Tristone

Privacy Policy and GDPR

 


General information 


The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy. 


 


  1. Controller 

The controller responsible for the processing of personal data on this website is: 


Tristone Flowtech Holding SAS 

Rue du Tertre, ZI Nantes 

Carquefou Cedex, 44-474 

France 

And it’s subsidiaries. 

 

Operational headquarter: 

Tristone Flowtech Germany GmbH 

Amelia-Mary-Earhart-Strasse 11b 

65049 Frankfurt am Main 

Germany 

Phone: +49 69 904 300 0 

Email: info@tristone.com 

 


  1. Purpose of the Website 

This website is used to provide general information about Tristone Flowtech Group, our services, and job opportunities. It includes a contact option for job applicants to send their CVs, cover letters and other related documents. 


 


  1. Website Hosting 

Our website is hosted by the provider O2. 


Hosting provider: O2 data center  

Hosting provider's address: Praha 4, Michle, Za?Brumlovkou 266/2, PSC 14022, Czech Republic 

Hosting provider telephone number: +420720720720 

Hosting provider website: https://www.o2.cz/ 

The host provider processes personal data (such as IP addresses, form submissions, or CV uploads) on our behalf. A data processing agreement (DPA) is in place in accordance with Article 28 of the GDPR. 


 


  1. SSL or TLS encryption  

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties. 


 


  1. Data We Collect 

Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site. We will also collect personal data when you apply for a job. This may include your personal contact details and any information in the message or attachment that you send to us via the website. 


a) Technical Cookies 


We use cookies that are technically necessary to ensure the proper functioning of the website (e.g., to display pages correctly, manage language settings, or provide security features). 


b) Analytics Cookies 


With your consent, we use: 


  • Google Analytics 
  • Meta Analytics (e.g., Facebook Pixel) 

These tools help us understand how visitors use our website, improve its performance, and optimize content. Data may include IP address (in anonymized form), page views, time spent, and interactions. 


You can manage your cookie preferences via the cookie banner when visiting the site. 


 


  1. Job Applications 

If you apply for an open position via the website, your CV and any additional documents or information you provide will be processed for the sole purpose of the recruitment process. 


  • Purpose: Evaluation of qualifications, communication, and potential employment decisions 
  • Storage Location: On the host server provided by O2 data center, protected according to the organization's standard IT security practices 
  • Retention Period: Your data will be deleted 6 months after the end of the recruitment process, unless the process is still ongoing or longer storage is legally required 
  • Recipients: Your data will only be accessed by authorized employees involved in the recruitment process and will not be shared with third parties without your consent 

The information from your applications may be used in aggregated and anonymized statistics. 

 


  1. Automated Decision-Making 

We do not make decisions based solely on automated processing — including profiling — that produce legal effects or similarly significantly affect you in the context of job applications or general use of this website. Should such processing take place in the future, you will be informed accordingly and your rights under Article 22 GDPR will be respected. 


We use analytical tools such as Google Analytics and Meta Analytics to better understand how users interact with our website. These tools may involve limited profiling (e.g., grouping visitors by interest or geography) based on anonymized or pseudonymized data. This profiling has no legal or similarly significant effect on you and is conducted solely to improve our website performance and user experience. 


 


  1. Legal Basis 

We process your personal data based on: 


  • Art. 6(1)(f) GDPR – for technical cookies and basic website functionality (legitimate interest) 
  • Art. 6(1)(a) GDPR – for analytics cookies (consent) 
  • Art. 6(1)(b) GDPR – for job application processing (contractual/pre-contractual obligations) 

 


  1. Your Rights 

Right to Access – (Art. 15 GDPR) 


You have the right to obtain confirmation as to whether we process your personal data and, if so, to request access to the data and the following information: 


  • the purposes of the processing, 
  • the categories of personal data concerned, 
  • the recipients (or categories of recipients) to whom the data has been or will be disclosed, 
  • the envisaged period for which the data will be stored, 
  • the existence of your rights under the GDPR, 
  • information on the source of the data (if not collected from you), and 
  • whether your data is used for automated decision-making, including profiling. 

Right to Rectification – (Art. 16 GDPR) 


You have the right to request the correction of inaccurate or incomplete personal data that we hold about you without undue delay. 


Right to Erasure ("Right to be Forgotten") – (Art. 17 GDPR) 


You may request the deletion of your personal data if one of the following applies: 


  • the data is no longer necessary for the purposes for which it was collected, 
  • you withdraw your consent (where processing was based on consent), 
  • you object to the processing and there are no overriding legitimate grounds, 
  • the data has been unlawfully processed, 
  • the data must be erased to comply with a legal obligation. 

Please note that this right may be restricted in certain cases (e.g. due to legal retention obligations). 


Right to Restriction of Processing – (Art. 18 GDPR) 


You may request the restriction of processing where: 


  • you contest the accuracy of the personal data (for a period enabling us to verify the data), 
  • the processing is unlawful but you oppose erasure and request restriction instead, 
  • we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or 
  • you have objected to processing and verification of our legitimate grounds is pending. 

Right to Data Portability – (Art. 20 GDPR) 


Where the processing is based on consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit those data to another controller where technically feasible. 


Right to Object – (Art. 21 GDPR) 

If the processing of your personal data is based on our legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time to such processing on grounds relating to your particular situation. 

If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or the processing is for the establishment, exercise, or defense of legal claims. 

Right to Withdraw Consent – (Art. 7(3) GDPR) 


If your personal data is processed based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the legality of processing carried out before the withdrawal. 


 


How to Exercise Your Rights 


To exercise any of your rights listed above, please contact us at: 


dataprotection@tristone.com 


We will respond to your request within one month. If necessary, this period may be extended by two further months, depending on the complexity and number of requests. We will inform you of any such extension within one month of receiving your request. 


Designation of a data protection officer 


We have appointed a data protection officer for our company: 


CAD - Institut für Compliance, Arbeitsrecht und Datenschutz 

Jasmin Fladung und Armin Fladung GbR 

Phone: +49 69 904 300 100 

E-mail: dataprotection@tristone.com 

 


Right to Lodge a Complaint 


If you believe your data protection rights have been violated, you also have the right to lodge a complaint with the competent supervisory authority in your country of residence or with the supervisory authority responsible for our company. 


 


  1. Data Transfers to Third Countries 

Data may be processed outside the EU (e.g., by Google or Meta).  


These providers have committed to appropriate safeguards such as the use of Standard Contractual Clauses (SCCs). You can find more information in the privacy policies of Google and Meta


Data you share with us may also be processed outside the EU. This applies especially when you apply to an open position outside the EU or want to contact someone upon a purpose that is connected to someone or business outside the EU. Applications and requests inside the EU will not be transferred to non-European countries. 


 

  1. LinkedIn plugin  

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Any time you access one of our sites that contains functions of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited our websites with your IP address. If you click on LinkedIn’s "Recommend" button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to our website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn. The use of the LinkedIn plug-in is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in being as visible as possible on social media. For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy. 


 


  1. Google Maps  

Via an API, this website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6 Sect. 1 lit. f GDPR. For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.