Privacy Policy
As of July 2020
1. Data protection at a glance
General
When you visit this website, your personal data is processed. Personal data is any data that can be used to identify you personally. The following information explains what data we collect and for what purpose. For detailed information on data protection, please refer to our privacy policy listed below this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the legal notice on this website.
How do we collect your data?
On the one hand, your data is collected when you voluntarily provide it to us. This may include data that you submit to us as part of an application.
On the other hand, data is automatically collected by our IT systems when you visit this website. This is mainly technical data, e.g. internet browser, operating system type and version, time of access and IP address.
What do we use your data for?
Some of the data is collected to ensure the error-free provision of the website and the security of our website.
Another part of the data may be used to analyse your usage behaviour and for statistical evaluation of your interests.
What rights do you have in relation to your data?
You have the right to obtain information free of charge at any time about the purpose, categories of personal data processed, recipients, duration of storage and origin of the data stored about you.
You also have the right to request the correction of inaccurate data and/or the deletion or restriction of processing. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
2. General information and mandatory information
Data protection
The operator of this website takes the protection of your personal data very seriously. We treat your personal data as strictly confidential and in accordance with the statutory data protection regulations and this privacy policy.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.
Information on the responsible body
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
The responsible body for data processing on this website is:
H&Z Group GmbH
Max-Joseph-Straße 6
80333 Munich
Email: hq@hz.group
Data protection
You can contact our company data protection officer at:
José Reyes Schmitt
Email: Datensicherheit@hz.group
Withdrawal of consent to data processing
Many data processing operations are only possible with your express consent.
You can withdraw your consent at any time. To do so, simply send us an informal email.
Your revocation does not affect the lawfulness of the processing carried out on the basis of your consent until revocation.
Right to lodge a complaint with the competent supervisory authority
If you believe that the processing of personal data relating to you violates data protection regulations, you have the right to lodge a complaint with the competent supervisory authority.
As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our law firm’s registered office (State Commissioner for Data Protection and Freedom of Information Bavaria). A list of state data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to data portability
You also have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract transferred to yourself or to a third party in a structured, commonly used and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.
SSL or TLS encryption
In compliance with data protection regulations pursuant to Art. 32 GDPR, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Analysis tools and third-party tools
When you visit our website, your surfing behaviour may be statistically evaluated. This is done in particular through the use of cookies and so-called analysis programmes. The analysis is anonymous, so that your surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
Transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, the transfer will only take place in compliance with the legal requirements.
If the transfer of data to a third country is not necessary for the fulfilment of our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defence of legal claims and no other exception under Art. 49 GDPR applies, we will only transfer your data to a third country if an adequacy decision pursuant to Art. 45 GDPR or suitable safeguards pursuant to Art. 46 GDPR are in place.
One of these adequacy decisions is Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the so-called ‘EU-US Privacy Shield’ for the USA. For transfers to companies certified under the EU-US Privacy Shield, the level of data protection is generally considered adequate within the meaning of Article 45 GDPR.
Right to information, correction, deletion, restriction, objection
You have the right to obtain, free of charge, information about your personal data processed and stored by us, the purposes of data processing, the categories of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details. To exercise your rights, you can contact us at any time by email at Datensicherheit@huz.de.
Objection to advertising emails
We hereby object to the use of the contact details published in the imprint for sending unsolicited advertising and information material. In the event of unsolicited sending of advertising information, such as spam emails, the operator of the website reserves the right to take legal action.
3. Data collection on our website in detail
Cookies
Our website uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. They serve to make our offer more user-friendly, effective and secure.
On the one hand, we use so-called ‘session cookies’. These are automatically deleted at the end of your visit. Other cookies, so-called persistent cookies, remain stored on your device until you delete them yourself. These cookies enable us to recognise your browser when you next visit our website. We also use cookies that are managed by third parties to offer certain services, so-called third-party cookies. You can configure your browser to inform you about the use of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. However, if you deactivate cookies, the functionality of this website may be limited.
Cookies that are necessary for the electronic communication process are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us when you visit the website. These are:
• Browser type and browser version
• Operating system
• Referrer URL
• Amount of data transferred
• Device used by the user, including MAC address
• Host name of the accessing computer
• Date and time of the server request
• IP
These files are not merged with other data sources.
The basis for data processing is Art. 6 para. 1 lit. b, f GDPR, which permits the processing of data for the fulfilment of a contract or a pre-contractual measure, as well as for the protection of legitimate interests. The legitimate interest here lies in the technically error-free and optimised provision of our services to you.
Enquiries by email, telephone or fax
If you contact us by email, telephone or directly, your enquiry, including all personal data arising from it (name, contact details, enquiry itself), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR, provided that your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and/or on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the effective processing of enquiries addressed to us. You can withdraw this consent at any time. To do so, simply send us an informal email. Your withdrawal does not affect the lawfulness of the processing carried out on the basis of your consent until withdrawal.
The data you send us via contact request will remain with us until you request its deletion, revoke your consent to its storage or the purpose for which it was collected no longer applies, e.g. because your request has been processed. Mandatory legal provisions – in particular retention periods – remain unaffected.
Applications
If you send us applications in electronic form, we will store the data you provide (e.g. email address, name, address, telephone number). The storage of your data is necessary for the application process (first and last name, address, email address, telephone number, how you became aware of us, if applicable). You also have the option of attaching relevant documents to your application, which may contain additional personal data (e.g. date of birth).
Your application documents will only be made available to authorised employees who are directly involved in the application process. The legal basis for the processing of personal data in the context of the application is Article 6(1)(b) GDPR, which permits data processing if this is necessary for the initiation and performance of a contract. The purpose of data processing is to make the necessary decision on the establishment of an employment relationship (Art. 88 para. 1 GDPR in conjunction with § 26 BDSG). Your data will be stored by us until the application process is completed. If your application is rejected, your application documents will be retained by us for a further 6 months due to the potential possibility of legal action under the General Equal Treatment Act (Section 15 (4) AGG) and will then be deleted or anonymised. In the event of anonymisation, the data will then only be available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men, number of applications in a specific period, etc.). If your application results in employment with us, we will store the personal data collected during the application process for at least the duration of the employment relationship. If, however, no employment relationship is established, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller responsible for processing prevent deletion. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
4. Analysis tools and advertising
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called ‘cookies’. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. With Google Analytics, we collect information about user behaviour in order to improve the user-friendliness of the website. The recipient of the data collected is Google. Personal data is transferred to the USA under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission (Art. 45 GDPR). The controller responsible for processing uses the addition ‘_gat._anonymiseIp’ for web analysis via Google Analytics. This addition shortens and anonymises the IP address of your internet connection by Google if you access our website from a member state of the European Union or from another state party to the Agreement on the European Economic Area.-state of the Agreement on the European Economic Area.
Google AdWords
This website uses Google AdWords. This is an Internet advertising service that allows advertisers to place ads in Google’s search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, which are used to display an ad in Google’s search engine results only when if the user enters a search query that matches the keywords. In the Google advertising network, the ads are distributed to relevant websites using an automatic algorithm and in accordance with the previously specified keywords. The operator of Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The purpose of Google AdWords is both to advertise our website by displaying interest-based advertising on the websites of third-party companies and in the search results of the Google search engine, and to display third-party advertising on our website. If you access our website via a Google advertisement, Google will place a so-called conversion cookie on your device. A conversion cookie expires after thirty days and is not used to identify you. The conversion cookie is used to track whether certain subpages on our website have been accessed. The conversion cookie enables both us and Google to determine whether you have accessed our website via an AdWords advertisement and/or have completed or abandoned a purchase. The data and information collected through the use of the conversion cookie is used by Google to compile visitor statistics for our website. We use this to determine the total number of users and thus the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. Neither our company nor other Google AdWords advertising customers receive information from Google that could be used to identify you. The legal basis for processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the personalised display of targeted advertising and the statistical analysis of the effectiveness of advertising. You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to them. In addition, a cookie already set by Google AdWords can be deleted at any time via your internet browser or other software programmes. You also have the option of objecting to interest-based advertising by Google. To do this, you must visit www.google.de/settings/ads from each of the internet browsers you use and make the desired settings there. Further information and Google’s applicable data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/.
Google Remarketing
This website uses Google Remarketing services. Google Remarketing is a function of Google AdWords that enables a company to display advertising to users who have previously visited the company’s website. The integration of Google Remarketing allows a company to create user-specific advertising that is then displayed to the Internet user in the form of interest-based advertisements. The operator of Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The purpose of Google Remarketing is to display interest-based advertising in order to display advertisements via the Google advertising network or on other websites that are tailored to the interests of the user. Google Remarketing places a cookie on your device. The cookie enables Google to recognise visitors to our website when they subsequently visit other websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your Internet browser automatically identifies itself to Google. As part of this technical process, Google obtains personal data such as the IP address or the user’s surfing behaviour, which Google uses, among other things, to display interest-based advertising. The legal basis for processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the personalised display of targeted advertising and the statistical analysis of the effectiveness of advertising. You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to them. In addition, a cookie already set by Google AdWords can be deleted at any time via your Internet browser or other software programmes. You also have the option of objecting to interest-based advertising by Google. To do this, you must visit www.google.de/settings/ads from each of the Internet browsers you use and make the desired settings there. Further information and Google’s applicable data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/.
Mail Chimp
This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that can be used, among other things, to organise and analyse the sending of newsletters. If you enter data for the purpose of receiving the newsletter (e.g. email address), this data will be stored on MailChimp’s servers in the USA. MailChimp enables us to analyse our newsletter campaigns. When you open an email sent by MailChimp, a file contained in the email (known as a web beacon) connects to MailChimp’s servers in the USA. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns and can be used to better tailor future newsletters to the interests of recipients.
The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. MailChimp is certified under the EU-US Privacy Shield. The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and MailChimp’s servers after you unsubscribe. Data stored by us for other purposes (e.g. email addresses for the member area) remains unaffected by this. For more information about MailChamp’s privacy policy, please visit: https://mailchimp.com/legal/terms/.
IP anonymisation
We would like to point out that the IP anonymisation function has been activated on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA, in order to ensure anonymous collection of IP addresses (known as IP masking). The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The data we send and link to cookies, user IDs (e.g. user ID) or advertising IDs is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.
Objection to data collection
You can revoke your consent to the storage of cookies and prevent storage by adjusting your browser software settings accordingly.
Browser plugin
This sets an opt-out cookie that prevents your data from being collected on future visits to this website. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt out on all systems you use.
To do this, you must download and install the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the general terms of use of Google Analytics can be found at: http://www.google.com/analytics/terms/de.html. The privacy policy for Google Analytics can be found at: https://marketingplatform.google.com/about/analytics/terms/de/
Demographic characteristics in Google Analytics
This website uses the ‘Demographic characteristics’ feature of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be attributed to a specific person. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section ‘Objection to data collection’.
Order processing
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This site uses the ‘Google Maps’ map service to display interactive maps and to create directions. Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using Google Maps, information about your use of this website, including your IP address and the (start) address entered in the route planner function, may be transmitted to Google in the USA and stored there. We therefore have no influence on the scope of the data collected by Google in this way. In any case, the following information is collected from you:
• Date and time of your visit to the website in question,
• Internet address or URL of the website accessed,
• IP address, (start) address entered as part of route planning.
For information on the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights in this regard and settings options for protecting your privacy, please refer to Google’s privacy policy:
https://policies.google.com/privacy?hl=de
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings.
In this case, however, you will not be able to use the map display.
Social media
You can share articles that you like on social networks such as Twitter, LinkedIn and XING. Buttons for the social networks are used for this purpose. When you click on the button to share the article with friends and contacts, a connection to the respective social network is established.
Normally, social network plugins transmit user data to the social network server, regardless of whether you have clicked the button or are even registered as a user on the social network. This allows social networks to track your surfing behaviour (user tracking). To prevent this, Shariff is used on the h&z website. With Shariff, the connection to the network’s server is only established when you click on the social network button. Shariff is kindly provided as open source software by the computer magazine c’t and heise online. For more information, please visit https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
We use the so-called ‘retargeting tool’ from LinkedIn and ‘conversion tracking’ from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight Tag is integrated into our website, which enables LinkedIn to collect statistical, pseudonymous data about your visit and use of our website and to provide us with corresponding statistics on this basis. Among other things, the LinkedIn user ID (cookie ID), IP address, browser type, etc. are collected.
This information is also used to display interest-specific and relevant offers and recommendations after you have informed yourself about certain services, information and offers on the website. The relevant information is stored in a cookie.
The legal basis for the use of the service is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The recipient of the data collected is LinkedIn.
Further information on data processing can be found in LinkedIn’s privacy policy.
You can opt out of data collection at the following link: LinkedIn data collection opt-out.
The ‘XING Share Button’ is used on this website. When you click on the XING button, your browser establishes a temporary connection to the servers of XING SE (“XING”) to enable the ‘XING Share Button’ functions (in particular the calculation and display of the counter value). XING does not store any personal data about you when you visit this website, nor does it store your IP address. Your usage behaviour is not evaluated using cookies in connection with the ‘XING Share button’. The current data protection information for the ‘XING Share Button’ and additional information can be found on this website: https://www.xing.com/app/share?op=data_protection
YouTube
Our website uses plugins from the Google-operated site YouTube. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you have a YouTube account and are logged in, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an appealing presentation of our online offer. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy. You can object to the collection of your data by Google by clicking on the following link: https://adssettings.google.com/authenticated
5. Up-to-dateness and changes to this privacy policy
Due to the further development of our website and offers or due to changes in legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed at any time on our website