Last updated : May 2022
ONLINE PRIVACY NOTICE
The following information is provided to inform you of the obligations of Sodexo Services GmbH as data controller. Sodexo Services GmbH is part of the Sodexo Group (hereinafter “SODEXO”).
Ensuring the security and confidentiality of your personal data is an absolute priority for Sodexo, and we therefore comply with applicable legal and regulatory requirements for the protection of personal data.
To ensure the protection of your personal data of those who use our websites and other applications, we have implemented the following measures:
- Users remain in control of their own data. The data is processed in a transparent, confidential and secure manner.
- SODEXO is committed to a continuing quest to protect its users’ Personal data in accordance with the German Data Protection Act (Bundesdatenschutzgesetz) and the General (EU) Data Protection Regulation of April 17, 2016.
- SODEXO has a Global Data Protection Office dedicated to data protection, supported by a network of local data protection single points of contact or data protection officers.
You can contact our Group Data Protection Officer by sending an e-mail to Datenschutz.de@Sodexo.com or a letter to our registered office: Sodexo Services GmbH, Eisenstr. 9a, 65428 Rüsselsheim am Main.
PURPOSE OF THIS POLICY
We have developed this privacy statement to inform you about the conditions under which we collect, process, use and protect your personal data. Please read this statement carefully to familiarize yourself with the categories of personal data we collect and process. You will learn how we use this data and with whom we are likely to share it. This policy also tells you about your rights and how you can contact us to exercise those rights or ask us questions.
IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
The Data Controller is:
Sodexo Services GmbH
65428 Rüsselsheim am Main
Phone: +49 (0) 6142 1625 – 0
Fax: +49 (0) 6142 8350 – 558
“Account”: The User’s dedicated personal area within the Site, which he or she accesses when he or she registers and connects to the Site. It enables the User to access the Services.
“Controller”: The Sodexo entity which, alone or jointly with other Sodexo entities, determines the purposes and means of the processing of personal data.
“Personal data”: Means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person.
“Processing”: Any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor”: A legal person – which processes personal data on behalf of the controller.
“Site”: The website of Sodexo available at the address https://m-tower.de
“us” “we” or “our”: Sodexo (hereinafter “SODEXO”), acting as controller
“you” or “Users” Any Site user/visitor
COLLECTION AND SOURCE OF PERSONAL DATA
We will most likely collect your Personal data directly (in particular via the data collection forms on our Site) or indirectly via our service providers and/or technologies on our Site.
We undertake to obtain your consent and/or to allow you to refuse the use of your data for certain purposes whenever necessary.
TYPES OF PERSONAL DATA COLLECTED AND USED BY US
In particular, we collect the following types of personal data:
- Identity, contact and communication data (such as name, username, email address, phone number): Information you provide when filling out forms on the website for subscription purposes, to participate in surveys or sweepstakes, etc;
- Identity and contact information you provide for authentication purposes;
- Identity, contact, billing data that you provide to us to perform pre-contractual measures, to process an order or to provide a service;
- Contact data, identity data, financial situation data collected in the course of procurement management;
- Contact information (last name, first name, phone number, email address, etc.), publicly available information, responses to targeted emails, and other information collected and recorded by our employees in the course of their interactions with our customers and partners to maintain our customer relationships in the customer relationship management database (CRM);
- Transactional information such as payment information and credit/debit card information needed to process your orders that is transmitted directly to third parties;
- Information transmitted by them when you use the chat function on our websites;
- Usage data and technical data collected to ensure the security and functionality of the website;
- Information about “posts”, comments or other content you publish on the website;
- Information you provide to process an application and, if applicable, your hiring process (e.g..: Resume, information about your education, work experience, diplomas, certificates, attestations, language skills, salary requirements, etc.);
- Preferences regarding the receipt of marketing materials from us and third parties and your communication preferences;
Personal data marked with an asterisk in the data collection forms are mandatory, as they are required to fulfill orders. Without this mandatory information, these transactions cannot be processed.
OVERVIEW OF THE PURPOSES AND LEGAL BASES OF PROCESSING
Personal data may be collected for the following general purposes:
- Contacting us by phone, chat or e-mail (Art. 6 para. 1 lit. a GDPR)
- Implementation of contractual or pre-contractual measures in connection with our services (Art. 6 para. 1 lit. b GDPR).
- Creation and management of customer and user accounts (Art. 6 para. 1 lit. b and f GDPR) accounts.
- Legal obligations such as the fulfillment of tax, corporate or civil law obligations (Art. 6 para. 1 lit. c GDPR).
- Our overriding legitimate interest in processing, such as group data processing, direct marketing and other forms of advertising and marketing, website analysis and optimization, prevention of fraud or money laundering, and investigation, enforcement and defense of legal claims (Art. 6 para 1 lit. f GDPR)
- Management of customer relationships in CRM (Art. 6 para. 1 lit. b and f GDPR)
- Management of supplier relationships and procurement management (Art. 6 para. 1 lit. b, c and f GDPR)
- Implementation of marketing measures (Art. 6 para. 1 lit.a GDPR)
- Implementation of application processes (Art. 6 para. 1 lit. f GDPR)
DATA COLLECTION ON OUR WEBSITE
We automatically collect some information when you visit the Site to personalize and improve your experience. We collect this information using various methods such as:
Some of our pages use so-called cookies. Cookies do not harm your computer and do not contain viruses. . Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser when you visit our website. This file contains information such as the domain name, Internet access provider and operating system, as well as the date and time of the user’s access.
If you send us inquiries via contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions, in particular retention periods, remain unaffected.
Processing of customer and contract data
We collect, process and use personal data only to the extent that they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
IP address and server log files
An IP address is a unique identifier used by some electronic devices to identify themselves on the Internet and communicate with each other. When you visit our website, we may use the IP address of the device you are using to connect you to the website. We use this information to determine the general physical location of the device and to know in which geographic areas visitors are located.
The provider of the pages also automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
This data is not merged with other data sources.
You have the option to click on the relevant icons of social networks such as Twitter, Facebook, LinkedIn, etc., if they appear on our website.
When you click on these icons, we may have access to the personal information that you have posted and made available through your profiles on those social networks. We do not create or use separate databases of these social networks based on the personal information you have posted there, and we do not process data through these channels that relates to your private life.
If you do not want us to have access to your personal information posted in the public areas of your profile or social accounts, you should use the procedures provided by those social networks to limit access to that information.
If you have given your consent to the use of performance cookies via our cookie banner, this website uses functions of the web analytics service Google Analytics (provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland) to compile statistics.
These statistics show, for example, how many users have visited the website, which pages have been visited and in which geographical areas the website users are located. The information collected via the statistics may include, for example, your IP address, the website from which you accessed our website and the type of device you are using.
Google Analytics uses so-called analysis cookies for this purpose. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
The storage of Google-Analytics-Cookies is based on your consent, Art. 6 para. 1 lit. a GDPR.
Your IP address is collected anonymously on our website and is used only when necessary to resolve a technical issue, administer the website, and gain insight into the preferences of our users. Website traffic information is only accessible to authorized staff. We do not use any of this information to identify visitors and do not share this information with third parties. Your IP address will be shortened by Google within member states of the European Union
or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
DISCLOSURE OF PERSONAL DATA
The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our staff only to the extent strictly necessary to process your orders or to provide the requested Services.
We ensure that persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with entities within SODEXO and with authorized service providers (for example: technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose of providing our Services.
We ensure that every disclosure of your Personal data to an authorized service provider is framed by a data processing agreement, reflecting the commitments laid out in this policy.
We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the Services on our behalf or to comply with legal obligations. Furthermore, we may share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity.
STORAGE PERIOD OF YOUR PERSONAL DATA
We will store your Personal data only for as long as necessary to fulfill the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.
To determine the retention period of your Personal data, we take into consideration several criteria such as:
The purpose for which we hold your Personal data (e.g. for marketing communications purposes we can keep your Personal data for a period defined by local regulation after your last contact, unless you ask to be unsubscribed);
Our legal and regulatory obligations in relation to that Personal data (e.g.. accounting reporting obligations);
For instance, if you have agreed to receive marketing communications, we keep your Personal data until you: (i) unsubscribe from receiving marketing communications (ii) request we delete your Personal data, or (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and guidance; (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time).
This period is defined in accordance with local regulations and guidance;
Any specific requests from you in relation to the deletion of your Personal data or Account;
Any statutory limitation periods allowing us to manage our own rights, for example the defense of any legal claims in case of litigation; and Any local regulations or guidance (e.g. regarding cookies).
SENSITIVE PERSONAL DATA
As a general rule, we do not collect sensitive Personal data via our Sites. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.
In the event that it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of Personal data and, in particular, with your explicit prior consent and under the conditions described in this policy.
PERSONAL INFORMATION AND CHILDREN
Our Site is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.
Children users under the age of 18 years or without legal capacity must obtain consent from their legal guardians prior to submitting their Personal data to the Site.
TRANSFER OF PERSONAL DATA
As SODEXO is an international group, your Personal data may be transmitted to internal or external recipients that are authorized to perform Services on our behalf. Some of these recipients are located in countries outside of the European Union or the European Economic Area which do not offer an adequate level of Personal data protection. Those recipients can be other entities of the Sodexo Group. Sodexo Group has entities in over 60 countries who could be recipients of your data for the purposes listed above.
To ensure the security and confidentiality of personal data transferred in this manner, we will take all necessary steps to ensure that such data is adequately protected, for example by entering into data transfer agreements with the recipients of your personal data based on the European Commission’s Standard Contractual Clauses (“SCC”) or other valid transfer mechanisms, and we will conduct a risk assessment of the transferred data in accordance with the European Court of Justice’s judgment of July 16, 2020 “Schrems II” (Case C 311-18) and with the guidelines of the European Data Protection Board. If you would like to receive a copy of the safeguards for securing data transfers outside the European Economic Area, please see the “How to contact us” section.
SODEXO is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights:
|Right of access and rectification
|You can request a copy of the Personal Data we hold about you. You may also request rectification of inaccurate Personal Data, or to have incomplete Personal Data completed.
|Right to erasure
|Your right to be forgotten entitles you to request the erasure of your Personal Data in cases where: (i) the data is no longer necessary for the purpose for which it was collected; (ii) you choose to withdraw your consent; (iii) you object to the processing of your Personal Data; (iv) your Personal Data has been unlawfully processed; (v) there is a legal obligation to erase your Personal Data; (vi) erasure is required to ensure compliance with applicable laws.
|Right to restriction of Processing
|You may request that processing of your Personal Data be restricted in the cases where: (i) you contest the accuracy of your Personal Data; (ii) SODEXO no longer needs your Personal Data for the purposes of the processing; (iii) you have objected to processing for legitimate reasons. (iv) the processing of your Personal data is unlawful and you prefer the restriction of their use instead of their deletion.
|Right to data portability
|You can request, where applicable, the portability of your Personal data that you have provided to SODEXO, in a structured, commonly used, and machine-readable format you have the right to transmit this data to another Controller without hindrance from SODEXO where: i. the processing of your Personal data is based on consent or on a contract; and ii. the processing is carried out by automated means. You can also request that your Personal data be transmitted to a third party of your choice (where technically feasible).
|Right to object to Processing
|You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal Data particularly in relation to profiling or to marketing communications. When we process your Personal Data on the basis of your consent, you can withdraw your consent at any time.
|Right not to be subject to automated decisions
|You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you.
|Right to lodge a Complaint
|You can choose to lodge a Complaint with the relevant supervisory authority at your place of work or place of the alleged infringement, regardless of whether you have suffered damages: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. You have also the right to lodge your Complaint before the courts where Sodexo Services GmbH has an establishment or where you have your habitual residence.
To exercise your rights, you can send an e-mail to the local contact for data protection at: Datenschutz.email@example.com submit your request online in our data protection portal using the following link: Request Webform.
We implement all possible technical and organizational security measures to ensure security and confidentiality in processing your Personal data.
To this end, we take all necessary precautions given the nature of the Personal data and the risks related to its processing, in order to maintain data security and in particular to prevent distortion, damage or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).
In addition, if we contract with Processors for all or part of the Processing of your Personal data, we require a contractual agreement from our service providers to guarantee the security and confidentiality of the Personal data that we transmit to them or that they collect on our behalf, in accordance with the applicable regulations on the protection of Personal data. We regularly conduct audits to verify the proper operational application of the rules relating to the security of your Personal data.
LINKS TO OTHER SITES
Unsubscribe from notifications or remove from CRM
If you have subscribed to certain services via our Site and you no longer want to receive emails, please consult the “unsubscribe” page corresponding to the Service you are subscribed to or contact
us at the following address: Datenschutz.firstname.lastname@example.org.
We may update or amend this policy as and when needed. In this case, amendments will only become applicable after a period of 30 business days from the date of the amendment. Please consult this page from time to time if you want to be informed of any possible changes.
OBJECTION AGAINST ADVERTISING MAILS
We hereby object to the use of contact data published within the scope of the imprint obligation for the transmission of advertising and information material not expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
HOW TO CONTACT US
If you have any questions or comments with regard to this policy, please do not hesitate to contact us