Privacy policy for employees

P-D Glasseiden GmbH Oschatz, Wellerswalder Weg 17, 04758 Oschatz, e-mail: dsb.gso@pd-group.com, attaches great importance to the protection of your personal data when processing it in the employment relationship.

In the following, we therefore explain which of your personal data we process and how, based on our privacy policy.

Please contact us or our external data protection officer if you have any further questions. You will find the contact details at the end of this privacy policy.

Personal data

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This includes information such as your name, your address, your telephone number, your location, your e-mail address, your bank details and your date of birth.

Processing of personal data

When processing data, we handle your personal data responsibly and confidentially. Therefore, your personal data will of course be processed in compliance with the applicable national (in particular BDSG) and European data protection regulations (EU General Data Protection Regulation, hereinafter also referred to as “GDPR”).

Processing of personal data in this regard is any operation or set of operations which is performed on personal data, whether or not by automated means. Data processing includes, in particular, the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Purpose of the processing of personal data

We process personal data in accordance with the specifications and requirements set out below as part of automated processing.

The primary legal basis for the processing of personal data in the employment relationship is Section 26 BDSG.

Applicants are considered employees in accordance with Section 26 (8) sentence 2 BDSG.

Under the following conditions, data processing may be carried out in the employment relationship based on the legal authorization basis of § 26 BDSG:

The data processing is necessary with regard to the establishment, performance or termination of an employment relationship or the necessity with regard to the exercise or fulfillment of the rights and obligations of the employee’s representation of interests arising from a law or a collective agreement (purposes under works constitution law) is given.

In addition, data may be processed in the employment relationship to detect criminal offenses in the employment relationship.

It should also be noted that works agreements between the works council and the employer pursuant to Section 26 (4) BDSG are to be regarded as an authorization basis, so that data protection conformity of data processing operations in the employment relationship can also be established by such a works agreement.

All data collected from you is required for the establishment and performance of the employment relationship with you. You are therefore obliged to provide this personal data upon our request when concluding the contract and during the employment relationship, otherwise we will not be able to establish an employment relationship with you.

Automated decision-making in individual cases, including profiling in accordance with Art. 22 GDPR, does not take place.

The scope of the processing of your personal data is limited by the respective purposes described above.

General data processing in the context of the employment relationship

The data is processed and transmitted for wage and salary calculation and compliance with recording, information and reporting obligations, insofar as this is required by law or employment contract obligations. Without this data, we cannot conclude or execute the contract with you. This also applies to all voluntary social benefits provided by the employer and to external education and training programs.

Data processing for the purposes of system administration and security

Due to the applicable legal data security regulations, a range of your data is processed for the administration and security of the system, such as for the administration of user IDs. This includes automatically created and archived text documents (such as correspondence) in these matters. Without this data processing, secure operation of the system and therefore employment in our company is not possible.

Data processing in the event of labor disputes

If a legal dispute arises during an ongoing employment relationship or after termination, the data required for appropriate legal action will be transmitted to legal representatives and courts.

Data transmission within the P-D Group

The primary authorization basis for the transfer of employee data within the P-D Group is Art. 6 para. 1 sentence 1 lit. f GDPR (see below: “Recipients of personal data”).

Legal obligations

With regard to the fulfillment of legal obligations, Art. 6 para. 1 sentence 1 lit. c GDPR is the relevant basis for authorization.

Consent

Your personal data will only be processed by us, unless this is based on a legal authorization basis, if you give your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DS-GVO in conjunction with. Art. 7 GDPR for this purpose. For this purpose, you have the option of giving your consent voluntarily. There are no disadvantages for you if you do not give your consent. You can request to view your consent at any time and revoke it at any time by sending us an email or by post. The withdrawal of consent does not affect the permissibility of the processing carried out up to the time of withdrawal and also has no disadvantages for you. You can find our contact details above and at the end of this privacy policy.

In the opinion of the legislator, such consent can be given by you in accordance with Section 26 (2) BDSG if a legal or economic advantage is achieved for you (e.g. the introduction of a company health management system to promote health, permission for private use of company IT systems) or if the employer and employee pursue similar interests (e.g. the inclusion of name and date of birth in a birthday list or the use of photos of the employee on the Internet/intranet). Only in these cases will we obtain a declaration of consent from you in compliance with the above requirements.

Application

If you apply for a job with us, the data you provide will be processed by us to check whether we wish to establish and implement an employment relationship with you.

The applicant data entered by you will only be processed until the decision on employment is made if an employment relationship does not materialize. The data will be deleted 6 months after the rejection has been sent or after the application documents have been returned to the applicant.

If we enter into an employment relationship with you, the data that you have provided to us will be processed to establish, implement and, if necessary, terminate the employment relationship.

The basis for authorization is § 26 BDSG new.

Duration of data processing

The maximum duration of storage depends on the purpose of the data processing. The duration of storage depends on the period for which the processing is necessary to fulfill the purpose, in particular with regard to the establishment, implementation or termination of the employment relationship with you, or to fulfill legal obligations (e.g. commercial and tax retention obligations according to § 257 HGB and § 147 AO, social security retention obligations).

After you leave the company as an employee, your data will be deleted under data protection law at the end of the year three years after you leave the company, not counting the year in which you left.

A declaration of consent is generally valid until revoked by the data subject. However, an “unused” declaration of consent can lose its effectiveness after a period of 1.5 years. After a period of 1.5 years in which the consent is not used, the data will be deleted.

Statutory retention obligations remain unaffected by the above.

Recipients of the personal data

Data is transferred within the P-D Group (both between the holding company and its subsidiaries and between the subsidiaries).

The primary authorization basis for data transmission in the P-D Group is Art. 6 para. 1 sentence 1 lit. f GDPR.

Accordingly, data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights of the data subject. In the recitals to the GDPR, which serve as interpretation aids for the GDPR, the legitimate interest for the transfer within a group of companies is specified in recital 48. Accordingly, the transfer within the P-D Group for internal administrative purposes with regard to the processing of employee data is to be qualified as a legitimate interest of ours within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. Internal administrative purposes relating to employee data in this sense may include central personnel planning and development, the provision of personnel services and travel expense accounting.

Furthermore, P-D Group companies may have access to your personal data in the following systems, insofar as this is necessary, which is legally classified as a transfer:

Payroll accounting system
Electronic time recording system
Travel expense accounting system
Training and further education system
System for processing the company pension scheme
Furthermore, transfers may be made to external third parties if necessary.

The data relevant in each individual case is transmitted to the following bodies on the basis of the statutory provisions or contractual agreement:

Tax office
Social insurance providers
Social welfare offices
Employment agency
Financial institutions
Insurance companies as part of an existing group or individual insurance
Company doctor, employers’ liability insurance association
Travel service providers and their respective subcontractors
Service providers for work clothing
Consulates Third countries

Furthermore, transfers may also be made to other specialist departments within P-D Glasseiden GmbH and other P-D Group companies if this is necessary.

Processors used are contractually obliged to comply with the requirements of Art. 28 GDPR. Processors will only process your data in accordance with the legal requirements and only in the context of fulfilling the contract.

Location of the data processing measures

All processing of your personal data takes place either in Germany or in member states of the European Union. We do not transfer your personal data to countries outside the member states of the European Union (so-called third countries) or other international organizations. If, in individual cases, your personal data is transferred by us to companies in countries outside the member states of the European Union (so-called third countries) or other international organizations, all requirements of Art. 44 et seq. GDPR are complied with.

Security / Technical and organizational measures

We take all necessary technical and organizational measures, taking into account the requirements of Art. 24, 25 and 32 GDPR, to protect your personal data from loss, destruction, access, modification or dissemination by unauthorized persons and misuse.

For example, we comply with the legal requirements for the pseudonymization and encryption of personal data, for the confidentiality, integrity, availability and resilience of systems and services in connection with processing, for the availability of personal data and the ability to restore it quickly in the event of a physical or technical incident, and for the establishment of procedures to regularly review, assess and evaluate the effectiveness of technical and organizational measures to ensure the security of processing.

Furthermore, we also observe the requirements of Art. 25 GDPR with regard to the principles of “privacy by design” (data protection through technology design) and “privacy by default” (data protection through data protection-friendly default settings).

Your rights

You have a right to free information about your personal data and, if the legal requirements are met, a right to rectification, blocking and erasure of your data, to restriction of processing, to data portability and a right to object.

You also have the option of lodging a complaint with the competent supervisory authority.

If you have any questions about the processing of your personal data or questions relating to the aforementioned rights or suggestions, please contact the

Data Protection Coordinator of the P-D Group:

P-D Management Industries-Technologies GmbH

Wilsdruffer Street 11

01723 Wilsdruff / Grumbach district

E-mail: frank.goellnitz@pd-group.com

or to our external data protection officer for the

P-D group of companies pursuant to Art. 37 (2) GDPR:

WS Datenschutz GmbH

Dircksenstrasse 51

D-10178 Berlin

Privacy policy for our social media presence

I. Social media responsible together with us

P-D Glasseiden GmbH

Address: Wellerswalder Weg 17, D-04758 Oschatz
Phone: +49 3435 6570
E-mail: dsb.gso@pd-group.com
Homepage: https://oschatz-glas.com

has its own social media presence as follows:

• Facebook: https://www.facebook.com/Glasseide
• Instagram: https://www.instagram.com/oschatz_glas/
• LinkedIn: linkedin.com/company/p-d-glasseiden-gmbh-oschatz
• YouTube: https://www.youtube.com/@Oschatz_Glas
• TikTok: https://www.tiktok.com/@oschatz.glasseide

Here we use the services of

• Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA or Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“)
• Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA or Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram“)
• LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland or LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085, USA (“LinkedIn“)
• YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube“) represented by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,

Data processing within the European Economic Area and Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google“)

• TikTok Technology Limited,10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok“)

back.

Based on the ruling of the European Court of Justice from June 5, 2018 (available at http://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=298398 ), operators of social media sites and the operators of the social media themselves are considered joint controllers of data processing.

We would like to point out that you use our social media sites and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information that we make available on social media on our own website.

II. Data Protection Officer

Our data protection officer is:

Christina Webersohn from WS Datenschutz GmbH

If you have any questions about data protection, you can reach them at the following e-mail address:

oschatz-glas@ws-datenschutz.de

or by post:

WS Datenschutz GmbH

Dircksenstrasse 51

D-10178 Berlin

https://webersohnundscholtz.de/

You can contact the data protection officers of the respective social media via the respective social media.

You can reach the data protection officer of Facebook and Instagram via the following linked contact form: https://www.facebook.com/help/contact/540977946302970

You can reach LinkedIn’s data protection officer via the following linked contact form: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

You can reach YouTube’s data protection officer via the following linked contact form: https://support.google.com/policies/contact/general_privacy_form?sjid=10990068199381290885-EU

You can reach TikTok’s data protection officer via the following linked contact form: https://www.tiktok.com/legal/report/DPO/en?undefined

III Data processed by the social media

When you visit our social media pages, the social media operators collect, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the site, with statistical information about the use of the site. The data collected about you in this context is processed by the social media operators and may be transferred to countries outside the European Union. Which information the operator of the respective social network receives and how it is used is described in the privacy policies of the respective social networks. There you will also find information on how to contact us.

You can find more information on this under the following links:

Facebook: https://de-de.facebook.com/about/privacy

YouTube: https://www.google.de/intl/de/policies/privacy/

Instagram: https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/de

The way in which the social media operators use data from visits to our social media presence for their own purposes, the extent to which activities on the social media sites are assigned to individual users, how long the operators store this data and whether data from a visit to the social media sites is passed on to third parties is not conclusively and clearly stated by the social media operators and is not known to us.

When you access our social media pages, the IP address assigned to your end device is transmitted to the operator of the respective social network. The social networks also store information about the user’s end devices (e.g. as part of the “login notification” function); the social media operators may thus be able to assign IP addresses to individual users.

If you are currently logged in to the respective social network as a user, a cookie with your individual identifier is stored on your end device in this social network. This allows the operator of the social network to track that you have visited a particular page and how you have used it. This data can be used to tailor content or advertising to your previous website visits.

If you want to avoid this, you should log out of the respective social network or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, login information that can be used to directly identify you will be deleted. This allows you to use our social media presence without revealing your user ID. If you access interactive functions on the site (like, comment, share, messages, etc.), a login screen will appear. After logging in, you will once again be recognizable as a specific user for the social network used.

Information on how you can manage or delete existing information within the social network can be found on the above-mentioned support pages of the respective social network.

IV. Data processed by us

1. type and scope of data processing

The data you enter on social networks, in particular your user name and the content published under your account, will be processed by us to the extent that we may respond to your messages. In addition, your published posts, ratings and comments refer to your account in the respective social network. If you mention us via an @ or a # or similar, this mention may be published on our site under your user name. The data you freely publish and disseminate on the respective social network may be included by us in our offer and made accessible to other users of the respective social network. If you mark our presence in the social media with “Like” or “Follow” or a similar interaction, we will be informed of this by the respective social network with your user name and link to your account.

As the provider of the information service, we do not collect or process any other data from your use of our social media presence.

2. legal basis of the processing

Data processing on our part is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest arises from the advertising function of social media. We use these to increase awareness of our company.

3. purpose of the processing

The data you provide in this context and which may be accessible to us (e.g. user name, images, interests, contact details) will be processed by us exclusively for the purpose of communicating with customers and interested parties. Our legitimate interest lies in offering you a platform on which we can display current information and with the help of which you can address your request to us and we can respond to your request as quickly as possible.

4. duration of storage

As far as possible, your data will be deleted when we discontinue our presence on social media.

V. Your rights

You have the following rights under the General Data Protection Regulation:

5. right to withdraw consent (cf. Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a revocation affects the permissibility of the processing of your personal data for the future after you have given it to the controller. It can be made verbally (by telephone) or in writing by post or e-mail to us.

6. right to information (cf. Art. 15 GDPR)

In the event of a request for information, you must provide sufficient information about your identity and provide proof that the information is yours. The information concerns the following information:

• the purposes for which the personal data are processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
• the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
• all available information about the origin of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

7. right to rectification or erasure (cf. Art. 16, 17 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

In addition, you may request the deletion of personal data concerning you if one of the following reasons applies to you:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data concerning you has been processed unlawfully.
• The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If the personal data concerning you has been made public and the controller is obliged to erase it pursuant to Art. 17 (1) GDPR, we will take all reasonable steps to inform other controllers responsible for data processing that you have requested the erasure of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not exist if the processing is necessary:

• to exercise the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
• for the assertion, exercise or defense of legal claims.

8. right to restriction of processing (cf. Art. 18 GDPR)

Under the following conditions, you may request the controller to restrict the processing of your personal data:

• if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
• if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether our legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

9. right to information (cf. Art. 19 GDPR)

If you have asserted your right to rectification, erasure or restriction of data processing against a controller, the controller is obliged to notify all recipients of your personal data of the rectification, erasure or restriction of data processing. This only applies insofar as this notification does not prove to be impossible or would involve a disproportionate effort.

You have the right to know which recipients have received your data.

10. right to data portability (cf. Art. 20 GDPR)

You have the right to receive your personal data from the controller in a commonly used, machine-readable format in order to have it transmitted to another controller, provided that

• the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR and
• the processing is carried out using automated procedures.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

11. right to object to the processing (cf. Art. 21 GDPR)

If the processing of your personal data is based on a legitimate interest (pursuant to Art. 6 para. 1 lit. f) GDPR), you can object to the processing. The same applies if the data processing is based on Art. 6 para. 1 sentence 1 lit. e) GDPR.

When exercising such an objection, please explain the reasons why your personal data should not be processed. In the event of your justified objection, the situation will be examined and either the data processing will be discontinued or adapted or you will be shown the compelling reasons worthy of protection on the basis of which the processing will be continued.

12. right to lodge a complaint with the competent supervisory authority (see Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been submitted will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

13. how you exercise these rights

You can assert your rights with the data protection officer of the respective controller, whose contact details can be found under point 2. If you make use of the aforementioned rights, the controller will check whether the legal requirements are met.

If you have any questions about the information we provide, please contact us using the contact details given under point 1.

Further information on social networks and how you can protect your data can also be found at https://youngdata.de.

VI. reservation of right of amendment

We reserve the right to amend this privacy policy in compliance with the statutory provisions.

Status January 2026