Linkedin
TONI

Data Privacy 

 

§1 Information about the collection of personal data

1.1 In what follows we provide information about the collection of personal data when using our website. Personal data is all data that pertains personally to you, e.g. name, address, e-mail addresses, user behaviour.

 

1.2 The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

 

TONI DRESS DAMENMODEN GMBH

Konrad-Ott-Str.1

91301 Forchheim

Managing Director: Oliver Keeb

 

UST-ID: DE 811158205

Commercial register entry: District court Bamberg; Register number: Bamberg HRB 1613 

 

E-Mail: info@toni-fashion.de

also see our imprint

 

 

The data protection officer of TONI DRESS DAMENMODEN GMBH can be contacted by e-mail: datenschutz.toni@toni-fashion.de datenschutz.toni@toni-fashion.de or our postal address with the addition "the data protection officer".

 

1.3 Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

 

When processing personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

 

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

 

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

 

1.4 If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

 

1.5 The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislature in EU regulations, laws or other provisions to which the person is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract

 

1.6 When you contact us by e-mail or via a contact form, we will store the data you provide (your e-mail address, if applicable your name and your telephone number) in order to answer your questions. We delete data arising in this context after storage is no longer necessary, or limit processing in the case of statutory retention obligations

 

1.7 Below we describe in detail our procedures when making use of contracted service providers for specific functions of our product range, or if we would like to use your data for advertising purposes. We also specify the established criteria for the storage period

 

1.8 Passing on to third parties: We will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, it will not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (passing on to external bodies such as supervisory authorities or law enforcement authorities)

§2 Your rights

2.1 You have the following rights towards us concerning your personal data

Right of access

Any data subject affected by the processing of personal data has the right, as granted by European guidelines and legislatures, to obtain from the data controller, at any time and free of charge, information about the personal data stored about him/her and a copy of that information. Moreover, European guidelines and legislatures grant access to affected persons to the following information:

• the purposes of processing

• the categories of personal data processed

• the recipients, or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations

• if possible the planned duration for which the personal data will be stored, or if this is not possible, the criteria for determining this period

• the existence of a right to have the personal data concerning him/her corrected or deleted, or to have processing restricted by the data controller or a right of objection to this processing

• if the personal data are not collected from the data subject: All available information on the origin of the data

• the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the rationale involved and the scope and intended effects of such processing for the data subject.

Furthermore, the data subject has a right of access to information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on any concomitant guarantees relating to the transfer.

 

If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or another employee of the data controller at any time.

 

Right of rectification

Any person concerned by the processing of personal data shall have the right granted by the European Directive and the Regulation to obtain the rectification without delay of inaccurate personal data relating to him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing. .

 

If a data subject wishes to exercise this right of rectification, he or she may, at any time, contact our data protection officer or another employee of the controller.

 

Right to erasure

Any data subject affected by the processing of personal data has the right, as granted by European guidelines and legislatures, to request the immediate rectification of inaccurate personal data concerning him/her. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

• The data subject withdraws consent on which the processing is based according to Article 6 (1) (a), or Article 9 (2) (a), and where there is no other legal ground for the processing.

• The data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2).

• The personal data have been unlawfully processed.

• The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

• The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1)

 

If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored by TONI DRESS DAMENMODEN GMBH deleted, he or she can contact our data protection officer or another employee of the data controller at any time. The data protection officer of TONI DRESS DAMENMODEN GMBH or another employee will arrange for the deletion request to be complied with immediately.

 

If the personal data have been made public by TONI DRESS DAMENMODEN GMBH and our company is responsible according to Art. 17 (1) GDPR to delete personal data, TONI DRESS DAMENMODEN GMBH will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other data processors who process the published personal data, that the data subject has requested the deletion of all links or copies or replications of this personal data by these other data controllers, insofar as processing is not necessary. The data protection officer of TONI DRESS DAMENMODEN GMBH or another employee will take any necessary steps in individual cases.

 

Right to restriction of processing

Any data subject affected by the processing of personal data has the right, as granted by the European guidelines and legislatures, to obtain from the controller restriction of processing where one of the following applies

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data

• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

• the data subject has objected to processing pursuant to Article 21 (1) and verification as to whether the legitimate grounds of the controller override those of the data subject is pending.

 

If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored by TONI DRESS DAMENMODEN GMBH deleted, he or she can contact our data protection officer or another employee of the data controller at any time. The employee of the company TONI DRESS DAMENMODEN GMBH will accordingly effect the restriction of the processing.

 

Right to data portability

Any data subject affected by the processing of personal data has the right, as granted by the European guidelines and legislatures, to receive personal data concerning him/her provided by the data subject to a controller in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit such data to another data controller without obstruction by the controller to whom the personal data have been made available, provided that the processing is based on the consent provided for in Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and that the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the controller.

 

Furthermore, in exercising his right to data transferability pursuant to Art. 20 (1) GDPR, the data subject has the right to obtain the direct transferral of the personal data by a data controller to another data controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.

 

To assert the right to data portability, the person concerned may contact the data protection officer appointed by TONI DRESS DAMENMODEN GMBH or another employee at any time.

 

Right to object

Any data subject affected by the processing of personal data has the right, as granted by the European guidelines and legislatures, to object at any time to the processing of personal data concerning him/her on the basis of Article 6 (1) (e) or (f) of the GDPR, for reasons arising from his/her particular situation. This also applies to profiling based on these provision

 

TONI DRESS DAMENMODEN GMBH will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims

 

If TONI DRESS DAMENMODEN GMBH processes personal data for direct marketing purposes, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with direct advertising. If the person concerned objects to TONI DRESS DAMENMODEN GMBH processing personal data for direct advertising purposes, TONI DRESS DAMENMODEN GMBH will no longer process the personal data for these purposes.

 

Furthermore, the data subject has the right to object to the processing of personal data concerning him/her which is carried out at TONI DRESS DAMENMODEN GMBH for research or historical purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, for reasons arising from his/her particular situation, unless such processing is necessary to fulfil a task in the public interest.

 

To assert the right to object, the data subject concerned may contact the data protection officer appointed by TONI DRESS DAMENMODEN GMBH or another employee at any time. The data subject shall also be free to exercise his or her right to object to the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EG.

 

2.2 You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

 

§3 Collection of personal data when visiting our website personenbezogener Daten bei Besuch unserer Website

 

3.1 When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (the legal basis is Art. 6 (1) S. 1 (f) GDPR):

 

• IP address

• Date and time of the request

• Greenwich mean time (GMT) time zone difference

• Content of the request (specific page)

• Access status / HTTP status code

• Amount of data transferred

• Website that receives the request

• Browser

• Operating system and its interface

• Language and version of the browser software

 

3.2 The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this occurs when the respective session has ended. If the data is stored in log files, this is the case after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted, so that an assignment of the calling client is no longer possible.

 

3.3 In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which the body that sets the cookie (in this case us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They work to make our Internet services more user-friendly and effective overall.

 

3.4 Use of cookies:

 

a) This website uses the following types of cookies, the scope and function of which are explained below:

Transient cookies (see b)

Persistent cookies (see c).

 

b) Transient cookies - also called session cookies - are automatically deleted when you close your browser. These store a so-called session ID, which allows different requests from your browser to be assigned to the common session. This will allow your computer to be recognized when you return to our website.

 

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

 

d) You can configure your browser settings according to your wishes and, for example, refuse acceptance of third party cookies, or all cookies. Please note that in this case you may not be able to use all the functions of this website.

 

§4 Other functions and services of our website

 

4.1 In addition to the purely informational use of our website, we offer various services which you can use if you are interested. As a rule, you must provide additional personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.

 

4.2 In some cases we use external service providers to process your data. We have carefully selected and commissioned these providers; they are bound by our instructions and are regularly monitored.

 

4.3 Furthermore, we may pass on your personal data to third parties when offering participation in promotions, competitions, conclusion of contracts or similar services in conjunction with partners. For more information, please provide your personal data or see the description of our services below.

 

4.4 If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the implications in our description of the service.

 

4.5 Datenschutzerklärung WhatsApp Nachrichten via Mateo

 

§5 Objection to or revocation of the processing of your data

 

5.1 If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.

 

5.2 If we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if, in particular, processing is not required to fulfil a contract with you, as is described for each function in the following descriptions. When exercising such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. Upon receiving a justification for your objection, we will examine the situation and either stop or adjust data processing, or point out our compelling legitimate reasons for continuing processing.

 

5.3 Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the following contact details:

 

TONI DRESS DAMENMODEN GMBH

Konrad-Ott-Straße 1

91301 Forchheim

phone +49(0) 91 91/ 83 499

info@toni-fashion.de

 

§6 Use of Google Analytics

 

6.1 This website uses Google Analytics, a web analysis service of Google Inc. "("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If however IP anonymisation is activated on this website, Google will shorten your IP address beforehand within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use

 

6.2 The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data

 

6.3 You may refuse the use of cookies by adjusting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser plug-in, you can click the following link to prevent Google Analytics from collecting data on this website in the future. This results in an opt-out cookie being stored on your end device. If you delete your cookies, you must click the link again: Disable Google Analytics

 

6.4 This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific individual. As far as the data collected about you is personal, it will be eliminated immediately and the personal data will be deleted immediately.

 

6.5 We use Google Analytics to analyse and regularly improve the use of our website. The statistics gained allow us to improve what we offer for sale, and to make this more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) S. 1 (f) GDPR.

 

6.6 Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/de.html, Overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html, and Data Protection Declaration: https://www.google.de/intl/de/policies/privacy.

 

§7 Data collection for application, "Career" section

 

7.1 To facilitate your job search, you can apply directly online on the Career pages for jobs with TONI DRESS DAMENMODEN GMBH, the parent company, Weber & Ott AG or other subsidiaries. We assure you that your details will be treated confidentially. The data entered here will be processed and used exclusively for the purpose of selecting applicants. The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

 

7.2 On these pages, we only collect information required for an application process or information that you provide to us in the course of the application process. If you apply for a job at one of Weber & Ott AG or one of our subsidiaries, you will be asked for certain personal data (e.g. name, address, e-mail). In addition, position-related questions may be asked. For an application at our company, it is also mandatory to include your professional background. For security reasons, we will send you a confirmation e-mail after you have registered with us online and applied for a position. Please note that your data will not be stored anonymously, but will be accessible to the HR department and the relevant departments in the company for the position.

 

7.3 With your application, you affirm that the information you have provided is true. Please note that any false statement or omission may constitute grounds for rejection or subsequent dismissal. Weber & Ott AG and its subsidiaries are looking for the best applicants, regardless of race, ethnic origin, gender, religion or belief, disability, age or sexual identity. We do not require any information from you that is not usable under the General Equal Treatment Act. Please also do not forward us any confidential internal information or even trade secrets of your former or current employer. Furthermore, please do not provide any unnecessary information on:

• Diseases

• Pregnancy

- ethnic origin, political opinions, philosophical or religious beliefs, trade union membership, physical or mental health or sex life.

- defamatory or dishonourable information

- Information that has nothing to do with the job profile

 

7.4 Your online application will only be processed and noted by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. Under no circumstances will third parties gain knowledge of your details. The processing of data takes place exclusively in Germany. The information you provide us with will be treated confidentially and will only be passed on within the respective group company to those persons who are involved in a specific application procedure. Your personal data will only be passed on to other group companies with your separate, explicit consent.

 

7.5 Your data will be deleted if your application is not successful or if you withdraw your application, which is possible at any time. Our standard deletion period is 6 months after completion of the application process.

 

§8 Submission of notices

 

It is very important to us that personal data is handled carefully and in accordance with the law. This applies in particular to data in connection with information from the internal reporting system. This applies both to the hotline and to our web-based application. The following information shows you how we handle your personal data in the context of notices from the internal reporting system for the preventive prevention of violations of applicable law or company policies (e.g. fraud or corruption as well as other criminal offenses) and/or for the detection of such violations.

The term personal data means all information, relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). Personal data therefore includes, for example, the first and last name, address, date of birth, e-mail addresses or telephone numbers.

Purposes of processing personal data

TONI DRESS DAMENMODEN GMBH processes the following types of personal data, among others, as part of the input and processing of reports in the internal reporting system:

  • Information for the personal identification of the whistleblower, such as first and last name, gender, address, telephone number and e-mail address;
  • Employee status for TONI DRESS DAMENMODEN GMBH
  • Information on data subjects, i.e. natural persons who are referred to in a report as a person who committed the infringement or with whom the designated person is associated. Such information includes, for example, first and last name, gender, address, telephone number and e-mail address or other information that enables identification;
  • Information about violations that may allow conclusions to be drawn about a natural person.

TONI DRESS DAMENMODEN GMBH processes the personal data for the purpose of investigating the reports in order to prevent violations of applicable law or company guidelines, uncover and/or take follow-up measures (such as measures to verify the validity of the allegations made in the report and, where appropriate, to address the reported breach, including through internal investigations, investigations, prosecutions, (re)recovery of funds or closure of proceedings).

legal basis

We only process information on the personal identification of the whistleblower if the whistleblower has given us consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. According to this, the processing is only lawful if the data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes.

We process information on employee status, information on data subjects and other information that allows conclusions to be drawn about natural persons on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with national implementation laws and Art. 6 para. 1 lit. f GDPR. According to this, the processing is lawful if the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

Our legitimate interest consists – depending on the specific individual case to be examined – in the processing of reports, to be able to carry out follow-up measures, such as measures to verify the validity of the allegations made in the report and, where appropriate, to address the reported infringement, including through internal investigations, investigations, prosecutions, measures to (re)recover funds or closure of the proceedings. Whether the interests or fundamental rights and freedoms of the data subject conflict with such data processing will be examined on a case-by-case basis – including with regard to the violation.

We may process personal data of employees on the basis of Section 26 (1) sentence 2 BDSG. According to this, personal data of employees within the meaning of Section 26 (8) BDSG may be processed for the detection of criminal offences if factual indications to be documented give rise to the suspicion that the data subject has committed a criminal offence in the employment relationship, the processing is necessary for detection and the employee's legitimate interest in the exclusion of processing does not prevail, in particular, the nature and extent are not disproportionate with regard to the occasion.

Your rights

You have the following rights vis-à-vis us with regard to the personal data concerning you:

  • Right to information (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to object to processing (21 GDPR).
  • In addition, we draw your attention as a whistleblower to your right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can revoke your consent Exercise your rights, inter alia, by sending an e-mail to the following e-mail address: datenschutz.toni@toni-fashion.de.

Furthermore, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us. For this purpose, you can contact the supervisory authority of our company headquarters. The address can be found under the following link on the Internet: www.bfdi.bund.de

General information on the recipients or categories of recipients

The personal data processed in the context of a report will be processed by lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, processed on behalf of and in accordance with the instructions of TONI DRESS DAMENMODEN GMBH.

All information will be processed by the ombudsman's office at eSourceONE GmbH, Kronacher Straße 60, 96052 Bamberg, on behalf of and in accordance with the instructions of TONI DRESS DAMENMODEN GMBH.

As a matter of principle, personal data will only be transferred to third parties if there is a legal basis for doing so. This is particularly the case if the transmission serves to meet legal requirements according to which we are obliged to provide information, report or pass on data, if you have given us your consent to do so or if a balancing of interests justifies this. 

In addition, external service providers, such as external data centers or telecommunications providers, process personal data on our behalf as processors.

Depending on the focus of the report and for the effective initiation of follow-up measures, the personal data may be passed on to our relevant specialist departments.

Under certain circumstances, we may also pass on the personal data to state security and/or law enforcement authorities, other competent authorities and/or persons bound to secrecy, such as auditors/lawyers, further.

General information about the retention period

The data is usually stored until the follow-up action has been completed. As a rule, the data from a report will be deleted after three years after the proceedings have been finally concluded, unless the initiation of further legal action requires further retention (e.g. initiation of criminal proceedings or disciplinary proceedings). Personal data in connection with reports will be deleted by us immediately if we consider them to be obviously objectively unfounded.

Security procedures

We take appropriate technical and organizational measures in accordance with legal requirements and taking into account the state of the art and the implementation costs of the scope, to ensure a level of protection appropriate to the risk.

These include:

  • TLS encryption
  • Encrypted data storage in an ISO 27001 certified data center
  • Isolated data storage of the whistleblower system
  • End-to-end encryption of the information
  • Removal of meta data when submitting anonymous reports

Information in accordance with Art. 13 para. 2 lit. e GDPR

The provision of data via a report is neither contractually prescribed nor necessary for the conclusion of a contract. Depending on the individual case, there may be legal obligations to notify us. However, it is necessary to process the data in order to process and investigate the report in a meaningful way