I 1 b EU-GDPR) as well as for the implementation of anti-terror checks and sanctions checks of our business customers, suppliers and service providers to the extent required by law (Art. 6 I 1 c EU-GDPR, VO 2580/2001/EC, VO 882/2002/EC, VO 2017/1420/EU). Other purposes may be added depending on the individual case.

Your personal data will be deleted without delay as soon as the processing purpose for which it was collected has ceased to exist. Insofar as data is subject to statutory retention obligations in individual cases, it will remain stored until the expiry of the respective retention period and will then be deleted.

2. Sharing your data

Data is only exchanged with other companies of the Pfeifer & Langen Group to the extent that we use them to fulfill obligations arising from contracts concluded with you (Art. 6 I 1 b EU-GDPR) or if this is in our overriding, legitimate interest in an individual case (Art. 6 I 1 f EU-GDPR).

Your personal data may be disclosed to authorities and courts as well as to lawyers, auditors, tax consultants, management consultants and similar service providers who are bound by legal secrecy.

3. External service providers

Your personal data is stored in our IT systems. Insofar as we use external service providers to provide our IT infrastructure, individual IT applications and / or data processing, we select them carefully, monitor their activities and oblige them in accordance with the data protection requirements by means of order processing contracts pursuant to Art. 28 EU-GDPR. A transfer to countries outside the EU usually does not take place. Should this occur in individual cases, we ensure an appropriate level of data protection in accordance with Art. 44 et seq. EU-GDPR at the recipient.

Your right vis-à-vis SAVANNA Ingredients

In this section, you will learn what rights you have when and to the extent that we collect and process your personal data. Please note that we will comply with your legitimate requests as soon as possible and that there is no charge or fee for doing so. Please exercise your rights at the following address: datenschutz@savanna-ingredients.com

According to Art. 15 EU-GDPR, you can request information from us about the data stored about you and its origin, the recipients or categories of recipients to whom we pass on data, and the purpose of the processing.

According to Art. 16 – 18 EU-GDPR, you may have a right to rectification, erasure or restriction of the processing of your personal data in individual cases. In addition, according to Art. 20 EU-GDPR, you may request the transfer of the data to another controller.

In addition, you may have a separate right to object to the processing of your data pursuant to Art. 21 EU-GDPR if and to the extent that we base this processing exclusively on an overriding legitimate interest (Art. 6 I 1 f EU-GDPR); if we process your data for direct marketing purposes, you have a right to object at any time. In the event of an objection, we will no longer process your personal data from receipt during the subsequent review and delete it after completion of the review – in the event of a justified objection (Art. 21 EU-GDPR).

You can revoke your consent to data collection and data processing (Art. 6 I 1 a EU-GDPR) at any time. In this case, we will not further process your personal data unless such further processing is permitted or required by law.

The aforementioned objections or revocations are effective only for the future and do not render the data collection and data processing in the past inadmissible.

Finally, according to Art. 77 EU-GDPR, you have the right to complain to the competent data protection supervisory authority. The competent authority for us is the LDI NRW, Kavalleriestr. 2-4, 40213 Düsseldorf, www.ldi.nrw.de.

Status of this privacy policy: May 2022