Scroll Top
Henleinstraße 7, 85570 Markt Schwaben, GERMANY
+49 8121 2239-40

Privacy

Privacy policy

In case of differences between the  german and english versions or in other cases of doubt, the german version applies. 

CGS Computer Controlled Systems GmbH
Henleinstrasse 7
85570 Markt Schwaben
Germany

Phone: +49 8121 2239-30
Fax: +49 8121 2239-40

E-mail: info@cgs-gruppe.de
URL: www.cgs-gruppe.de

Thank you for your interest in our company. Data protection is of a particularly high priority for the management of CGS GmbH. The use of the Internet pages of the CGS GmbH is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation, and in accordance with the country-specific data protection regulations applicable to the CGS GmbH. By means of this data protection declaration, our enterprise would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

As the controller, the CGS GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Definitions

In the data protection declaration, we use terms that were used by the European Directive and Regulation Maker when adopting the General Data Protection Regulation (DSGVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. In order to achieve this goal, we would like to explain the terms used in advance.

We use the following terms, among others, in our data protection declaration:

Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller.

Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Profiling

Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller

The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.

Third party

Third party means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent

Consent means any freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Person responsible

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions of data protection law is:

CGS Computer Gesteuerte Systeme GmbH
Henleinstrasse 7
85570 Markt Schwaben
Germany
Telephone: +49 8121 2239-30
Fax: +49 8121 2239-40
E-mail: datenschutz@cgs-gruppe.de
URL: www.cgs-gruppe.de

Data Protection Officer

The data protection officer of the responsible person is:

Christiane Nienhaus
Memex Consulting GmbH
Konrad-Zuse-Platz 8
81829 München
Germany
Phone: +49 89 441191-00
Fax: +49 89 441191-09
E-mail: nienhaus@memex-consulting.de
URL: www.memex-consulting.de

Your data subject rights

Provided the respective legal requirements are met, you have the following rights as a data subject under the GDPR:

Information: you have the right to obtain information about the data we process about you.

Correction: You can request the correction of incorrect personal data. You can also request that incomplete data be completed.

Deletion: You can request the deletion of your personal data in certain cases.

Restriction of processing: In certain cases, you can request that we restrict the processing of your data.

Data portability: If you have provided us with data on the basis of a contract or consent, you can request that you receive the data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

Revocation of consent: If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected. You can also declare a revocation in addition to the ways mentioned under “Assertion of your rights” in accordance with the respective instructions for exercising the revocation in the section “Details on services, cookies and co.

Exercising your data subject rights: To exercise any of your aforementioned rights, please contact: datenschutz@cgs-gruppe.de or the postal address provided earlier in this Privacy Policy.

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.

Information about your right of objection according to Art. 21 DSGVO
Individual right of objection

Pursuant to Art. 21 DSGVO, you have the right to object at any time on grounds relating to your particular situation to the processing of your personal data based on Art. 6(1)(e) DSGVO (data processing in the public interest) and Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO.

If you object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to processing of data for direct marketing purposes

In individual cases, we process your data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising. This also applies to profiling within the meaning of Art. 4 No. 4 DSGVO if it is related to direct advertising.

If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for these purposes.

The objection can be made informally. To exercise your objection, please contact:

CGS Computer Gesteuerte Systeme GmbH
Henleinstraße 7
85570 Markt Schwaben
Germany
E-mail: datenschutz@cgs-gruppe.de

Automated decision-making including profiling

We refrain from automated decisions in individual cases including profiling according to Article 22 DSGVO.

Information about our services and the functions on our website
Service or function of the website Which data or data categories are processed or stored? For what purpose is the data processed or stored? On what legal basis is the data processed or stored? Which legitimate interests, if any, are pursued? Who is the recipient of the data or which categories of recipients are there? How long is the data stored or what criteria are used to determine the end of the storage period? What are the obligations to provide the personal data or what are the consequences of not providing the data? In the given case, how can the revocation be exercised? From which sources are the personal data collected?
Website display Date and time of access; Duration of the visit;  At of the terminal device; Operating system used; Functions you use; Amount of data sent;  Type of event; IP address; Domain name; Provision of the website Article 6(1)(b) and Article 6(1)(f) DSGVO Ensuring the technical functionality of the website or service Hosting provider
Internal departments of the provider;  External service providers for technical support (e.g. troubleshooting)
Immediately after provision by the web server. There is no obligation to provide it. The data is collected automatically by calling up the website or service. Not applicable. Direct collection when the website or service is called up.
Creating log files The URL accessed; The IP address of the user; The date and time of access; Information about the browser type and version used; The user’s operating system; The user’s internet service provider; The IP address of the user; Websites from which the user’s system accesses our website; Websites that are accessed by the user’s system via our website;
  
Statistical analysis; Optimisation of our website;
Ensuring the security of our website; Identification and diagnosis of errors;  
Article 6 paragraph 1 a) DSGVO Statistical analysis; Optimisation of our website;
Ensuring the security of our website;
Identification and diagnosis of errors;
Hosting provider;
Internal departments of the responsible party;
External service providers for technical support (e.g. troubleshooting)
Government agencies on request;
Direct collection when the website or service is called up Direct collection when the website or service is called up Direct collection when calling up the website or service Direct collection when calling up the website or service
Use of the contact form Name of the contact request; Company of the contact requestor; E-mail address of the contact requestor; Content of the contact enquirer’s message;
Time of the contact request;
Postal address of the contact requestor; Telephone number of the contact requestor;   
Receipt, processing of contact requests, information requests, complaints, questions or other information requests
Article 6 paragraph 1 a) DSGVO Receipt, processing of contact requests, information requests, complaints, questions or other information requests Hosting provider; Internal departments of the provider;
Government bodies on request;
After processing the contact request There is no obligation to provide data. The data is collected automatically by calling up the website or service. Not applicable. Direct collection when calling up the website or service
Integration of third-party services

We integrate content or service offers from third parties in order to make their content, services and functions usable for you. These services are provided by the respective providers. The integration always requires that these third-party providers process your IP address. We endeavour to only integrate services whose providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyse information such as visits to the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offer, as well as being linked to such information from other sources. In the following overview, we have listed the services that are integrated into our online offer. You can obtain further information by clicking on “Data protection information of the provider”. Under “Further information” you will find, where available, further information on the options for adjusting your data protection settings.

Website service Who is the provider of the service? For what purposes is the service provided? On what legal basis is the service provided? What legitimate interests, if any, are being pursued? Where can you find the provider’s privacy policy? Where can you find further information on data protection?
No third-party services are used.
General information on the use of cookies

We use so-called cookies on our website www.cgs-gruppe.de. Cookies are small text files that are generated by our web server and sent to your browser together with the requested website and stored on your computer. Cookies are necessary for the technical functionality of our offer. They also serve to make the use of our offer more comfortable and help us to optimise our offer. We use session cookies and third party cookies. Session cookies are used specifically to store information for a short period of time and are deleted when you leave our website after your browser session has ended. In addition, other so-called third party cookies may be set in connection with the integration of third-party services, see point 7. You can prevent the use of these cookies by preventing the storage of cookies on your end device through the corresponding settings in your browser. If you prevent the storage of cookies, the functionality and scope of functions of our offer may be limited. Furthermore, we will only set certain cookies if you have previously consented to this. You can also make use of your separate options to object to certain cookies. We have compiled further information on the type, scope, purposes, legal basis and options for objecting to data processing in connection with the use of cookies for you in the following overview.

Use of first party cookies
Service or function of the website What categories of data are processed or stored? For what purpose is the data processed or stored? On what legal basis is the data processed or stored? Which legitimate interests, if any, are pursued? Who is the recipient of the data or which categories of recipients are there? Will the data be transferred to a third country? Is there an adequacy decision for this third country? What legal guarantees are there for third country transfers? How long are the cookies valid or what storage period is set? What are the obligations to provide the personal data or what are the consequences of not providing them? In the given case, how can the revocation be exercised? From which sources are the personal data collected?
SESSION ID PHP-Session 

 

Cookie ID 

 

Display and presentation of the website

 

Selection of the language when visiting the website

 

Hosting Provider; External service providers for technical support (e.g. troubleshooting) ;
 
  No Not applicable.

 

Duration of the browser session

 

There is no obligation to provide them. If you disable the storage of cookies, the selected language settings will not be taken into account for the duration of the browser session.

 

Not applicable.

 

Direct collection when calling up the website or service

 

Privacy settings

The following button will take you to the cookie settings   Cookie Settings

Data protection information for business partners
according to Art. 13, 14 and 21 DSGVO

In case of differences between the  german and english versions or in other cases of doubt, the german version applies. 

With this data protection information, we inform you in accordance with Articles 13, 14 and 21 of the EU General Data Protection Regulation (DSGVO) about which personal data is processed by CGS GmbH and its affiliated companies within the scope of our business relationship.

Who is responsible for data processing?

Responsible for data collection is:

CGS Computer Gesteuerte Systeme GmbH
Henleinstraße 7, 85570 Markt Schwaben GERMANY
+49 8121 2239-30
info@cgs-gruppe.de
Who is your data protection officer?

The contact details of the data protection officers are

Memex Consulting GmbH, Christiane Nienhaus
Nördliche Münchner Straße 14 A, 82031 Grünwald, Germany
+49 89 441191-00
nienhaus@memex-consulting.de

What data do we process?

The implementation of our business relations requires the processing of data of our business partners, which we receive from you. If this data allows conclusions to be drawn about a natural person, e.g. because you are our business partner as a sole trader, this is personal data. Regardless of the legal form of our business partners, we process personal data of contact persons of our business partners.

Please also provide this data protection information to the persons who are involved in the business relationship with us within and outside your organisation (e.g. as contact persons or subcontractors).

Processing of master data

We process basic data of our contractual partners and their contact persons which are required for the establishment and implementation of our business relationship and which we refer to as master data. This includes personal data that you provided to us when establishing the business relationship or that we collected from you. These are for example

Name, address
Contact data (e-mail address, telephone number)
Bank data
Authentication data (e.g. specimen signature).

Processing of transaction data

We process personal data that arises in the course of a business relationship with us and which we refer to as transaction data.

This includes for example

Contract and order data, related document data
Business letters (also in the form of e-mails)
Advertising and sales data
Data that we generate from transaction data, e.g. customer needs analyses and supplier evaluations
Consultancy documents

Processing of third party data

We process personal data that we are permitted to obtain from other companies or other third parties in order to conduct our business relationship. In addition, we process personal data that we receive from public sources and are permitted to process. These include, for example, debtor lists, commercial registers, the press, the media as well as terror and sanctions lists.

For what purposes and on what legal basis do we process your personal data?

We process personal data for the following purposes.

To fulfil contractual obligations (Art. 6 para. 1 lit. b DSGVO).

Personal data (Art. 4 No. 2 DSGVO) is processed for the performance of contracts agreed with us or for the performance of pre-contractual measures. This includes, for example, offers, orders, delivery of goods, complaints and all activities required for internal administration.

To protect the legitimate interests of our company (Art. 6 para. 1 lit. f DSGVO).

We process personal data beyond the actual business relationship to safeguard our legitimate interests within the framework of a balancing of interests (Art. 6 para. 1 lit. f DSGVO). This includes, for example, needs analysis and direct supplier contact, as well as advertising or market and opinion research, insofar as you have not objected to the use of your data. In addition, we process data e.g. for the assertion of legal claims and defence in legal disputes, the guarantee of IT security and IT operations, prevention and investigation of criminal offences, in the context of video surveillance for the collection of evidence in the event of criminal offences. This area also includes our measures for building and facility security (e.g. access controls), measures to ensure house rights and all measures to control our business activities and to further develop services and products.

Based on your consent (Art. 6 para. 1 lit. a DSGVO)

If you have voluntarily given your consent to the processing of personal data for certain purposes (e.g. transfer of data to third parties, evaluation of data for marketing activities), the consent constitutes the lawfulness of this processing. We would like to point out that you can revoke your consent at any time for the future. Processing that took place before the revocation is not affected by the revocation.

On the basis of legal requirements (Art. 6 para. 1 lit. c DSGVO) or if there is a public interest (Art. 6 para. 1 lit. e DSGVO).

We process personal data in accordance with our legal obligations and statutory requirements, e.g. from commercial law, the tax laws to which we are subject and other legal provisions such as the Money Laundering Act or sanctions regulations. Personal data is processed exclusively in accordance with the provisions of these regulations.

Who receives your data?

Your data will be passed on within the company or our group of companies to those offices that require this data for the implementation of our business relationship.

As far as necessary, we forward your data to service providers and processors used by us, with whom we have concluded corresponding agreements in accordance with Art. 28 DSGVO. These are, for example, companies from the areas of IT services, logistics, freight handling, printing services, telecommunication services, financial services, consulting and advisory services as well as sales and marketing.

We forward your data to those companies for which you have given us your consent to transfer the data.

With regard to the forwarding of your data to recipients outside the company, please note that we will only forward your data if this is permitted or required by law. Recipients of your personal data may be, for example, public bodies and institutions such as public prosecutors’ offices, police, supervisory authorities, customs, consulates or chambers of industry and commerce if there is a legal or official obligation.

If you have consented or authorised us to provide information, we will forward your data to other companies such as banks, credit agencies, suppliers and commercial agents in order to carry out the business relationship.

Other data recipients may be those bodies for which you have given us your consent to transfer data.

How long will your data be stored?

Your personal data will be processed and stored for as long as is necessary to achieve the above-mentioned purposes. Your data will not be deleted once the purpose has been achieved, insofar as statutory storage and documentation obligations exist. In this case, the data will be stored until the end of the retention period. Storage and documentation obligations exist, for example, from the German Commercial Code (HGB) and the German Fiscal Code (AO). Furthermore, the data will not be deleted if they are the subject of evidence in a legal dispute.

Will your data be transferred to a third country or to an international organisation?

A transfer of your data to third countries (states outside the European Union, the European Economic Area) can be made to service providers commissioned by us. If we have your data processed in third countries, the processing is carried out in compliance with the legal requirements.

If it is necessary for the execution of the contract that we have concluded with you or the company for which you work, we will transfer your data to our subsidiaries USA – CGS Automotive, Inc. or INDIA – CGS Electronics India Pvt. Ltd.

In addition, we will only transfer your data to third countries if we have your express consent or if we are legally or contractually obliged to do so.

What are your data subject rights?

You have the following rights under the GDPR:

If your personal data is processed, you have the right to receive information about the data stored about you (Art. 15 GDPR).
If inaccurate personal data is processed, you have the right to rectification (Art. 16 GDPR).
If the legal requirements are met, you may request the erasure or restriction of processing as well as object to processing (Art. 17, 18 and 21 DSGVO).
If the processing of your data is based on your consent, you have the right to revoke your consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by your revocation.

If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 DSGVO). You have the right under Article 20 of the GDPR if you yourself have provided us with the data for which you wish data to be transferred.
If your particular personal situation gives rise to reasons against the processing of your personal data, you may object to processing insofar as we base our processing on a legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. In such a case, we will only process your data if there are special compelling interests for this.
You have the right to lodge a complaint with a supervisory authority.

Where can you complain?

The supervisory authority responsible for CGS GmbH is:

Bavarian State Office for Data Protection Supervision
Promenade 27
91522 Ansbach
Tel.: +49 981 53-1300
E-mail: poststelle@lda.bayern.de

Are you obliged to provide your data?

Within the scope of our business relationship, you are only required to provide the personal data that is necessary for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect.

Please note that without this data we are not able to establish or maintain a business relationship or have to refuse to execute an order or can no longer execute an existing contract and may have to terminate it.

Are you affected by automated decision-making or profiling?

Automated decision-making including profiling within the meaning of Art. 22 DSGVO does not take place in the context of the establishment or implementation of a business relationship. Should we use these procedures, we will inform you separately, insofar as this is required by law.

Information about your right of objection according to Article 21 DSGVO
Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) DSGVO (data processing in the public interest) and Article 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) DSGVO which we use for credit assessment and advertising purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object to processing of data for direct marketing purposes

In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Please note that the revocation only takes effect for the future, i.e. the lawfulness of the processing up to the time of the revocation is not affected. Likewise, further processing of this data on the basis of another legal basis, such as for the fulfilment of legal obligations, remains unaffected.

The objection can be made form-free and should preferably be addressed to:

CGS Computer Gesteuerte Systeme GmbH
Henleinstraße 7, 85570 Markt Schwaben, GERMANY
+49 8121 2239-30
datenschutz@cgs-gruppe.de

Data protection information for applicants

In case of differences between the  german and english versions or in other cases of doubt, the german version applies. 

Information from CGS GmbH on data protection when processing applicant data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (DSGVO).

Thank you for your interest in our company. In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (DSGVO), we hereby inform you about the processing of the personal data that you have provided to us or that we have collected as part of the application process and your rights in this regard. Please read the following information in full so that you are fully informed about the processing of your personal data.
Who is responsible for the processing of your personal data?

The responsible party within the meaning of the General Data Protection Regulation (DSGVO) is.

CGS – Computer Controlled Systems GmbH
Henleinstraße 7
85570 Markt Schwaben
Tel.: +49 8121 2239-30
Fax: +49 8121 2239-40

hereinafter also referred to as “we”.

Contact details of the data protection officer

For all questions in connection with the processing of your personal data and to exercise your rights under the GDPR, our data protection officer, Ms Christiane Nienhaus, is available to you. You can reach her by e-mail at datenschutz@cgs-gruppe.de, as well as by telephone and by post at the contact details of the data controller mentioned in section 1 with the addition of “data protection officer”.

For what purposes and on what legal basis do we process your personal data?

We process your personal data from your application for the purpose of making a decision on the establishment of an employment relationship with you.  The legal basis for this is Section 26 (1) in conjunction with (8) sentence 2 BDSG.

Furthermore, we may process personal data about you insofar as this is necessary to fulfil legal obligations (Art. 6 para. 1 lit. c DSGVO) or to defend asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 lit. f DSGVO; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Insofar as your application documents contain photographs, we consider this to be implied consent to the processing of the photograph. Pursuant to Art. 7 para. 3 sentence 1 DSGVO, you are entitled to revoke this consent at any time.

If you give us explicit consent to process your personal data for specific purposes, the legal basis for this processing is your informed consent pursuant to Art. 6 (1) lit. a DSGVO. Consent given can be revoked at any time, with effect for the future (see section 9 of this data protection information). This is the case, for example, if your application for a current vacancy is not successful and we would like to retain your application documents for future vacancies. In this case, we will store your application data on the basis of your consent, which we will obtain from you by means of a separate declaration of consent.

Insofar as an employment relationship between you and us is established, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a company or service agreement (collective agreement).

What categories of personal data do we process?

We only process data that is related to your application. This may be general personal data (e.g. name, address, contact details), information on your professional qualifications and school education, information on further professional training or other data that you provide to us in connection with your application.

Furthermore, we may process job-related information that you have made publicly available, such as a profile in professional social media networks.

What are the sources of personal data we process?

We process your personal data that we receive in the course of contacting you or your application by post or by email.

Which categories of recipients receive personal data?

We only pass on your personal data within our company to those persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest.

If you apply for a job at our subsidiaries INDIA – CGS Electronics India Pvt. Ltd. or USA – CGS Automotive, Inc., we will forward your application documents to the subsidiary to which you apply. Please refer to the information in the next section on transferring your data to a third country.

Otherwise, data will only be transferred to recipients outside our company if this is permitted or required by law, if the transfer is necessary to fulfil legal obligations or if you have given your consent.

Is the transfer to a third country intended?

A transfer to a third country is not intended, unless you have applied for a job at our subsidiaries INDIA – CGS Electronics India Pvt. Ltd. or USA – CGS Automotive, Inc. In this case, your application materials will be forwarded to the subsidiary to which you are applying.

Please note that in India and the USA there is no level of data protection comparable to that in the European Union. The transfer of your data is based on Art. 49 (1) UAbs. 1 lit. b DS-GVO.

How long will your data be stored?

We store your personal data for as long as is necessary for the decision on your application. If an employment relationship between you and us does not materialise, your personal data or your application documents will be deleted after a maximum of 6 months following the conclusion of the application process (e.g. through the announcement of the rejection decision). We store your personal data for longer if this is required by law or in the specific case for the assertion, exercise or defence of legal claims for the duration of a legal dispute.

In the event that you have consented to the storage of your personal data, it will be stored in accordance with the requirements of your declaration of consent.

If your application is successful and we agree an employment relationship with you, your data will initially continue to be stored where necessary and permissible and then transferred to the personnel file.

In the event of an unsuccessful application, you may be invited by us to join our talent pool following the application process. If you are accepted into the talent pool, we can take your application into account when filling future vacancies. If we have your consent, we will store your application data in the talent pool in accordance with your consent.

What rights do you have?

If you apply to us, you have the following rights, which you can exercise by contacting us or our Data Protection Officer, using the contact details set out in paragraphs 1 and 2.

Right of access

You have the right to obtain information about your personal data processed by us and to request access to and/or copies of your personal data. This includes information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients, the current or planned disclosures (accesses) and, if possible, the planned duration of the storage of your personal data or, if this is not possible, the criteria for determining this duration.

Right to rectification

You have the right to request the rectification of inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to erasure (“right to be forgotten”)

You have the right to request that we erase personal data relating to you without undue delay and we are obliged to erase personal data without undue delay if one of the following reasons applies:

The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
otherwise processed, are no longer necessary.

You object to the processing in accordance with Art. 21 DSGVO and there are no overriding legitimate grounds for the processing.
The personal data have been processed unlawfully.
The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

The right to erasure does not apply to the extent that the processing is necessary

for the exercise of the right to freedom of expression and information;

for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject,
for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i), and Article 9(3) DSGVO,
for the assertion, exercise or defence of legal claims.

Right to restrict processing

You have the right to request us to restrict processing. You have the right to restrict processing if one of the following conditions is met:

the accuracy of the personal data is contested by you, for a period of time which allows us to verify the accuracy of the personal data,
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data,
we no longer need the personal data for the purposes of processing, but you need the data for the assertion, exercise or defence of legal claims, or
you have objected to the processing pursuant to Article 21(1) DSGVO and it has not yet been determined whether our legitimate grounds override yours.

Right to data portability

You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that

the processing is based on consent pursuant to Art. 6 (1) lit. a DSGVO or Art. 9 (2) lit. a DSGVO or on a contract pursuant to Art. 6 (1) lit. b DSGVO and
the processing is carried out with the help of automated procedures.

When exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible.
Right of objection

In accordance with Art. 21 DSGVO, you have the right to object at any time to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) lit. e or f DSGVO; this also applies to profiling based on these provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right of withdrawal

Insofar as the processing of personal data is based on your consent, you have the right under Art. 7 DSGVO to revoke your consent to the processing of your personal data at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do so, you can contact us or our data protection officer at any time using the contact details provided in sections 1 and 2.

Please note that we may need to store certain data for a certain period of time in order to comply with legal requirements.

Right to complain

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Necessity of provision?

The provision of your personal data is not required by law or contract, nor are you obliged to provide the personal data. However, please note that the provision of personal data is necessary for the decision on your application or for the conclusion of a contract on an employment relationship with us. This means that if you do not provide us with personal data when applying for a job, we cannot decide on an employment relationship and will not enter into an employment relationship with you.

We recommend that you only provide the personal data that is required to complete the application.

Does automated decision-making take place?

There is no automated decision-making in individual cases within the meaning of Art. 22 DSGVO, as the decision on your application is not based exclusively on automated processing.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.