Data protection.

DATA PROTECTION POLICY.

Information on data protection pursuant to Art. 13 GDPR for
HMT Häseler Metall Technik GmbH | Industriestraße 5 | 78112 St. Georgen, Germany.

§ 1 Information on the collection of personal data

(1) General information

Thank you for your interest in our website. The protection of your personal data during your visit to our website is of particular importance to the management of HMT – Häseler Metall Technik GmbH. The following information provides you with an overview of how we process your personal data and of your data protection rights. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behaviour.

If a data subject wants to use our special services via our website, such as our contact form, it could become necessary to process personal data. If it is necessary to process personal data and if there is no legal basis for such processing, we will generally obtain the consent of the data subject. Processing is always in line with the EU Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to HMT – Häseler Metall Technik GmbH.

As the controller, HMT – Häseler Metall Technik GmbH has implemented technical and organisational measures to ensure the most complete protection of personal data processed through this website against loss, destruction, access, alteration or dissemination by unauthorised persons. This also means that we securely transmit your personal data through encryption. We use the TSL (Transport Layer Security) coding system for this purpose.

Nevertheless, absolute protection cannot be guaranteed due to fundamental security gaps in internet-based data transfers.

(2) Controller responsible for data processing

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and the applicable country-specific data protection provisions is:

HMT – HÄSELER METALL TECHNIK GMBH
Industriestraße 5
D-78112 St. Georgen
Tel +49 7724 885-0
hmtsales@hmtgmbh.de

Please send general enquiries about data protection at HMT – Häseler Metall Technik GmbH to Datenschutz(at)hmtgmbh.de.

You can reach our data protection officer, Mr Sven Bartsch, by post at the above address, adding – Data Protection Officer – or by email at:Datenschutzbeauftragter@hmtgmbh.de.

(3) General information on data processing

We collect and use our users’ personal data only to the extent that this is necessary for the provision of a functional website as well as for the presentation of our contents and the provision of services. We normally only collect and use our users’ personal data with the user’s consent. With the exception of those cases in which it is not possible to obtain prior consent for valid reasons and the processing of the data is permitted by legal regulations.

The following legal bases for the processing of your personal data apply here:

Processing based on your consent (Article 6(1)(a) GDPR)
Processing for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures (Article 6(1)(b) GDPR).
Processing for the fulfilment of a legal obligation to which our company is subject (Article 6(1)(c) GDPR).
Processing in the event that vital interests of the data subject or another natural person make it necessary to process personal data (Article 6(1)(d) GDPR).
rocessing to protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject outweigh the first-mentioned interest (Article 6(1)(f) GDPR). Legitimate interests can be in particular:
to deliver the contents of our website correctly;
statistical evaluations to test and optimise the website;
to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack;
to respond to requests and provide services and/or information intended for you;
the processing and transfer of personal data for internal or administrative purposes;
the prevention and detection of fraud and crime;
ensuring the continued functioning of our information technology systems and the technology of our website with the aim of increasing data protection and data security in our company.

§ 2 Your rights

(1) My rights as a data subject

You can request information about the data stored about you at the above address (Art. 15 GDPR). In addition, you can request a rectification if we have stored incorrect data about you (Art. 16 GDPR). In addition, you can, under certain conditions, demand the erasure of your data (Art. 17 GDPR) or assert the right to object (Art. 21 GDPR). You also have the right to restrict the processing of your personal data (Article 18 GDPR) and the right to demand the return of the data you have provided (Article 20 GDPR). Restrictions pursuant to Sections 34 and 35 BDSG (Bundesdatenschutzgesetz German Federal Data Protection Act) apply to the right to information and the right to erasure.

You have the right to contact your local supervisory authority for data protection if you are of the opinion that the processing of your personal data is contrary to the provisions of the General Data Protection Regulation (Article 77 GDPR in conjunction with Section 19 BDSG). In the case of Baden-Württemberg, this is the State Commissioner for Data Protection and Freedom of Information, Königstrasse 10 a, 70173 Stuttgart.

(2) Objection to or revocation of the processing of your data

If you have given your consent to the processing of your data, you may revoke this consent at any time. Such a revocation will affect the permissibility of the processing of your personal data after you have communicated it to us.

You may object to the processing in cases where we base the processing of your personal data on the balance of interests. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which we illustrate in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. If your objection is justified, we will examine the merits of the case and either discontinue or adjust the data processing, or show you our compelling legitimate grounds on the basis of which we will continue to process the data.

(3) Who receives my data?

Unless otherwise stipulated in the detailed descriptions of the offers, those departments within our company that need your data to fulfil our contractual and legal obligations will receive access to it. We will only pass on information about you if this is required by statutory notification obligations, if you have consented to this and/or if another legal reason legitimises this passing on.

If we use commissioned service providers for individual functions of our services, they will have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

If we would like to use your data for advertising purposes, we will inform you in detail about the respective processes below.

(4) How long will my data be stored?

Unless otherwise regulated in the detailed descriptions of the offers, we will process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations.

Your personal data is regularly erased or blocked when it is no longer required for the fulfilment of contractual or legal obligations, you have exercised your right to erasure, all mutual claims have been fulfilled and there are no other legal retention obligations or legal justification bases for the storage.

§ 3 Collection of personal data when visiting our website

(1) Use of server log files

Each time a data subject or automated system accesses our website, general data and information is recorded in log files. This includes an internet protocol address (IP address), the browser types and versions used, the website from which an accessing system accesses our website (so-called referrer), the sub-websites that are accessed via an accessing system on our website, the date and time of an access to the website and other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

Art. 6 (1)(f) GDPR with the above-mentioned legitimate interests forms the legal basis for the temporary storage of the data and the log files.

Temporary storage of the IP address by the system is necessary to ensure delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The log files are stored to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. This is also based on our legitimate interest in data processing pursuant to Art. 6 (1)(f) GDPR. f DSGVO zugrunde. The data is erased as soon as it is no longer required to achieve the purpose for which it was recorded. If the data is collected for the provision of the website, this happens when the respective session has ended. The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. There is another option to check the log files if there are concrete indications that give rise to a justified suspicion of unlawful use or a concrete attack on our website. In this case, our legitimate interest in processing lies in the purpose of clarification and prosecuting the perpetrators of such attacks and unlawful use.

(2) Use of cookies

Cookie Einstellungen

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies: these are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which is used to identify various requests from your browser with the joint session. This allows your computer to be recognised when you return to our website. Session cookies are erased when you log out or close the browser.

Persistent cookies: These are automatically erased after a predefined period of time, which may differ depending on the cookie. You can erase the cookies in the security settings of your browser at any time.

When you access our website, you will be informed about the use of cookies and your consent to the processing of personal data used in this context will be obtained. In this context, there is also a reference to this Data Protection Policy. You can configure your browser settings according to your wishes and refuse to accept third-party cookies or all cookies, for example. This also gives you as a user full control over the use of cookies. The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

(3) Web fonts

This site uses so-called web fonts, which are supplied by various providers, to uniformly display fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must establish a connection to the provider’s servers. This informs the provider that our website has been accessed via your IP address. The use of web fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Data Protection Policy at https://www.google.com/policies/privacy/.

Further information on Font Awesome can be found at https://fontawesome.com/license and https://fontawesome.com/privacy.

§ 4 Further functions and services of our website

In addition to the purely informational use of our website, we offer various services that you can use if you wish. For this purpose, you will generally have to provide further personal data which we use to provide the respective service and for which the aforementioned data processing principles apply.

(1) Use of the contact options

A contact form is available on our website which can be used to contact us electronically. The data entered by the user is transferred to us and stored. This includes surname, first name, telephone number and email address as mandatory fields, all other details are voluntary and go beyond what is necessary. For the processing of your data, your consent is obtained during the submission process and reference is made to this Data Protection Policy. The legal basis for the processing of data when using the contact form is Art. 6 (1)(a) GDPR.

Alternatively, there is the option of contacting us via the email address provided. The personal data of the user transferred with the email will be stored when this is used. This data is used exclusively for further conversation with you and will not be passed on to third parties. The processing of data transferred in the course of sending an email is based on a legitimate interest pursuant to Art. 6 (1)(f) GDPR.

If the contact is aimed at concluding a contract, the legal basis for the processing according to Art. 6 (1)(b) GDPR must also be included with the implementation of pre-contractual measures and any subsequent processing for the fulfilment of a contract.

Personal data processed by us in the context of a general contact enquiry via the contact form or by email is only stored until the respective correspondence has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Consent to the processing of your personal data can be revoked at any time. If you contact us by email, you can of course object to the storage of your personal data at any time. In this case, the conversation cannot be continued.

(2) Collection and use of personal data in the job application process

During the job application process, it is important for us to ensure the highest possible level of protection for your personal data. For this reason, all personal data collected and processed by us as part of an application are protected against unauthorised access and manipulation by technical and organisational measures.

We process personal applicant data such as name, contact details, curriculum vitae, nationality, work permit, etc. for the selection or recruitment process of interested parties with the aim of filling positions within the company.

The legal basis for the processing of your personal data lies in the establishment, implementation and termination of a contractual relationship pursuant to Art. 6 (1)(b) GDPR, in the fulfilment of a legal obligation pursuant to Art. 6(1) (c) GDPR, as well as on the basis of your consent by voluntarily providing data that is not absolutely necessary for the purpose (e.g. hobbies in the CV).

In addition, processing takes place on the basis of legitimate interests pursuant to Art. 6(1) (f) GDPR:

to optimise our application processes,
to ensure compliance regulations, industry standards and contractual obligations,
to assert, exercise or defend legal claims,
as well as to avoid damage and/or liability of our company by taking appropriate measures.
After the respective purpose has been achieved, your data will be erased. Before this, however, it will be stored for as long as is necessary to defend legal claims or claims in relation to AGG (Allgemeines Gleichbehandlungsgesetz The German General Act on Equal Treatment) accusations in accordance with Section 15 AGG for compensation and damages in the event of a breach of the prohibition of discrimination. This is generally for six months. We ask particularly interesting applicants who cannot currently be considered to give their consent to longer-term storage (usually one year); the legal basis here is Art. 6(1)(a) GDPR. If accounting-relevant processing has been carried out, such as the reimbursement of travel expenses, the data required for this will be erased in compliance with the statutory retention periods, which are usually 6 or 10 years.

If the application was successful and we are allowed to welcome you to our company on the basis of a contractual agreement, we transfer the data collected during the application process to our HR files.

§ 5 Web analysis

(1) Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. („Google“). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Deactivating Google Analytics

This website uses Google Analytics with the extension “anonymizeIp()”. This means that IP addresses are processed in a shortened form, thus making it impossible to relate them to a specific person. If the data collected about you is personally identifiable, this is immediately excluded and the personal data is erased immediately.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our services and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1)(f) GDPR.

Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436?1001. Terms of use: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and Data Protection Policy: http://www.google.de/intl/de/policies/privacy.

This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

§ 6 Use of social media

(1) Integration of Google Maps

On our website, we use the services of Google Maps in the form of a link. This allows you to view an interactive map and enables you to use the map functions conveniently.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under the point “Use of server log files” of this Policy will be transmitted. This takes place regardless of whether Google provides a user account that you are logged into or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider’s Data Protection Policy. There you will also find further information on your rights in this regard and the setting of options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Data protection information for applicants

Data_protection_applicants