1. About us
We, HOERBIGER Holding AG are responsible for the collection, processing and storage of your data. You can find details about us in our imprint (impressum) at any time.
The careful handling of your personal data has the highest priority for us. In processing, we comply with the statutory provisions, as well as the General Data Protection Regulation (GDPR) and the respective national provisions.
This data protection declaration applies to all websites of our company that can be accessed under our domain www.hoerbiger.com. If you switch to websites of other operators within the scope of our offer, their own data protection regulations apply, for the content of which the respective operators of these websites are responsible.
Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, you will find below an overview of all our services in the context of which we collect and process personal data.
If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service (e.g. for newsletter subscription).
We also take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.
2. Why we process your data
You can use our websites without disclosing your identity. If you wish to contact us, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.
Your personal data is collected and processed for the following purposes on the basis of the following legal bases or the corresponding provisions of Swiss data protection law:
- Supplier management in accordance with Art. 6 (1) 1 lit. b) and c), f) GDPR
- communication and data exchange pursuant to Art. 6 (1) lit. a), b), c), f) GDPR
- external presentation and advertising pursuant to Art. 6 (1) lit. a), f) GDPR
- Implementation of declarations of consent pursuant to Art. 6 (1). 1 lit. a) GDPR
- Ensuring the proper operation of a data processing system in accordance with Art. (1) lit. c) and f) GDPR
- Applicant selection procedures within the framework of personnel and resource management on the basis of Art. 6 (1) lit. a), b) GDPR if need be in conjunction with 26 BDSG-Neu (Germany) or other applicable national regulations
3. What data we collect and process from you
We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes, for example, information such as your name, your address, your telephone number and your date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you - such as the popularity of individual websites of our offer or the number of users of a page – does not qualify as personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimizes the use of our services for you, yet is not necessary. Corresponding data fields are marked as 'voluntary'.
The data collected immediately include:
- Candidate data, for the execution of our online application procedure
- Data that you actively and consciously transmit to us when using our services, e.g. by the use of our contact form,
- Data that you actively and deliberately transmit to us as part of the use of our services, further data that you voluntarily transmit to us, e.g. data fields that you have filled in and marked as 'voluntary’
In addition, data about you is collected indirectly when using our services:
- Technical connection data, e.g. the page called up on our website, your IP address, shortened by the last three digits, date and time of the call, terminal device used, browser configuration data.
- Data collected in the context of website tracking.
Minors: Our website is not directed at minors and we do not knowingly collect personal data from minors.
If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian has consented or has consented to the consent of the minor. For this purpose, the contact data of the legal guardian must be communicated to us in accordance with Art. 8 (2) GDPR in order to convince us of the consent or the consent of the legal guardian. These data as well as the data of the minor will then be processed in accordance with this data protection declaration.
If we determine that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, we will delete the data immediately.
4. Who has access to your data and to whom we transfer your data
Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.
If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.
We also use service providers to provide services and process your data (including hosting, sending letters or e-mails, maintaining and analysing databases, securing our web servers or website tracking). Insofar as these special provisions apply, we have carried them out for you in the following way for the respective service. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.
b) Data exchange within the group of companies
Data exchange within the group of companies to which we belong usually takes place within the EU/EEA and only serves internal administrative purposes. Insofar as personal data is transferred to third countries, this will take place on the basis of the EU Standard Treaty 2010 pursuant to Art. 46 (2) lit. c) GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU). By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.
c) Transfer to third countries and legal basis
The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data are adequately protected. We expressly point this out to you again within the scope of the individual services.
Insofar as personal data is transferred to third countries, this is done on the basis of the EU Commission's decision on appropriateness to the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Contractual Clauses 2010 pursuant to Art. 46 (2) lit. c GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or your consent pursuant to Art. 49 (1) lit. a) GDPR.
d) Transmission to law enforcement and criminal investigation authorities
In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.
5. Storage periods
We store personal data within the framework of legal regulations or your consent. We use the following criteria to determine the concrete storage period:
We store the personal data until the purposes for which they were collected cease to apply (e.g. at the end of a contractual relationship or through the last activity, if no continuing obligation exists, or in the case of a revocation of your consent for the specific data processing).
Further data will only be stored if
- legal storage obligations (e.g. according to tax law and national trade laws) exist;
- the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
- the deletion would be contrary to the legitimate interest of the data subjects;
- another exception pursuant to Art. 17 (3) GDPR applies.
6. Your rights
You have a number of legal rights to which we would like to draw your attention below. Of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed using the contact details given below.
a) Right to information and data transferability
You have a right of information about the personal data we process concerning you at any time.
If the data processing is based on your consent or according to Art. 6 (1) lit. b) GDPR on a contract, you can also demand in accordance with Art. 20 (1) GDPR to receive the personal data stored about you in a structured, current and machine-readable format. At your request, we will also forward the data directly to the recipient of your choice.
b) Right to rectification, restriction and deletion
Furthermore, in accordance with Articles 16 to 18 GDPR, you can request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.
c) Rights of objection
If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, you may object to this processing pursuant to Art. 21 (1) GDPR. Then we will stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 (2) GDPR.
d) Right of revocation
If you have allowed us to process your personal data by giving your consent, you have a right of revocation with effect for the future pursuant to Art. 7 (3) GDPR.
e) Right of appeal to the Supervisory Authority
You are free to complain to a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws.
f) Contact information
To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:
HOERBIGER Holding AG
6302 Zug, Switzerland
Tel. +41 (0) 41 560 1000
DPO for the German companies
Holger Heimann Einsteinstr.55/OG.5
89077 Ulm, Germany
+49 (0) 73120589-24
Chairman of the board: Dr. Thorsten Kahlert
Chairman of the Supervisory Board: Dr. Martin Komischke
7. Use of our website - profiling, cookies and web tracking
a) Basic information on cookies and opt-out options
We use so-called cookies in some areas of our website, e.g. to recognize the preferences of visitors and to be able to design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor's hard drive of the used device. They allow information to be stored for a certain period of time and to identify the visitor's computer. For better user guidance and individual service presentation, we use permanent cookies.
We only set non-technically necessary cookies after your express consent, which you can of course revoke at any time.
As part of our cookie information on our website, you have agreed to the following statement in this regard:
Please also note that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bound, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links in the description of the respective service below.
The following cookies are used by us – with your consent and without having set one or more opt-out cookies - for the described purposes:
b) Matomo Web Tracking (formerly called Piwik)
On this website, using the web analysis software Matomo (www.matomo.org), certain user information is collected and stored. From this information, pseudonymized usage profiles can be created and evaluated.
The following data is collected and stored under a visitor ID (config_id):
- Two bytes of the IP address of the user's calling system
- Website called up, date and time of call-up
- Website from which the user has reached the called website (referrer)
- Subpages and external pages called up as well as downloaded content
- Time spent on the website and loading times of the pages displayed
- Screen resolution, browser language and browser type
- System time and approximate location (country, region, city, longitude/latitude)
The information collected using Matomo technology is processed exclusively on our servers in the EU. The data is not passed on to Matomo or other third parties.
Matomo recognizes returning users with the help of a so-called config_id. This is a random string of characters that is calculated using the first 2 bytes of the IP address, as well as the browser plugins, the operating system and the selected browser language of the user and then hashed. The ID is deleted and recreated after 24 hours, so that the user cannot be recognized by the website on subsequent visits. Analysis data is aggregated in evaluation reports and stored for 2 years.
Matomo is set so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (Ex: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling end device is no longer possible.
The legal basis for the processing is Article 6 (1) sentence 1 lit. f) GDPR. The processing serves to protect the legitimate interests of the controller in the evaluation of website usage for optimization purposes. These legitimate interests in the evaluation of usage for improving the offer are not regularly opposed by the rights and freedoms of the data subjects, as we have strictly regulated the evaluation contractually and technically. Due to the economical data collection and pseudonymized evaluation, traceability to individual natural persons is practically excluded. Since in this respect there are purely theoretical possibilities of impairing the interests of data subjects and even this theoretical possibility does not indicate any potential for abuse on the basis of the content we offer, the interests of data subjects do not conflict with our evaluation interests.
You can object to the storage and evaluation of the information from your visit at any time by clicking on the mouse. In this case, a so-called opt-out cookie will be stored in your browser, with the consequence that Matomo will not collect any session data. Please note that if you delete your cookies, the opt-out cookie will also be deleted and may have to be stored again.
General information on data protection at Matomo: https://matomo.org/docs/privacy/
c) Social Media Buttons
We use the social media plugin from LinkedIn on our website.
If you visit our website at the same time in the social network of the provider or the social media plugin, a direct connection is established between your browser and the pages of the corresponding provider, which may collect personal data (IP address) and other information about you that can be condensed to a personal date (e.g. browser system configuration, movement and usage data).
As this transmission is direct, we are not aware of the transmitted data and processing procedures. Responsible for these data within the meaning of Art. 4 No. 17 GDPR is solely the respective provider.
Therefore, the so-called 2-click model was installed on our website, i.e. the social media plugins are first of all online deactivated buttons that do not make contact with the servers of the respective providers. Only when you have activated these and thus really agreed to communicate with the provider, the data can actually be collected by him.
By pressing the deactivated button again, you consent to the transmission of the data to LinkedIn.
Recipient of the data: LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
8. Supplementary notes and provisions on individual services
a) Supplier portal
As a supplier you have the opportunity to register with us on our website. During the registration process you will be automatically redirected to the website of our partner JAGGAER Direct AG. The data protection regulations of our partner apply in the following. We are pleased that you would like to register as a supplier for HOERBIGER. Please fill out the following registration form to receive a login. You will then be asked to maintain your company profile, which will be forwarded to the responsible purchaser and checked. If HOERBIGER is interested in your company, you will receive an invitation to complete a detailed supplier self-assessment, which triggers an internal release process. After your company has been approved, you will be accepted by us as a supplier and can be considered for inquiries from now on.
b) Online application
We offer you the opportunity to apply to us online by e-mail. The transmission of the e-mail as well as the sent file attachments takes place via the Internet and is therefore unencrypted without the use of additional tools. Your electronic application data will be received by the relevant personnel department and only forwarded to the department responsible for the respective position or to the persons in charge of processing. The data is managed internally in Lumesse. The contractual relationships with Lumesse are protected under data protection law. All parties involved treat your application documents with the necessary care and with absolute confidentiality.
HOERBIGER is an international company with employees working together in their functions on a cross-border basis. We would like to point out that it is possible that persons who have their place of work in countries outside the European Union may be involved in the selection process when filling positions with an international reach. It is therefore also possible that in such cases the candidate information will be transferred to countries outside the European Union during the selection procedure. In these cases, however, we have ensured that an adequate level of data protection has been established in accordance with the General Data Protection Regulation.
After completion of the applicant selection process, we will keep your application documents for another 6 months and then delete them or destroy any copies, unless we have concluded an employment contract with you. If we want to include your application documents in our pool of applicants, we will contact you to that effect. In the notification, you can actively consent to the further storage of your documents.
Please note that applications that you send us by e-mail will be sent to us unencrypted. We therefore recommend the use of encryption software.
c) Data processing for direct marketing purposes
To the extent permitted by law, we may also use your name and the postal address known to us to send you advertising for our own offers. The legal basis is Art. 6 (1) lit. f) in conjunction with Recital 47 GDPR. Our legitimate interest is to promote sales or demand from our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will be kept for another 6 years in accordance with Art. 17 (3) lit. e) GDPR. During this period, however, your personal data will be blocked for further processing.
To the extent permitted by law, we may also use your name, company affiliation and telephone number provided to inform business customers about our own offers, assuming your presumed interest. The legal basis is Art. 6 (1) lit. f) in conjunction with Recital 47 GDPR, § 7 (2) No. 2 UWG (Germany), or the respective applicable national regulations. Our legitimate interest is to promote sales or demand from our existing business customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will be kept for another 6 years in accordance with art. 17 (3) lit. e) GDPR. During this period, however, your personal data will be blocked for further processing.
You have the option of registering for HOERBIGER webinars during your visit to our website or via other channels. For this purpose, we first require the data marked as mandatory fields in the registration process. This data is processed on the basis of Art. 6 para. 1 p. 1 lit. b DSGVO, or used in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO for the purpose of contacting you, if necessary.
In addition, you can decide for yourself whether you wish to provide us with further information. This information is provided voluntarily and is not mandatory for registration. We process your voluntary information on the basis of your consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO. Your data will only be processed for the purpose of handling your registration. We delete your data if it is no longer required and there are no legal retention obligations to the contrary.
Insofar as the data processing is based on Art. 6 para. 1 p. 1 lit. f DSGVO, you can object to the processing at any time. In addition, you can revoke your consent to the processing of voluntary data at any time. To do so, please contact: firstname.lastname@example.org.
At your express request, we will send you our monthly newsletter with information about our products. Please note that the delivery can only take place if you have again expressly confirmed your subscription request within the scope of our double opt-in procedure.
The personal data collected as part of the newsletter registration will be used exclusively for sending and personalizing the newsletter (e.g. to address you by name). You can revoke your consent to the storage of personal data that you have given us for newsletter dispatch at any time with effect for the future. For the purpose of revoking consent, each newsletter contains a corresponding link; alternatively, you are also welcome to contact us directly at email@example.com so that we can implement your revocation. We have provided you with details of the consent given to us again in the double opt-in email.
9. Social networks
We would like to point out that social networks used by our company are just another of several options for contacting us or receiving information from us. You may also find the information communicated in our social networks for example in our website: www.hoerbiger.com In an agreement pursuant to Art. 26 (1) of the GDPR – if available -, we and the platform operator have determined who fulfils which obligation pursuant to the GDPR. The platform operator makes the essential contents of this agreement available to the data subjects. We have no influence whether and how the platform operators effectively process personal data (Source, Purpose, Retention, Deletion, Publication, Transfer, Profiling). We also have no possibility to effective control the operator in this respect. For information about the use of your personal data by the platform operators, please read the data privacy notice of the respective social network (see Section 10).
Categories of data subjects
Registered and unregistered visitors of our fan page in the social network. We point out to the data subjects that they use the social network and its functions on their own responsibility. This applies especially to the use of the interactive functions (e.g. sharing, rating).
Origin of the data
We receive the data from the data subjects directly or from the platform operator.
Categories of personal data:
Data that we process from registered visitors to our fan page:
User ID or user name under which the data subjects have registered, released profile data (name, e-mail address, telephone number), ProFinder profile data, education, professional experience, salary expectations, photo, location data, knowledge and confirmation of knowledge, professional achievements (e.g. patent grant, professional recognition, projects), special categories of personal data – if applicable – as for example religious affiliation, other data and content that is published, provided, distributed, posted or uploaded freely by the data subjects at LinkedIn or via their LinkedIn account.
Otherwise, we only process pseudonymous data such as statistics and insights into how our fan page, the posts, pages, videos and other content provided on it interacts (page activity, page views, "Like" information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements of...
the non-personal or pseudonymised data cannot be combined by us with the corresponding attribution feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who remain anonymous to us. Data that we process from non-registered visitors to our fan page:
Pseudonymized data such as statistics and insights into how people interact with our fan page, contributions, pages, videos and other content provided on it (page activity, page views, "Like" information, reach, general demographic, location and interest information on age, gender, country, city, town, language), evaluations of the success and background of our advertisements, other analyses and measurements of...
The non-personal and pseudonymised data cannot be combined by us with the corresponding attribution feature (e.g. IP address, name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us. Data that the platform operator processes about registered and non-registered visitors and website visitors including profiling The platform operator may use various analysis tools for evaluation. We have no influence on the use of such tools by the platform operator: we have not commissioned, approved nor been informed about such potential use. We do not get the data obtained during the analysis. Finally, we have no way of preventing or stopping the use of such tools on our fan page, nor any other effective means of control.
Data that we process from our website visitors (LinkedIn):
By integrating the LinkedIn/Xing button (pure link) or the tweets on our website, no IP addresses of our website visitors are transferred to the platform operator.
Legal basis of the data processing and purposes
We process the data on the basis of the following legal bases: art. 6.1(a) GDPR (Consent of the data subjects); if applicable, art. 6.1(b) GDPR (Performance of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject); art. 6.1 (f) GDPR legitimate interest:
- Simplification of communication and data exchange by complementing existing communication channels such as the website, press releases, print products and events with the fan page
- Promotion of the sales of our products and services or the demand as well as the recruitment of new staff by transparent appearance and regular contributions
- Optimization of our fan page
And for the following purpose: Public image and advertising, Communication and data exchange, Event Management and if applicable, contract initiation and processing.
We process special categories of personal data, if at all, only on the basis of the following legal bases: art. 9 para. 2 lit. a) GDPR: Consent of the data subject and art. 9 para. 2 lit. e) GDPR: The data subject has made public his/her personal data.
Retention The storage and deletion of data is the duty of the platform operator in accordance with the joint control agreement in the sense of Art. 26 para. 1 GDPR. The information on this can be found in the respective data privacy notice of the platform operator (see Section 10).
Categories of recipients Only our employees and service providers who maintain our fan page and need the data for the above-mentioned purposes have access to the data processed by us. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered and possibly also non-registered visitors.
Data transfers to third countries If the data subjects post their data publicly on our fan page, they can be accessed by other registered and possibly also unregistered visitors worldwide.
LinkedIn: As part of the operation of our fan page, the data is processed by the respective social network. The platform operator will transfer the data to the United States, Ireland and any other country in which the platform operator does business, regardless of the residence of the data subjects, and will store and otherwise process the data there. The data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR. Nevertheless, the data transfers to the Unites States probably takes place without an adequate level of data protection, due to the decision of the European Court of Justice on the invalidity of the privacy shield. Your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union are not adequately protected in the USA. We are therefore currently working on a solution.
10. Controllers with whom our social network accounts ("Fan pages") are jointly operated ("Platform operators")
LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 9, USA EU /EEA/SUI: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin, Ireland 4085
DATA PROTECTION AUTHORITY
Data Protection Commission 21 Fitzwilliam Square, Dublin 2 D02 RD28, Ireland Webadresse: https://www.dataprotection.ie/en/contact/how-contact-us
DATA PROTECTION OFFICER
Data Privacy Notice:
Contact according to art. 26 GDPR:
XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
DATA PROTECTION AUTHORITY
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit Ludwig-Erhard-Str 22, 7. OG., 20459 Hamburg, Deutschland Tel.: 040 / 428 54 4040. Fax: 040 / 428 54 4000 / E-Mail: firstname.lastname@example.org
DATA PROTECTION OFFICER
https://www.xing.com/support/contact Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany Tel.: +49 40 419 131-0 / Fax: +49 40 419 131-11 / E-Mail: Datenschutzbeauftragter@xing.com
Data Privacy Notice:
Contact according to art. 26 GDPR:
Not available yet.