Effective September 22, 2023

Protection of your privacy when processing personal data and the security of all business data is an important concern for us. Personal data is processed when you visit our websites. Personal data means any data by which you can be identified. In the following, we explain to you which data we process for which purpose.

The controller for data processing on these websites is:
Northrop Grumman LITEF GmbH
Lörracher Straße 18
79115 Freiburg
Germany

Telephone: +49 761 4901-0
Telefax: +49 761 4901-480
E-Mail: info@litef.de

You can contact the controller’s data protection officer by letter using the controller’s postal address and adding “data protection” or by sending an e-mail to datenschutz@litef.de.

What information do we collect?
The types of personal data of users of our websites include: contact information (e.g. name; address, telephone number and e-mail address); information on affiliation (e.g. company or organisation); log-on data for portal services (e.g. user name or password); other personal information included in the contents provided by users.

Server log files
When visiting the websites, we automatically collect and store information in so-called server log files which your browser automatically transmits to us. These include:

Browser type and browser version, the operating system used, referrer URL, host name of the accessing computer, time of the server query, IP address.

This data is not combined with other data sources.

The data is collected based on point (f) of Art. 6(1) of the GDPR. The website operator has a legitimate interest in presenting without any errors and optimising their websites – for this purpose, server log files must be collected.

Query by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your query including all personal data (name, query) resulting thereof will be stored and processed by us for the purpose of processing your request.

This data is processed if your query is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing, taking into account all data protection requirements, is based on our legitimate interest in effectively processing the queries we receive or on your consent if this was requested beforehand.

The data sent to us via contact requests will remain with us until you request its erasure, withdraw your consent to its storage or the purpose for which it was stored no longer applies (e. g. when your request was dealt with). Any mandatory statutory provisions – in particular statutory retention periods – remain unaffected by this.

Dealing with applicants’ data
You have the opportunity to apply with us (e.g. by e-mail, letter or the on-line application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We guarantee that collection, processing and use of your data are in accordance with applicable data protection law and all other legal provisions and that your data will be treated strictly confidential.

Data collection scope and purpose
When you provide us with an application, we process your personal data (e.g. contact and communication data, application documents, notes relating to job interviews etc.) to the extent necessary for deciding on whether to establish an employment relationship. The legal bases for this are § 26 of the BDSG [German Federal Data Protection Act] (employment initiation), point (b) of Art. 6(1) of the GDPR (general contract initiation) and – if you gave your consent – point (a) of Art. 6(1) of the GDPR. The consent may be revoked at any time. Your personal data will be passed on within our company exclusively to staff who are involved in the processing of your job application.

If your application is successful, data you submitted will be processed on our systems based on § 26 of the BDSG to execute an employment relationship and on point (b) of Art. 6(1) of the GDPR for the purpose of fulfilling an employment contract.

Retention period of data from the application procedure
If we can offer you no job, if you reject a job offer or if you withdraw your application, we reserve the right to store the data you transmitted with us based on our legitimate interests for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Subsequently the data is erased and physical application documents are destroyed. Retention particularly serves to procure evidence in the case of inquiries from authorities or defence against claims. If it is clear that the data will be required after the 6-month period expired (e.g. due to imminent or pending litigations), the data is erased only if the purpose of further retention no longer applies.

Retention for longer periods is also possible if you gave your consent accordingly (point (a) of Art. 6(1) of the GDPR) or if statutory retention obligations prohibit erasure.

Data protection information on the whistleblower form and the message function
To implement the requirements for the whistleblower system, we work together with Business Keeper GmbH, Bayreuther Str. 35, 10789 Berlin, Germany on the basis of order processing (Art. 28 DSGVO).
If you send us a message via the whistleblower form or message function, your entries from the form will be stored by us for the purpose of processing the notice.  You always have the option to submit the message without providing personal data.
The processing of this data is based on Art. 6 (1) lit. c DSGVO, provided that we are obliged to accept tips via a reporting office. In all other cases, the processing is based on our legitimate interest in effective communication and processing of the notices addressed to us (Art. 6 (1) (f) DSGVO).
The data you entered in the form will remain with us until the processing of the notification is completed, the purpose for data storage ceases to apply. After that, the data from the notification and processing will be stored for up to 3 years within the general limitation periods. The basis is the legitimate interest (Art. 6 para. 1 lit. f DSGVO) to defend against claims by third parties.

Analytics tools and marketing

Consent to cookies
On the website, an internally developed solution is used to show that we obtained the consents required when using cookies and tracking tools. When visiting our websites, a cookie is placed on your computer. This cookie is used to obtain the consent to the use of certain technologies required under the law. The legal basis is point (c) of Art. 6(1) of the GDPR.

Matomo (formerly Piwik)
These websites use the Matomo web analysis service. Matomo uses technologies which enable recognition of users across several websites for the purpose of analysing the user behaviour (e. g. cookies or device fingerprinting). The data collected by Matomo about the use of these websites is stored.

With the help of Matomo, we are able to collect and analyse anonymised data about how website visitors use our websites. This enables us, for example, to determine the time at which a page was accessed in which region and to measure whether our websites'  visitors perform certain actions or how often they access certain pages.

Use of this analysis tool is based on the legitimate interests of the website operator as the controller. There is a legitimate interest in anonymised analyses of the user behaviour in order to optimise the websites in the form of advertising. If a corresponding consent was requested (e. g. consent to the storage of cookies), the processing will be carried out exclusively based on this consent. The consent may be revoked at any time.

For analyses by Matomo, we use IP anonymisation. Your IP address will be shortened before the analysis so that it is no longer clearly assignable to you.

We use the “Matomo Cloud” service provided by InnoCraft. For this purpose, we concluded a data processing contract which guarantees that data collected by using Matomo is exclusively processed in accordance with our instructions and the GDPR.

Retention period
If no more specific storage period was specified in this Privacy Policy, your personal data remains with us until the data processing purpose no longer applies. If you make a legitimate request for erasure or revoke your consent to data processing, your data will be erased if we have no other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be erased once these reasons no longer apply.

Encryption
These websites use SSL and/or TLS encryption for security reasons and protecting transmission of confidential contents.

Data processing by social networks

Legal basis
Our social media appearances are intended to guarantee as comprehensive an Internet presence as possible. This constitutes a legitimate interest within the meaning of point (f) of Art. 6(1) of the GDPR. The analysis procedures initiated by the social networks may be based on deviating legal bases which need to be stated by the social network operators (e.g. consent within the meaning of point (a) of Art. 6(1) of the GDPR).

Controller and exercise of rights
If you visit any of our social media appearances, we are responsible for the data processing operations triggered by this visit jointly with the social media platform operator. You can generally invoke your rights (access, correction, erasure, restriction of processing, data portability and complaint) against both, us and the operator of the respective social media portal.

Please note that, despite our joint responsibility with the social media portal operators, we cannot fully influence the data processing operations performed by the social media portals. Our options significantly depend on the corporate policy of the respective provider.

Retention period
The data directly collected by us via the social media presence is erased from our systems as soon as you demand that we erase it, you revoke your consent to storage or the purpose for the data retention no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – particularly retention periods – remain unaffected.

We have no influence on the storage duration of your data which is stored by the social network operators for their own purposes. You can obtain more details directly from the social network operators (e.g in their privacy statement, see below).

Social networks in detail

Linkedin
We have a LinkedIn profile. This is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses promotional cookies.

To disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The transfer of data to the United States is based on the EU Commission Standard Contractual Clauses. For details, please refer to www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

You can find details on its handling of your personal data in LinkedIn’s privacy statement: https://www.linkedin.com/legal/privacy-policy.

Vimeo
This website uses plug-ins from Vimeo, a video portal. The provider is Vimeo, Inc., 555 West 18th Street, New York, New York 10011, United States.

If you visit one of our pages containing a Vimeo video, a connection to Vimeo’s servers will be established. In this way, the Vimeo server receives information about which of our web pages you have visited. Vimeo also obtains your IP address. This applies even if you are not logged on to Vimeo or do not have an account with Vimeo. Information gathered by Vimeo is transmitted to the Vimeo server located in the US.

If you are logged on to your Vimeo account, you allow Vimeo to directly associate your surfing behaviour with your personal profile. You can prevent this by logging off from your Vimeo account.

Vimeo uses cookies or similar recognition technologies (e.g. device fingerprinting) to recognise website visitors.

Our use of Vimeo is in the interest of an appealing presentation of our on-line services. This constitutes a legitimate interest within the meaning of point (f) of Art. 6(1) of the GDPR. If a corresponding consent was requested, the processing will be carried out exclusively on the basis of point (a) of Art. 6(1) GDPR; the consent can be revoked at any time.

The transfer of data to the United States is based on the EU Commission’s standard contractual clauses and, according to Vimeo, on “legitimate business interests”. For more details, please refer to: https://vimeo.com/privacy.

You can find further information about how user data are handled in Vimeo’s privacy policy at: https://vimeo.com/privacy.

Cloudflare

We use the service "Cloudflare". The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Cloudflare offers a globally distributed content delivery network with DNS. This technically transfers the information between your browser and our website via Cloudflare's network. This enables Cloudflare to analyze the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described herein.

The use of Cloudflare is based on our legitimate interest in the most error-free and secure provision of our web offer (Art. 6 para. 1 lit. f GDPR).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.cloudflare.com/privacypolicy/ .

Further information on the subject of security and data protection at Cloudflare can be found here: www.cloudflare.com/privacypolicy/ .

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which guarantees compliance with European data protection standards for the processing of data in the USA.  Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active

Your rights

Withdrawal of your consent to data processing
Many instances of data processing are possible only with your express consent. You can withdraw any consent already given at any time. You can do this by sending us an informal message by email. The withdrawal of consent shall not affect the lawfulness of data processing based on consent before its withdrawal.

Right to object to data collection in special cases and to direct marketing

If the data is processed for the purpose of performing a task in the public interest or on the basis of the controller’s legitimate interests, you have the right to object to the processing of your personal data at any time; this applies also to profiling based on these provisions. If you object to this, we will no longer process your personal data affected, unless we have proof of compelling and legitimate grounds for processing which prevail over your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object to the processing of your personal data for the purposes of such marketing at any time, including profiling in connection with such direct marketing. After you objected, your personal data will no longer be used for the purpose of direct marketing.

Right to lodge a complaint with the competent supervisory authority

In the case of violations of the GDPR, the data subjects have a right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the suspected violation. The right to lodge a complaint is without prejudice to any other administrative or legal remedies.

Right to data portability

You have the right to receive the data which we process automatically based on your consent or in the performance of a contract or have it transmitted to a third party in a commonly used, machine-readable format. Where you request the direct transmission of the data to another controller, this will be done only where technically feasible.

Right to information, blocking, erasure and correction

Under applicable legal provisions, you have the right, at any time and free of charge, of access to your personal data stored by us and to information about its source and recipients and the purposes of the data processing and, where appropriate, a right to rectification, blocking or erasure of this data. Regarding this and other questions concerning personal data, you can contact us at any time at the address given in the legal notice.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. According to this, such data may be processed – apart from its storage – only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to marketing e-mails

We hereby object to the use of our contact details, as published under the obligation to provide a legal notice, for sending us marketing and information materials not expressly solicited by us. The owners of these websites reserve the right to take legal action in the event of being sent unsolicited marketing information, for example in the form of spam emails.

Links to other websites

Our websites may contain links to other websites for reasons of convenience and for further information. These websites may be operated independently of us. Linked websites may have their own privacy policies or terms, which you should definitely check. If we do not own or manage such linked websites, we are not responsible for the content of these websites, their use or their data protection measures, even if our websites directly refer you to such linked websites.