Data Privacy Statement

Introduction

We are pleased about your visit to our web pages as well as your related interest in our company and our products. The protection of your personal data is very important to us. ZIM Aircraft Seating GmbH (hereafter, “ZIM”, “we” or “us”) places great value on the security of its users’ data and the observance of provisions related to data privacy laws.
ZIM’s web pages can incorporate links to the websites of other providers who are not included in this data privacy statement. Which data the operators of such sites might conceivably gather is beyond our knowledge and our ability to control. You will obtain such information from the data privacy statement of those respective websites.
We are going to inform you in detail below on how we handle your data.

Definitions

This data privacy statement rests upon the definitions of the General Data Protection Regulation (GDPR).

  • “Personal Data” are all items of information, that are related to an identified or identifiable natural person (hereafter, “affected party” (Article 4 No. 1 of the GDPR). Your personal data includes such information as your historical data (first and last names, address and date of birth), your contact data (telephone number, e-mail address), your billing data (bank account) and much more.
  • “Processing” is every process carried out with or without the help of automated procedures or every such series of processes in connection with personal data such as the gathering, capture, organizing, arranging, storage, adaptation or change, querying, use, disclosure through transmission, dissemination, or other form of provision, reconciliation or linking, restriction, deleting or destruction.
  • “Affected party” is every identified or identifiable natural person whose personal data is being manipulated by the person responsible for the processing.
  • “Responsible party” is the natural or juridical person, authority, facility or other entity that alone or together with others decides on the purposes and means by which the personal data will be processed. If the purposes and means of this processing are specified by EU law or the law of the member states, so can the responsible party be stipulated or more specifically, the particular criteria of his appointment can be stipulated in accordance with EU law or the law of the member states.
  • “Order processor” is a natural or juridical person, authority, facility or other entity that processes personal data on behalf of the responsible party.
  • “Receiving party” is a natural or juridical person, authority, facility or other entity to whom personal data is disclosed, independent of whether it involves a third party or not. Authorities that may possibly receive personal data in the course of an investigation mandate in accordance with EU law or the law of member states, are not regarded as recipients.
  • “Third party” is a natural or juridical person, authority, facility or entity other than the affected party, the responsible party, the receiving party and the persons who under the immediate supervision of the responsible party are authorized to process the personal data.
  • “Consent“ is every declaration of intent by the affected party given voluntarily in an informed fashion for the particular case and unambiguously in the form of a declaration or an otherwise explicitly confirming action with which the affected party makes it understood that they are in agreement with the processing of the personal data pertaining to them.

Collection and processing of personal data

Use of our internet pages is basically possible without the repeated input of personal data. However, to the extent you would like to make use of our company’s special services via our internet site, processing of your personal data could become necessary. If the processing of personal data is necessary and if there is no legal basis for such processing, we generally seek consent from the affected party.

Purposes of the collection – Categories of the data – Legal basis for the processing

Anonymous data collection

You can visit our site without making proactive statements about your person. However, we automatically store each time you visit our website access data (server log files) such as the name of your Internet service provider, the operating system used, the website from which you visit us, the date and duration of the visit or the name of the requested file, and for security reasons, e.g. to detect attacks on our websites, the IP address of the computer used. These data will be evaluated exclusively for improving our offering and do not draw any conclusions about your person. No conflation of these data with other data sources will be undertaken. The legal basis for processing the data is Article 6 Para 1 of the GDPR. We process and use the data for the following purposes: 1. deployment of the ZIM web pages, 2. improvement of our web pages, 3. prevention and recognition of errors/malfunctions as well as misuse of the webpages. This type of data processing takes place either for fulfilment of the contract for using the ZIM websites or because we are tracking a legitimate interest in insuring the functionality and error-free operation of the ZIM web pages as well as adapting these web pages to the demands of our users.

Use of cookie tracking

In order to make a visit to our web pages as attractive as possible and make possible the use of particular functions, we use so-called cookies on our webpages. Doing so involves standard internet technology for storing and recalling login and other user information for all users of the ZIM web pages. Cookies are small text files that reside on your terminal device. They make it possible for us to store user settings, among other things, so that our webpages can be shown on your device in a customized format. Some of the cookies we use will be deleted again after the end of the browser session — in other words, after you close your browser (so-called session cookies). Other cookies remain on your terminal device and make it possible for us or our partner companies to recognize your browser upon your next visit (so-called permanent cookies).
You can set your browser in such a way that you will be informed about the settings for cookies and decide individually about their acceptance or to exclude the acceptance of cookies in certain cases or generally. In addition, cookies can be deleted post facto in order to remove data that the websites have filed on your computer. Instructions on this can be found quickly on the internet. The deactivation of cookies can lead to some limitations in the functionality of the ZIM webpages.

Use of Social Media

Use of Facebook

Functions of Facebook services are embedded on our pages. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. If you visit our pages, a direct connection between your browser and the Facebook server will be produced. As a result, Facebook receives the information that you with your IP address have visited our page. If you click the Facebook “Like Button” while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. As a result, Facebook can assign the visit to our pages to your user account. Please note that we, as provider of the pages, receive neither knowledge of the content of the transferred data nor the use of them by Facebook. Further information on this can be found in Facebook’s data privacy statement at https://www.facebook.com/full_data_use_policy .
If you do not wish Facebook to assign the visit to our pages to your Facebook account, please log out of your Facebook user account.

Use of LinkedIn

Our web pages use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For every call-up of one of our pages that contains LinkedIn functions, a connection to LinkedIn’s servers will be made. LinkedIn will be informed that you have visited our internet pages with your IP address. If you click LinkedIn’s “Recommend Button” and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our web pages to you and to your user account. Please note that we, as provider of the pages, have no knowledge of either the content of the transferred data or their use by LinkedIn.
Further information on this can be found in LinkedIn’s data privacy statement at: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Use of Twitter

Bound onto our pages are functions of the Twitter service. These functions are being offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Through the use of Twitter and the “Re-Tweet” function, the accounts you visit will be linked to your Twitter account and made known to other users. In so doing, data will also be transferred to Twitter. We point out that we as provider of the pages have knowledge neither of the content of the transferred data nor its use by Twitter. Further information on this can be found in LinkedIn’s data privacy statement at: https://twitter.com/en/privacy. Your data privacy settings at Twitter can be changed in the account settings at: https://twitter.com/account/settings.

Use of XING

Our web pages use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For every call to one of our pages that contains the functions of XING, a connection to XING’s servers will be created. To the best of our knowledge, no storage of personal data takes place in the process. In particular, no IP addresses will be stored nor will the use behaviour be evaluated. More information about data protection and the XING share button can be found in XING’s data privacy statement at: https://privacy.xing.com/en/privacy-policy .

Use of YouTube

Our website uses functions of the YouTube site operated by Google. Operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube function, a connection to the YouTube servers will be produced. In so doing, the YouTube server will be informed which of our pages you have visited.
If you are logged into your YouTube account, you make it possible for YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Additional information on the handling of user data can be found in YouTube’s data privacy statement at https://policies.google.com/privacy?hl=en&gl=en.

E-mail contact

If you send us questions or request information by e-mail, your specifications (e-mail address, content of your e-mail, subject of your e-mail and date), including the contact data you provide there (first name, last name, telephone number, address) will be stored by us for the purpose of answering your question and in case of follow-up questions. We will not forward this information without your consent. The legal basis for the collection and processing of the data is Article 6 Para 1 of the GDPR.
We advise the user that e-mails on the transmission path can be read during their transmission and changed without authorization and without being noticed. ZIM uses software to filter out undesired e-mails (spam filter). The spam filter makes it possible to reject e-mails if these get identified as spam falsely as a result of certain characteristics.
The data you submit remain with us until you ask us to delete them, revoke your consent to their storage or the purpose for storing the data lapses (e.g. after completed processing of your question). Mandatory legal provisions — especially, retention period — remain unaffected.

Careers area/Online job applications

You have the possibility of submitting job applications by e-mail. The personal data (historical data, contact data, enclosures like cover letters, résumés, report cards, etc.) from applicants will be captured and processed for the purpose of processing the application. The processing can also take place electronically. This is the case especially if an applicant transmits the appropriate application documents by e-mail, for instance, to the responsible party for processing. If the party responsible for the processing concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of executing the employment relationship with due regard for legal regulations. If the party responsible for the processing does not conclude an employment contract with the applicant, then the application documents will be automatically deleted six months after the notice of the rejection decision, to the extent that a deletion is not opposed to any other justifiable interests of the party responsible for the processing. Other justified interest is in this sense, for example, a burden of proof in a procedure according to the General Law of Equal Treatment. The legal basis for the collection and processing of the data is Article 6 Para 1 of the GDPR.

Plugins

Limit Login Attempts Reloaded

The website uses the security plugin “Limit Login Attempts Reloaded” to limit login attempts or block them if necessary. IP addresses that are collected for this purpose are displayed completely anonymously. The storage is based on Art. 6 para. 1 lit. f DSGVO (legitimate interest).

Transmission of the data

Internal transmission, inside ZIM

We will transmit your data internally to the management, personnel department and wage office in order to comply with our contractual and legal obligations. A data transfer or disclosure of your data will only take place to the extent necessary for this, considering the relevant data privacy provisions.

Transmission company-wide/group-wide

ZIM is a company based in Germany but active worldwide. The data that you transmit to us will be stored in our centralized customer database in Germany and passed on within the group for management purposes. Should an exchange of data within the company take place, this will take place in order to fulfil a contract or as a utilization condition for the web pages. In addition, an interest can exist for passing these data on for internal, administrative reasons. Should the processing of your data take place outside of Europe, this transmission will take place under observance of all applicable data protection laws and especially Article 44 f. of the GDPR.

Transmission to third parties

We will transmit your data to certain third parties in order to be able to make available appropriate applications and services (so-called “order processors”) who provide external services for us. Third parties will process the data only in accordance with our instructions; in addition, they are forbidden to use these data for their own commercial purposes that do not comply with the agreed upon purposes.
We have to disclose personal data if we are obligated in the course of an ongoing legal procedure, because of an order, legally or on the basis of existing law (Article 6 Para 1 lit. f of the GDPR).
We will only pass on your personal data to third parties if:

  • You have expressly given you consent to it in accordance with Article 6 Para 1 P.1 lit. as of the GDPR;
  • The transfer is necessary in accordance with Article 6 Para 1 P. 1 lit. f of the GDPR in order to assert, exercise or defend legal rights and there is no reason to assume that you have an overriding interest worthy of protection in not transferring your data;
  • A legal obligation exists for the transfer in accordance with Article 6 Para 1 P. 1 lit. c of the GDPR; as well as
  • This is legally admissible and necessary according to Article 6 Para 1 P. 1 lit. b of the GDPR for the conclusion of contractual relationships with you.

Should the processing of your data take place outside of Europe, this transmission takes place under observance of all applicable data privacy laws and especially in accordance with Article 44 f. of the GDPR.

Transmission to a third country of international organization

We will transmit your data into countries outside the EU or the EMU (so-called third countries) because of the reasons mentioned above (Transmission company-wide (No. 3.2) and Transmission to third parties (No. 3.3)). The transmission will only take place in order to carry out our contractual and legal obligations or because of your consent. This transmission will take place under observance of all applicable data privacy laws and especially in accordance with Article 44 f. of the GDPR. In particular, either because of enacted suitability decisions of the European Commission or on the basis of certain guarantees (for example, standard data privacy clauses, etc.).

Further reporting obligations

Existence of automated decision-making including profiling

As a conscientious company, we forego automated decision-making and profiling.

Conclusion of the data privacy statement

Duration of storage (passage)

We will store your data basically as long as this is necessary to deliver our online offerings and the services related to them or to the extent that this is provided by European legislators and regulators or some other legislature in the form of laws or regulations which govern the party responsible for the processing. In all other cases, we will delete your personal data after completion of its purpose, with the exception of such data that we must continue to keep in order to comply with legal obligations (e.g. if we are obligated on the basis of tax and commercial retention times keeping such items as contracts and invoices for a certain period of time).

Technical security

ZIM uses technical and organizational security measures in order to protect data of yours that is managed by us against accidental or deliberate manipulations, loss, damage or access by unauthorized persons. Our security measures will be improved continuously, pursuant to technological developments.
This page uses for reasons of security and to protect the transmission of confidential content (for example the queries that you send to us as page operator) SSL-encryption (Secure Socket Layer) in connection with the highest encryption level at the time that is supported by your browser. As a rule, this means 256-bit encryption. If your browser does not support 256-bit encryption, we will fall back on 128-bit v3 technology. You will recognize whether an individual internet web page is being transmitted in encrypted form from the fact that the address line of the browser will switch from “http://” to “https://” and the lock symbol will appear on your browser line.
If SSL encryption is activated, the data you send to us cannot be read by third parties. Please note that the transmission of data in the internet (e.g. during communication by e-mail) can expose security gaps. Seamless protection of data from access by third parties is impossible.

Legal basis of the processing

Article 6 I lit. a of the GDPR serves our company as the legal basis for processing activities for which we gather a consent for a particular processing purpose. If the processing of the personal data is necessary to fulfil a contract whose contractual party is the affected party, as would be necessary, for example, for a delivery of goods or the performance of miscellaneous services or consideration, then the processing rests on Article 6 I lit. b of the GDPR. The same applies for such processing steps that are necessary for the implementation of pre-contractual measures, perhaps in cases of questions about our products or services. If our company is subject to a legal obligation through which a processing of personal data becomes necessary, as for example for the fulfilment of tax obligations, then the processing is based on Article 6 I lit. c of the GDPR. In rare cases, the processing could be necessary to protect the vital interests of the affected party or some other natural person. This would, for example be the case if a visitor to our facility became injured and we would have to pass on his name, age, health insurance data or miscellaneous critical information to a doctor, hospital or other third party. Then the processing would depend on Article 6 I lit. d GDPR. Finally, processing could depend on Article 6 I lit. f GDPR. This legal basis supports processing steps that are not covered by any of the preceding legal bases, if the processing is necessary to safeguard a justifiable interest of our company or a third party, as long as the interests, basic rights and freedoms of the affected party do not prevail. If the processing of personal data is based on Article 6 I lit. f GDPR, our justified interest is the execution of our business operations for the benefit of the welfare of all our employees and our customers.

Legal or contractual requirements for the provision of personal data; Necessity for contract conclusion; Obligation of the affected party to provide the personal data; Possible consequences of the failure to provide it

We clarify the fact for you that the provision of personal data is partially prescribed by law (e.g. taxation requirements) or it can ensue from contractual regulations (e.g. statements to the contractual partner). Sometimes, it can be necessary for the conclusion of a contract that an affected party makes personal data available to us that we have to process as a result. For example, the affected party is obligated to provide personal data to us if our company concludes a contract with him/her. A failure to provide personal data would have the consequence that the contract with the affected party could not be concluded. Before providing personal data through an affected party, the affected party must turn to one of our employees. Our employee will clarify to the affected party on a case-by-case basis whether provision of the personal data is legally or contractually prescribed or necessary for concluding the contract, whether an obligation exists to provide the personal data and what the consequences would be if the personal data were not provided.

Underage notice

This online offering is not directed to children under 16 years of age. Persons who have not yet completed their 16th year of life may not transmit personal data to ZIM unless agreed to by the parent or guardian of the child.

Rights of affected parties

You have the right to information about the data stored by us, duration of the data, purpose and legal right to store the data as well as the source and receiving party of transmissions of the data. Incorrect data are to be corrected; illegally stored or no longer needed data is to be deleted. In addition, the affected party has a right to object, a right to limit the processing and a right to data transportability.
This information will be issued upon your request. This information is free of charge.
In addition, you have the right to enter a complaint directly with a regulatory authority.

Revocation of your consent for data processing

Some data processing activities are only possible with your expressed consent. You have the possibility of revoking a previously granted consent at any time. To do so, an informal message to us at datenschutz@zim.aero by e-mail is sufficient. The legitimacy of the data processing carried out up to revocation remains unaffected by the revocation.

Responsible entity and contact data of the external DPR

Responsible entity:
ZIM Aircraft Seating GmbH
Graf-von-Soden-Straße 1
Bürogebäude 9
D-88090 Immenstaad
Tel.: +49 (0) 7544 95 72 0
Fax: +49 (0) 7544 95 72 47
E-Mail: info@zim.aero

External authorized data protection representative (Germany) in accordance with Article 37 Para 7 GDPR / § 38 BDSG-new:
Deutsche Datenschutzkanzlei
Stefan Fischerkeller
Richard-Wagner-Straße 2
D-88094 Oberteurigen
Tel.: +49 (0) 7544 904 96 91
E-Mail: datenschutz@zim.aero