Data protection

With the following information, we would like to provide you, as a visitor to our online offering, with an overview of how we process your personal data and inform you of your rights under data protection law. The specific data processed depends primarily on your individual usage behavior. Therefore, not all parts of this information may apply to you. 

1. Controller and Contact Details of the Data Protection Officer 

The controller responsible for data processing on this online offering is: 

peicom GmbH 

Am Schürholz 6 

49078 Osnabrück (Germany) 

(hereinafter also referred to as the “Company“) 

 You can contact our external data protection officer at: 

 GENA GmbH 

Data Protection Officer 

Böttgerstraße 6 

65439 Flörsheim 

Germany 

datenschutz@peicom.com

2. Processing of Personal Data in Connection with Your Use of Our Websites, Applications, and Online Platforms a. Categories of Data, Purpose of Processing, and Legal Basis

As part of your use of our websites, applications, or online tools (hereinafter collectively referred to as the “online offering”), we process the following personal data:

• Personal data you provide yourself as part of the online offering (e.g., when registering, submitting contact requests, or participating in surveys), such as your first and last name, address, email address, telephone number, information provided in support inquiries, comments, or forum posts; HTTP data: Information automatically transmitted by your web browser or device to us, such as your IP address, device type, browser type, operating system used, previously visited websites, visited subpages, or the date and time of the respective visitor request. 

•  Technical administration of the website 

The legal basis for processing personal data for these purposes is our legitimate interest in ensuring the security of the website pursuant to Art. 6(1)(f) GDPR, regardless of whether a contractual relationship exists with you. 

• Online and service offerings 

• Online shop and customer login/registration 

(Use of our online shop) The legal basis for processing personal data for the purpose mentioned above is the performance of a contract pursuant to Art. 6(1)(b) GDPR. Use of our online shop is only possible after prior registration to ensure that only businesses can access it. The processing of data collected during registration and use of our online shop is necessary for initiating, performing, and concluding contracts. Without processing the mandatory information collected, we cannot execute the contracts. 

In some cases, we may explicitly ask for your consent to process your personal data. In such cases, the legal basis for processing is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

b. Cookies 

As part of our online offering, we also use so-called cookies. Cookies are small text files that are stored on your device by your browser when you visit our website. Cookies contain information related to your usage and the device you are using. 

(1) Technically necessary cookies 

The use of technically necessary cookies involves those cookies that are essential for the provision of our online services. The legal basis for the The storage and retrieval of such cookies on your device is based on Section 25 (2) No. 2 TTDSG (German Telecommunications-Telemedia Data Protection Act). The legal basis for the further processing of data in such cases is Art. 6(1)(f) GDPR (legitimate interests in providing the online offering and ensuring IT security). 

(a) Consent Management with Usercentrics We use the Consent Management Platform (CMP) provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. The tool allows you to conveniently manage your consent for the use of non-essential cookies and to make changes, such as revoking previously given consents. For this purpose, Usercentrics – acting as a processor – also receives access to the collected data. The tool enables us to inform you about the consent process, obtain and manage your consent, and document it. For this purpose, we process HTTP data and the consent itself, if provided. The purposes of the processing are: to obtain consent, to provide the option to withdraw or modify consent, to fulfill our accountability obligations regarding consent (documentation), and to ensure the security of the application. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interests in the aforementioned purposes). Information about provided consent and its revocation is stored for one year for accountability purposes. 

(2) Marketing Cookies

We use so-called marketing cookies to process information about which websites users visit, in order to improve our marketing efforts and tailor the use of our services to your individual preferences. Additionally, marketing cookies help us statistically analyze, optimize, and evaluate the use of our online services. 

These cookies are only activated with your explicit consent in accordance with Section 25 (1) TTDSG and Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR. 

You provide this consent when you access our online offering and our cookie banner is displayed. By clicking the corresponding button, you can give your consent for the use of cookies on this website. 

You can withdraw or modify your consent for the use of consent-based cookies at any time with effect for the future. To do so, please use the fingerprint button, which can be found at the bottom left of our website. Please note: Withdrawing your consent does not affect the lawfulness of processing carried out based on your consent before the withdrawal. 

(3) Functional Cookies 

We also use so-called functional cookies to make the use of our online services more appealing and user-friendly. The legal basis for the use of such functional cookies, the associated data processing, and the processing of data derived from them is our legitimate interest in designing the website in a user-friendly way pursuant to Art. 6(1)(f) GDPR, as well as your consent in accordance with Section 25(1) TTDSG and Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR. 

You provide your consent when you access our online offering and the cookie banner is displayed. By clicking a button, you can give your consent for the use of cookies on this website. 

You can withdraw or modify your decision regarding consent-based cookies at any time with effect for the future via our website. Please use the fingerprint button located in the bottom left corner of our website. The withdrawal of consent does not affect the lawfulness of processing carried out based on your consent before the withdrawal. 

(c) Google Fonts 

Our online offering uses Google Fonts for the consistent display of certain fonts, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) (Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). 

These fonts are embedded locally on our servers, so no connection to Google’s servers is established. The processing of your personal data (e.g., IP address) takes place exclusively on our servers. Therefore, the legal basis for using these fonts is our legitimate interest in providing a user-friendly display. 

c. Contacting Us 

Our website contains contact forms that can be used for electronic communication. If a user chooses to use this option, the data entered in the input form will be transmitted to us and partially stored. 

In this context, no data will be shared with third parties outside the company. The data will be used exclusively for handling the correspondence. 

The legal basis for processing the data transmitted via email is our legitimate interest in communicating with you, pursuant to Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, then Art. 6(1)(b) GDPR serves as an additional legal basis for the processing. 

The processing of personal data from the input form serves to handle the contact request and to prevent misuse of the contact form. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data entered in the contact form and those transmitted via email, this is the case when the respective correspondence is concluded. 

The user has the right to object to the processing of their personal data at any time. In such a case, further correspondence cannot be continued. Please send your deletion request via email to datenschutz@peicom.com. All personal data stored in the course of the contact will be deleted in this case.

3. Processing of Personal Data for Customer Satisfaction Surveys and Direct Marketing 

If you have given us your consent, or if we are entitled to do so based on existing customer relationships, your contact details will also be used for the purposes of direct marketing (e.g., trade fair invitations, newsletters) or for conducting customer satisfaction surveys. You have the right to object at any time to the use of your contact data for these purposes. If you wish to exercise your right to object, please send us an email to datenschutz@peicom.com or follow the corresponding instructions included in any marketing email you may receive from us. 

The legal basis for processing your data for marketing purposes is our legitimate interest in marketing pursuant to Art. 6(1)(f) GDPR in the case of existing customer relationships, or Art. 6(1)(a) GDPR if you have given us your consent. 

 4. Processing of Personal Data from Business Partners 

a. Categories of Data 

As part of our collaboration with business partners, the company processes personal data of contact persons at customers, suppliers, prospects, distribution partners, and cooperation partners (hereinafter referred to as “business partners“): 

• Contact information, such as first and last names, business address, business phone number, business mobile number, business fax number, and business email address; 
• Payment data, such as information necessary for processing payment transactions or fraud prevention, in case you have reimbursement claims; 
• Other information whose processing is necessary within the scope of a contractual relationship and which is voluntarily provided by business partners, such as orders, inquiries, or project details, 
• Personal data collected from publicly available sources, information databases, or credit agencies, and 
• If legally required for compliance screenings: date of birth, ID card and ID numbers, information on relevant legal proceedings or other legal disputes involving business partners. 

The aforementioned personal data are processed for the following purposes: 

• Communication with business partners regarding products, services, and projects, e.g., to process inquiries from business partners or to provide technical information about products, 
• Planning, execution, and management of the contractual business relationship, e.g., to process product and service orders, make payments, for accounting and billing purposes, and to carry out deliveries, maintenance activities, or repairs, 
• Conducting customer surveys, marketing campaigns, market analyses, sweepstakes, etc.,
• Maintaining and ensuring the security of our products and services as well as our websites, preventing and detecting security risks, fraud, or other criminal or malicious activities, 
• Comparing personal data with U.S. sanctions lists pursuant to European Regulations 2580/2001 and 881/2002, 
• Compliance with (i) legal obligations (e.g., retention obligations under tax and commercial law), (ii) existing obligations to carry out compliance screenings (to prevent economic crime or money laundering), and (iii) policies and industry standards, and 
• Settlement of legal disputes, enforcement of existing contracts, and the establishment, exercise, and defense of legal claims. 

The performance and fulfillment of a contract with you pursuant to Art. 6 (1) lit. b GDPR, 

• Compliance with legal obligations to which the company is subject pursuant to Art. 6 (1) lit. c GDPR, or 
• Protection of legitimate interests pursuant to Art. 6 (1) lit. f GDPR. 
• The legitimate interest lies in the initiation, execution, and processing of the business relationship in commercial traffic. 

If you have expressly given your consent to the processing of your personal data in individual cases, this consent constitutes the legal basis for the processing according to Art. 6 (1) lit. a GDPR.

5. Processing of Personal Data of Applicants 

a. Categories of Data and Purpose of Data Processing 

Within the scope of the application process, we generally process the following categories of personal data: 

• Personal data (first and last name, date of birth, address, school qualifications) 
• Communication data (telephone number, mobile phone number, fax number, email address) 
• Data regarding assessment and evaluation in the application process 
• Data about education (school, vocational training, civilian/military service, studies, doctorate) 
• Data on previous professional career, training and employment references 
• Information on other qualifications (e.g., language skills, computer skills, voluntary activities) 
• Application photo 
• Information on salary expectations 
• Application history 
• Social media links (link to Xing or LinkedIn profile, if data transfer from these profiles was selected) 

Personal data you provide to us as part of your application will be stored and used exclusively for the purpose of processing the application and, if applicable, for carrying out the subsequent employment relationship. 

b. Legal bases for data processing 

The processing of your personal data within the application process is based on Art. 6 (1) lit. b GDPR (conclusion and performance of a contract) as well as Art. 6 (1) lit. f GDPR (legitimate interest in communication and processing of the application). Any further processing of applicant data only takes place on the basis of an explicit declaration of consent. This is particularly the case if we cannot offer you a current vacancy in the company but consider your application suitable for future positions. The corresponding storage and processing of your data is then based on your consent pursuant to Art. 6 (1) lit. a GDPR. The storage and processing of your data for forwarding to other companies within the corporate group is also based on your consent pursuant to Art. 6 (1) lit. a GDPR. 

c. Information on Joint Responsibility 

If you apply to peiker Holding GmbH and give your consent to be included in the applicant pool, we will also check, in accordance with your consent, whether you are suitable for another position with us or other above-mentioned companies of the Peiker family and will contact you accordingly if necessary. Only in this case and if the application also relates to other companies of the Peiker family or is kept open for this purpose, the processing takes place as joint controllers. Accordingly, the applicant portal HRworks is operated by us together with the companies of the Peiker family [peiker Holding GmbH, peiker Immobilien GmbH, peiker CEE GmbH, FTI Engineering Network GmbH, peicom GmbH, Hofgut Liederbach Service GmbH] as joint controllers within the meaning of Art. 26 GDPR. The companies have recorded the joint use of the application portal in an agreement as joint controllers in accordance with Art. 26 GDPR and agreed on which data protection obligations each of them fulfills. Below we would like to inform you about the essential contents of the agreement between the joint controllers: 

(i) Cooperation of the joint controllers The companies decide independently on the substantive implementation of the application procedures and the concrete processing of applicant data. If you apply to peiker Holding GmbH and give your consent, we include you in an applicant pool and check, in accordance with your consent, whether you are suitable for another position with us or other above-mentioned companies of the Peiker family and contact you accordingly if necessary. Only in this case and if the application also relates to other.

If the application also relates to other companies of the Peiker family or is kept open for this purpose, the processing takes place as joint controllers. The matching is always carried out by us, but also for filling vacancies in the other above-mentioned companies of the Peiker family. If you apply only for a vacancy at peiker Holding GmbH and do not give consent for us to include your data in an applicant pool and check whether you are suitable for a position at one of the other above-mentioned companies of the Peiker family, the processing does not take place as joint responsibility. In this case, only peiker Holding GmbH is the controller. The companies have jointly determined the means and purposes of the technical operation and organizational use of the applicant portal. The applicant portal itself is provided by an external service provider within the framework of commissioned processing according to Art. 28 GDPR. The commissioned processor according to Art. 28 GDPR is HRworks GmbH, based in Freiburg. 

(ii) Responsibility of the companies 

The company whose job advertisement you apply for is individually responsible for informing you about the use of your applicant data pursuant to Art. 13 and 14 GDPR and your related rights. You can find this information in this privacy policy. You can request information about the processing of your personal data at any time. Furthermore, you can exercise all other rights to rectification, deletion, restriction of processing, and data portability according to Art. 15–21 GDPR at any time. In addition, you have the right to object to the processing of your personal data under Art. 21(1) GDPR for reasons arising from your particular situation. For your inquiries, according to the joint responsibility agreement, only the company whose job advertisement you applied to is responsible. If you send your inquiry to a different company, it will be forwarded immediately to the responsible company, which will then process your request. peiker Holding GmbH acts as the administrator of the applicant portal for all companies of the Peiker family. To this end, peiker Holding GmbH exercises the right to issue instructions and control over the commissioned processor pursuant to Art. 28 GDPR in coordination with the other companies of the Peiker family. 

d. Disclosure of data 

Your data will be made accessible to the responsible employees of the HR department and the responsible employees or supervisors of the specialist department(s) for the position you have applied for. 

In the case of an unsolicited application, your documents will be made available to the responsible employees of the HR department and the responsible employees or supervisors of the relevant specialist departments for which your application may be of interest. We do not forward your applicant data to affiliated subsidiaries or parent companies unless your application also relates to these companies or is kept open for this purpose. Furthermore, we use commissioned processors (e.g., IT service providers). The transfer of your data to these processors occurs under strict adherence to confidentiality obligations as well as the requirements of the GDPR. The commissioned processors are only allowed to process the data for us and not for their own purposes. The responsibility for data processing remains with us in these cases. Data transfer also takes place if we are obliged to do so by legal provisions and/or official or judicial orders. 

e. Transfer of personal data to third countries 

Our company is part of a corporate group where personnel responsibilities may cross national borders. For this reason, responsible supervisors in other countries may also have access to your applicant data. These data processing activities are necessary for decisions regarding the establishment of an employment relationship. Furthermore, data transmission to third countries also occurs when your data is included in the talent pool. This means that our affiliated foreign units also have access to your applicant data. When personal data is transferred to an entity in a third country, appropriate safeguards are put in place to ensure that the data protection level of the European Union is maintained. 

f. Retention periods for applicant data 

If no employment relationship is established, the application documents will be deleted six months after rejection. The legal basis for this storage is Art. 6(1)(f) GDPR. Our legitimate interest here is to defend against possible claims under the General Equal Treatment Act (“AGG”). Otherwise, the general deletion periods and notes under section 9 apply.

6. Social Media

We use references (“links”) to the social network LinkedIn on our website to draw attention to our services and products as well as career opportunities, and to get in touch with you as visitors and users of these social media sites as well as our website. 

You can recognize the links by the logo of the respective social network. By clicking the logo, a direct connection is established between your browser and the server of the respective service provider, and you will be redirected to the service provider’s website. Below you will find information on how your data is processed on the respective social media platforms. 

We operate the following profiles: 

LinkedIn https://www.linkedin.com/company/peiker-holding-gmbh/ LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_join-form-privacy-policy 

a. Data processing by us 

We operate the social media profiles to draw attention to our products, services, and career opportunities, to communicate with users, and to achieve improvements. The processing of personal data is generally based on Art. 6(1)(f) GDPR due to our legitimate interests in public relations, communication, and product improvement unless otherwise stated. We are able to view your posts and similar interactions on our social media profiles as well as – depending on your privacy settings – your public profile. We may use this data to improve our information and products, especially on our social media profiles. If you contact us via our social media profiles, we process the personal data you provide in order to handle your request, especially to respond to inquiries. We may respond to your inquiry via the respective social media platform. 

The legal basis for processing personal data in many cases is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) or, if this The legal basis, if not applicable, is Art. 6(1)(f) GDPR due to the legitimate interests arising from the aforementioned purposes. Furthermore, we may also process personal data in connection with the social media presences in accordance with the information in the other sections of the privacy notice. As a precaution, we point out that communication via social media platforms may be insecure. You can contact us at any time via other communication channels and will then also receive a response via these other channels. Moreover, we receive aggregated usage statistics from the platforms, which we use to analyze user behavior and to improve our information offerings. These usage statistics may also be generated by the platforms based on personal usage data. Further information can be found in the privacy policies of the respective providers linked above. Special information on Facebook and Instagram can be found below. 

b. Processing by platform operators 

We have no influence on the processing of your personal data by the respective providers. Rather, the platform operators control the data processing in the context of using the respective service. This includes, for example, the storage and use of cookies on user devices as well as the analysis of your behavior on the social network. 

c. Notes on deletion of posts 

If you publish personal data in the form of posts on our social media profiles, such as images, texts, videos, or interact in other ways, e.g., “liking” posts, your data will be processed and, in many cases, published. If the content is inappropriate, we may delete it in accordance with the usual procedures and policies of the respective platforms. 

7. Recipients and categories of recipients 

Within our company, those departments have access to your data that need it to fulfill contractual and legal obligations. Service providers and vicarious agents engaged by us may also receive data for these purposes, provided they maintain confidentiality and integrity. These are companies in the categories of IT services, telecommunications, as well as sales and marketing. 

Regarding the transfer of data to recipients outside our company, it should first be noted that we only disclose necessary personal data in compliance with applicable data protection regulations. Information about you may generally only be shared if legal provisions require it, you have given your consent, or we are authorized to provide information. Under these conditions, recipients of personal data may include: 

• Public authorities and institutions (e.g., law enforcement agencies) when there is a legal or official obligation, 
• Other affiliated group companies for risk management based on legal or official obligations, 
• Service providers engaged by us within the framework of commissioned processing relationships, and 
• Service providers explicitly named as recipients in these privacy notices.

8. Transfer to third countries 

Data transfers to entities in countries outside the European Union (so-called third countries) occur insofar as: 

• It is necessary to execute your orders (e.g., delivery orders), 
• It is legally required (e.g., tax reporting obligations), or 
• You have given us your consent. 

Furthermore, a transfer to third countries for maintaining and ensuring the company’s IT operations and IT security cannot be excluded. By using our social media offerings, data transfers and subsequent processing of usage data by the respective services in the USA may also occur. Any data transfers take place exclusively automatically in connection with the use of our social media offerings through the use of cookies. We ensure that data transfers to so-called third countries comply with legal requirements. Usually, data transfers are permissible based on an adequacy decision, especially for transfers to the USA. If this is not the case in individual cases, we will conclude standard data protection clauses or obtain your explicit consent. 

You can completely reject the use of cookies and other technologies or configure individual settings. Furthermore, you can revoke your consent at any time with effect for the future. Processing carried out prior to the revocation remains unaffected by the revocation. In addition, in accordance with the explanations in the other sections, personal data may be transferred to third countries by the companies to whom we disclose personal data. 

9. Storage duration 

We process and store your personal data as long as it is necessary to fulfill our contractual obligations and to exercise our rights. The revocation of previously given consent is retained for three years (accountability). The management cookie is deleted six months after the last visit. Server log data is anonymized before storage. Data related to newsletters and invitations is deleted immediately after deregistration. In individual cases, longer data storage may be justified for evidentiary purposes in justified individual cases. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years. 

10. Data security 

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, an SSL or TLS encryption is implemented on our online offering. You can recognize an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the padlock symbol in your browser bar. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and to comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational security measures to protect your personal data against loss, alteration, destruction, and unauthorized access or unauthorized disclosure. Our security measures are continuously improved in accordance with technological developments. 

11. Data subject rights 

Every data subject has the right to access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, and the right to data portability according to Art. 20 GDPR. 

Regarding the right of access and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply. Furthermore, there is a right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). 

You can revoke a given consent to the processing of personal data at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected by the revocation. You also have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out especially on the basis of Art. 6 para. 1 lit. f GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms. This particularly includes processing necessary for the establishment, exercise, or defense of legal claims. 

Furthermore, you have the right under Art. 22 GDPR not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. For the establishment, execution, and termination of the business relationship, we generally do not use fully automated decision-making. Should we use such procedures in individual cases (e.g., to improve our products and services), we will inform you separately about this and your related rights, provided this is legally required. Further information and explanations regarding the above rights can be found on the European Commission’s website “Your rights as a citizen.” 

12. Obligation to provide data 

Within the scope of our online offering, we depend on the processing of such usage data that is necessary for the provision and termination of the service and the fulfillment of the associated obligations. Without collecting usage data, neither we nor our service providers are able to provide you with our online offering. However, the provision of personal data is neither legally nor contractually required. 

13. Profiling 

We do not process your personal data automatically in a way that produces legal effects concerning you or similarly significantly affects you. 

14. Currency and changes to this privacy policy 

This privacy policy is currently valid and was last updated in August 2025. 

15. This English text has been generated by a translation program and is for a better user experience. This Privacy policy is only legally binding in the German version.