Data protection

General information and mandatory information on data protection
The operators of this website take the protection of your personal data very seriously. Your personal data will be treated confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you visit this website, various personal data is collected. This is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also provides information on how and for what purpose this is done.

Responsible body and contact details
The responsible body for data processing on this website is:

Graute GmbH
Im Südfeld 64 - 66
48308 Senden
Telephone: +49 25 36 / 45 20 - 100
Email: info@grautegmbh.de
Website: www.grautegmbh.de

Contact details of the data protection officer:

André Korte
DSB Münster GmbH
Martin-Luther-King-Weg 42-44
48155 Münster
Tel: +49 25 17 / 18 79 - 0
Email: datenschutz@dsb-ms.de

SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http //" to "https //" and by the lock symbol in your browser line.

Information, blocking, deletion
In accordance with the General Data Protection Regulation (GDPR), you have the following rights with regard to the processing of your personal data by us:

  • Right to withdraw consent
  • Right to information
  • Right to rectification or erasure
  • Right to object to processing
  • Right to data portability, i.e. to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format
  • Right to restriction of processing

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
The competent supervisory authority for data protection issues is: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax
Email: poststelle@ldi.nrw.de

We recommend that you address any complaints directly to our data protection officer. You will find the contact details above under "Information on the responsible body" on this page.

Data collection on our website

External hosting
Our website is hosted by an external service provider. The provision of server resources includes technical infrastructure, storage space and database services, as well as security and maintenance services. The hosting provider processes personal data exclusively in accordance with our instructions within the framework of a data processing agreement in accordance with Art. 28 GDPR.

This includes the processing of access data such as IP address, date and time of access, browser information, operating system, previously visited page and other technical information necessary for the secure operation of the website. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR, as we have a legitimate interest in providing our website in a secure, stable and efficient manner. Where legal requirements exist, additional requirements from the TDDDG are also taken into account.

If AI-supported security mechanisms are used in the context of hosting, processing is carried out in accordance with the EU AI Regulation.

We use the following hosting provider:
IONOS SE
Elgendorfer Str. 57
56410 Montabaur

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The storage period is based on technical requirements and legal provisions for IT and operational security.

Server log files
When you use the website for informational purposes only, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6(1)(f) GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

This information is automatically stored in log files and deleted after seven days at the latest. Any further storage is only carried out in anonymised form, so that no conclusions can be drawn about a person. The legal basis for processing:

  • Technical access in accordance with Section 25 (2) No. 2 TDDDG: The storage and retrieval of information on your end device is technically necessary in order to provide the website as an expressly requested telemedia service.
  • Processing of personal data in accordance with Art. 6(1)(f) GDPR: The processing of IP addresses and other personal access data is based on our legitimate interest in the security, functionality and stability of our online offering.

There is no right to object in this respect, as processing is essential for the technical provision of the website.

Use of cookies
Our website uses cookies to implement certain technical functions, analyse usage and make the online offering more user-friendly. Cookies are small text files that are stored in the browser or on the user's device.

We use technically necessary cookies. These are required to provide the basic functions of the website. They enable, for example, the storage of language settings or the maintenance of an active session during page changes.

The legal basis for the use of technically necessary cookies is Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) No. 2 TDDDG, as these cookies are technically necessary for the provision of our telemedia service and thus serve our legitimate interest in the secure and functional operation of the website.

Data transfer to third countries
Personal data will only be transferred to third countries outside the EU or the EEA if there is an adequacy decision by the European Commission or suitable safeguards in accordance with Art. 46 GDPR.

Deletion or blocking of data
We adhere to the principles of data avoidance and data minimisation. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the various storage periods stipulated by law. Once the respective purpose has ceased to apply or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

Profiling
We do not carry out profiling or automated decision-making within the meaning of Art. 22 GDPR. Your personal data will not be used to create personal profiles or to make decisions automatically.

Processing of personal data within the company

Contacting us by e-mail
If you contact us by e-mail or telephone, we will process the personal data you provide solely for the purpose of processing your enquiry and performing technical administration. The data processed includes the contact information you provide and the content of your message.

Processing is based on Art. 6 (1) lit. b GDPR, provided that your enquiry concerns the conclusion or preparation of a contract. In all other cases, we base the processing on Art. 6 (1) lit. f GDPR, as we have a legitimate interest in reliably processing enquiries.

Your data will not be passed on to third parties. Your data will be deleted as soon as your enquiry has been answered conclusively, provided that there are no legal retention obligations.

Processing of applicant data
When you apply for a job with us, we process the personal data you provide in order to carry out the application process. Applications can be submitted by email or post. The data processed includes, in particular, your contact details, cover letter, CV, references and other information you provide us with as part of your application.

The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as the data is necessary for the decision on the establishment of an employment relationship. We use technical and organisational measures to ensure the security of your data during transmission and internal processing.

Your data will only be passed on internally to the persons responsible for the application process. It will not be passed on to third parties.

We store application documents for as long as is necessary for the application process. If no employment relationship is established, we delete the data no later than six months after completion of the application process, unless there are legal retention obligations or you have given us your consent to store the data for a longer period.

You can contact us at any time to find out how your data is being processed or to request the deletion of your application documents, provided there are no legal reasons to the contrary.

Processing of employee data
We process the personal data of our employees within the scope of the employment relationship. This includes, in particular, master data such as name, contact details, date of birth, employee number, contract data, remuneration details, working hours and information on holiday and absence periods. Depending on the job, additional data may be processed, such as qualification certificates, assignment or travel data and technical usage data from IT systems used.

Processing is carried out on the basis of Art. 6 (1) (b) GDPR, as the data is necessary for the performance of the employment relationship. We also process data when there are legal obligations, such as tax or social security requirements.

Within the company, the data is only made available to those departments that need it for their tasks, such as the human resources department, management, payroll accounting, IT administration or resource planning. Data is only passed on to third parties if this is required by law or necessary to fulfil contractual or legal obligations, for example to social security institutions, tax authorities or external service providers within the scope of order processing in accordance with Art. 28 GDPR.

We store the data for as long as is necessary for the performance of the employment relationship and for the fulfilment of statutory retention obligations. After termination of the employment relationship, we delete the data as soon as there are no legal reasons for further storage.

Processing of customer data
We process our customers' personal data in order to provide our services, process orders, communicate and comply with legal requirements. The data processed includes contact details, contract and order information, billing data and technical usage data generated when using our systems or digital services.

Processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the performance of the contractual relationship. In addition, we process data if there are legal obligations, for example due to tax or commercial law requirements. Where relevant, we also take into account the requirements of the TDDDG, in particular when communication services or digital platforms are used.

Data is only made available to internal departments that need it to perform their tasks, such as administration, sales, billing, support or IT. Data is only passed on to external service providers if this is necessary for the performance of the contract or if we are legally obliged to do so. External service providers are contractually bound in accordance with Art. 28 GDPR.

We store customer data for as long as is necessary for the performance of the contract and the fulfilment of subsequent statutory retention obligations. We then delete the data unless there are reasons for further storage.

Processing of supplier data
We process personal data of our suppliers and their contact persons for the purpose of establishing and conducting business relationships, processing orders and ensuring internal and external communication. This includes contact details, contract and billing information, delivery and service data, and technical information, provided that digital systems or portals are used.

Processing is carried out on the basis of Art. 6 (1) (b) GDPR, as it is necessary for the implementation of pre-contractual and contractual measures. We also process data if we are legally obliged to do so, for example due to tax or commercial law requirements.

Internally, the data is only passed on to those departments that need it to perform their tasks, such as purchasing, administration, billing or IT. External service providers are only involved if this is necessary, for example within the framework of a data processing agreement in accordance with Art. 28 GDPR.

We store the data for as long as is necessary for cooperation and to fulfil statutory retention obligations. We then delete the data unless there are legitimate reasons for storing it for longer.

Changes to our data protection provisions
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, for example when introducing new services. The new privacy policy will then apply to your next visit.

As of: December 2025