Privacy Notice

> Information for applicants

Privacy Policy

1. Preamble

The following paragraphs provide information on which personal data are gathered when using our website and for what purposes. Personal data are all data relating to your identity, e.g. name, address, e-mail address.

2. Name and contact data of the controller and company data protection officer

This data protection information applies to data processed by:

Controller: 

Edel SE & Co. KGaA (hereinafter: Edel),

Neumühlen 17 

22673 Hamburg 

Germany 

Tel.: +4940890850

E-mail: info@edel.com 

The data protection officer appointed by Edel can be contacted at datenschutz@edel.com.

3. Collection and storage of personal data; type and purpose of use 

a) On visiting the website:

It is possible to visit our website without being required to enter personal data. 

When accessing the website, however, information will automatically be sent to our website’s server via the browser used on your end device. This information will be temporarily stored in a logfile. The following information will be collected in this context without any action on your part and will be stored until the next automatic deletion process:

  • the IP address of the computer sending the enquiry
  • date and time of the server enquiry,
  • name and URL of the downloaded file,
  • website from which our website was accessed (referrer URL),
  • browser used and, if applicable, your computer’s operating system and the name of your access provider.

We will process the above data for the following purposes:

  • ensuring smooth connection to the website,
  • ensuring that the website is user-friendly,
  • evaluating system security and stability,
  • improving our offering.

The legal basis for data processing is Art. 6(1) sentence 1(f) GDPR. Our legitimate interest can be derived from the data processing purposes set out above. We will never use the collected data in order to draw conclusions relating to you personally.

We also use cookies and analytics services in connection with visits to our website. For more information, see sections 5 and 10 of this Privacy Notice.

b) On registering for our newsletter 

On our website you have the possibility to register for a newsletter. For the registration we need your e-mail address, as well as first and last name to be able to address you personally in the newsletter. We use the so-called double opt-in procedure, i.e. after your registration we send you an e-mail in which we ask you to confirm that you agree to receive the newsletter and that you have entered your e-mail address in the registration form yourself.

For the dispatch of our newsletters, we use the service “Brevo”, a newsletter dispatch service of SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin. Brevo is a European provider that we have selected in particular also from the point of view of the DSGVO compliance of the newsletter dispatch.

Brevo makes it possible for us to analyze user response to our newsletter mailings, e.g. by displaying whether a newsletter message was opened and which links, if any, were clicked and how often. Brevo also allows us to subdivide newsletter recipients based on various categories and better tailor them to specific target groups.

The provider “Brevo” logs the registrations and double opt-in confirmations during newsletter registration in order to document the registration process. This includes the storage of the registration and confirmation time, as well as the IP address. In addition, the provider collects data via a cookie when our website is called up in order to ensure the technical functionality of the newsletter registration. The collected data is stored on Brevo’s servers in Germany. Brevo uses this information to send and evaluate the newsletter on our behalf. The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Brevo after you unsubscribe from the newsletter. Likewise, any changes to your data stored by Brevo will be logged. If you do not confirm your subscription within 2 weeks, your information will be blocked and automatically deleted after one month.

The processing of your information entered in the form is based on your consent (Art. 6 para. 1 lit. a DSGVO) exclusively for the purpose of sending the requested newsletter. The technically necessary processing of the information retrieved via the cookie is carried out on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) to ensure a functional dispatch of our newsletter.

You can revoke your consent at any time for the future. To do so, use the “Unsubscribe” link provided in our newsletters or contact us directly, e.g. via the mail address datenschutz@edel.com. The legality of the data processing operations already carried out remains unaffected by the revocation.

For more information about the provider, please refer to the privacy policy of Brevo at https://www.brevo.com/de/legal/privacypolicy/.

c) On contacting us via e-mail or the contact form

If you contact us by e-mail or via the contact form provided on our website, we will store the data you provide (your e-mail address, together with your name and telephone number, if applicable) in order to process your request or respond to your questions.

If using the contact form, you are required to give a valid e-mail address in order that we know who sent the enquiry and in order to be able to respond to it. All other information is provided on a voluntary basis.

Data relating to you contacting us is processed on the basis of voluntary consent in line with Art. 6(1) sentence 1(a) GDPR.

We will delete any data collected in this context once storage is no longer necessary (if, for instance, your enquiry has been satisfied) or we limit processing if statutory retention periods apply.

d) Online applications

If you apply to us online for a job using the application form provided on our website, we will process the personal data (application data) you have transmitted to us, including, in particular, your

  • last name, first name
  • address
  • telephone number
  • email address
  • application documents (cover letter, CV, certificates/references etc.)

using application management software provided by rexx systems GmbH, based in Hamburg. Such processing is done exclusively for the purpose of filling vacancies in our company, and your application data will not be used for any other purposes.

We will store your complete application data for a period of six months after the end of the application process. Thereafter, your application data will be automatically deleted if your application for the vacancy to be filled is unsuccessful. Only the following key data will be stored, for the purposes of comparison with previous applications, for 24 months before being deleted: 

  • form of address
  • mode of receipt
  • date of birth
  • country
  • nationality
  • town/city
  • postcode
  • first name
  • your response to the question ‟How did you find out about us?”

Your application data will only not be reduced to the aforementioned key data after the end of the six-month period if this is precluded by statutory provisions, if storage of your application data is necessary for the establishment, exercise or defence of legal claims, or if you have explicitly consented to your application data being stored for a longer period (e.g. for the purposes of inclusion in our Talent Pool, see 3 e) below). 

The legal basis for this data processing is set down in points a) and f) of Article 6(1) of the GDPR.

If you have an applicant profile at the third-party applicant platform „finest jobs“, you may use your profile for your application with Edel. In this case, the personal and sensitive data stored in your finest jobs profile will be transmitted to us. The data protection notice of finest jobs (rexx systems GmbH) applies additionally https://www.finest-jobs.com/Datenschutz

The purpose of the data processing is the design of an effective application process, legal basis is Art. 6 para. 1 p. 1 lit. a, b and f DSGVO.

e) Inclusion in our Talent Pool

Should you be interested in your application data not only being considered for the specific job for which you have applied but also, in the event of your not being offered that job, in being considered for another position in our company for which you are eligible and qualified, then you have the option of being included in our Talent Pool. 

We need your consent to add you to our Talent Pool. By consenting to be included in our Talent Pool you agree to your application data being added to the Talent Pool; where a specific vacancy is to be filled, the hiring department as well as other internal offices and departments in our company which are involved in other application processes will have access to these data for the purpose of filling the vacancy, and they have permission to contact you in regard to the recruitment process. 

However, your application data will not be automatically included in our Talent Pool on account of your having giving your consent to that happening. We must, in addition, first determine that we have a vacancy to fill in our company.

You may, at any time, revoke your consent to inclusion of your data in our Talent Pool, with effect for the future. You can revoke your consent by writing to one of the addresses provided in our Legal Notice. Following such revocation, your data will be immediately deleted from our Talent Pool.

Should you have consented to your data being included in our Talent Pool, your full application data will not automatically be deleted after six months, but will be stored for a period of 12 months after the end of the application process. After that, only your key data (see 3 d) above) will be retained and deleted automatically after 24 months, unless statutory provisions do not permit your data to be reduced to your key data or do not permit their deletion, or if it is necessary to store your application data for the establishment, exercise or defence of legal claims. 

The legal basis for this data processing is set down in point a) of Article 6(1) of the GDPR.

f) Registration for our JobNews 

You may also give your consent to receive our regular JobNews about current job vacancies.

The only data we require for you to be able to receive our JobNews is your email address. The disclosure of other data is voluntary, and such data will only be used to send you information about relevant job vacancies.

The email addresses of our JobNews subscribers and all additional voluntarily disclosed data are stored on the servers of our application management software provider, namely rexx systems GmbH, based in Hamburg.

Any data which you transmit to us in the process of registering for our JobNews will be stored until such time as you cancel your subscription. You may, at any time, revoke your consent to receive our JobNews and cancel your JobNews subscription, with effect for the future. You can revoke such consent by clicking on the link provided in each JobNews email or by writing to one of the addresses provided in our Legal Notice.

The legal basis for this data processing is set down in point a) of Article 6(1) of the GDPR.

g) When using the whistleblowing system

The whistleblowing system (accessible via https://edel.rexx-hr.com/whistleblowing/) can be used to receive, process and manage information about violations of EU law in a secure and confidential manner. We use the services of rexx Systems AG, Süderstraße 77, 20097 Hamburg, Germany, to operate our whistleblowing system.

The following data is processed as part of the whistleblowing system: Information about the accused person, information about violations of conduct as well as the corresponding facts. If the information is provided anonymously, no data on whistleblowers will be processed. If the information is not provided anonymously, the name and contact details of the person providing the information are processed.

Incoming information is received by a narrow circle of expressly authorized and specially trained employees and always treated confidentially & accused persons are informed.

Personal data and information entered into the whistleblowing system are stored in a database operated by rexx systems AG. The inspection of the data is only possible for a very narrow circle of recipients of expressly authorized persons. The rexx systems GmbH and other third parties have no access to the data and the storage of the data takes place on a DSGVO-compliant server environment.

The processing of personal data within the framework of the system is based on the legitimate interest of a company in the detection and prevention of wrongdoing and thus in the prevention of damage to our company, subsidiaries, its employees* and customers. The legal basis for this processing of personal data is Article 6 para.1f EU-DSGVO.

We delete data accruing in this context after storage is no longer necessary, for example because the request you made has been dealt with, or restrict processing if legal retention periods exist.

4. Disclosure of data

Your personal data will not be disclosed to third parties for any purposes other than those set out below.

We will only disclose your personal data to third parties if:

  • you granted your express consent pursuant to Art. 6 (1) sentence 1(a) GDPR;
  • disclosure is required pursuant to Art. 6(1) sentence 1(f) GDPR in connection with the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding legitimate interest in your data not being disclosed;
  • we are subject to a statutory obligation to such disclosure pursuant to Art. 6(1) sentence 1(c) and
  • this is permitted by law and necessary in connection with implementing contractual relations with you pursuant to Art. 6(1) sentence 1(b) GDPR.

The application data which you have transmitted to us as part of your online application will only ever be disclosed to the in-house offices and departments in our company which are responsible for the specific job application process for which you have submitted that application. This limitation on the disclosure of data does not apply if you have given your consent to inclusion in our Talent Pool (see 3 e) above).

5. Cookies

We use cookies on our website. These are small text files which are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device, do not contain any viruses, Trojans or other malware.

Information relating to the specific end device used in each case is stored in the cookie. This does not mean, however, that we directly receive information relating to your identity.

The use of cookies serves on the one hand to make it easier for you to use our services. In this context, we use session cookies to identify whether you have already visited individual pages on our website. These are automatically deleted when you leave our website.

We also use temporary cookies in order to optimise our website’s user-friendliness; these are stored on your end device for a specific period. If you re-visit our website in order to take advantage of our services, the website automatically recognises that you are returning and will remember your data and settings in order to save you from entering these a second time.

The data processed using cookies are required for the stated purposes in order to protect our legitimate interests and those of third parties in line with Art. 6(1) sentence 1(f) GDPR.

Most browsers automatically accept cookies. You can, however, configure your browser such that cookies are not stored on your computer or a notice appears every time a new cookie is created. Full deactivation of cookies may, however, prevent you from being able to use all the functions on our website.

In addition to technically necessary cookies (essential cookies) that ensure the functionality of our website, we also use cookies on our website that enable us to track and analyze the usage behavior of our website visitors in order to optimize our online offering and display personalized advertising. In some cases, these are also cookies that are set by third-party providers (third-party cookies).
By clicking on the “I only accept essential cookies” button shown below, you have the option of rejecting the use of technically unnecessary cookies. You can view your selection of permitted cookies at any time under “Individual cookie settings” and revoke or change them with effect for the future.

Reference to data processing in the USA 

By clicking on the button “I accept all cookies”, you also agree according to Art. 49 para. 1 p. 1 lit. a DSGVO that your data will be transmitted to the USA and processed there. According to the assessment of the European Court of Justice, the USA does not guarantee a level of data protection that meets the European GDPR standards. In particular, it is easier and more extensive for US authorities to access personal data compared to authorities in the EU. There is thus a risk that your data collected in connection with your visit to our website may be processed by US authorities for control and monitoring purposes, possibly even without any legal remedy.

6. GA4 Google Analytics
Insofar as you have given your consent, our website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of “events”. Events can be:
– Page views
– First visit to the website
– Start of session
– Your “click path”, interaction with the website
– Scrolls (whenever a user scrolls to the bottom of the page (90%))
– clicks on external links
– internal search queries
– interaction with videos
– file downloads
– seen / clicked ads
– language settings

Also recorded:
– Your approximate location (region)
– your IP address (in shortened form)
– technical information about your browser and the end devices you use (e.g.
language setting, screen resolution)
– your internet service provider
– the referrer URL (via which website/advertising medium you came to this website)

Google Signals
Google Signals is used on this website as an extension to Google Analytics. You can find detailed information about Google Signals here https://support.google.com/analytics/answer/7532985?hl=de. The Google Signals extension is used to create cross-device reports and collect information. Google can thus analyze the behavior of website users across devices and create database models, including cross-device conversions. Google Analytics is used to generate statistics on user behavior, which can be viewed by the website operator. We have no influence on data processing by Google Signals. If you wish to stop the cross-device analysis, you can deactivate the “Personalized advertising” function in the settings of your Google account (https://support.google.com/ads/answer/2662922?hl=de)

Purposes of processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website as well as the possible playout of personalized ads by Google.

Recipients
Recipients of the data are/may be
– Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 DSGVO).
– Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
– Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Storage period
The data sent by us and linked to cookies are automatically deleted after 2 months. Data whose retention period has been reached is automatically deleted once a month.

Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.

Revocation
You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there:

[borlabs-cookie type=”btn-cookie-preference” title=”Jetzt Cookies ein/ausschalten”/]

The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
a. Not giving your consent to the setting of the cookie or
b. downloading the browser add-on to disable Google Analytics (install at https://tools.google.com/dlpage/gaoptout?hl=de . For more information on Google Analytics terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=en.

Reference to data processing in the USA by Google

By clicking on the button “I accept all cookies”, you also agree according to Art. 49 para. 1 p. 1 lit. a DSGVO that your data will be transmitted to the USA and processed there. According to the assessment of the European Court of Justice, the USA does not guarantee a level of data protection that meets the European GDPR standards. In particular, it is easier and more extensive for US authorities to access personal data compared to authorities in the EU. There is thus a risk that your data collected in connection with your visit to our website may be processed by US authorities for control and monitoring purposes, possibly even without any legal remedy.

7. Google Tag Manager

This website uses the “Google Tag Manager” service. Google Tag Manager is a solution that allows website tags to be managed via an interface. The tool itself processes personal data only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Reference to data processing in the USA by Google

By clicking on the button “I accept all cookies”, you consent at the same time according to Art. 49 para. 1 p. 1 lit. a DSGVO that your data will be transmitted to the USA and processed there. According to the assessment of the European Court of Justice, the USA does not guarantee a level of data protection that meets the European GDPR standards. In particular, it is easier and more extensive for US authorities to access personal data compared to authorities in the EU. There is thus a risk that your data collected in connection with your visit to our website may be processed by U.S. authorities for control and monitoring purposes, possibly even without any legal remedy.

8. Data protection information for license agreements

The following information provides an overview of the processing of the contract partner’s personal data by Edel, i.e. Edel SE & Co. KGaA or companies affiliated with it, as stated in the respective contract heading (data controller), as well as the rights resulting from the EU General Data Protection Regulation (GDPR) for the contractual partner.

8.1 Data protection officer

Edel’s data protection officer can be reached at datenschutz@edel.com.

8.2 Type, scope, purpose and legal basis of data processing

In connection with the conclusion of a license agreement, Edel regularly processes personal data of the contractual partner such as name, address and gender.

Further information on the purposes and the scope of the contractual services for which personal data of the contractual partner are processed can be found in the content of the contract agreed with the contractual partner as well as in the possibly included general terms and conditions.

Edel processes the personal data of the contractual partner on the basis of Art. 6 para. 1 lit. b) DSGVO only to the extent and to the extent that this is absolutely necessary for the fulfillment of the license agreement concluded with the contractual partner. If the contractual partner provides Edel with personal data within the framework of the contractual relationship, the processing of which is not absolutely necessary for the execution of the contract, but is nevertheless helpful because this facilitates business communication between the contractual parties, for example (e.g. telephone number or e-mail address), Edel will process this data on the basis of the consent granted by the contractual partner pursuant to Art. 6 (1) a) DSGVO, which the contractual partner may, however, revoke at any time with effect for the future.

8.3 Data transfer

A transfer of the personal data of the contractual partner shall only take place insofar as this is necessary for the fulfillment of the contractual and legal obligations.

A transfer of the data to a recipient outside of the EU or the EEA shall only take place in compliance with the legal requirements of the GDPR, i.e. if the transfer is necessary for the fulfillment of the license agreement concluded with the contractual partner (Art. 49 para. 1 lit. b) and c) GDPR) or an adequate level of data protection can be ensured due to the existence of an adequacy decision of the Commission (Art. 45 GDPR) or suitable guarantees (Art. 46 GDPR).

8.4 Storage period

Personal data of the contractual partner will only be processed and stored by Edel as long as this is necessary for the fulfillment of Edel’s contractual and legal obligations. After the contractual and legal obligations have been fulfilled, the contractual partner’s personal data will be deleted, unless Edel is obliged to store the data for a longer period of time due to retention periods under commercial and tax law (periods of two to ten years) or is entitled to store the data for a longer period of time for other reasons (e.g. enforcement of legal claims) (regular limitation period: three years until the end of the year). However, in the event of longer storage, Edel restricts the processing of the data.

8.5 Rights of the contracting party

According to the GDPR, the contractual partner has the following rights:

– If personal data of the contractual partner is processed, the contractual partner has the right to receive information about the data stored about him (Art. 15 DSGVO).

– If incorrect personal data is processed, the contractual partner has the right to rectification (Art. 16 DSGVO).

– If the legal requirements are met, the contractual partner may request the deletion or restriction of processing as well as object to the processing (Art. 17, 18 and 21 DSGVO).

– If the legal requirements are met, the contractual partner also has a right to data portability (Art. 20 DSGVO).

To exercise the aforementioned rights, the contractual partner must contact datenschutz@edel.com.

Finally, the contractual partner has the right to complain to a data protection supervisory authority about the processing of his/her personal data by Edel.

9. Your rights

a) Information, rectification, erasure, restriction of processing, data transferability, revocation, complaints 

You have the right:

  • to receive, pursuant to Art. 15 GDPR, information on your personal data processed by us. You can, in particular, receive information on the purposes of processing, the categories of personal data, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure, restriction of processing of personal data or the right to lodge a complaint, where the personal data are not collected from us, any available information as to their source, the existence of automated decision-making, including profiling, and meaningful information about the corresponding details, if applicable;
  • to obtain, pursuant to Art. 16 GDPR, without undue delay the rectification of inaccurate or incomplete personal data stored by us;
  • to obtain, pursuant to Art. 17 GDPR, the erasure of your personal data stored by us, provided processing is not required in order to exercise the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
  • to obtain, pursuant to Art. 21 GDPR, restriction of processing, where you contest the accuracy of the personal data, the processing is unlawful, you oppose the erasure of the personal data and we no longer need the personal data, but they are required by you for the establishment, exercise or defence of legal claims pursuant to Art. 18 GDPR or you have exercised your right to object;
  • to receive, pursuant to Art. 20 GDPR, the personal data concerning you, which you provided, in a structured, commonly used and machine-readable format and to demand transmission of those data to another controller; 
  • to withdraw your consent at any time pursuant to Art. 7(3) GDPR by making a corresponding statement to us.  This means that we are not permitted to continue to process the data to which this consent applied in future; and
  • to lodge a complaint with a supervisory authority, pursuant to Art. 77 GDPR.  You can generally lodge such complaint with the supervisory authority in the place of your habitual residence, place of work or our branch.

b) Right to object

If your personal data are processed on the basis of justified interests pursuant to Art. 6(1) sentence 1(f) GDPR, you have the right to object to the processing of your personal data, pursuant to Art. 21 GDPR, on grounds relating to your particular situation or the objection relates to direct marketing.  In the latter case, you have a general right to object which will be implemented by us without you having to specify grounds.

If you wish to make use of your right to object, an e-mail to the following address will suffice:

datenschutz@edel.com.

10. Data security

We use the popular SSL (secure sockets layer) technology in conjunction with the highest level of encryption supported by your browser when you access our website. This is generally 256bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v2 technology instead. You can identify whether or not an individual page on our website is transmitted in encrypted form by the closed key/padlock symbol in the lower status bar on your browser.

Your online application will be encrypted according to the current state of the art for the purpose of transmission.

We also use suitable technical and organisational security measures in order to protect your data against accidental or deliberate manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continually improved in line with technological developments.

11. Validity and amendments to this Privacy Notice

This Privacy Notice is up to date and is the valid version dated 07 November 2022.

We may be required to update this Privacy Notice as a result of developments to our website and services or due to amendments made to statutory or official requirements. The valid version of the Privacy Notice is available for inspection and printout at all times on our website at https://www.edel.com/en/privacy-policy/. 

Edel - Music, Books & Entertainment Skip to content