Data protection statement

1. Data protection at a glance - General information

The following notes provide a simple overview of what happens to your personal information when you visit this website. Personal data is considered any data by which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration listed under this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected when you send it to us. For example, this may involve data that you enter into a contact form. Other data is automatically collected by our IT systems when you visit the website. In particular, this is all technical data (e.g. Internet browser, operating system or time the website was accessed). This data is collected automatically as soon as you access this website.

For what purposes do we use your data?

Some of the data is collected to ensure that the website runs error-free. Other data may be used to analyse your user behaviour.

What rights do you have with regard to your data?

You have the right, at any time and free of charge, to receive information about the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification or cancellation of this data. For this and other questions on the subject of data protection, you can contact us any time at the address listed in the imprint. Furthermore, you have the right to appeal to the competent supervisory authority. You also have the right, under certain circumstances, to request that your personal data be restricted. Details about this can be found in the data protection declaration under "Right to limitation of processing".

Analysis tools and third-party tools

When you visit this website, your browsing behaviour may be statistically evaluated. This is done primarily with cookies and other types of analysis programs. The analysis of your browsing behaviour is usually anonymous and therefore it cannot be traced back to you. You may object to this analysis at any time, or prevent it altogether by not using certain tools. For detailed information about these tools and your opt-out choices, please read the following data privacy statement.

 

2. Hosting

External hosting

This website is hosted by an external service provider (hosting company). The personal data collected on this website is stored on the hosting company's servers. This data may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, web page accesses, and other data generated via a website. The hosting company is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6, Sec. 1b DSGVO (GDPR)) and in the interest of providing a secure, fast and efficient online offer through a professional service provider (Art. 6, Sec. 1f GDPR). Our hosting company will only process your data to the extent necessary to fulfil its obligations and to follow our instructions with regard to this data.

We use the following hosting provider:
SIEGNETZ.IT GmbH
Einheitsstr. 2
D-57076 Siegen

 

Conclusion of an order processing contract

In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our hosting company.

 

3. General notices and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this data protection declaration. When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect and for what purpose we use it. It also explains how and for what purpose this is done. We would like to point out that data transmission through the Internet (e.g. communication by e-mail) can be subject to security gaps. Completely protecting the data from third-party access is not possible.

Note on the responsible body

The responsible body for data processing on this website is:

Hering Management GmbH
Neuländer 1 | Holzhausen
D-57299 Burbach
Phone: +49 2736 27-0
E-mail: gruppe@remove-this.hering-bau.de

Responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses).

Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion occurs after these reasons no longer apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR if special categories of data according to Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), data processing is additionally based on § 25 (1) TDDDG. Consent is revocable at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary for the fulfillment of a legal obligation based on Art. 6 (1) lit. c GDPR.

Data processing may also be carried out based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Information on the relevant legal bases for each individual case is provided in the following sections of this privacy policy.

Legally mandated data protection officer

We have appointed a data protection officer for our company.

Lars Ebertz (M.Sc. in Engineering) on behalf of
EBERTZ DATENSCHUTZ GmbH
Ober den Wiesen 17
35756 Mittenaar
www.ebertz-datenschutz.de
E-Mail: lars@remove-this.ebertz-datenschutz.de

 

Recipients of Personal Data

As part of our business activities, we work with various external parties. This sometimes requires the transfer of personal data to these external parties. We only transfer personal data to external parties if it is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in the transfer pursuant to Art. 6 (1) lit. f GDPR, or if another legal basis permits the data transfer. When using processors, we only transfer our customers' personal data based on a valid Data Processing Agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, providing us with an informal notification by e-mail is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6, SEC. 1E or 1F GDPR, THEN AT ALL TIMES YOU HAVE THE RIGHT, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO RAISE OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA ; THIS ALSO APPLIES TO A PROFILING THAT IS PERFORMED BASED ON – OR USING – THIS DATA. THE RESPECTIVE LEGAL BASIS UPON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION STATEMENT. IF YOU OBJECT TO THE COLLECTION OF YOUR PERSONAL DATA, WE WILL NO LONGER PROCESS YOUR PERSONALISED DATA, UNLESS WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING THIS DATA – SUCH AS GROUNDS THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING OF THE DATA SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21, SEC. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR PURPOSES OF CONDUCTING DIRECT MARKETING CAMPAIGNS, THEN YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THIS KIND OF ADVERTISING OR MARKETING ACTIVITY; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS IN CONNECTION WITH THIS TYPE OF DIRECT MARKETING ACTIVITY. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21, SEC. 2 GDPR).

Right of appeal to the competent supervisory authority

In cases of infringement against the GDPR, the affected parties have a right of appeal to a supervisory authority, in particular in the member state of their ordinary residence, place of work or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.

Right to data transferability

You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content (such as orders or queries), this site uses an SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, deletion and rectification

Within the framework of the applicable statutory provisions, you have the right at any time to receive free Information regarding your stored personal data, its origin and its recipient(s) as well as the purpose of the data processing. If necessary, you also have the right to demand the correction or deletion of this data. You can contact us at any time at the address provided in the imprint for this and other questions on the subject of personal data.

Right to limitation of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address provided in the imprint. The right to limit the processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually require time in order to verify this. For the duration of the verification process, you have the right to demand the restriction of the processing of your personal data.
  • If the processing of your personal data has taken place unlawfully, you may request that the data processing be restricted instead of deleted.
  • If we no longer need your personal data, but you want it to be used for purposes or exercising, defending or asserting legal claims, you have the right to demand the restriction of the processing of your personal data instead of its deletion.
  • If you have filed an objection in accordance with Art. 21 Sec. 1 GDPR, you must weigh your interests against ours. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, such data may not be processed – apart from its storage – without your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising information.

 

4. Data collection on this website

Server log files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request IP address

This data will not be merged with other data sources.
This data is collected on the basis of Art. 6 Sec. 1f GDPR. The website operator has a justified interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be recorded.

Contact form

If you send us enquiries via the contact form, your information from the contact form will be stored on our server for purposes of processing your query as well as for processing follow-up questions.  We do not forward this data without your consent. This data is processed on the basis of Art. 6 Sec. 1b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6, Sec. 1f GDPR) or on your consent (Art. 6, Sec. 1a GDPR) if this has been requested. The data entered by you in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request – including all personal data (name, request) – will be stored and processed by us for the purpose of processing your request. We do not forward this data without your consent.
This data is processed on the basis of Art. 6 Sec. 1b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 Sec. 1a GDPR) and/or on our legitimate interests (Art. 6 Sec. 1f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.
The data you send us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after the processing of your request has been completed).. Mandatory statutory provisions – in particular statutory retention periods – shall remain unaffected.

Registration on this website

You can register on this website to use additional features on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse the registration.
In the case of important changes, for example, within the scope of our services or in the case of technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The processing of the data entered during registration is carried out for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6, Sec. 1b GDPR). The data collected during registration will be stored by us as long as you are registered on this website and will subsequently be deleted. Legal retention periods remain unaffected.

 

5. Analysis tools and advertising

Matomo (formerly called Piwik)

This website uses the open source web analysis service Matomo.

The use of this analysis tool is based on Art. 6 Sec. 1f GDPR. The website operator has a justified interest in the anonymous analysis of user behaviour in order to optimise both his website and their advertising. If you do not agree with the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing usage data. If you delete your cookies, the Matomo Opt-Out cookie will also be deleted. The opt-out must be reactivated when you visit this website again.

Hosting

We host Matomo exclusively on our own servers, ensuring that all analytics data remains with us and is not shared with others.

6. Newsletter

Newsletter data

If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for providing the requested information. We do not forward this data to third parties. The processing of the data entered into the newsletter contact form is made exclusively on the basis of your consent. You can revoke your consent to the storage of data, e-mail address and their use to send the newsletter at any time, for example via the "Unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data that you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider and deleted from the newsletter distribution list upon cancellation of your subscription to the newsletter. Data stored by us for other purposes remain unaffected by this. After you have been removed from the newsletter distribution list, your e-mail address will be blacklisted by us or the newsletter service provider to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Sec. 1f GDPR).  The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

7. Plug-ins and Tools

YouTube with enhanced data protection

If you access one of our pages equipped with a YouTube plug-in, a preview image with the note "Load video from YouTube" will first be displayed for each YouTube video embedded there. A connection to the YouTube servers will not be established until you click on one of these thumbnails to load the corresponding video from YouTube. The operator of these YouTube services is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

As soon as you start a YouTube video on this website, a connection to the servers of YouTube is launched. This informs the YouTube server which pages you have visited. If you are logged in to your YouTube account, you can allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out from your YouTube account. In addition, YouTube may store various cookies on your device after you start a video. YouTube can use these cookies to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability and prevent fraud. The cookies remain on your device until you delete them. If necessary, after starting a YouTube video, further data processing operations may be triggered over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 Sec. 1f GDPR. If a corresponding consent has been requested (e.g. a consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 Sec. 1a GDPR; the consent can be revoked at any time. For more information about privacy at YouTube, please see their privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF is committed to adhering to these data protection standards. For more information, please refer to the provider at the following link.

 

8. Audio and Video Conferences

Data Processing

We use online conference tools for communication with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use to utilize the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, the start and end time of participation in the conference, the number of participants, and other "contextual information" related to the communication process (metadata).

Furthermore, the tool provider processes all technical data required to facilitate online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise provided within the tool, it is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have complete control over the data processing activities of the tools used. Our options are primarily determined by the corporate policy of the respective provider. For more information on data processing by the conference tools, please refer to the privacy statements of the respective tools we have listed below this text.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 (1) lit. b GDPR). Additionally, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest in the sense of Art. 6 (1) lit. f GDPR). If consent has been requested, the use of the relevant tools is based on this consent; consent can be revoked at any time with effect for the future.

Storage Duration

Data directly collected by us through video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the privacy statement of Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF is committed to adhering to these data protection standards. For more information, please refer to the provider at the following link.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the above service. This is a data protection law contract that ensures that the personal data of our website visitors are processed only according to our instructions and in compliance with the GDPR.

 

9. Own services

Dealing with applicant data

We offer you the opportunity to send us your application (e.g. by e-mail, post or via online application form). In the following, we will inform you about the scope, purpose and use of your personal data stored within the scope of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection laws and all other statutory provisions. We also ensure you that your data will be treated strictly confidentially.

Scope and purpose of data collection

When you send us an application, we will process the relevant personal data (e.g. contact and communication data, application documents, notes in the context of job interviews), insofar as this is necessary for the decision on the justification of an employment relationship. In accordance with German law, the legal basis for this is Art. 26 GDPR-new initiation of an employment relationship), Art. 6 Sec. 1b GDPR (general contract initiation) and – insofar you have given your consent – Art. 6, Sec. 1a GDPR.  The consent can be revoked at any time. Within our company, your personal data will only be processed by persons who are directly involved in processing your application. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 26 GDPR-new and Art. 6 Sec. 1b GDPR for the purpose of carrying out the employment relationship.

Hering Career Portal / myjobboard

Our integrated career portal (https://www.heringinternational.com/de/karriereportal/) offers you many opportunities and conveniences for selecting a suitable vacant position and guides you through the application process. If you provide us with your documents (e.g., resume/CV) via the career portal, we rely on external service providers to optimize our recruiting processes. These service providers are engaged as data processors with us in accordance with Art. 28 GDPR and process your personal data solely according to our instructions for the duration of the application process (see also the next section, "Data Retention Period").

Process optimization also includes so-called CVlizer services, which allow documents to be automatically read and categorized into existing process software to minimize manual effort. The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interest in the process-optimized implementation of business operations). In this context, there is neither currently nor in the future any scoring or automated decision-making regarding your person or your documents/application!

Parts of these CVlizer services are provided within cloud applications (Microsoft Azure) – therefore, we point out the possible transfer of these data to third countries and refer you to the section "Notice on Data Transfer to the USA."

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the above services with the provider (perbit Software GmbH, Siemensstraße 31, 48341 Altenberge). This is a data protection law contract that ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR. For more information on data protection at Perbit, please see here.

Retention period of the data

If we are unable to make you a job offer, reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 Sec. 1f GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). The data is then deleted and the physical application documents are deleted. In particular, the storage serves as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to a threatening or pending litigation), deletion shall only take place when the purpose for further storage no longer applies. Longer storage can also take place if you have given your consent (Art. 6 Sec. 1a GDPR) or if statutory storage obligations prevent deletion.

Admission to the applicant pool

If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies. The admission to the applicant pool is based exclusively on your explicit consent (Art. 6, Sec. 1a GDPR). The submission of consent is voluntary and has no relation to the ongoing application procedure. The person concerned can revoke his consent at any time. In this case, the data will be irrevocably deleted from the applicant pool unless there are legal reasons for retention. At the latest, the data from the applicant pool will be irrevocably deleted two years after granting the consent.

Newsletter IconNewsletter