Privacy Policy TALLAG Group

The TALLAG Saalfeld GmbH (“TALLAG”, “we”, “us/our”) is the operator of this website.

With this data protection information, we would like to inform you on what basis and for what purposes we process personal data that we collect from you or that you make available to us. In addition, we would like to inform you about the data protection rights to which you are entitled, including your right to object to individual processing operations carried out by TALLAG.

For certain categories of data processing, supplementary data protection information applies. Some are linked below.

  • Data protection notice for users of this website
  • Data protection notice for applicants
  • Data protection notice for participation in our video conferences
  • Data protection notice for business partners of the TALLAG Group

We may also provide information at the appropriate points about certain data processing to the extent that it appears necessary, e.g., in the case of certain forms.

Please contact us if you have any questions, comments or concerns about this Notice or our processing of your personal data.

last updated: 02/02/2023

1 General Privacy Notice

1.1 Who is responsible for data processing and who can I contact?

Responsible within the meaning of the General Data Protection Regulation (GDPR) is:

TALLAG Saalfeld GmbH
Hüttenstrasse 21
D-07318 Saalfeld/Saale, Germany
E-mail: info@tallag.com

You can reach our data protection officer using the aforementioned contact details or by e-mail at datenschutz@tallag.com

The TALLAG Group includes the following companies (also referred to as “locations”):

TALLAG Saalfeld GmbH
Hüttenstraße 21
07318 Saalfeld/Saale

TALLAG Rottenbach GmbH
Industrie und Gewerbegebiet 80
7426 Königsee OT Rottenbach

TALLAG Gera GmbH
Hermsdorf 31 a
07554 Gera

1.2 What data do we collect?

We typically process the following categories of personal data:

  • Master data: name, address,
  • Contact details: e.g., telephone number, e-mail address, any company affiliation,
  • Contact preferences: e.g., preferred contact medium, advertising messages received,
  • Inquiries: e.g., offers, inquiries, expressions of interest, feedback,
  • Customer data: e.g., correspondence, contracts, services, orders, joint appointments,
  • Financial and payment data: e.g., bank account number, billing address, payments received,
  • Application data: e.g. CV, certificates, cover letter, previous activities and positions in other organisations, education, professional qualifications, reference contact information, position preferences, salary expectations, interests and wishes, gender, marital status, age, information from publicly available sources, such as professional social media networks, any other information you provide to us and, if necessary, sensitive data such as origin, religion, possibly health data and degree of disability, criminal convictions, sanctions by supervisory or professional organisations,
  • Device data: e.g., information about your end devices with which you visit our website, such as the operating system used, browser type, language setting, IP address.

1.3 For what purposes do we collect, use, and store this personal data?

We collect, use, and store or process your personal data:

1.3.1 if you have given us your consent (Art. 6 (1) (a) GDPR)

  • to receive information about TALLAG offers, by post, telephone, messenger or e-mail;

1.3.2 if necessary, to fulfil contractual obligations and pre-contractual measures (Art. 6 (1) (b) GDPR)

  • Processing of your inquiries and thisbzgl. Contact, for example for certain contractually bound offers of TALLAG,
  • to decide on the establishment of an employment relationship for applications (legal basis for this is § 26 Abs. 1 BDSG). In particular, we process the data that you have sent us in connection with your application in order to check your suitability for the position (or, if applicable, other vacancies in our companies) and to carry out the application process,
  • for example, to carry out an order and invoicing, or to contact you for these purposes by post, telephone, e-mail, messenger service;

1.3.3 insofar as the legitimate interests of us or third parties require it, and no legitimate interests of data subjects prevail and you have not objected to the use (Art. 6 (1) (f) GDPR)

  • for the purposes of maintaining, maintaining, and improving our IT systems and services, data protection control and data backup,
  • to respond to other inquiries and complaints,
  • for internal administrative purposes,
  • to photograph or film events for the purposes of documentation and reporting as well as the possible publication of the recordings on our website, if necessary,
  • to detect, prevent or otherwise address fraud, security deficiencies or technical problems,
  • to provide law enforcement authorities with the information necessary for criminal prosecution in the event of suspicion of a criminal offence,
  • to protect and safeguard our legitimate business interests, terms and conditions and legal rights and obligations. This includes, but is not limited to, the use of any personal data in connection with compliance, regulatory, audit and legal claims (including disclosure of such information in connection with legal proceedings or litigation),
  • for direct marketing outside of the existence of consent to the extent permitted by law. In connection with the sale of goods or services to you or your company, we may process your postal contact details outside the presence of a specific consent in order to occasionally send you information about new offers (direct marketing). Under the legal requirements of § 7 Abs. 3 UWG, we are entitled to use your e-mail address, which you have provided when purchasing goods or services, for direct advertising for our own, similar goods or services;

1.3.4 if necessary to comply with a legal obligation (Art. 6 (1) (c) GDPR)

  • for example, to store the data collected for the execution of the contract until the expiry of the statutory retention periods,
  • to fulfil storage, documentation, and retention obligations, including the obligations to provide evidence regulated in Article 5 (2) and Article 7 (1) GDPR.

1.4 Who receives your data?

1.4.1 Transfers to companies that provide services to us as processors

Your personal data will be disclosed to companies that provide services on our behalf in accordance with our instructions. These are companies in the categories of IT services, including website hosters, data destruction.

1.4.2 Transfers to third parties

We share your information with third parties if we are required by law to disclose your personal information or if we believe it is necessary to protect the rights, property, or safety of us, our customers, or third parties. Transfers to public authorities and/or law enforcement authorities are made to the extent required by law or where it is necessary to protect our legitimate interests in accordance with applicable laws. We will inform you separately about these transfers to third parties in accordance with Art. 13 – 14 GDPR, e.g., within the scope of a consent given to us.

1.5 Is there an obligation for me to provide data?

As part of our business relationship, you must provide the personal data that is necessary for the initiation, execution, and fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or no longer be able to execute an existing contract and may have to terminate it.

1.6 How long do we store your data?

In principle, we process and store personal data of data subjects only for as long as the purpose pursued requires it or is required by law. For example, commercial and tax retention periods may prevent deletion. The periods specified there for storage or documentation are up to ten years. If the storage purpose no longer applies or if a legally prescribed storage period expires, the personal data will be routinely deleted in accordance with the statutory provisions, unless they are used as evidence.

1.7 What data protection rights do you have?

You have the right to know whether we process data about you. Each person affected by our personal data processing also has the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to deletion. In addition, there is a right of appeal to the supervisory authority for data protection, e.g., to the data protection authority responsible for your place of residence, your workplace or for the place of the data protection violation.

If you have any questions about this Privacy Notice or would like to contact us for any other reason regarding the processing of personal data, please contact us using the contact details set out above.

1.7.1 Information about your right to object according to Article 21 GDPR

1.7.1.1 Right to object on a case-by-case basis

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Article 6 (1) (e) or (f) GDPR (data processing on the basis of a legal obligation or balancing of interests); this also applies, if applicable, to profiling based on this provision within the meaning of Article 4 (4) GDPR.

In individual cases, we also process your personal data for direct marketing purposes. You also have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct marketing.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. In cases of direct marketing by e-mail, you can revoke their receipt at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the aforementioned contact details (e.g. e-mail, fax, letter) is sufficient for this.

1.7.1.2 Revocation of granted consent

You can revoke your consent given to us at any time with effect for the future.

1.8 Updates to this Privacy Notice

This privacy notice may be updated regularly. We will update the date at the top of this website accordingly and encourage you to check it for changes.

2 supplementary data protection notice for users of this website

This separate data protection notice applies to users of this website and supplements the above general data protection notice of TALLAG.

2.1 What additional data is collected, processed, and shared with your use of this website?

2.1.1 Collection of usage and device data and processing in log files

On the basis of our legitimate interests (Art. 6 (1) (f) GDPR) in eliminating faults, ensuring the correct delivery of the website, system security and the detection and tracking of unauthorized access or access attempts, we collect data about every access to the server on which the website is located (so-called server log files). The access data includes the address of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidence purposes are exempt from deletion until the respective incident has been finally clarified.

2.1.2 Collection of usage and device data via cookies

When you visit our website, it can retrieve information from your browser and store it using cookies, JavaScript, or pixels (collectively “cookies”). This may include information about you, your settings, or your device. This allows us to distinguish your web browser from those of other users of our website, learn more about your product interests and provide features. Cookies enable the provision of basic functions and services, such as the storage of your language preference.

2.1.2.1 Consent Management Service

We use a so-called consent management tool that informs you about further consent-based data processing, registers your consent in this regard and stores it on your device based on cookies (category necessary cookies). The legal basis for this is Art. 6 para. 1 lit. c GDPR, the legal obligation.

Further information on data processing, including purpose, legal basis, recipient, storage period, is set out below.
The Consent Management Tool is linked at the bottom of our web pages – symbolized as a fingerprint. This serves in particular to obtain your consent to our optional marketing and analysis service Google Analytics.

Regardless of this, you can determine whether cookies should be set and retrieved through the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback.

The following information on the cookies used supplements the information in the consent management service.

2.1.2.2 Session cookies

We currently use technically necessary session cookies on the basis of Art. 6 para. 1 lit. f GDPR, our legitimate interest in providing necessary functions (category necessary cookies). Session cookies are deleted when you have finished using our online offer and, for example, log out or close the browser. On the other hand, some cookies or information remain stored in the browser’s so-called localStorage for a predefined period of time in order to use the information stored in it for repeated visits.

2.1.2.3 Google Analytics

With your consent, the web analysis service “Google Analytics” comes from Google Ireland Ltd. to use. Google Analytics uses for this purpose, among other things: Cookies to enable us to perform a pseudonymous analysis of the use of our websites by users. The information collected about your use of this website (including your anonymized IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for us as the website operator and providing other services relating to website activity and internet usage. Google may also transfer this information to other recipients if this is legally required or if recipients process this data on behalf of Google. Google may associate this information with other data held by Google and use it for its own purposes.

Please note Google’s privacy policy.

The Google Analytics function only becomes active with your consent.
With your consent, you also agree to such transfers to the USA as an unsafe third country in accordance with Art. 49 (1) sentence 1 lit. a GDPR. The European Court of Justice considers the USA to be a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly without legal remedies.

2.1.3 Data processing with the use of our contact form

If you send us enquiries via the contact form, your details and contact details will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We will not pass this data on to third parties without your consent.

The processing of this data takes place within the framework of the legal bases listed under Section 1.3.2-1.3.4.

The data entered by you in the contact form will be processed until you request us to delete it, and there are no legitimate interests to the contrary, or the purpose for data storage no longer applies (e.g. after your request has been processed) or legal obligations provide for further storage.

2.2 Links to Third Party Sites

Our website may contain links to third parties. TALLAG accepts no responsibility for the content of websites linked to our website. If you visit a third-party website, it is your responsibility to ensure that you read the privacy information and any terms of use that apply to that website.

3 supplementary data protection notice for applicants

This separate data protection notice applies to applicants who are interested in working for a company in our TALLAG Group. This data protection notice supplements the abovegeneral data protection notice of TALLAG.

3.1 Who is responsible for data processing and who can I contact?

The position responsible for your application is the TALLAG Group company to which you are applying (each, “TALLAG Company”, or “we”, “us”). Information and contact details for the responsible

TALLAG company can be found in the respective advertisement as well as above under section 1.1. If an agency is responsible for recruiting, the agency is additionally responsible for your application. Please note their separate information on data protection.

3.2 What personal data do we collect from you as an applicant?

If you apply to us, we will receive personal data from you and, if necessary, from third parties.
This information includes, but is not limited to, your personal information, including:

  • Contact details: e.g., name, telephone number, e-mail address, home address
  • Application data: e.g., CV, certificates, cover letter, previous activities and positions in other organisations, education, professional qualifications, reference contact information, position preferences, willingness to move, salary expectations, interests and wishes
  • Sensitive information: e.g., gender, origin, religion, marital status, age, health data if applicable and degree of disability
  • Convictions and sanctions: e.g., criminal convictions, sanctions by supervisory or professional organisations
  • Media information: e.g., information from publicly available sources, such as professional social media networks
  • Any other information you provide to us (during your correspondence with us).
    In addition, personal data may result from the documentation of a job interview or from evaluation documents prepared by us.

We may also receive personal data about you from third parties, such as:

  • contracted recruitment agencies
  • previous employers who provide us with references
  • Universities/colleges.

3.3 Which data do we process for what purposes and on what legal basis?

3.3.1 For the implementation of the employment relationship (§ 26 para. 1 sentence 1 BDSG)

  • in particular to carry out the application process,
  • Reimbursement of travel expenses as part of the application process (if agreed).

If we conclude an employment contract with you, your personal data (i.e., your name, address, telephone number, certificates, etc.) may also be processed for the execution of the employment relationship in compliance with the statutory provisions. In this case, we will inform you again about the processing of your personal data in the context of the employment relationship.

3.3.2 Processing of your data on the basis of a balance of interests (Art. 6 para. 1 lit. f GDPR), insofar as your legitimate interests do not outweigh our legitimate business interests

If necessary, and your rights do not outweigh our interests, we process your data to safeguard our legitimate interests or those of third parties to:

  • Improving our recruitment processes and activities,
  • internal administrative purposes,
  • Assertion of legal claims and defense in legal disputes,
  • Ensuring IT security and IT operations, data backup and data protection control,
  • Building safety measures (e.g., visitors’ book).

3.3.3 Processing of your data on the basis of your consent (§ 26 Abs.2 BDSG)

If you have given us your consent to process your personal data for one or more specific purposes, such as with regard to the consideration of your application in future job advertisements.

3.3.4 Processing of your data on the basis of a legal obligation (Art. 6 (1) (c) GDPR)

We may collect information about your work and residence permit in accordance with §§ 39 AufenthG in conjunction with the Employment Ordinance and § 404 (2) No. 5 SGB III. In addition, the works council of the TALLAG company will inspect your application documents on request.

3.4 Who receives your data?

3.4.1 Transfers to other TALLAG companies

When you apply for positions with the TALLAG Group, TALLAG Saalfeld GmbH will receive your application and forward it to a location of the TALLAG Group according to your preferences. The location is named in the advertisements.

If the controller of the TALLAG Group concludes an employment contract with an applicant, the transmitted data will be stored by TALLAG Saalfeld GmbH for the purpose of processing the employment relationship in compliance with the statutory provisions.

3.4.2 Transfers to undertakings providing services under contracts

Your data may be shared with companies that provide services on our behalf, such as:

  • processors commissioned by us, including IT service providers such as web host,
  • external legal advisors,
  • Recruiting companies.

3.4.3 Transfers to public sector bodies

Personal data will be disclosed to public authorities and/or law enforcement authorities if required to do so by law or if it is necessary to protect our legitimate interests in accordance with applicable laws.

3.5 Is there an obligation for me to provide data?

As part of your application, you must provide the personal data required to carry out the application process. Without this data, we will usually have to refuse to conclude an employment contract.

3.6 How long do we store your data?

We will only store your personal data to the extent and for as long as is necessary for the purpose for which it was collected by us or provided to us by you. We therefore store your personal data as follows:

1. for the duration of the application process;

2. if your application was not successful, after notification of the rejection decision, as long as we need the data to clarify any inquiries or disputes – usually a deletion takes place after 5 months at the latest;

3. if you have expressly consented that we should also consider your application in future job advertisements, your data may also be stored for a correspondingly longer period of time;

4. if there is a corresponding legal obligation for longer storage, for the duration of this statutory period.

After the purpose of storage ceases to apply or a statutory storage period has expired, we will delete your personal data in accordance with the statutory provisions.

3.7 Security of your data in the online application process

We have taken the technical and organizational measures we consider necessary to ensure the most comprehensive protection of your personal data. However, we cannot guarantee that there will be no security gaps when data is transmitted over the Internet. For this reason, we offer you the option of sending us your application documents by post. For this purpose, please use either the address given in the respective advertisement text of the advertisement or the address of the person responsible for data processing stated in this information.

4 supplementary data protection notice for the use of our video conferences

This separate data protection notice applies to users who use our video conferencing systems together with us. This supplements the above general data protection notice of TALLAG.

We use various video conferencing tools for communication. The data processing takes place in the context of your participation in a video conference or online event.

4.1 What additional data is collected, processed, and shared with your use of our video conferencing software?

4.1.1 Processing of content, usage, and device data

In addition to image and sound, the following data is typically processed: name and IP address of the participant, name of the room, data on the device used. In addition, depending on usage, content may be generated from split screens, chats, whiteboard posts, or status. If available, telephone dial-in data can be processed: All voice communication and traffic data (telephone number, dial-in number, PIN, call duration). In the event of technical errors, the error ID and the affected device data are also stored.

The online events are not recorded.

During such a video conference, all participants can see, read, and hear data from screen sharing, chats, videos, audios and whiteboard posts.

By participating in video conferences and possibly activating your device camera, you agree to the processing of your data.
Please note that any transmission to the USA by our provider Cisco Systems Inc. can be done.

4.2 Who receives your data?

4.2.1 Transfers to companies that provide services to us as processors

Your personal data will be passed on to companies that provide video conferencing systems on our behalf in accordance with our instructions. The provider of our video conferencing system Cisco Systems Inc. provides the Webex service to us.

4.2.2 Transfers to third countries

If you use our video conferencing services together with us, certain connection data may also be processed on cloud-based servers of the US service providers.

A transfer of personal data to so-called unsafe third countries outside the EEA cannot be ruled out. Such third countries do not have a high level of data protection comparable to that of the EU.

With the aforementioned provider, we have therefore provided appropriate safeguards by means of standard contractual clauses (module two) issued by the EU Commission, which provide you with enforceable rights and effective remedies. You can view them here.

We also try to enable you to use such software in a data-saving way (e.g., participation in a video conference without registering your e-mail address).

5 supplementary data protection notice for business partners of the TALLAG Group

This data protection notice applies to suppliers and customers of the TALLAG Group and supplements the above General Data Privacy Notice.

We hereby inform you about the processing of your personal data in connection with the contractual relationship of your employer with us, or with regard to our joint contractual relationship, you should be our contractual partner directly, e.g., as a sole trader.

5.1 Which data do we process for what purposes and on what legal basis?

5.1.1 Processing of your data on the basis of contractual obligations or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)

We process your data in order to conclude, perform or terminate a contract with you or your employer. These data are in particular:

  • your name,
  • your work address,
  • Your business contact details such as telephone number and e-mail address as well as correspondence and contractual agreement with us,
  • Performance metrics: e.g., information that allows us to assess the performance of the supplier, including supplier personnel.

If you yourself are our contractual partner, we collect further data from you, such as your bank details.

If we have not received the aforementioned data from you, it comes from publicly available sources. 
We will not sell or otherwise market your personal data to third parties.

5.1.2 Processing of your data on the basis of a balance of interests (Art. 6 para. 1 lit. f GDPR), insofar as your legitimate interests do not outweigh our legitimate business interests

If you yourself are our contractual partner, we carry out a prequalification procedure under certain conditions when establishing contractual relationships. In doing so, we determine whether weare allowed to enter into business relations with you, taking into account the provisions of the Money Laundering Act, the EU sanctions lists according to EU regulations 2580/2001 and 881/2002.

In addition, we process your data to safeguard our legitimate interests or those of third parties, for or for

  • Protecting our legitimate business interests and legal rights. This includes, but is not limited to, use in connection with legal claims, regulatory, audit-related, investigative purposes (including disclosure of such information in connection with legal proceedings, insurance claims, or litigation) and compliance reporting requirements,
  • Internal administrative purposes,
  • Transmission of supplier data to our business partners as part of the preparation of quotations and compliance checks by third parties,
  • Business Management,
  • Providing you with information about our products, services, offers or technical developments (direct marketing) that you, as our business partner, request from us or that we think may interest you, where permitted by law,
  • if you have indicated a preference for marketing communications, or to be able to process follow-up requests, to improve our service,
  • or other correspondence.

5.2 Who receives your data?

We may share your data with other TALLAG companies for internal administrative purposes.
Otherwise, we may share your data with third parties if we are required by law to disclose your personal information or if we believe it is necessary to protect the rights, property or safety of us, our customers or third parties, or if there is a legitimate interest.

Recipients can be:

  • Public bodies and institutions (e.g., tax authorities, law enforcement authorities) in the presence of a legal or official obligation
  • Creditors or insolvency administrators who inquire in the context of enforcement
  • Auditor
  • service providers that we use in the context of order processing relationships,
  • Suppliers to whom we disclose data about our other suppliers or distributors as part of standards reviews, sanctioned party list reviews and certifications
  • other business partners.

5.3 Is there an obligation for me to provide data?

As part of our business relationship, you must provide the personal data that is necessary for its initiation, execution, and fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or no longer be able to execute an existing contract and may have to terminate it.

5.4 How long do we store your data?

In principle, we process and store personal data of data subjects only for as long as the purpose pursued requires it or is required by law.

In addition to the commercial and tax retention periods, we process contact data of contact persons of our business partners, corresponding business, and communication processes for the duration of our business relationship. After termination of the cooperation, we keep the data for up to 1 to 5 years for internal administrative purposes, for example to be able to build on a previous cooperation.