General information on the collection of personal data
The operator of this website ("We", "Us", "Our", "Our" and "Our") takes the protection of your personal data very seriously. This Privacy Notice describes how we process and protect the personal data collected and processed via this website or affiliated websites ("Website"). It consists of a "Summarising Notice" (see below under 1.), a "Detailed Notice" (see below under 2.).
Personal data ("personal data") is all information (such as your salutation (title), your name, your address, your e-mail address, your telephone number, your bank details, your credit card number, your IP address, etc.) that relates to an identified or identifiable natural person ("data subject"). Your personal data will only be processed by us in accordance with the provisions of Regulation (EU) 2016/679 (EU General Data Protection Regulation "GDPR") and the other provisions of the applicable national data protection laws.
Your personal data will only be processed if you have consented to the processing or if the processing is permitted by law. The contents of this privacy policy inform you about the type, scope and purpose of the processing of your personal data.
This privacy policy relates exclusively to our website and other services. In the event that you are redirected to third-party websites via links from our website, please inform yourself on these websites about the handling of your personal data.
1. Summerising Note
1.1Scope of application, data subject and controller
This privacy policy applies exclusively to the collection and processing of personal data of users of our website or affiliated websites or the companies of the group of companies. The controller for all personal data collected and processed in connection with the use of the website is the operator of the website. If another controller processes personal data about how you use this website, you will receive a separate privacy policy.
1.2How you can contact us and our data protection officer
You can contact us by post using the contact details provided in the legal notice.
You can contact our data protection officer by post at the following address HYDAC Verwaltung GmbH, Abteilung Datenschutz, Industriestraße, 66280 Sulzbach/Saar, Germany or at the following e-mail address: privacy(at)hydac.com.
1.3Categories of personal data, purposes of processing and legal bases
Appendix 1 "Personal Data" to this Privacy Policy contains detailed information about (i) the categories of personal data that We collect from you; (ii) the purposes for which We process this personal data; and (iii) the legal bases for collecting and processing your personal data. If the processing is for a different purpose, We will provide you with additional information.
1.4Recipients and categories of recipients of the personal data
We transfer your personal data to other companies within the group of companies. We use internal and external service providers to provide services and products on our behalf. Your personal data is transmitted to the service providers for this purpose. Within the company and the companies of the group of companies and when using service providers, any access to your personal data in connection with your use of the website is restricted to those persons who absolutely need this data to fulfil their professional duties. We will disclose your personal data to government authorities, courts, external advisors and similar third parties who are public bodies to the extent required or permitted by applicable law.
We only pass on personal data to recipients to the extent necessary.
1.5Data transfers outside the European Economic Area ("EEA")
Some of the recipients of your personal data are located outside the EEA or have offices there. By entering into appropriate data transfer agreements or other appropriate measures, we ensure that such recipients outside the EEA provide an adequate level of protection for personal data and that appropriate technical and organisational security measures are in place to protect the personal data. Any further transfer beyond this is subject to the corresponding legal requirements.
1.6Scope and duration of storage
Your personal data will only be processed by us and/or our service providers to the extent necessary for the fulfilment of our obligations to you or for the fulfilment of the service providers' obligations to us. Processing in accordance with the applicable data protection laws only for the period necessary to fulfil the purposes for which the personal data is processed. When the purpose for the data processing has ceased to exist, the personal data will be deleted from the systems and/or records and/or steps will be taken to properly anonymise your personal data so that you can no longer be identified from that data. This does not apply if We and/or our service providers are obliged to retain your information beyond this:
to comply with legal or regulatory obligations to which we and/or our service providers are subject, with regard to statutory time limits for legal action, or
are otherwise authorised to store personal data.
1.7Your rights
In accordance with applicable data protection laws (such as the GDPR), you have the following rights: (i) the right of access; (ii) the right to obtain a copy of your personal data undergoing processing; (iii) the right to rectification; (iv) the right to erasure ("right to be forgotten"); (v) the right to restriction of processing; (vi) the right to data portability; (vii) the right to object; and (viii) the right to lodge a complaint with the competent data protection supervisory authority. If you have given your consent to the processing of personal data, you may withdraw this consent at any time. Such withdrawal does not affect the lawfulness of the processing that took place prior to the withdrawal of consent.
1.8Use of cookies and similar technologies on the website
We use cookies and similar technologies on our website. You can find detailed information on this in our cookie policy under point 5.
1.9Personal data required for the conclusion or fulfilment of the contract
You only need to provide the personal data that is marked as mandatory in the relevant forms on Our website. Without this personal data, the desired contract cannot be concluded or an existing contract can no longer be executed and may have to be cancelled. Personal data that is not labelled as mandatory in the corresponding forms on Our Website does not have to be provided.
1.10Changes to this privacy policy
This privacy policy may be subject to change. We reserve the right to amend or supplement this privacy policy at any time. You can see the current version date of this privacy policy at the bottom of the page.
2. Detailed Instructions
2.1Categories of personal data, purposes of processing and legal bases
In Appendix 1 "Personal data" to this privacy policy, you will find detailed information about
- the categories of personal data that you actively provide to Us (e.g. by sending Us an email) and that We collect in addition to other personal data.
- the purposes for which We process these categories of personal data; and
- the legal basis applicable at the time of collection and processing of your personal data.
We also use cookies and similar technologies on our website. You can find detailed information on this at:
Please note that We will only process your personal data for other purposes if:
- We are obliged to do so due to legal requirements (e.g. transmission to courts or law enforcement authorities); if you have consented to the respective processing; or
- if the processing is lawful under other applicable law.
- If processing is carried out for another purpose, We will provide you with additional information.
2.2Recipients and categories of recipients
We transfer your personal data to the recipients and categories of recipients listed below for the respective purposes and to the extent necessary:
Within the companies of the group.
We share your personal data with other companies for the following purposes,
- for the implementation of marketing measures. Such data transfers are carried out on the basis of Art. 6 para. 1 lit. a) or f) GDPR,
- for the (pre-)contractual execution and fulfilment of your enquiry to the location responsible for you on the basis of Art. 6 para. 1 lit. f) GDPR,
- further enquiries to specific companies of the group of companies that have been received via central communication channels
(A list of these other HYDAC Group companies can be found here: https://www.hydac.com/en/locations)
Service providers (internal and external)
We use both external and internal service providers to provide services and products on our behalf and pass on your personal data to them for this purpose.
Our service providers are contractually obliged to process this personal data on our behalf under appropriate instructions, insofar as this is necessary for the respective processing purposes and to protect your personal data appropriately.
Our service providers may not otherwise process or disclose your personal data unless this is permitted by law. We share your personal data with the service providers listed in the "Service Providers" appendix to this Privacy Policy.
Public authorities, courts, external consultants and comparable third parties
- To the extent required or permitted by applicable law to ensure compliance with applicable laws,
- respond to official enquiries or requests from authorities to comply with applicable legal requirements,
- protect the rights, privacy, safety or property of our website visitors, guests, employees or the public,
- to enable us to take possible legal remedies or to prevent or limit possible bad debts or damages that we may suffer,
- enforce the terms of use of our websites (https://www.hydac.com/en/netiquette), and
- to respond to an emergency. Such data transfers are based on Art. 6 para. 1 lit. a), c) or f) GDPR.
- Within the group of companies and the service providers, access to your personal data in connection with your use of the website or other services is restricted to those persons who absolutely need this data to fulfil their professional duties.
2.3 Transfer of data to the U.S.: EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework (DPF) (2024 Feb)
The HYDAC companies comply with the EU-U.S. Agreement, the UK Extension to the EU-U.S. Agreement and the Swiss-U.S. Privacy Framework.
For more information, please visit the U.S. Department of Commerce's Data Privacy Framework website. https://www.dataprivacyframework.gov/s/
See more in the section above.
2.4Scope and duration of storage
In accordance with applicable data protection laws, your personal data will be stored by HYDAC and/or our service providers only to the extent and for the duration necessary for the fulfilment of our obligations to you or for the fulfilment of the service providers' obligations to us.
Once your personal data is no longer necessary for the purpose of your processing, it will be deleted from the systems and/or records and/or steps will be taken to properly anonymise it so that you can no longer be identified from your personal data. However, we and/or our service providers must retain your data in order to comply with any legal or regulatory obligations to which HYDAC and/or our service providers are subject. If legal proceedings are initiated, the personal data will be stored until the end of these proceedings, including possible appeal periods. We may also retain personal data if this is permitted under applicable law.
As far as a more detailed description is possible, you will find detailed information in Appendix 1 "Personal data" to this data protection notice.
2.5Your rights
If you have given your consent to the processing of personal data, you can withdraw this consent at any time with effect for the future. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In accordance with applicable data protection laws (such as the GDPR), you may exercise the following rights by contacting Us using the contact information provided in Section 7:
Right to information:
You have the right to obtain information as to whether and, if so, which of your personal data is processed by Us. The right of access includes, among other things, information about the purposes of the processing, the categories of personal data concerned and the recipients and categories of recipients of the personal data. However, this is not an unlimited right and the interests of other persons may restrict your right of access. You also have the right to receive a copy of the personal data that is the subject of the processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
Right to rectification:
You have the right to request the rectification of inaccurate personal data concerning you. Depending on the purpose of the processing, you have the right to have incomplete personal data completed, which can be done by submitting a supplementary declaration.
Right to erasure ("right to be forgotten"):
In certain circumstances, you have the right to request the erasure of personal data concerning you and We may be obliged to erase such personal data for certain reasons.
Right to restriction of processing: Under certain circumstances, you have the right to request that We restrict the processing of your personal data. In this case, the data in question will be labelled and may only be processed by Us for certain purposes.
Right to restriction of processing:
Under certain circumstances, you have the right to request that We restrict the processing of your personal data. In this case, the data in question will be labelled and may only be processed by Us for certain purposes.
Right to data portability:
In certain circumstances, you have the right to receive the personal data concerning you, which you have provided to Us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another organisation without hindrance from Us.
Right to object:
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data by Us where such processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child, including profiling based on those provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes where this is permitted without your prior consent, you also have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. In this case, your personal data will no longer be processed by Us for these purposes.
Right to lodge a complaint:
In addition to the above rights, you also have the right to lodge a complaint with the competent data protection supervisory authority.
2.6Personal data required for the conclusion or fulfilment of the contract
You only need to provide the personal data that We require to enter into and conduct a business relationship with you or that We are legally obliged to collect. Such personal data is labelled as mandatory information in the respective fields on Our website. Without this personal data, We will not be able to conclude the requested contract or - if you remove it at a later date - We will no longer be able to fulfil an existing contract and may have to terminate it.
Personal data that is not marked as mandatory in the corresponding fields on Our Website does not have to be provided.
In the following cases, We can only provide Our service and/or conclude a contract if You provide Us with the relevant data records:
- Purchase contracts: Company data (address, contact details, registration number, etc.), contact person (title, surname, first name, telephone and extension, e-mail address, position, department, location);
- Newsletter subscriptions: e-mail address, title, surname, first name, interests (industries, trends and topics) Further information on our newsletter can be found in Appendix 1 "Newsletter" to this privacy policy.
3. Name and address of the controller
The controller within the meaning of Art. 4 No. 7 GDPR is:
HYDAC International GmbH
Industriestraße
66280 Sulzbach/Saar
Germany
Tel.: +49 (0) 68 97 509-01
E-Mail: info(at)hydac.com
Website: https://www.hydac.com
Contact details of the data protection officer
We have appointed a joint data protection officer for our companies.
This can be reached at:
HYDAC Verwaltung GmbH
Abteilung Datenschutz
Industriestraße
66280 Sulzbach/Saar
Germany
Tel.: +49 (0) 68 97 / 509 01
E-Mail: privacy(at)hydac.com
4. Amendment of this Privacy Policy
This privacy policy may be subject to change - e.g. due to the implementation of new technologies or the introduction of new services or functions. We reserve the right to amend or supplement this privacy policy at any time. We will publish the changes on https://www.hydac.com/privacy-policy.
Version | Date |
---|---|
Version 2.5 | 02/2023 |
Version 3.0 | 08/2023 |
Version 3.5 | 10/2023 |
Version 4.0 | 01/2024 |
Version 4.5 | 02/2024 |
5. Appendix
5.1 Personal Data
We process the following personal data in connection with your use of the website, as follows:
Purpose of the processing | Categories of personal data | Legal basis for the processing | Storage duration |
---|---|---|---|
Displaying our website and ensuring stability and security Our system automatically retrieves personal data from your computer system when you visit our website. The personal data we collect about you is stored in our system's log files. This data is not stored together with other personal data. This is necessary in order to display our website to you and to ensure stability and security. |
| Necessary for the fulfilment of a contract (Art. 6 para. 1 lit. b) GDPR) and for the protection of legitimate interests (technically necessary for the operation of the website and to display it correctly for web visitors) (Art. 6 para. 1 lit. f) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed. |
Communication with you (e.g. via the contact form offered on the website or via the e-mail address(es) provided on the website)
The communication channel depends on the contact information provided (e.g. chat, e-mail, telephone, etc.) |
When a message is sent via our contact form, the following data is also processed:
| Necessary for the protection of legitimate interests (necessary for answering your enquiries) (Art. 6 para. 1 lit. f) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed. |
Customer analytics and/or data analysis, meaning:
| In particular, the following personal data is processed for this purpose:
| Safeguarding legitimate interests (to customise a person's online experience, to improve the performance, usability and effectiveness of Our Website in order to increase user-friendliness, to conduct and analyse Our marketing activities in order to offer better products and services that may be of more interest to customers) (Art. 6 para. 1 lit. f) GDPR or consent (Art. 6 para. 1 lit. a) GDPR). | With regard to the personal data processed by cookies and similar technologies, we refer you to our cookie policy. When processing personal data on the basis of your consent, the personal data will be stored until you revoke your consent and will be deleted as soon as possible after revocation. Otherwise, the personal data will be stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer required, unless there are statutory retention obligations or statutory limitation periods must be observed. |
Processing and fulfilment of product and service orders placed via the website, e.g:
| In particular, the following personal data is processed for this purpose:
| Necessary for the fulfilment of a contract (Art. 6 para. 1 lit. b) GDPR). | Personal data is stored for up to 10 years in order to fulfil tax law requirements. |
Credit checks In the case of a purchase on account or another payment method for which we make advance payment, we can carry out a credit check procedure (scoring). For this purpose, we transmit the data you enter to a credit agency. The probability of non-payment is determined on the basis of this data. If the risk of non-payment is too high, we may refuse the payment method in question. |
| To fulfil the contract (Art. 6 para. 1 lit. b GDPR) and to safeguard a legitimate interest (avoidance of payment defaults; Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of the consent (Art. 6 para. 1 lit. a) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer required, unless there are statutory retention obligations or statutory limitation periods must be observed. |
Communication about Our products and services, campaigns and events that may be of interest to you / sending newsletters. Based on your consent, we will send you information about our products, services and campaigns, e.g. by e-mail or post in the form of newsletters (direct marketing). | In particular, the following personal data is processed for this purpose:
| Consent (Art. 6 para. 1 lit. a) GDPR) in the case of advertising by post to safeguard legitimate interests (Art. 6 para. 1 lit. f) GDPR). When you register for an event (e.g. customer day, HYDAC employee party, etc.), you provide us with your data because you wish to participate. Participation is generally not mandatory. The collection of data may be necessary for reasons of tax law or security on site (Art. 6 para. 1 lit c) GDPR) | The personal data will be stored until you revoke your consent (e.g. unsubscribe from the newsletter), if applicable. The personal data will also be automatically deleted after 3 years at the latest if you no longer respond to our newsletter (e.g. open the newsletter email). Otherwise, the personal data will be stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer necessary, unless there are statutory retention obligations or statutory limitation periods must be observed. In the context of tax law retention for billing at events, it may be necessary to retain information about your participation for 10 years. |
Data processing in connection with a reporting system We process the personal data of the reporting persons, unless the report was submitted anonymously, as well as the personal data of the accused person(s), such as name and other communication and content data, solely for the purpose of receiving and investigating reports of criminal, illegal, morally reprehensible or unfair behaviour in a secure and confidential manner. | Information about the reporting person (if not reported anonymously) and the accused(s) such as
| The collection of the reporting person's personal data in the case of a non-anonymous report is based on consent to the processing through the transmission of the data (implied consent) (Art. 6 para. 1 sentence 1 lit. a GDPR). The collection, processing and disclosure of personal data of the persons named in the report serves to safeguard the legitimate interests of the company It is in the legitimate interest of companies to detect, process, remedy and sanction violations of the law and serious breaches of duty by employees throughout the centre, effectively and with a high degree of confidentiality, and to avert the associated damage and liability risks for companies (Sections 30, 130 of the German Administrative Offences Act (OWiG)). Directive (EU) 2019/1937 ("EU Whistleblower Directive") and the Whistleblower Protection Act also require the establishment of a reporting system in order to give employees and third parties the opportunity to report legal violations in the company in a protected manner. The disclosure of personal data in the case of non-anonymous reporting to other recipients may be necessary due to a legal obligation (Art. 6 para. 1 sentence 1 letter c GDPR). | The personal data will be stored in the respective procedure for as long as required for the clarification and final assessment, a legitimate interest of the company or a legal requirement exists. This data is then deleted in accordance with the legal requirements. The duration of storage depends in particular on the severity of the suspicion and the reported possible breach of duty. |
The purpose of data processing is to manage the application process. The data is required to complete the application process. An application portal hosted by a service provider is used to process applications. The following application portals are available:
| Among other things, the following data is processed:
Furthermore, cookies from the company Haufe-Lexware GmbH & Co. KG are also used. You can call up a list of the cookies used under the following link:https://de.onlinehelp.umantis.com/index.php/Cookies | The data processing is necessary for the decision on the establishment of an employment relationship. The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 para. 1 GDPR or Art. 88 para. 1 GDPR in conjunction with national law. If a rejected applicant has given consent for the further storage of their data, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (in conjunction with Section 26 para. 2 BDSG). | The applicant data will be deleted 6 months after the end of a specific recruitment process, unless the applicant (f/m/d) is taken on in an employment relationship or explicitly requests the deletion of their data beforehand. If the applicant (f/m/d) is also involved in other recruitment processes at the same time, the deletion of the applicant data is based on the completion of the last completed recruitment process. Applicant data from unsolicited applications will be deleted 6 months after notification of a lack of employment opportunities within the HYDAC group. The inclusion and storage of applicant data (including from the trainee quiz) in the talent or applicant pool for the purpose of checking for future vacancies will only take place with the consent of the applicant (f/m/d) given specifically for this purpose and will lead to the deletion of the applicant data after 12 months from the last contact, unless the applicant (f/m/d) is taken on in an employment relationship or explicitly agrees to an update and longer storage of the applicant data. |
5.2 Service Provider
Depending on the purpose of the processing for which we use the respective service provider, we share certain personal data (where necessary) with the following service providers:
- maxcluster GmbH, Technologiepark 8, 33100 Paderborn, E-Mail: info (at) maxcluster.de als Hosting Provider.
- KERN GmbH, In der Kölling 7, 66450 Bexbach as part of the dispatch of postal mailings
- GuestOne GmbH, Hofaue 3942103 Wuppertal for guest management at events
- LegalTegrity GmbH, Platz der Einheit 2, 60327 Frankfurt as the operator of the whistleblower system
5.3 Processing for video surveillance
We process the following personal data in connection with the monitoring of our work areas, properties or buildings, if marked accordingly on site
Purpose of the processing | Categories of personal data | Legal basis for the processing | Storage duration |
---|---|---|---|
Processing for the purpose of protecting the employees and property of the controller. The monitoring of the areas serves to ensure occupational safety, to prevent hazards, to control unauthorised access, to secure the domiciliary rights and the property of the controller. This is our legitimate interest. |
| Necessary for the protection of legitimate interests (Art. 6 para. 1 lit. f) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. If the video recording data is stored, it will be deleted after 72 hours. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed. |
5. Appendix
5.1 Personal Data
We process the following personal data in connection with your use of the website, as follows:
Purpose of the processing | Categories of personal data | Legal basis for the processing | Storage duration |
---|---|---|---|
Displaying our website and ensuring stability and security Our system automatically retrieves personal data from your computer system when you visit our website. The personal data we collect about you is stored in our system's log files. This data is not stored together with other personal data. This is necessary in order to display our website to you and to ensure stability and security. |
| Necessary for the fulfilment of a contract (Art. 6 para. 1 lit. b) GDPR) and for the protection of legitimate interests (technically necessary for the operation of the website and to display it correctly for web visitors) (Art. 6 para. 1 lit. f) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed. |
Communication with you (e.g. via the contact form offered on the website or via the e-mail address(es) provided on the website)
The communication channel depends on the contact information provided (e.g. chat, e-mail, telephone, etc.) |
When a message is sent via our contact form, the following data is also processed:
| Necessary for the protection of legitimate interests (necessary for answering your enquiries) (Art. 6 para. 1 lit. f) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed. |
Customer analytics and/or data analysis, meaning:
| In particular, the following personal data is processed for this purpose:
| Safeguarding legitimate interests (to customise a person's online experience, to improve the performance, usability and effectiveness of Our Website in order to increase user-friendliness, to conduct and analyse Our marketing activities in order to offer better products and services that may be of more interest to customers) (Art. 6 para. 1 lit. f) GDPR or consent (Art. 6 para. 1 lit. a) GDPR). | With regard to the personal data processed by cookies and similar technologies, we refer you to our cookie policy. When processing personal data on the basis of your consent, the personal data will be stored until you revoke your consent and will be deleted as soon as possible after revocation. Otherwise, the personal data will be stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer required, unless there are statutory retention obligations or statutory limitation periods must be observed. |
Processing and fulfilment of product and service orders placed via the website, e.g:
| In particular, the following personal data is processed for this purpose:
| Necessary for the fulfilment of a contract (Art. 6 para. 1 lit. b) GDPR). | Personal data is stored for up to 10 years in order to fulfil tax law requirements. |
Credit checks In the case of a purchase on account or another payment method for which we make advance payment, we can carry out a credit check procedure (scoring). For this purpose, we transmit the data you enter to a credit agency. The probability of non-payment is determined on the basis of this data. If the risk of non-payment is too high, we may refuse the payment method in question. |
| To fulfil the contract (Art. 6 para. 1 lit. b GDPR) and to safeguard a legitimate interest (avoidance of payment defaults; Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of the consent (Art. 6 para. 1 lit. a) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer required, unless there are statutory retention obligations or statutory limitation periods must be observed. |
Communication about Our products and services, campaigns and events that may be of interest to you / sending newsletters. Based on your consent, we will send you information about our products, services and campaigns, e.g. by e-mail or post in the form of newsletters (direct marketing). | In particular, the following personal data is processed for this purpose:
| Consent (Art. 6 para. 1 lit. a) GDPR) in the case of advertising by post to safeguard legitimate interests (Art. 6 para. 1 lit. f) GDPR). When you register for an event (e.g. customer day, HYDAC employee party, etc.), you provide us with your data because you wish to participate. Participation is generally not mandatory. The collection of data may be necessary for reasons of tax law or security on site (Art. 6 para. 1 lit c) GDPR) | The personal data will be stored until you revoke your consent (e.g. unsubscribe from the newsletter), if applicable. The personal data will also be automatically deleted after 3 years at the latest if you no longer respond to our newsletter (e.g. open the newsletter email). Otherwise, the personal data will be stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer necessary, unless there are statutory retention obligations or statutory limitation periods must be observed. In the context of tax law retention for billing at events, it may be necessary to retain information about your participation for 10 years. |
Data processing in connection with a reporting system We process the personal data of the reporting persons, unless the report was submitted anonymously, as well as the personal data of the accused person(s), such as name and other communication and content data, solely for the purpose of receiving and investigating reports of criminal, illegal, morally reprehensible or unfair behaviour in a secure and confidential manner. | Information about the reporting person (if not reported anonymously) and the accused(s) such as
| The collection of the reporting person's personal data in the case of a non-anonymous report is based on consent to the processing through the transmission of the data (implied consent) (Art. 6 para. 1 sentence 1 lit. a GDPR). The collection, processing and disclosure of personal data of the persons named in the report serves to safeguard the legitimate interests of the company It is in the legitimate interest of companies to detect, process, remedy and sanction violations of the law and serious breaches of duty by employees throughout the centre, effectively and with a high degree of confidentiality, and to avert the associated damage and liability risks for companies (Sections 30, 130 of the German Administrative Offences Act (OWiG)). Directive (EU) 2019/1937 ("EU Whistleblower Directive") and the Whistleblower Protection Act also require the establishment of a reporting system in order to give employees and third parties the opportunity to report legal violations in the company in a protected manner. The disclosure of personal data in the case of non-anonymous reporting to other recipients may be necessary due to a legal obligation (Art. 6 para. 1 sentence 1 letter c GDPR). | The personal data will be stored in the respective procedure for as long as required for the clarification and final assessment, a legitimate interest of the company or a legal requirement exists. This data is then deleted in accordance with the legal requirements. The duration of storage depends in particular on the severity of the suspicion and the reported possible breach of duty. |
The purpose of data processing is to manage the application process. The data is required to complete the application process. An application portal hosted by a service provider is used to process applications. The following application portals are available:
| Among other things, the following data is processed:
Furthermore, cookies from the company Haufe-Lexware GmbH & Co. KG are also used. You can call up a list of the cookies used under the following link:https://de.onlinehelp.umantis.com/index.php/Cookies | The data processing is necessary for the decision on the establishment of an employment relationship. The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 para. 1 GDPR or Art. 88 para. 1 GDPR in conjunction with national law. If a rejected applicant has given consent for the further storage of their data, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (in conjunction with Section 26 para. 2 BDSG). | The applicant data will be deleted 6 months after the end of a specific recruitment process, unless the applicant (f/m/d) is taken on in an employment relationship or explicitly requests the deletion of their data beforehand. If the applicant (f/m/d) is also involved in other recruitment processes at the same time, the deletion of the applicant data is based on the completion of the last completed recruitment process. Applicant data from unsolicited applications will be deleted 6 months after notification of a lack of employment opportunities within the HYDAC group. The inclusion and storage of applicant data (including from the trainee quiz) in the talent or applicant pool for the purpose of checking for future vacancies will only take place with the consent of the applicant (f/m/d) given specifically for this purpose and will lead to the deletion of the applicant data after 12 months from the last contact, unless the applicant (f/m/d) is taken on in an employment relationship or explicitly agrees to an update and longer storage of the applicant data. |
5.2 Service Provider
Depending on the purpose of the processing for which we use the respective service provider, we share certain personal data (where necessary) with the following service providers:
- maxcluster GmbH, Technologiepark 8, 33100 Paderborn, E-Mail: info (at) maxcluster.de als Hosting Provider.
- KERN GmbH, In der Kölling 7, 66450 Bexbach as part of the dispatch of postal mailings
- GuestOne GmbH, Hofaue 3942103 Wuppertal for guest management at events
- LegalTegrity GmbH, Platz der Einheit 2, 60327 Frankfurt as the operator of the whistleblower system
5.3 Processing for video surveillance
We process the following personal data in connection with the monitoring of our work areas, properties or buildings, if marked accordingly on site
Purpose of the processing | Categories of personal data | Legal basis for the processing | Storage duration |
---|---|---|---|
Processing for the purpose of protecting the employees and property of the controller. The monitoring of the areas serves to ensure occupational safety, to prevent hazards, to control unauthorised access, to secure the domiciliary rights and the property of the controller. This is our legitimate interest. |
| Necessary for the protection of legitimate interests (Art. 6 para. 1 lit. f) GDPR). | The personal data is stored for as long as is necessary for the respective purpose. If the video recording data is stored, it will be deleted after 72 hours. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed. |
6. Further Information on Data Privacy as a Download
Beschreibung | Download (Link to the PDF file) |
---|
Data protection notice Intellectual-Property | https://www.hydac.com/fileadmin/doc/privacy/Datenschutzhinweis_Intellectual-Property_DSGVO_GDPR.pdf |
8. Cookies and other Technologies
Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
You can see which cookies we use when you use our website in the list at the end:
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.
Consent via a consent manager
Our website uses Onetrust's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Onetrust Technology Ltd, 82 St John Street, London, UK, EC1M 4JN (hereinafter referred to as "ConsentManager").
When you enter our website, a connection is established to the Onetrust servers in order to obtain your consent and other declarations regarding the use of cookies. Onetrust then stores a cookie in your end device in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you delete the Onetrust provider cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.
Onetrust is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Order processing
We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Description/scope of data processing | Legal basis for data processing | Purposes of data processing | Duration of storage | Possibility of objection and removal |
---|---|---|---|---|
| If cookies or cookie-like technologies are used in the context of data processing, the storage of information in the end user's end device or access to information already stored in the end user's end device is carried out in accordance with Section 25 (1) TTDSG and further data processing in accordance with Art. 6 (1) GDPR. If the use of cookies is deemed absolutely necessary, this is done on the basis of Section 25 (2) TTDSG and further data processing in accordance with Art. 6 (1) GDPR. The protection of legitimate interests forms the legal basis for the processing of data using technically necessary cookies. The legal basis for the processing of data using cookies for analysis purposes is consent if the user has consented to this use. | The purpose of using technically necessary cookies is to make it easier for users to use websites. Some functions on our websites cannot be offered without the use of cookies. These functions require the browser to be recognised even if the user leaves the site. You can see which cookies we use and for what purpose via the following list: The user data collected using technically necessary cookies is not used to create user profiles. Analytics cookies are used to improve the quality of our website and our content. The analytics cookies show us how the website is used. This allows us to continuously optimise our website. These purposes constitute our legitimate interest in processing the data in accordance with our legitimate interest. | The storage period depends on the cookie used. Cookies that are processed when the website is opened: You can see the storage period in the following list. | You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions to their full extent. If you have consented to the use of the analysis cookie and wish to withdraw your consent, you can find this setting under |