Skip to content Skip to footer
Close

General Information

We appreciate your visit to our website and your interest in data protection. To ensure you understand when we collect which personal data and how we use this data, please read the general information below.

For information on data processing by the tools and external services used on our website, please refer to the information in the “Website” section. For information on the processing of your personal data if you apply to us or would like to become our supplier or partner, please refer to the information in the “Interested Parties” section.

Responsible body

The responsible party according to Art. 4 Para. 7 EU General Data Protection Regulation (GDPR) is

Gustoso Group GmbH
Fürstenfelder Straße 9
80331 Munich
Phone: +49 (0)89 2080480000
Email: office@gustoso-gruppe.de

Managing Director: Dr. Nico Engel

Authorized signatories: Philipp Münster (individual power of attorney), Nicole Lernhard (joint power of attorney)

Collection, processing and use of personal data

The legal basis for the collection, storage, and processing of personal data can be found in particular in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Personal data is information that relates to an identified or identifiable natural person (Article 4 No. 1 GDPR). This includes, in particular, names, address details, telephone numbers, or email addresses. However, information about preferences, memberships, or, for example, previously visited websites can also constitute personal data.

Contact us

If you contact us (e.g., by email or via our contact form), the data you provide will be stored for the purpose of processing your inquiry and any follow-up questions. The legal basis for this processing is the necessity to implement pre-contractual measures pursuant to Art. 6 (1) (b) GDPR. We delete the data collected in this context once storage is no longer required, or restrict processing if statutory retention periods apply.

Special information for online applications

We will transfer your personal data to third parties if this is necessary to process orders (e.g., address data to our delivery partners) or to process payments. The legal basis for this transfer is the necessity to fulfill a contract in accordance with Art. 6 (1) (b) GDPR. Personal data will not be transferred to third parties for marketing or advertising purposes without your express consent.

Online presence in social media

We maintain online presences within social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. by writing posts on our online presence or sending us messages.

Your rights

You have the following rights with regard to your personal data:

  • Right to information,

  • Right to rectification or erasure,

  • Right to restriction of processing,

  • Right to object to processing,

  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

Revocation of consent and objection to the processing of your data

Please note that you can revoke any consent you have given to the processing of your data at any time. However, your revocation will not affect data processing that has already taken place, but will only apply to the future.

If we base the processing of your personal data on a balance of interests within the meaning of Art. 6 (1) (f) GDPR, you can object to the processing. A balance of interests is carried out in particular if the processing is not necessary to fulfill a contract with you. The legal basis for the respective processing procedures can be found in this data protection declaration. If you exercise such an objection, we ask you to explain the reasons for doing so. In the event of a justified objection, we will examine the situation and will either stop or adapt the data processing or explain to you our compelling legitimate reasons on the basis of which we continue the processing.

Furthermore, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the contact details provided above.

Deletion of data

The data we process will be deleted or restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with Sections 147 Para. 1 AO, 257 Para. 1 Nos. 1 and 4, Para. 4 HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with Section 257 Para. 1 Nos. 2 and 3, Para. 4 HGB (commercial letters).

 

You can reach our data protection officer at the following contact details:

FX DATA UG (limited liability)
Ottobrunner Str. 28
82008 Unterhaching
Phone: 089 – 21111 890
Email: dsb@fx-data.de

Applicants, employees and interested parties

The following information informs you about the processing of your personal data if you apply to us or if you would like to become our supplier or partner. Please also note the general information in the “General” section.

Collection of your personal data during the application process

We generally collect your personal data from the information you provide. Personal data is all information that relates to an identified or identifiable natural person, so that the person can be identified directly or indirectly.

If you apply to us, we collect the personal information you provide in your application documents, e.g., by mail, email, or online via our careers portal. The same applies if, for example, a recruitment agency sends us your application documents.

If your application is successful and an employment relationship is established, your data will be saved or stored in your personnel file. We must also collect additional personal data from you that is necessary to carry out the employment relationship.

This includes, for example, personal identification and contact information (e.g., name, address, date of birth, religious affiliation, nationality, gender, marital status, email address, telephone number), payment details (e.g., your IBAN), information about your work or residence permit, data about your personal qualifications (e.g., school leaving certificate, vocational training), resume, employment references, health insurance affiliation, tax identification number, insurance policies, and, if applicable, severely disabled status, etc.

The provision of your personal data is necessary because otherwise an employment relationship may not be concluded.

In order to process the employment relationship, it may also be necessary to process personal data that we have legitimately received from other companies or other third parties, e.g., social insurance funds, etc., for the respective purpose.

Purposes and legal basis for processing in the application process and employment relationship

Your personal data will be processed in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1. To establish, implement, and terminate the employment relationship:

We process your personal data to the extent necessary to establish, implement, and terminate the employment relationship. The legal basis is Section 26 (1) Sentence 1 of the Federal Data Protection Act (BDSG). This includes, for example, recording your qualifications as part of the application process, transmitting your bank details for the payment of your salary, or recording your working hours.

2. To fulfill legal obligations


We also process your personal data to the extent we are legally obliged to do so. The legal basis is also Section 26 (1) Sentence 1 of the Federal Data Protection Act (BDSG). For example, we must transmit certain data to tax offices and social insurance providers.

3. Based on Consent

Unless one of the above-mentioned legal bases applies, we process your personal data based on your express consent. The legal basis is Section 26 (2) of the German Federal Data Protection Act (BDSG). This applies, for example, to the publication of photos on our website. Consent granted can be revoked at any time with future effect. Processing that occurred before the revocation remains unaffected.

4. For the Detection of Criminal Offenses

Your personal data may be processed for the detection of criminal offenses if documented, factual evidence supports the suspicion that you have committed a criminal offense in your employment relationship, the processing is necessary for the detection, and your legitimate interest in excluding processing does not outweigh the suspicion, in particular, the nature and extent are not disproportionate to the reason. The legal basis is Section 26 (1) Sentence 2 of the German Federal Data Protection Act (BDSG).

Who receives your personal data?

Within our company, those departments that require your personal data to fulfill their contractual and legal obligations and that are authorized to process this data will have access to your data. For applications, those departments within our company that are involved in the application process will have access to your data.

External bodies will receive your data, in particular, if the transfer is required by law or necessary to fulfill the employment relationship, e.g., your bank, social security providers, health insurance companies, tax offices, and professional associations.