DATA PROTECTION INFORMATION FOR THE USE OF OUR SOCIAL INTRANET CREMER CREW
We, Peter Cremer Holding GmbH & Co KG (PCH), take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory provisions of the relevant data protection laws, in particular the European General Data Protection Regulation (GDPR) and this privacy policy.
This data protection notice applies to the use of our social intranet CREMER CREW, available at https://crew.cremer.de, via internet‐enabled devices.
The processing of data in CREMER CREW is carried out under joint responsibility in accordance with Art. 26 GDPR with other companies in our group of companies. The essence of the agreement on joint responsibility can be found here [LINK].
CREMER CREW may contain links to other websites of third party service providers to which this privacy policy does not apply.
1. Who is responsible for data processing and who can I contact?
The controller for the processing of your personal data is:
Peter Cremer Holding GmbH & Co KG
Glockengießerwall 3
20095 Hamburg
Telefon: +49 40 3 20 11‐0
service(at)cremer.de
We operate the CREMER CREW social intranet, available at https://crew.cremer.de, in joint responsibility with the following companies of the CREMER Group:
(1) Peter Cremer GmbH, Glockengießerwall 3, 20095 Hamburg
(2) CREMER OLEO GmbH & Co. KG, Glockengießerwall 3, 20095 Hamburg
(3) PRO LINE Shipping GmbH, Glockengießerwall 3, 20095 Hamburg
(4) Cremer OleoServ GmbH, Deichstraße 25A, 25436 Uetersen
(5) Mineralmahlwerk C. Welsch GmbH, Am Lippeglacis 11, 46483 Wesel
(6) IRS Stahlhandel GmbH, Bischofstraße 88, 47809 Krefeld
(7) Cremer Erzkontor GmbH & Co. KG, Beckergrube 38‐52, 23552 Lübeck
(8) Deutsche Tiernahrung Cremer GmbH & Co. KG, Weizenmühlenstraße 20, 40221 Düsseldorf
(9) Gesellschaft für Tierernährung mbH, Alpenstraße 44, 87700 Memmingen
(10) Agrimpex Commodies Ltd., Hungaria krt. 166 (Hermina North Tower, 6th floor), 1146 Budapest
(11) Prime Molasses Ltd., 5C Business Park, 1 Concorde Drive Clevedon, Bristol BS21 6UH
(12) Peter Cremer Central Europe s.r.o., Hradiste 96/6, Ústi nad Labem‐centre, 40001 Ústi nad Labem
(13) Peter Cremer do Brasil LTDA, Rua Comendador Torlogo Dauntre, 74‐13 andar‐Conj. 1301 CEP, 13025‐270 Campinas SP
(14) Cremer Sofia Ltd., 45 Krum Popov Str., 1421 Sofia
(15) Peter Cremer (Singapore) GmbH, 19 Keppel Road ‐ # 11‐01/02, Jit Poh Building Singapur 089058
(16) P.T. Peter Cremer Indonesia, Gedung Artha Graha Lt. 19/06, Sudirman Central Business District (SCBD), Jl. Jend. Sudirman Kav. 52‐53, 12190 Jakarta Selatan
(17) Cremer (Wuxi) Manufacturing Co., Ltd. No. 39, Chun Hui Zhong Lu Xishan, Economic & Technological Development Zone, 214101 Wuxi, China
(18) Peter Cremer (Shanghai) Co. Ltd., Jing An Kerry Centre, 1515 Nanjing West Road Tower 1, Floor 22, Unit 2204, 200040 Shanghai
(19) Cremer y Asociados S.A., Güemes 275, 1641 Buenos Aires – Acassuco
(20) CREMER Vietnam Company Limited, Deutsches Haus, 12th floor 33 Le Duan, Dist. 1, Ho Chi Minh City
(21) Cremer Asia Trade Ltd., "3656/9 Unit A 4th Fl Green Tower Building Rama 4 Road, Klongton Klongtoey, Bangkok 10110"
(22) Cremer Erzkontor México, S.A de C.V., Calz. Gral. Mariano Escobedo #476, Floor 12 Col. Nueva Anzures, Miguel Hidalgo, Mexico City, Zip Code: 11590
(23) Cremer ERZKONTOR HONG KONG LTD., Unit 901-903, 9th Floor Tai Yip Building, 141 Thomson Road, Wanchai / Hong Kong
(24) Cremer Erzkontor do Brasil Ltda., Rua Com. Torlogo Dauntre, 74 SL 1311 Ed. Helbor Offices Norte Sul – Cambuí – Campinas/SP ‐ Brazil
(25) Cremer ERZKONTOR ARGENTINA S.A. 1150 A.M de Justo Av., Ofic. 205 B, C1107AAX ‐ C.A.B.A., Buenos Aires / Argen nien
(26) Peter Cremer North America L.P., 117 Southside Avenue, Cincinnati , OH 45204
(27) Cremer ERZKONTOR N.A. INC., 3117 Southside Avenue, Cincinnati , Ohio 45204, USA
("CREMER company").
You can contact our data protection officer at the above postal address, with the addition "To the data protection officer" or at the e‐mail address: datenschutz(at)cremer.de.
2. For what purpose do we process your data and on what legal basis?
CREMER CREW enables CREMER companies and their own employees as well as employees of CREMER companies to access a cloud‐based online plattform and to communicate via this plattform, to obtain information on other employees, professional contact data and other data entered by these employees themselves , as well as to exchange professional information.
Registration as a user takes place automatically upon joining Peter Cremer Holding (PCH) or the CREMER company with which the respective employment relationship exists. The user receives an inital password with which they can log in to CREMER CREW for the first time. The login is the user's respective professional e‐mail address, unless the user has been given a different user name together with the password. After loggin in for the first time, the user can change their password and set a personalised password. Once the password has been set, registration is complete. Once registration is complete, the user can use the user account created for them by entering their user name and password.
It is also possible to register within Microso Tennant once for Deutsche Tiernahrung Cremer and CREMER (includes Erzkontor). In both cases, the user logs in using a Microsoft account.
The following data is already stored in a user's profile settings upon registration by the CREMER company with which the respective employment relationship exists: Name (first name, surname, title, salutation), business e‐mail address, name of the user's company. You can access and view the profile of any other user and use it for the other functionalities of CREMER CREW and for communication within the CREMER group of companies .
You have the option of entering further personal data about yourself in the profile settings and also uploading an image file as a user photo. The data entered and the uploaded photo are then visible to all users and all CREMER companies and are made available to them within CREMER CREW.
Within CREMER CREW, we also offer you various opportunities to exchange ideas and interact with other employees. For example, you can subscribe to magazines and leave comments under magazines you have subscribed to, you can create communities to exchange ideas with other users and create events or become a participant in communities or an event. You will be informed about new blog messages from subscribed pages within the CREW Intranet using bot‐based chat messages in Microsoft Teams. Information, including personal data, that you enter in comments, within communities or in events on CREMER CREW is then visible to all users who have subscribed to a magazine or joined a community or event and is made available to them within CREMER CREW.
We use "Microsoft Teams" both as a web application (Microsoft Teams Online) and as an app for virtual collaboration and communication, which is part of the Microsoft 365 package. By integrating the intranet on the left‐hand navigation bar of Microsoft Teams, the start page of the CREW Intranet is displayed in the same way as in the web browser. The integration of the Microsoft 365 package in the CREW Intranet includes a technical interface to Microsoft Teams, which is provided in the Tennant of Deutsche Tiernahrung Cremer und CREMER (incl. Erzkontor). The prerequisite for using the CREW Intranet in conjunction with Microsoft Teams is loggin in to CREW with a Microsoft user account, which is managed in the Tennant of Deutsche Tiernahrung or CREMER (incl. Erzkontor). A CREW Intranet user can start a video call via Teams directly from the Intranet profile of another user, provided that this user also has an account in one of the aforementioned tenants.
MicrosoftTeams is used for teamwork and integrates various Microsoft tools to improve interaction and coordination between employees. The plattform offers functions such as chat, video conferencing, file sharing and much more. The software enables users to work together in virtual rooms, so‐called "teams", and thus simplifies coordination.
In order to analyse and continuously improve the use of CREMER CREW, we use Hirschtec Analytics, a cloud‐based analysis tool from HIRSCHTEC GmbH & Co. KG, hosted on Microsoft Azure (data centre: Amsterdam). The tracking mechanisms are combined with data from the web analytics system Matomo, which we also use. The programme is installed on a server located in the EU. IP addresses are anonymised before storage. User behaviour is evaluated in anonymised form. By evaluating the user behaviour of our employees, we can measure the success of internal communication measures and optimise the user experience. The processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in ensuring the efficiency and functionality of CREMER CREW.
The basis for data processing in the context of using the CREMER CREW intranet is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or precontractual measures, in this case the contract of use, or insofar as this is necessary for communication within the Group for the fulfilment of the employment contract and for the decision on the establishment, for the establishment and for the implementation of employment relationships and otherwise Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. As a group of retail companies, we have an interest in ensuring that employees within our group of companies can exchange information and receive job‐related information about the respective contact person. If we wish to record "online meetings", we will inform you transparently in advance and ‐ if necessary ‐ ask for your consent. The legal basis in this case is your consent in accordance with Art. 6 para. 1 lit. a GDPR In addition, the processing is carried out under joint responsibility in accordance with Art. 26 GDPR.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, which authorises the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. We have an interest in prosecuring and penalising unlawful use of our social intranet.
3. What data do we process and from what sources does it originate?
When you use M365 (Microsoft Teams, Planner, One Drive, OneNote), various data about you is processed. This depends on the use of the tools. The following data is generally processed: IP address, user name, identification and authentication features, usage data (in particular communication content (text, audio, video, chat data)), email address, profile picture (optional), meeting metadata (e.g date, time, meeting ID, telephone numbers, location, duration of the meeting), preferred language.
HIRSCHTEC Analytics collects data on user behaviour, interactions and technical information such as device type and browser. These are: real‐time use of the system, use of visitor profiles and their maintenance, visitor overview, reach of content and campaigns, visitor log, user‐defined variables, user IDs (only in anonymised form), user origin, device brand, device model, device type, screen resolution, browser plugins, browser engine, browser version, browser, operating system family, operating system version, log of recurring visits, content with most subscriptions, frequency overviews of e.g search terms and subsequently visited content. The data collected is used to improve the platforms, provide personalised user experiences and carry out detailed analyses. User behaviour is evaluated in an anonymised form. Matomo is used to collect data that can indicate which functions are used frequently and where misunderstandings may occur. In addition, further data may be processed, such as the loading time of the page visited, the number of actions per visit, the length of stay per visit, functions used during the visit. Anonymous statistics on user behaviour are then based on this data. Matomo itself is very transparent about which data is collected. You can find out for yourself on the official website at https://matomo.org/faq/general/faq_18254/.
Every time our social intranet is accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so‐called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server enquiry, abbreviated IP address. This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use. The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have an interest in prosecuting and penalising unlawful use of our social intranet.
4. Categories of recipients of the personal data
The personal data you have provided and the personal data you have pre‐entered will be forwarded to all other CREMER CREW users within CREMER CREW as described above. The basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre‐contractual measures.
In addition, your data will be processed by the CREMER companies under joint responsibility in accordance with Art. 26 GDPR.
Transmission to other third parties is not intended; transmission would only take place if this is necessary for the purpose of contract fulfilment or if you have given your prior consent or if there is a legal basis for transmission.
In some cases, we use external service providers (so‐called processors) to process your personal data. These are carefully selected and commissioned by us in accordance with the provisions of Art. 28 GDPR; they are bound by our instructions and are regularly monitored. Service providers who support us in providing our service to you are IT service providers, tracking service providers, hosting providers and e‐mail service providers.
These service providers (and, if applicable, their subcontractors) process the data only in accordance with express instructions and are contractually obliged to guarantee suitable technical and organisational measures for data protection.
5. Data processing outside the European Union
In the context of processing under joint responsibility with the CREMER companies, your data may be transferred to an insecure third country. In this case, we have ensured compliance with the EU data protection standard through correspondingly agreed contractual clauses in accordance with Art. 46 GDPR.
6. Storage of the data
We only process your personal data for as long as is necessary to fulfil the respective processing purpose. In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) or the German Fiscal Code (AO). These can be up to ten full years. Finally, the storage period is also determined by the statutory limitation periods, which can be up to 30 years in accordance with Sections 195 et seq. of the German Civil Code (BGB), for example, whereby the regular limitation period is three years.
7. Your rights
Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. To exercise the aforementioned rights, you can contact the offices listed under point 1.
If you have given us your consent to data processing, you can revoke this at any me without any formal requirements. To do so, you can contact the office named in section 1.
If we process your data to protect legitimate interests, you can object to this processing at any time without any formal requirements for reasons arising from your particular situation. To do so, you can contact the office named in section 1.
In addition, you have the right to lodge a complaint with a data protection supervisor authority (Art. 77 GDPR).