DATA PRIVACY STATEMENT
This privacy notice applies exclusively to the internet content and services of Express Air Systems GmbH and within the scope of the employment relationship. As part of the employment relationship, these are complemented by an internal outline.
Thank you for your interest in our company, our products and our services. Our privacy notice aims to let you know what data we collect from you, how we use this data and how you can object to the use of data.
It is basically possible to use our web pages without providing personal data. Certain services and activities provided by our company via our internet site may make it necessary to process personal data. The following privacy notice will provide you with detailed information about this. Please note that our web pages may contain links to other providers that are not covered by this privacy notice.
Who is responsible for collecting and processing data?
Express Air Systems GmbH
Phone: +49 6192979800
collects and processes your data as the controller.
Do you have any questions, suggestions or complaints regarding the processing of your personal data?
Then please contact: [email protected]
What data do we collect and why are we processing your data?
We collect and process your data only for clearly defined purposes. These arise because of technical necessity, contractual requirements or express requests made by the user.
Thus, we require personal data from you in order to fulfill a contract. We use this data for order processing, collection, delivery, order picking, returns processing, movement of goods, payment processing, credit assessments, delivery to the designated address and, where applicable, for processing cancellations and refunds. In short, to carry out our logistics services.
For reasons of technical necessity, certain data is collected and stored when you visit our web pages. This includes e.g. the date and duration of your visit, the web pages visited, data identifying your browser and type of operating system and the web page via which you came to us.
Legal basis for data processing
- If we obtain your consent to perform processing operations involving your personal data this shall provide the legal basis pursuant to Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR).
- Where the processing of personal data is necessary for the performance of a contract with you, the contract provides the legal basis under Article 6(1) (b) GDPR. Article 6(1) (b) GDPR also applies to processing operations that are necessary for carrying out precontractual measures, such as in the case of inquiries about our products and services.
- Where our company is under a legal obligation which makes it necessary to process personal data, such as for example to comply with tax obligations, such processing is based on Art. 6 (1) (c) GDPR.
- Where necessary, we process your data to an extent that goes beyond performance of the contract in order to protect our legitimate interests or those of third parties pursuant to Art. 6 (1) (f) GDPR). Examples of this include: the revision and improvement of procedures for business management and the development of products and services; advertising, market research and opinion polling – provided you have not objected to the use of your data; the assertion and defense of legal claims; prevention and investigation of criminal offenses; safeguarding IT security and IT operations; consultation and exchange of data with credit agencies to determine creditworthiness and default risk.
- We collect your personal data for recruitment procedures and within the framework of the employment contract on the basis of Art. 6 (1) (b), Art. 88 General Data Protection Regulation (GDPR) in conjunction with Section 26 (1), sentence 1 German Federal Data Protection Act (BDSG).
Do we share your data with third parties?
Contract processing generally requires the deployment of direct-reporting contract processors, such as data center operators, shipping and freight forwarding service providers, and other parties involved in contract performance. External service providers, who are commissioned by us to process data, are carefully selected and placed under a strict contractual obligation e.g. by way of rigorous technical and organizational measures and supplementary checks. Your data will only be transferred if you have provided your express consent or on the basis of a statutory provision.
Personal data will not be transferred to third countries outside the EU or EEA, or to an international organization, unless appropriate safeguards are in place. These include the EU standard contractual clauses as well as an adequacy decision by the EU Commission.
Irrespective of this, transfer may be necessary:
- for the purposes of shipping, freight forwarding and customs clearance, to our affiliated transport operators, forwarding agents or Group offices;
- for the purposes of credit assessments prior to conclusion of the contract via contractually bound credit agencies;
- for the purposes of customer support by telephone and sometimes a call center;
- where contact forms are used for dialog with the customer, we may send data to the relevant Group offices;
- in the event of irregular payments or default on payments, we may send debt-claim data to a debt collection agency;
How long is your data stored?
We only store your data for as long as necessary or required by law to carry out the purpose for which it was collected. For example, when there is a contractual relationship, we save your data at least until the contract is fully terminated. Thereafter, the data is stored for the duration of the statutory retention periods.
Rights of data subjects
- You can request information about the data that we have stored about you.
- You can require correction, deletion and the restriction of processing (blocking) of your personal data if this is permitted by law and possible within the scope of an existing contractual relationship.
- If you grant us consent to process your data, you can withdraw this at any time by the same method that you used to grant it. Withdrawal of consent shall not affect the lawfulness of processing which took place prior to withdrawal of consent. To exercise your rights, send a letter by post to the above-named controller.
- In addition, you have the right to lodge a complaint with a data protection supervisory authority.
- The data protection supervisory responsible for our company is: Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, E-Mail: [email protected]
Examples of specific data processing operations
When you register to receive our newsletter, you are required to provide us with your email address. In this case, you are allowing us to use your email address for advertising purposes such as to send you information about similar products or other new features.
When you register for the newsletter, we store the IP address provided at that time by your internet service provider (ISP), in an anonymized form, information about the computer system being used and the date and time of registration. This is necessary in order to discover any possible misuse of the email address and therefore provides us with legal protection. You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter.
Contact form & inquiries
Due to statutory requirements, our web pages contain details enabling you to make fast electronic contact with us as well as direct communication with our companies. Where a data subject contacts us by email or via a contact form, the personal data thereby transferred will be stored automatically. This also applies to inquiries by telephone in which case the information provided by you will be stored in order to process your inquiry. This takes place for the purpose of processing or making contact. Sharing this personal data with third parties without your consent is not permitted unless we are under a legal obligation to do so.
In the course of issuing and processing offers, we process the contact details provided by you such as e.g. name, telephone number and email address as well as the offer address, address for loading and unloading and the list of removal items. If you order special services such as e.g. packing and unpacking, it is possible that the specialist staff receive knowledge of additional personal data. Our staff and any contractors that we deploy are contractually obliged to maintain confidentiality and subject to a general duty of non-disclosure. The relocation is followed up by an evaluation questionnaire about the relevant relocation. Participation is optional and can be refused at any time.
Payment data, such as bank account and credit card details, as well as contact and identification information, are collected in connection with shipping contracts and other services, for the purpose of processing payments. To authorize credit card payments, the verification code is used for every payment transaction. This is not stored but is used only for the purpose of processing the payment.
Data protection regarding job applications and recruitment procedures
We are delighted that you are interested in us as a possible employer. The protection of personal data of job applicants*, employees and all our affiliated third parties is very important to us. We collect and process the personal data of job applicants for the recruitment procedure. Processing may also take place electronically. This mainly occurs where an applicant transmits application documents electronically, for example by email or via an online application tool, to the person responsible for processing it.
We collect personal data relating to you that is relevant for the recruitment procedure or which you transmit to us as part of the application process (including for example first name, surname, address, email, position applied for and the details of your personal application). In order to assess your application carefully, we may also need additional information, e.g. about your professional career.
When you make an online application, you enter your personal data into an online form or send them by email and upload the accompanying documents. In the case of applications by other channels, we collect the relevant information from your application and store your application documents in our system.
When you apply for a specific job or take part in a recruitment event, you can actively consent to the transmission of your personal data for the purpose of applying for other possible jobs in the same or another group company (national or international). If you do not give your consent or if you withdraw consent, this means that your application cannot be considered further for other jobs. You can withdraw your consent for transmission at any time by post to the address given above or by email to [email protected] . Withdrawal of consent to the transmission of your application means that your application cannot be considered further for other jobs. If your application could be considered by another group company but we do not have your consent, we would always obtain your express consent before sharing your data.
Due to the organizational structure of Express Air Systems GmbH and depending on your chosen application channel, your application may be processed by various offices. In all cases, your personal data will be processed exclusively by the company responsible for the job advertisement and, where applicable, by service providers that are contractually bound and legally obliged to comply with the relevant data protection provisions.
Under the Anti-Terrorism Regulations EC 2580/2001 and EC 881/2002, Express Air Systems GmbH is prohibited from maintaining commercial relations with persons or organizations suspected of terrorist activity. In order to comply with these Regulations, we are obliged to check all job applicants, who are invited to an interview, against a sanctions list of persons and organizations suspected of terrorism. This of course takes place in compliance with all data protection provisions.
When an employment contract comes into effect with an applicant, the data transmitted for the purpose of processing the employment relationship is stored in accordance with the statutory provisions. When no employment contract is concluded with the applicant, the application documents will be deleted automatically three months after notification of refusal has been given, unless other legitimate interests of the party responsible for processing prevent such deletion. Another legitimate interest in this sense is, for example, the duty to provide evidence in proceedings under the Equal Treatment Act (AGG). If you attend our Assessment Center for our sandwich degree courses or take part in our trainee program, we will store your results for a maximum period of 12 months.
In addition, you have the right to request us to delete your data. If you want us to delete your application data, subject to compliance with the statutory retention periods, please contact the address indicated above.
Online conferences, meetings and events
Implementation of training
External service providers are regularly used for the implementation of face-to-face training as well as for online training. These external partners receive participant lists and create the participation certificates. In principle, lists of participants are also created for internal training courses to create certificates. For events that do not take place in the premises of us, the booking of hotels and venues may be necessary. To book the data of the participants will be transmitted in advance.
Data protection for Corona tracking
Companies are obliged to take the necessary measures to ensure the occupational safety and health of employees on the basis of their duty of care and the Occupational Safety and Health Act (ArbSchG) and health protection. This includes the employer’s obligation to protect employees from infection by a sick person. This includes not only the company’s relationship with its employees, but also its customers.
1. Categories of personal data
In order to contain the pandemic and protect the health of our employees, the following personal or personal data are currently collected by our employees:
Name, First Name
Phone number/contact details
Internal Contact Persons
Areas of residence within the workplace
2. Purpose and legal basis of the processing
The data is collected for the purpose of the subsequent execution of infection chains in connection with Covid-19, in accordance with the requirements of the Occupational Safety and Health Act and the requirements of the Federal Ministry of Labour and Social Affairs on the Corona pandemic. A legal basis for processing within the meaning of Article 6 (1) lit.c GDPR and, on the basis of health protection, also Section 22 (1) lit.c BDSG is given.
3. Transfer of data to third parties
A transfer to the relevant health office of the above-mentioned data takes place only if there is an official order or other measure, which is based by the authority on the Infection Protection Act. Your data will only be passed on to the competent health authority as a third party in cases of the above-mentioned legal bases.
4. Duration of storage
The data will be retained for the duration of four weeks after your last stay and will subsequently be deleted or destroyed in accordance with data protection regulations.
Use of the EASY Customer Portal
To create an account in our Customer Portal, the following mandatory information is collected: First name, last name, company, company address, e-mail address, telephone number, preferred language, VAT number (if available), company registration number. No personal account can be created without providing this data. We use this data to process your registration on the portal and for related services. After you have created your profile, you can add additional information. This information is voluntary.
In the context of the employment relationship
A. Objectives and legal bases
Your personal data will be processed by your employer and any mentioned group companies primarily for establishing, implementing and terminating your employment (art 6 para 1b, art 88 DSGVO in conjunction with §26 para. 1 BSSG). For this purpose, it is necessary to collect various types of personal data, such as your contact information and HR master data and data which is required for your payroll or the transfer to the pension insurance fund. If this is necessary for the performance of your employment relationship, you are obliged to provide the necessary information and must otherwise expect that personnel processes will not function or that sanctions under employment law will also be possible. For important areas, e.g. the use of company IT, more specific regulations and legal bases are contained in company agreements. In the context of the implementation of the employment relationship, your personal data is collected and processed in particular for the more concrete purposes listed below – whereby, due to the factual context, such purposes are also named which are also covered exclusively or partially by the legal basis of a consent (they are marked with **):
- Recruitment, onboarding, change of job, change and termination of employment relationship
- Personnel data administration (master data administration, personnel file management, etc.)
- Implementation of your employment relationship, e.g. work organization, equipment, performance of a task, supervision by the manager
- Granting of benefits**, e.g. company travel, housing, rent subsidies, child care
- Leave processing; working time regulations, time recording, time off
- Qualification, further training and development**
- Health care and examinations, if necessary fitness, health promotion and if necessary company integration management*.
- Company pension scheme*.
Occasionally, your personal data may also be collected on the basis of consent given by you voluntarily in writing or in text form (Article 6 para. 1 a or Art. 9 para. 2 a DSGVO, § 26 para. 2, 3 BDSG). This is only the case in very exceptional cases, for example in the context of voluntary personnel development measures, photo publications or additional offers to your advantage, e.g. child care or additional offers within the company pension schemes.
During your time of employment, your personal data will also be processed on the basis of overriding legitimate company interests (Art. 6 Para. 1 f DSGVO). This is permissible if the interests of the company outweigh the personal right of the employees concerned in the concrete consideration of interests. This may be the case within the scope of the fulfilment of operational requirements, e.g. within the scope of video surveillance or access control for access to our buildings and the company premises, in order to protect the safety of the operating resources and employees and to preserve the domestic authority. Some of the above-mentioned collection or internal forwarding of personal data within the Group takes place on this legal basis in order for other Group companies to perform central functions for the purpose of efficient performance of Group tasks, such as the collection of data by the central legal department when it comes to safeguarding legal claims.
In the context of your employment with one of us, personal data is also collected by the employer on the basis of other legal bases. This is particularly the case if personal data are collected and processed on the basis of legal obligations, e.g. tax or social security law (Art. 6 para. 1 c DSGVO in connection with the respective legal obligation under European or national law, e.g. in accordance with the Tax Code or Social Security Code). The legal basis for possible measures of internal clarification of the facts of the case is Section 26 (1) sentence 2 BDSG.
Special categories of data” – that is, health data or data about your ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for unique identification, health data or data about sex life or sexual orientation – may also be collected in the context of employment. The following applies to them: their collection and processing is subject to strict rules. They may only be collected based on the legal bases referred to in Article 9 (2) DSGVO, e.g. on the basis of consent or, if necessary, in order to exercise or comply with rights and obligations under labour law, social security law or social protection.
B. Origin of data
The data is initially collected is based on the information you have provided yourself when establishing your employment, in particular from the personnel questionnaire. Further personal data is collected on the basis of your information, applications and notifications during your employment (e.g. change of marital status, indication of changed contact or account data), as well as in the context of your own activities, e.g. when using work tools such as scheduling systems, or on the basis of information from your superiors or third parties in connection with personnel processes in which your data is processed for a specific purpose (e.g. grouping, qualification, documentation of employee appraisals, payroll accounting, time recording). In addition, certain data is transferred from one personnel data system to other personnel data systems for a specific purpose (for example, data from identity management via interfaces to systems that you use or that HR uses). In addition, we receive personal data from authorities, social insurance carriers and, where applicable, other external third parties.
C. When will your data be deleted?
Your data will always be kept for as long as required for the respective purposes and subsequently deleted, considering the statutory retention periods. Once the purpose of the data collection has been achieved, data access will be restricted (i.e. blocked) for a necessary retention period during processing and subsequently deleted. This is based on differentiated deletion concepts.
D. When is data passed on?
As part of your work, you make your personal data available to other employees as part of cooperation. Your personal data is exchanged between individual departments, Group companies and personnel systems in the DB Group to the extent necessary for the purposes described above. Furthermore, your personal data will be passed on to authorized external recipients to the extent necessary to fulfil the purpose on the basis of legal or contractual requirements, taking into account the principle of data economy. These include external contractors, tax authorities, social insurance carriers, banks, insurance companies, DB Group social institutions and auditors. These may also be recipients in other Member States of the European Union or the European Economic Area (EEA). In rare cases, e.g. in the case of delegation, recipients in countries outside the EU/EEA. In the latter case, this only takes place if the legal requirements are fulfilled and an appropriate level of data protection is ensured for the recipient.
E. Data Overview
An overview of the categories of personal data stored about you, including the procedures, the purpose of processing, recipients and persons with access rights can be found in document 08 ZF015 Annex Data Overview. It is important to us that we make the processing of your data transparent. The extent to which data about you is collected, processed and stored can be seen in the data overview.
General information on using our web pages
When using this general data and information, we do not draw any conclusions about the data subject. Such information is in fact required in order to ensure that our online content is correct, to optimize advertising for the internet site, to ensure that our IT systems and the technology for our internet site remain in working order at all times, and to provide prosecution authorities with information in the event of a cyber attack. This anonymized data and information ultimately serve to increase data protection and data security in our company. The anonymized data in the server log files is stored separately from all personal data entered by a data subject.
Use of CloudFlare
To secure this website and optimise load times CloudFlare is used as a CDN (“Content Delivery Network”). Therefore, all requests are forcibly routed through their servers and consolidated into statistics that cannot be deactivated. According to them, the raw data collected are usually deleted there within 4 hours, and after 3 days at the latest . Information about the data collected there can be found at https://blog.cloudflare.com/what-cloudflare-logs/. All of the information about security & privacy at CloudFlare, can be found at https://www.cloudflare.com/privacypolicy/.
CloudFlare Inc. ist ein US-amerikanischer Anbieter
The CDN (Content Delivery Network) service is provided to you by 1 & 1 Internet AG via the technology partner CloudFlare Inc., based in the USA. For the CDN service, content data processed according to purpose for performance improvement worldwide on CloudFlare servers. In addition, security tools and traffic monitoring will be provided through CloudFlare Inc., based in the US. For this purpose, the usage data of visitors to this website is processed on CloudFlare servers.
Browser settings to manage cookies
You can set your browser to prevent tracking by cookies (do-not-track, tracking protection list) or to block storage of third-party cookies. In addition, we recommend that you make a regular check of stored cookies. The pages listed below show you how to change your browser settings:
- Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Tracking-Protection-List: https://www.microsoft.com/de-de/IEGallery#tracking-protection-list
Please note: if you delete all cookies, any opt-out cookies already on your hard drive may also be deleted so you may have to reactivate any previous opt-outs.
Social plug-ins and embedded content
Our pages contain plug-ins from social networks that allow you to recommend our content to other people. We thus offer you the possibility of interacting with social networks and other users.
When you visit our web pages, you may find grayed-out images of the relevant functions instead of the actual plug-ins as these will not have been activated when the web page was loaded. Clicking on the image activates the plug-in and you will be forwarded to the relevant social network. The data flow arising at that moment is the responsibility of the relevant social network. We, as the provider of our pages, have no knowledge of the content of the data processed by the social network or of the processing operation. The legal basis for the use of plug-ins is Article 6 (1) (f) GDPR.
An overview and origin of the social plug-ins that can be activated by the Shariff solution is available here:
- Social plug-ins from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook’s data privacy guidelines are available at: https://www.facebook.com/privacy/explanation
- Social plug-ins from Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND Twitter’s data privacy notice is available at: https://twitter.com/en/privacy
- Social plug-ins from Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. The privacy notice is available at: https://help.instagram.com/155833707900388
- Social Plugins from Google+ Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The privacy notice is avaiable at: https://policies.google.com/privacy?hl=en
- Social plug-ins from LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. The privacy notice is available at: https://www.linkedin.com/legal/privacy-policy?_l=en
- Social plug-ins from XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany. The privacy notice is available at:
We want to provide you with a wide range of multi-media content. Thus our web pages contain embedded YouTube videos. The legal basis for this is Art. 6 (1) (f) GDPR. When visiting the pages, you will find a link. When you click the link to play the video, you leave our web page and are forwarded to YouTube. At this point, Google as the operator of YouTube, will set cookies and pixel tags for the personalization of advertising and search results. Google is solely responsible for this data processing as the operator of YouTube. We have no knowledge of, or control over, which data is processed. Additional information is available at: https://policies.google.com/privacy?hl=en
Is data transmission encrypted
Data and emails sent via the internet are normally unencrypted and are therefore not protected against third-party access. In order to protect your data on our web pages, your connection to our server is transport encrypted by default using the Transport Layer Security (TLS) encryption method with at least 256 bit. Since we cannot guarantee the confidentiality of the information sent to us via email, we recommend that you only send confidential information by contact form or post.
Updates to the data privacy notice
We update this privacy notice to reflect modified functionality or changes to the legal situation. We therefore recommend that you review the privacy notice periodically.
07th September 2022