of KORG Germany GmbH, Ritterstraße 3, 10969 Berlin (“KORG Germany”)
The legal basis for data processing is Art. 6 para. 1 a) and Art. 7 GDPR for consents, Art. 6 para. 1 b) GDPR for the fulfilment of services and contractual obligations, Art. 6 para. 1 c) GDPR for the fulfilment of legal obligations and Art. 6 para. 1 f) GDPR for the safeguarding of legitimate interests.
I. Name and contact details of the responsible person
The person responsible for processing personal data within the meaning of Art. 4 GDPR:
Tatsuya Takahashi and Maximilian Rest
II. Type of data processed and legal basis
1. Server Logfiles
With every access to the server on which the website www.korg-germany.de is located, data, so-called server log files, are automatically collected. These server log files contain the IP address, directory protection user, browser information (type, version, possibly individual browser plug-ins installed), the operating system of the device (type, version), the device, the screen resolution, the click behaviour, the pages visited on the domain, the length of stay, date, time, logs, duration of visit and referrer. Location data is merely anonymised and recorded with limited accuracy (country/region/city), so that no conclusions can be drawn as to the identity of the site visitor. Additional personal data, such as names, are not collected.
The legal basis for data processing is Art. 6 para. 1 b) and f) GDPR.
There are browser settings you can set to be informed about the setting of cookies and to decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general, for example in the case of optional cookies. If cookies are not accepted, the functionality of our website may be restricted.
The legal basis for data processing is Art. 6 para. 1 b) and f) GDPR for cookies that are technically necessary for the operation of the website.
The legal basis for data processing for all other cookies that not technically necessary for the operation of the website is your consent according Art. 6 para. 1 a) GDPR.
3. Application form
We provide an application form in the form of a questionnaire to give you the opportunity to apply online for the positions advertised by us. The data entered in the input mask is processed by us. We ask for applicant data like personal data (like name, date of birth, nationality) contact details (like e-mail address, address, Visa status) information about your professional qualifications (like your CV, languages), your working methods and your skills and interests.
The participation in the application process and disclosure of personal data is voluntary.
The legal basis for data processing is Art. 6 para. 1 a), b) and f) GDPR.
4. Other contact
If you contact us at the postal address, e-mail address or telephone number provided on our website, we will process the personal data provided by you – postal address, e-mail address, telephone number as well as your name and any other contact information provided – for the purpose of answering the enquiry.
The legal basis for data processing is Art. 6 para. 1 a), b) and f) GDPR.
III. Purpose of processing
Personal data is only collected, stored and processed insofar as it is necessary for the provision of service, which is mainly the offer of job opportunities, for communication with you, for the execution of contractual/business relationships as well as for the optimization of our business processes and the demand-oriented design of our services.
We process your personal data only in strict compliance with data protection regulations. In particular, corresponding data will only be processed if legal permission has been granted.
1. Server Logfiles
The above-mentioned data is processed by us in order to establish a smooth connection to our website. The processing is necessary to ensure the security and stability of the system and a comfortable use of our website.
In addition, we use the protocol data for statistical evaluations, for the purpose of optimising the processes and the security of the services.
We reserve the right to subsequently check the log data if there is suspicion of illegal use of the service provided on the basis of concrete indications.
3. Application form
The application form allows you to apply online for the positions we advertise. We will only use the data entered in the questionnaire to check your suitability for the position in question and to possibly start a cooperation with you. We will use your e-mail address and other contact data to individualize you, to answer any of your request and to get in touch with you.
4. Other contact
If you contact us via the postal address, e-mail address or telephone number provided by us, the processing of the contact data used by you is essential in order to be able to answer your request. If, in addition, data is processed, such as name, address or the like, processing serves to individualize you and to be able to respond to your request in the best possible way.
IV. Duration of storage
Your data will be stored for as long as is necessary to fulfil the above-mentioned purposes. As soon as this is no longer the case, it will be deleted unless we are obliged to store them for a longer period of time (Art. 6 Para. 1 S. 1 lit. c) GDPR) due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or unless you have expressly consented to storage going beyond this (Art. 6 Para. 1 S. 1 lit. a) GDPR).
The personal data collected by us during the application process for example will be stored for the duration of the application process and deleted at the latest six months after receipt of a rejection, unless we are obliged to store them for a longer period of time (Art. 6 Para. 1 S. 1 lit. c) GDPR) due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or unless you have expressly consented to storage going beyond this (Art. 6 Para. 1 S. 1 lit. a) GDPR).
Regarding your server logfiles: the IP-address is stored anonymously and is deleted after 60 days; information about the directory protection user used will be anonymized after one day; error logs that log pageview errors are deleted after seven days (in addition to the error messages, these include the accessing IP address and, depending on the error, the website accessed); access via FTP is logged with anonymized username and IP address and kept for 60 days.
V. Transfer of data to third parties/ Transfer to third countries
Basically, the personal data you transmit will not be made available to third parties.
Within the KORG Group, data will only be forwarded to those responsible for personnel matters for the purpose of evaluating your application and deciding whether to cooperate with you. Since our 100% parent company of KORG INC. is based in 4015-2, Yanokuchi, Inagi-shi, Tokyo, 206-0812, Japan, your data might be transferred to the responsible person in Japan.
In individual cases, however, it may be necessary to pass on your personal data to companies that we entrust with the provision of individual services (e.g. webmaster, programmer, accounting).
Insofar as we disclose data to third parties in the context of our processing, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permit, your consent, a legal obligation or on the basis of our legitimate interests. If we commission third parties to process data on the basis of a so-called ” Data Processing Agreement”, this is done on the basis of Art. 28 GDPR.
For their part, the third parties are obliged to comply with the legal regulations when handling and processing this data.
The seat of a third party may be located in a third country, i.e. in a country in which the GDPR has no direct legal effect. In this case, data will only be transmitted if you have given your consent, if an appropriate level of data protection prevails or if other legal permission exists.
- US providers may operate under the Privacy Shield Agreement (EU-US Privacy Shield), which means that the requirements of the Privacy Shield Agreement are similar to those of the European Union and that the data will be treated accordingly.
- The European Commission’s adequacy decision of January 23rd 2019 ensures that the level of data protection in Japan corresponds to the European data protection level (Art. 45 Para. 3 GDPR).
Transmission to authorities and government institutions entitled to receive information is also possible, but only within the scope of the statutory disclosure obligations and in the event of a binding court decision. In such cases, KORG Germany may provide the information, e.g. to enforce, exercise and defend legal rights, enforce existing contracts, allege fraud, take security measures or generally enforce applicable laws, and if we disclose, transfer or otherwise provide access to data to third parties in the course of our processing, we may do so only on the basis of legal permission, your consent, a legal obligation or our legitimate interests.
Personal data will not be passed on outside the scope described here without express consent.
Under no circumstances will KORG Germany sell or rent personal data to third parties.
VI. Third Party Services in the Operation of this Web Site
We would like to draw your attention separately to the following third-party providers whose services we use in the context of operating our website:
- Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)
- “Cookiebot” by Cybot A/S, Havnegade 39, 1058 Kopenhagen, Denmark (“Cookiebot”)
We expressly point out that we ourselves have no influence on the extent of the data collected by these companies. Regarding the level of data protection, we must therefore rely on the privacy statements of the respective companies, on which the following clarification is based.
Please inform yourself about the purpose and scope of the data collection as well as your related rights and setting options for the protection of your privacy at the companies. We have listed the links to their privacy statements in the following.
Google, Facebook and Instagram operate under the Privacy Shield Agreement, which means that the requirements of the Privacy Shield Agreement are equivalent to the level of data protection in the European Union and that the data is treated accordingly.
In the following you will find information on possible data protection effects of the cooperation with these third parties as well as further links.
1. Google Analytics
This website uses Google Analytics, a web analysis service from Google.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
You may refuse the use of these cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available under the following link: Browser Add On to disable Google Analytics.
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This website uses the service “Cookiebot” for the cookie consents check and logging as well as for the continuous examination of the cookies used by us.
Cookiebot stores the following personal and non-personal data: your anonymized IP address (the last three digits are set to ‘0’), date and time of consent, user agent dienes browsers, the URL from which the consent was sent, an anonymous, random and encrypted key, your consent status, which serves as proof of consent.
We have concluded a data processing agreement with Cookiebot and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
VII. Online Presence / Company Profile in Social Media
Our company has online presences on Facebook and Instagram. This makes it easier for interested parties to search for our services and provides an additional channel of communication.
The purpose of the processing of user data by the respective social media and platforms is usually user-specific advertising, i.e. individualised advertising can be placed which corresponds to the presumed interests of the user or results from the user’s previous usage behaviour. For this purpose, cookies are stored on the end devices of the users. These cookies can save the usage behaviour and thus represent the areas of interest.
The seat of a social medium or platform may be located in a third country, i.e. a country in which the GDPR has no direct legal effect. In this case, data will only be transmitted if you have given your consent, if an appropriate level of data protection prevails or if other legal permission exists.
We would like to point out that you should contact the respective third-party provider directly in the event of requests for information and/or the assertion of other data subject rights. They have access to the user data stored and processed there and can provide information and/or take measures accordingly.
If you contact us directly, we will try to support your request in the best possible way. However, since we do not have access to the data stored by third parties, our options are limited.
Please inform yourself about the principles of data processing of the respective companies by means of the corresponding data protection declarations.
VIII. Your rights as a data subject
As a data subject, you are entitled to the rights set out below. These rights result from the provisions of the General Data Protection Regulation and are reproduced here in a partially simplified form.
1. Right to withdraw the declaration of consent
Pursuant to Art. 7 para. 3 GDPR, you have the right to withdraw your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until withdrawal is not affected. The right of withdrawal may be exercised by means of an informal declaration. A written declaration or alternatively an e-mail to the above contact address is sufficient.
2. Right of access
Pursuant to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data relating to you will be processed. If this is the case, you have a right to access to this personal data and the information specified in Art. 15 para. 1 GDPR. These include in particular the purpose of the processing, the categories of personal data concerned, the recipients to whom data have been or will be disclosed, as far as possible the envisaged duration of the storage or the criteria for the determination of the duration of the storage.
3. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to obtain from us the rectification of any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary statement.
4. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay. We are obliged to delete personal data immediately if one of the provisions of Art. 17 para. 1 GDPR applies. One of these reasons is that the data are no longer necessary for the purposes for which they are collected or otherwise processed.
5. Right to restriction of processing
Pursuant to Art. 18 GDPR, you have the right to obtain from us the restriction of processing if one of the conditions set out in Art. 18 GDPR applies. This includes, for example, that you contest the accuracy of the personal data. Then we may process the data only to a limited extent as long as it takes to verify the accuracy of the personal data.
6. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us in a structured, commonly and machine-readable format. You have the right to transfer this data to another data controller, i.e. another entity that processes the data, without hindrance, if the original processing was based on consent or was necessary for the execution of a contract.
7. Right to object
Pursuant to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you if these data are processed on the basis of Art. 6 para. 1 e) or f) GDPR and there are reasons arising from your personal situation. The processing of data for the purpose of direct marketing can be objected to at any time. Personal data will then no longer be processed for this purpose. The right to object may be exercised by means of an informal declaration. A written declaration or alternatively an e-mail to the above contact address is sufficient.
8. Automated individual decision-making, including profiling
According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or similarly significantly affects you. Art. 22 para. 1 GDPR provides for exceptions to this rule, whereby Art. 22 para. 4 GDPR again contains some exceptions to withdrawal.
9. Right of appeal to a supervisory authority
Pursuant to Art. 77 GDPR, you have the right, without prejudice to any other administrative or non-judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of this Regulation.
In the present case, the competent supervisory authority is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219, 10969
Berlin Telephone: 030/13 889-0
IX. Technical and organisational measures
We take technical and organisational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation or access by unauthorised persons. The measures are always adapted to the current state of the art.
Release December 2019