The processing of your personal data will take place exclusively in the context of the legal provisions of data protection law in the European Union, in particular the EU General Data Protection Regulation (hereinafter “GDPR”) and in addition to the Federal Data Protection Act (hereinafter “BDSG”) and additional legal provisions on data protection (collectively “data protection laws”).
If you would like to take a look at the GDPR yourself, you can find it on the internet at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
This data privacy statement applies only to the website accessible by the domain trenzyme.com. The following notes do not relate to other websites of trenzyme or third party websites of other providers to which the website is linked. The terms used such as e.g. “personal data” or its “processing” correspond to the definitions in Art. 4 GDPR.
1. Subject matter of the data protection, legal bases and sources
Subject matter of the data protection is personal data. Personal data are all information that relates to an identified or identifiable natural person (so-called data subject). Your personal data therefore includes all data that allows your person to be identified, such as e.g. your name, your address, your telephone number or your email address. Personal data also includes information necessarily arising through use of our website such as e.g. beginning, end and scope of the use or your IP address.
Personal data are also collected, insofar as you provide them to us by performing a contract (contractual data).
We process your data only when an applicable legal regulation permits this. We will base the processing of your data, inter alia, on the following legal bases:
Consent (Art. 6 Paragraph 1 Clause 1 a GDPR): We will process determined data only on the basis of your previously granted, express and voluntary consent. You have the right to revoke your consent at any time with effect for the future.
Fulfillment of a contract or performance of pre-contractual measures (Art. 6 Paragraph 1 Clause 1 b GDPR): We require determined data from you in particular to enter into or perform a contractual relationship with trenzyme.
Compliance with a legal obligation (Art. 6 Paragraph 1 Clause 1 c GDPR): We also process your personal data to comply with legal obligations such as e.g. supervisory regulations or retention duties under commercial and tax law.
Safeguarding legitimate interests (Art. 6 Paragraph 1 Clause 1 f GDPR): trenzyme will process determined data to safeguard its interests or the interests of third parties. However, this only applies when your interests do not overridden in the specific case.
Please note that this is not a complete or exhaustive list of the possible legal bases, but these are merely examples that should make the legal bases under data protection law more transparent. These personal data originate from the following sources:
Largely from you yourself, in particular by your use of our website, from your contact enquiries and possibly information upon conclusion of a contract.
Further information on the legal bases of the individual data processing processes on our website and on the sources of the underlying data can be found in the statements under the following points.
2. Server log data
You can visit our website without providing information about your person. By visiting our website, the following information concerning the access may be stored:
The IP address of the requesting end device,
accessed pages and files,
the http response code,
the number of accessed pages and files in bites,
the previous website from which you visit the website (referrer URL),
date, time and time zone of the server request,
browser type and version,
operating system of the requesting end device that was used.
We process these data based on Art. 6 Paragraph 1 Clause 1 f GDPR to provide the website, to ensure the technical operation and the security of our IT systems. We pursue the interest of enabling the use of our website and its technical functionality and to permanently maintain this. These data are automatically processed upon accessing our website. You cannot use our website without providing this data. We do not use this data for the purpose of drawing conclusions about your identity.
The automatically collected data are generally deleted after 7 days, unless we require them for the above-mentioned purposes for exceptionally longer periods. In such a case, we will delete the data without delay when there is no longer a purpose for it.
You cannot object to the collection and storage of your server log data since these data are necessarily required for seamless operation of the website.
3. Communication via contact form or email
If you communicate with us via contact form or email, your voluntarily disclosed contact data (such as e.g. name, email address) are only purposefully collected, processed and used, either to receive and answer your request(s) and for technical administration. The data disclosed by you via our contact forms are encrypted upon transmission by Transport Layer Security (TLS), widely-known under the former name Secure Socket Layer (SSL).
The processing of data that are transmitted in the context of communication via contact form or via email takes place based on Art. 6 Paragraph 1 Clause 1 b GDPR when it concerns entering into a contractual relationship or based on Art Paragraph 1 Clause 1 f GDPR. In the latter case, we have a legitimate interest in processing contact requests voluntarily sent to us.
We delete the data indicated by you as soon as the purpose of the collection is completely unnecessary, subject to compliance with continuing legal retention duties.
Insofar as your data are processed based on legitimate interests, you may object to the storage of your personal data at any time. In this case, we will no longer process your data, provided we cannot prove any legitimate interest in doing so or are otherwise legally required to store it. To exercise your right to object in relation to storage, please contact us in writing, by fax or email.
But please note that upon communication via contact form, complete data security cannot be guaranteed by us and communication via email does not take place via a secured data connection. Accordingly, please refrain from sending any confidential information such as bank or credit card details, etc., via these methods. We recommend that you use a secure transmission route such as the mail to send confidential information.
4. Online application and application via email
You have the option of sending us applications for open positions or speculative applications via the online application contact form on our website or via email. We process the data that you have sent to us in connection with your application in order to check your suitability for the position (or other open positions) and to carry out the application process. This includes in particular your information about your person, your submitted address, your resume and your submitted references or other supporting documents submitted by you.
The data disclosed by you via our online application contact forms are encrypted upon transmission by Transport Layer Security (TLS), widely-known under the former name Secure Socket Layer (SSL). The legal basis for the processing of your personal data in this application process is in particular Section 26 BDSG in connection with Art. 6 Paragraph 1 Clause 1 b GDPR. According to this, the processing of data is permissible insofar as it is required in connection with the decision concerning the establishment of an employment relationship.
Your application to us is of course completely voluntary. However, if you decide to apply, you should indicate the personal data that are required for the establishment of an employment relationship. We will disclose to you in a suitable manner what data we consider necessary (e.g. by marking mandatory fields in the forms). Without these data, we cannot consider you in the application process.
The storage of any voluntarily indicated additional information from the applicant takes place based on Art. 6 Paragraph 1 Clause 1 f GDPR since we have a legitimate interest in also processing the additional information indicated voluntarily by you for the purposes of carrying out the application process. You can object to the processing of voluntarily indicated data at any time with effect for the future without providing reasons. In this case, we will no longer process your data, provided we cannot prove any legitimate interest in doing so or are otherwise legally required to store it.
If you consented to the continued storage of your personal data, we are entitled, based on your consent (Art. 6 Paragraph 1 Clause 1 a GDPR) to include your data in our applicant pool and to process it in connection with application processes for future open positions at trenzyme. This also includes making contacting with you, if you are considered in such an application process. You may revoke your granted consent at any time with effect for the future without providing reasons.
If the data are required for prosecution following conclusion of the application process, data processing can take place to safeguard legitimate interests according to Art. 6 Paragraph 1 Clause 1 f GDPR. Our interest in this case is the assertion or defending of claims.
Data from applicants are regularly deleted after four months in the case of rejection. For the case where you have consented to continued storage of your personal data, we will include your data in our applicant pool. The data will be deleted from there after two years.
If you are selected for a position in the context of the application process, the data from the online application process will be included in our personnel information system and processed there, insofar as they are required for establishing and carrying out the employment relationship.
Your applicant data will be viewed by us internally after receiving your application from the HR department and the department heads. Essentially, the individuals with access to your data in the company are only those who require it for the proper running of the application process.
Cookies are small identification markers which our webserver sends to your browser and which your end device stores in the case of corresponding standard setting. They can be used to determine whether communication with us from your end device already existed. As a result, they serve the purpose of making the usage more comfortable for you and optimizing our service. In this case, we distinguish whether the cookie is technically necessary, whether it is set by our website itself or by a third party. Please read the following provisions for detailed information on the type, function, purposes, legal bases and objection options to the data processing in the case of cookies.
Furthermore you can object to the storage of cookies at any time by selecting “do not accept cookies” in your browser settings. Please use the help function of your browser for the processes for administration and deletion of cookies in the settings of your browser. You can also deactivate all cookies by means of free browser add-ons such as e.g. “Adblock Plus” (adblockplus.org/en) in combination with the “EasyPrivacy” list (easylist.to) or “Ghostery” (ghostery.com). If you do not accept cookies, this may, however, lead to functional limitations of the website.
1. a) Cookies that are absolutely necessary
We use the following cookies on our website that are absolutely necessary for the functioning of our website, to the storage of which we have a legitimate interest since we could not otherwise provide our website with determined underlying functionalities (e.g. you would have to log in again each time you changed the page):
Session The data processing takes place to safeguard our legitimate interests on the basis of Art. 6 Paragraph 1 Clause 1 f GDPR. Our legitimate interest emerges in this respect from the outlined usage purposes.
1. b) Additional first party cookies
Additional first party cookies, which are not absolutely necessary to be able to use the website, fulfill important tasks. They allow comfortable surfing on our website, such as for example pre-filled forms. We can also respond to you with individually tailored offers. We use the following additional first party cookies on our website:
The data processing takes place to safeguard our legitimate interests on the basis of Art. 6 Paragraph 1 Clause 1 f GDPR. Our legitimate interest emerges in this respect from the outlined usage purposes.
1. c) Cookies from third party providers
The data processing takes place to safeguard our legitimate interests on the basis of Art. 6 Paragraph 1 Clause 1 f GDPR. Our legitimate interest emerges in this respect from the outlined usage purposes.
You can find additional details and options to object to data processing in the case of cookies from third party providers in the following descriptions of the individual functions that relate to the use of such cookies or technologies similar to cookies.
We have integrated elements of the social network Facebook on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 Sect. 1 lit. a GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
We have integrated functions of the social media platform Twitter into this website. These functions are provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
If the social media element has been activated, a direct connection between your device and Twitter’s server will be established. As a result, Twitter will receive information on your visit to this website. While you use Twitter and the “Re-Tweet” function, websites you visit are linked to your Twitter account and disclosed to other users. We must point out, that we, the providers of the website and its pages do not know anything about the content of the data transferred and the use of this information by Twitter. For more details, please consult Twitter’s Data Privacy Declaration at: https://twitter.com/en/privacy.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.
The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address, and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.
Data stored for other purposes with us remain unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
9. Embedding of videos
YouTube videos are embedded on this website. This service is operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, (“YouTube”), which is a subsidiary of Google LLC., Amphitheatre Parkway, Mountain View, CA 94043, USA.
When playing the videos, a connection is established to YouTube servers in the USA. Determined information (e.g. your IP address) will be hereby transmitted to YouTube. It may also happen that YouTube stores cookies on your end device, insofar as you have consented or not objected to the use and storage of cookies from third party providers. We do not receive any information on the type and scope of the data collected by YouTube and have no influence over its use. YouTube may also receive information through the embedding that your browser accessed the corresponding page of this website, even if you do not have a user account with YouTube or Google or are not logged into YouTube or Google. Your data are processed in order to provide you with the mentioned functions and use of determined content in the context of our website based on Article 6 Paragraph 1 f GDPR. We also have a legitimate interest in use content and services of third parties for the economic operation and optimization of our website.
You can find additional information on the purposes and scope of the data collection and the additional processing and use of the data by YouTube and your rights in this respect and the available setting options to protect your privacy in the data privacy notices of YouTube/Google:
The YouTube videos embedded on this website which are stored on https://www.youtube.com and can be played directly from this website, are embedded in the “expanded data protection mode”, i.e. so that, according to YouTube, no data about you as a user are transferred to YouTube, when you do not play the videos.
You can also prevent the storage of cookies from third party providers by deactivating them in the setting of your browser or by means of browser add-ons such as e.g. “Adblock Plus” (https://adblockplus.org/en/) in combination with the “EasyPrivacy” list (https://easylist.to/) (see above Point 5); however, please note that by doing so you may not have full use of all the functions on our website.
10. Content from third party providers / Google Fonts and Google Maps
We use services of third party providers on this website in order to embed their content such as e.g. fonts and maps (hereinafter “content”). The processing of your data takes place based on our legitimate interests (Art. 6 Paragraph 1 Clause 1 f GDPR) in the economic operation, the optimization (in particular the user friendliness) and the usage analysis of our website.
The third party providers of this content always receive information on your IP address since they could not transfer the content to your end device without the IP address. The IP address is required to display the content. It may also be that the third party providers store cookies on your end device.
We use the following content from third party providers:
We integrate so-called Google Fonts from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. You can find further information on data usage by Google, settings and objection options on the Google websites from the following link: https://policies.google.com/privacy?hl=en.
We use the service “Google Maps” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to display maps. Processed data may include in particular IP addresses and location data, which are, however, not collected without your consent (generally by corresponding device settings).
You can find further information on data usage by Google and on settings and objection options on the Google websites from the link listed under a).
11. Recipients of personal data
Your personal data are provided by us only to external recipients insofar as this is required to handle or process your matter, we have your consent for this or there is another legal permission available.
External recipients may be in particular:
Order processors: These are service providers who we use to render services, for example in the areas of technical infrastructure and maintenance of our website. Such order processors are carefully selected by us and regularly checked to ensure that your privacy stays protected. These service providers may use the data exclusively for the purposes predefined by us and according to our instructions. We are authorized to use such order processors to safeguard the legal requirements of Art. 28 GDPR.
Public bodies: These are authorities, state institutions and other public corporations or supervisory authorities, courts, public prosecutors or finance authorities. Personal data are transmitted to such public bodies only for the legally required reasons. The legal basis of such a transmission is Art. 6 Paragraph 1 Clause 1 c GDPR.
Non-public bodies: Service providers and assisting individuals to whom data are transmitted based on a legal obligation or to safeguard legitimate interests, are for example tax advisers or auditors. The transmission then takes place based on Art. 6 Paragraph 1 Clause 1 c and/or f GDPR.
12. Data processing in third party countries
Insofar as we transmit your data to third party countries outside of the EU or the EEA in accordance with the above statements, we ensure prior to the disclosure that there is either a suitable level of data protection or you consent to the data transmission irrespective of legally permissible exceptional cases for the recipient. A suitable level of data protection is for example ensured by a EU-US Privacy Shield certification of the recipient, the conclusion of EU Standard Contractual Clauses or the existence of so-called Binding Corporate Rules (BCR).
13. Storage duration
We store your personal data only for as long as it is required to fulfill the purposes or, in the case of consent, provided the consent is not revoked. In the case of an objection, we will no longer process your personal data, unless its further processing is permitted according to the relevant legal provisions or even obligatorily prescribed (e.g. in the context of retention duties under commercial and tax law). We will also delete your personal data when we are required to do so for legal reasons. Otherwise, you can find the details on the storage duration of your personal data from the respective statements in the previously listed points.
14. Your rights
As a data subject of data processing, you have numerous rights. They are in detail:
Right of access (Art. 15 GDPR): You have the right to obtain access concerning the data stored by us about your person.
Right to rectification and erasure (Art. 16 and Art. 17 GDPR): You can request us to rectify inaccurate data and, insofar as the legal requirements are met, to delete your data.
Right to restriction of processing (Art. 18 GDPR): You can request us, insofar as the legal requirements are met, to limit the processing of your data.
Right to data portability (Art. 20 GDPR): If you have provided data to us based on a contract or consent, you can request in the presence of the legal requirements that you obtain the data provided by you in a structured and commonly used format or that we transmit this data to another controller.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You can also lodge a complaint with the responsible supervisory authority when you believe that the processing of your data breaches applicable law. You can also optionally contact the data protection authority who is responsible for your habitual residence, your workplace or the location of the alleged infringement or the data protection authority responsible for us. The supervisory authority for data protection responsible for us is the State Officer for Data Protection in Baden-Württemberg (LfDI), contactable at Königstraße 10a, 70173 Stuttgart, Tel: 0711 615541-0, Fax: 0711 615541-15, Email: email@example.com, Internet: www.baden-wuerttemberg.datenschutz.de.
For queries on the topic of processing of your personal data, your rights as a data subject and any granted consent, please do not hesitate to contact us using the methods of communication mentioned under Point 13. Please also use the below contact details directly to exercise your rights as a data subject.
15. Contact in the case of queries on data protection
In the case of queries on data protection and to exercise your rights as a data subject, please contact us as follows:
We take technical and organizational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or from access by unauthorized persons. These security measures are adapted accordingly to the state of the art.
Your personal data transferred in the context of the use of our website are transferred to us securely through encryption. We use the encryption protocol Transport Layer Security (TLS), widely-known under the former name Secure Socket Layer (SSL). Our officers are obligated to data secrecy.
From time to time, it may be necessary to adapt the content of the present data privacy statement. We therefore reserve the right to change it at any time. Insofar as your consent is required for a change, we will obtain this from you. We will also publish the amended version of the data privacy statement at this point. When you revisit our website, you should therefore reread the data privacy statement.
Issued: Mai 2023
Give us a call or fill in the form below and we will contact you. We endeavor to answer all inquiries within 24 hours on business days.