Service information
Data protection
1. name and contact details of the controller and the company data protection officer
This data protection information applies to data processing by
Controller:
Hengst SE
Nienkamp 55-85
48147 Münster GERMANY
Phone: +49 (0)251 20202-0
Fax: +49 (0)251 20202-900
E-mail: info(at)hengst.de
Legal form and registered office of the company: Societas Europaea, Münster
Register court: Münster HRB 16761
Managing Director: Christopher Heine, Howard Boyer
Chairman of the Board of Directors: Jens Röttgering
VAT ID No. DE313827905
The company data protection officer of Hengst SE can be contacted at the above address, for the attention of the data protection officer, or at datenschutz@hengst.de.
2. collection and storage of personal data and the nature and purpose of its use
Newsletter
Our newsletter is also sent via HubSpot. In the following information, we explain the newsletter, including the registration, dispatch and evaluation process as well as your right of withdrawal. Subscribing to our newsletter also constitutes your consent to receiving the newsletter and to the procedure described.
Content of the newsletter: In order to send newsletters, e-mails and other electronic messages containing advertising information, the consent of the recipient or legal permission is required (in particular Section 7 (3) UWG). If certain newsletters are specifically described in relation to the registration, this information is decisive for the consent of the newsletter subscriber. If no specific description is provided, our newsletters contain general information about our range of services, offers, campaigns and company-related information.
If you subscribe to our newsletter, you provide us with the data in the corresponding input mask. Subscription to the newsletter takes place using the so-called double opt-in procedure. This means that after registering, you will receive an e-mail in which we ask you to confirm your registration. This confirmation is necessary to ensure that no one registers with other people's e-mail addresses. When you register, your IP address and the date and time of registration are saved. This serves to prevent misuse of the services or the e-mail address. The data will not be passed on to third parties unless there is a legal obligation to do so. The data is used exclusively for sending the newsletter. You can cancel the newsletter subscription at any time and you can also revoke your consent to the storage of your personal data at any time. You will find a corresponding link in every newsletter.
The legal basis for processing the data after you have subscribed to the newsletter is Art. 6 para. 1 lit. a GDPR if you have given your consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
We also process your data for the analysis of newsletter campaigns. Web beacons or tracking pixels are used in the emails to check whether a message has been opened and which links have been clicked on. Conversion tracking analyzes whether a predefined action (e.g. a product purchase on our website) has taken place after clicking on a link in the newsletter. Technical information such as the time of access, the IP address, the browser type and the operating system are also recorded. This data is used exclusively for campaign analysis in order to better adapt future newsletters to the interests of the recipients.
The newsletter is sent via the service provider HubSpot Germany GmbH, which receives the data provided during registration. Since a transfer to companies outside the EU is possible, additional protective measures are taken to ensure the data protection level of the GDPR. For the USA, an adequacy decision of the EU Commission is available if the company is certified according to the EU-U.S. Data Privacy Framework. HubSpot, Inc. fulfills this certification and undertakes to comply with appropriate data protection standards, as can be viewed at www.dataprivacyframework.gov/s/participant-search. For transfers to third countries, standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR are agreed to ensure adequate data protection.
Whitepaper
To keep you up to date with the latest developments in our industry and our products and services, we offer up-to-date white papers. These are available for download on our website.
To provide you with this information, we need your e-mail address, your surname, first name and the name of your company. In accordance with the legal provisions of the GDPR, we would like to point out that we use your personal data exclusively for the purpose described here and on the basis of your consent to the collection and processing of your personal data.
You have the option to revoke your consent to the storage of data and your e-mail address at any time with effect for the future. A corresponding link is provided in every newsletter. Alternatively, you can also send your revocation in writing to the address given in the legal notice.
Hubspot CDN
We use HubSpot CDN for the proper provision of content on our website. HubSpot CDN acts as a content delivery network (CDN) and accelerates the provision of content, in particular files such as graphics or scripts, by using regionally or internationally distributed servers. When you access this content, a connection is established to the servers of HubSpot Germany GmbH, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the aforementioned purposes and to ensure the security and functionality of HubSpot CDN.
The use of the content delivery network is in the frame of our legitimate interests, namely the interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. GDPR. GDPR.
Your personal data will be processed for the duration required to achieve the purpose of processing. Further information on the storage period can be found in HubSpot's privacy policy: https://www.hubspot.de/data-privacy/gdpr
HubSpot LeadFlow
Within the frame of our website, we have integrated HubSpot LeadFlow, a service provided by HubSpot Germany GmbH, which is used to identify anonymous website visitors and provide comprehensive contact data and insights into the visit history.
HubSpot LeadFlow uses cookies and other browser technologies to analyze user behavior and recognize users. Among other things, the service enables us to find out which companies have visited our website, to track the history of your visit (including all pages visited) and to determine the duration of your stay on our website.
In addition, HubSpot LeadFlow collects and processes data about companies, including company name, telephone number, address, web address, industry, company profile and turnover. In some cases, personal data, such as key people on LinkedIn, is also processed.
Your data is processed using HubSpot LeadFlow for the purpose of optimizing our website and for marketing purposes, based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
Your personal data will be processed for as long as is necessary to achieve the purpose of processing. Further information can be found in HubSpot's privacy policy: https://www.hubspot.de/data-privacy/gdpr
3. transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
- this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
We would like to point out that we process your data with the CRM and marketing products of HubSpot Inc. All data is processed on the HubSpot marketing platform and therefore transmitted to HubSpot, Inc. and affiliated companies. Although HubSpot has been operating a data center in Frankfurt since spring 2018, HubSpot cannot guarantee that data will not be transferred to the USA.
4. cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.
Cookiebot
We use the consent management service Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics) to obtain and manage the consent of the users of our website for data processing. The processing is necessary to comply with a legal obligation to which we are subject (Art. 6 para. 1 lit. c GDPR).
For this purpose, the following data is processed using cookies
- Your IP address (the last three digits are set to '0').
- Date and time of consent.
- Browser information.
- URL from which the consent was sent.
- An anonymous, random and encrypted key.
- Your consent status as proof of consent.
The key and consent status are stored in the browser for 12 months using the cookie "CookieConsent" to maintain your cookie preference for subsequent page requests. The key makes it possible to prove and track your consent.
The functionality of the website is not guaranteed without this processing.
Usercentrics is the recipient of your personal data and acts as a processor for us.
The processing takes place in the European Union. You can find further information on objection and removal options vis-à-vis Usercentrics at https://www.cookiebot.com/de/privacy-policy/
Your personal data will be deleted on an ongoing basis after 12 months or immediately after termination of the contract between us and Usercentrics.
Google reCAPTCHA
On our website, we use the reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). This service is used to distinguish between human input and automated, machine processing. For this purpose, your input is transmitted to Google and processed there. In addition, the IP address and any other data required for the reCAPTCHA service are transmitted to Google. This data is processed within the European Union and possibly also on Google LLC servers in the USA. For the USA, there is an adequacy decision by the EU Commission, namely the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself to the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data also takes place with your consent in accordance with Art. 6 para. 1 lit. a GDPR. You have the right to withdraw your consent at any time without this affecting the lawfulness of processing up to the time of withdrawal.
Further information on Google reCAPTCHA and the corresponding privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy
5. analysis tools
Analysis tools
The tracking measures listed below and used by us are - as just described - used on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
Google Analytics
We create pseudonymous user profiles with the help of Google Analytics in order to design our website in line with requirements. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
The processing of your personal data in the frame of Google Analytics cookies is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR if the function is activated in the Consent Manager: If you agree to the storage and use of your data by Google, you can activate the storage and use with the help of our Consent Manager.
Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
The following data is collected and processed with the help of Google Analytics
- Pages visited
- Browser information
- Click path
- Date and time of the visit
- Device information
- downloads
- Flash version
- IP address (anonymized)
- JavaScript support
- Purchase activity
- Usage data
- Referrer URL
- Location information
- Widget interactions
The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. However, since we have activated IP anonymization on our website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. For example, we use Google Analytics to analyze clicks from Google Ads for purely statistical purposes.
The information described is used by us to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website.
This personal data, if applicable, is stored by us for as long as it is required to fulfill the purpose of processing.
In addition to Google Ireland Limited, the data may also be transmitted to the following recipients in the USA in the frame of processing:
Google LLC.
Alphabet Inc.
Insofar as personal data is transferred to Google servers in the USA and stored and processed there, the EU Commission's adequacy decision for the USA serves as the basis for the transfer of data to a third country. This certifies that the USA has an equivalent level of data protection to the EU standard.
Further information on the use of data by Google can be found at
http://www.support.google.com/analytics/answer/6004245 and at
http://www.google.com/policies/privacy/partners/.
You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de ).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on https://tools.google.com/dlpage/gaoptout. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Google Adwords conversion tracking
We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you. Google Adwords places a cookie (see section 4) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
Insofar as personal data is transferred to Google servers in the USA and stored and processed there, the EU Commission's adequacy decision for the USA serves as the basis for the transfer of data to a third country. This certifies that the USA has an equivalent level of data protection to the EU standard.
If you do not wish to participate in the tracking process, you can alternatively reject the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". You can find Google's privacy policy on conversion tracking here: https://services.google.com/sitestats/de.html
HubSpot
In the frame of our marketing and communication efforts, we use various services of HubSpot Germany GmbH, located at Am Postbahnhof 17, 10243 Berlin ("HubSpot"), the German branch of HubSpot, Inc. headquartered in the USA. These services are used to optimize the functionality of our website and to offer, provide and continuously improve our services. We have taken particular care in selecting this third-party provider, taking into account the applicable data protection regulations.
HubSpot processes personal data in the frame of our order and on the basis of an order processing contract. This data is stored by HubSpot Germany GmbH in a data center within the EU. You can find more information on this at: Link to HubSpot's notes on the EU data center.
It is stipulated that HubSpot is contractually obliged to comply with European data protection regulations even if personal data is transferred to countries outside the EU.
Since a transfer to companies outside the EU is possible, additional protective measures are taken to ensure the data protection level of the GDPR. For the USA, an adequacy decision of the EU Commission is available if the company is certified according to the EU-U.S. Data Privacy Framework. HubSpot, Inc. fulfills this certification and undertakes to comply with appropriate data protection standards, as can be viewed at www.dataprivacyframework.gov/s/participant-search. For transfers to third countries, standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR are agreed to ensure adequate data protection. Further information on data processing by HubSpot can be found here: https://legal.hubspot.com/de/privacy-policy
Further information on the processing of personal data by HubSpot can be found in HubSpot's privacy policy: https://www.hubspot.de/data-privacy/gdpr
HubSpot Analytics
We use HubSpot Analytics from HubSpot as an analysis service for the statistical evaluation of our website. HubSpot uses cookies and other browser technologies that enable an analysis of user behavior and recognize the respective user. The information collected, such as the IP address, geographical location, type of browser, duration of the visit and pages accessed, is analyzed by HubSpot on our behalf in order to compile reports on your activities on our website.
Data is processed with the help of HubSpot Analytics for the purpose of optimizing our website and for marketing purposes, based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
We only process your personal data for as long as there is a legal basis for doing so. Processing generally takes place for the duration required to achieve the purpose of processing. Additional information on the storage period can be found in HubSpot's privacy policy, which you received as part of your consent and is also available at the following link: https://www.hubspot.de/data-privacy/gdpr
Microsoft Clarity
We work with Microsoft Clarity and Microsoft Advertising to track how you use and interact with our website using behavioral metrics, heatmaps and session recordings to improve and market our products and services. Microsoft Clarity collects data about the behavior of website users that may contain potentially personally identifiable information. This includes, for example, IP addresses, click paths, mouse movements, etc. Website usage data is collected using first- and third-party cookies and other tracking technologies to determine the popularity of products/services and online activities. We also use this information to optimize the website, for fraud/security purposes and for advertising. For more information about how Microsoft collects and uses your data, please refer to the Microsoft Privacy Statement
6. presence on social media platforms
We operate publicly accessible profiles on social networks. You can find the individual social networks we use below. No social media elements are embedded on this website. We only link to our presence on social media.
If our website contains icons from social media providers such as Facebook, Instagram, we use these to passively link to the pages of the respective providers. If you click on these links, you will leave our website. Data processing on the websites of social media providers is subject to the data protection provisions available there.
Social networks such as Facebook, LinkedIn, etc. can comprehensively analyze your user behavior. When you visit our social media presences, the following data protection-relevant processing operations are triggered:
If you are logged into your social media account and visit our profile, the operator of this social medium can track this visit.
Irrespective of this, the operator may also process your data (e.g. IP address) under certain circumstances if you are not logged into your account or do not have an account at all. The operator summarizes this data in user profiles in which your preferences and interests are stored. These profiles are used to display personalized advertising within and outside the respective social media presence. If you have an account with the respective social network, the personalized advertising can be displayed on all devices on which you were or are logged in. Further processing operations may be carried out by the operators of the social media portals, depending on the platform, and we have no influence on this. For details, please refer to the terms of use and privacy policies of the respective social media portals.
Our presence on social media is intended to ensure the broadest possible presence on the Internet within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes carried out by the operators of the social networks may be based on different legal bases, which are to be specified by the respective providers.
If you visit one of our social media pages (e.g. Instagram, Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal. Despite the shared responsibility with the operators of the social media portals, we do not have complete influence on the data processing operations of the portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected by us directly via the social media presence will be deleted from our systems as soon as you request us to do so, revoke your consent to storage or the purpose for data storage no longer exists. Mandatory statutory provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of the data collected by the social networks. For details, please contact the operators of the social networks directly.
We use the following social networks: Facebook & Instagram
For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the privacy policy of the respective operator.
Facebook: the joint controller is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can view the data protection provisions for Facebook at https://www.facebook.com/about/privacy/update?ref=old_policy
Instagram: the joint controller is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can view the privacy policy for Instagram at https://help.instagram.com/155833707900388
a.) YouTube
Our website uses plugins from the video platform YouTube, which belongs to Google. The operator of the service and the plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is necessary for an appealing and technically functioning presentation of the video content of our online offer.
You can give your consent to the use of YouTube by activating the function in our Consent Manager. The legal basis for the processing of your personal data is therefore your consent in accordance with Article 6(1)(a) GDPR.
We would like to point out that without your consent, you may not be able to use all the functions of our website - in particular the display of video content - to their full extent.
Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.
b.) LinkedIn
We also use social plug-ins of the social network LinkedIn on our website on the basis of your consent in the Consent Manager in accordance with Art. 6 para. 1 lit. a GDPR in order to make our company better known. For the same reason, we operate Facebook fan pages and Instagram accounts that are linked to from this website. Responsibility for data protection-compliant operation must be guaranteed by their respective providers.
The processing of your personal data in the frame of LinkedIn is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR if the function is activated in the Consent Manager. Insofar as personal data is transferred to LinkedIn servers in the USA and stored and processed there, the EU Commission's adequacy decision for the USA serves as the basis for the transfer of data to a third country. This certifies that the USA has an equivalent level of data protection to the EU standard.
LinkedIn is a service of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit our website, which contains social plug-ins from LinkedIn, your browser downloads a representation of this component from LinkedIn Corporation servers. This tells LinkedIn which page of our website is currently being visited and the calling IP address and any cookies stored in the browser as a result of LinkedIn membership are also transmitted and may be able to identify you directly or make you identifiable.
If you click on elements such as the LinkedIn "Recommend button" while you are logged into your LinkedIn account, LinkedIn is also able to assign your visit to our pages to your LinkedIn user account and thus collect information about your interests and user behavior.
For more information about LinkedIn's data collection and your rights and settings options, please refer to LinkedIn's privacy policy. You can find this information at http://www.linkedin.com/legal/privacy-policy
c.) WhatsApp
Privacy policy on the use of the WhatsApp appointment scheduling function in the application process
If the applicant wishes to make an appointment during the application process via the chat function, this can be done via WhatsApp.
Purpose of processing: For communication purposes, we offer the option of using the WhatsApp messenger to make it easier to contact us.
When using this function, real-time communication takes place via an online chat. We process all data that you share with us during the chat exclusively for the purpose of coordinating appointments and improving our online offering.
The following personal data is collected when the chat is started and carried out:
- Date and time of the call,
- Browser type/version,
- IP address,
- operating system used,
- URL of the previously visited website,
- Amount of data sent,
- Your name, telephone number and desired occupation,
- Content of the communication.
The use of WhatsApp to coordinate appointments is voluntary. Alternatively, you can make the appointment by conventional means (by post or e-mail). Please note that no application documents such as CVs or references may be sent via WhatsApp.
Legal basis for the processing of your data:
If you use this service, the processing of your data is based on your consent, which you can revoke at any time with effect for the future (Art. 6 para. 1 lit. a GDPR). The data processing carried out until the revocation remains lawful.
Please send the revocation to your contact person at Hengst. The saved chats will then be deleted immediately.
Recipients of your data:
Userlike: The service is provided to us by the IT service provider Userlike (Probsteigasse 44-46, 50670 Cologne, Germany), which processes your data for us as a processor. You can find more information here: https://www.userlike.com/de/privacy-policy.
As soon as WhatsApp Business API Provider transfers your data to Userlike, it is processed exclusively on servers in Germany. Communication via WhatsApp is protected by end-to-end encryption. However, WhatsApp has access to communication metadata such as sender, recipient, time and size.
WhatsApp Business:
The controller for the WhatsApp messenger service within the meaning of the GDPR is WhatsApp Ireland; the competent supervisory authority under the GDPR is the Irish Data Protection Authority. We would like to point out that WhatsApp stores data in third countries outside the EU in the frame of use and exchanges it with other services of the provider. We have no influence over this. You can find WhatsApp's data protection information, for example on its processing or on exercising your data protection rights against WhatsApp, here: https://www.whatsapp.com/privacy
Hengst:
Your personal data will be transmitted to the HR department of Hengst by entering it in the WhatsApp chat.
A Hengst employee who contacts you based on your application will conduct a real-time dialog to coordinate an appointment. Any follow-up questions regarding the appointment will also be forwarded to us.
Deletion of your data:
In the event of a rejection, your personal data will be deleted after 6 months.
Further information on the deletion of your data in connection with the application process can be found on our website under the 'Careers' tab: https://www.hengst.com/de/karriere/stellenangebote.
Your rights as a data subject in the application process:
Upon request, we will inform you in writing or electronically whether and which of your personal data is stored by us (right to information in accordance with Art. 15 GDPR) as well as check your submissions for deletion (Art. 17 GDPR), correction (Art. 16 GDPR), restriction of processing (Art. 18 GDPR) and transfer (Art. 20 GDPR) of your personal data and, if the requirements are met, implement them.
Please get in touch with your contact person if you have any queries regarding your applicant data. You can find the relevant information here: https://www.hengst.com/de/karriere/ansprechpartner
For all other data protection-related inquiries, please contact our data protection officer: datenschutz@hengst.de
Right to lodge a complaint
If you believe that your personal data is being processed unlawfully, you can lodge a complaint with a supervisory authority. A list of the respective data protection supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
The supervisory authority responsible for us is
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-999
E-mail: poststelle@ldi.nrw.
7. duration of storage
Unless otherwise stated in the frame of this declaration in individual cases, we only store personal data for as long as is necessary to fulfill the purposes pursued.
Your personal data will be deleted as soon as the purpose of the data processing no longer applies.
If there are legitimate reasons for deletion within the meaning of Art. 17 para. 3 GDPR, such as a legal obligation to retain data, the processing of the data will be restricted during this period. A statutory retention obligation exists, for example, due to documentation obligations under tax and commercial law. In these cases, the data will be deleted when the reason for further storage no longer applies, e.g. when the legally prescribed storage period expires
8. rights of data subjects
You have the right:
- in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
- in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, your personal data that you have provided to us.
9. right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to datenschutz@hengst.de.
10. right to lodge a complaint with the supervisory authority
You also have the right to lodge a complaint with the competent data protection supervisory authority at any time. To do so, you can contact the data protection supervisory authority of the federal state in which you reside or the authority of the federal state in which the controller has its registered office.
The supervisory authority with which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Competent supervisory authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-999
E-Mail: poststelle@ldi.nrw.de
11. data security
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
12. topicality and amendment of this privacy policy
This privacy policy is currently valid and was last updated in January 2024. It may be necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at https://hengst.de/de/rechtliches/datenschutz.