Privacy policy

1. Introduction

 

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations..

Controller within the meaning of data protection law

Haselhorst Associates GmbH
Schiffbauerweg 1
82319 Starnberg

Phone: + 49 (0) 8151 650 40 0
Fax: + 49 (0) 8151 650 40 20
E-Mail: info@haselhorst-associates.com

Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

 

2. Definitions


Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

 

3. Data collection on our website

 

Web Hosting

This website is hosted by an external service provider (DasWEB.haus, Perchastr. 8e, 82319 Starnberg). This website is hosted in Frankfurt, Germany. Personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.

We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

Server-Logfiles
Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Web browser used and operating system used
  • (Full) IP address of the requesting computer
  • Operating system

We collect the listed data in order to guarantee a frictionless connection establishment and to enable a comfortable use of our website by the users. The log file also serves for evaluating system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data.

Cookies
Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimized presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or  http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be "tracked" for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ).

Please note that if you disable cookies, the functionality of our website may be limited.

Change cookie settings
You can revoke or change your cookie settings at any time. To do so, open the cookie settings again. You will find the cookie Settings in the menu of the footer.

Contact form and contact by email
If you send us requests via our contact form, fax or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. You are required to provide an email address to contact us. Your name and telephone number are optional. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

LeadLab
Our website uses the pixel-code technology of WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. This involves processing the IP address of a visitor. The processing is carried out exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab under any circumstances. When processing the data, it is in our particular interest to protect the data protection rights of natural persons. Our interest is based on Art. 6 para. 1 lit. (f) GDPR. The data collected by us does not allow any conclusions to be drawn about an identifiable person at any time.

WiredMinds GmbH uses this information to create anonymous user profiles based on the behavior of visitors to our website. The data collected is not used to personally identify visitors to our website.

Google Ads
We use "Google Ads" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads is used by us for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you.

If you have given us your consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we can use Google Ads to draw attention to our attractive offers by using advertising material on external websites. This enables us to determine how successful individual advertising measures are.

These advertising media is delivered by Google via so-called "AdServers". We use AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of the ads or clicks by users, can be measured.

If you reach our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be contacted). These cookies enable Google to recognize your web browser. If a user visits certain pages of an ad client's website and the cookie stored on their computer has not expired, Google and the client will be able to tell that the user clicked on the ad and was redirected to that page. A different cookie is associated with each ad client. As a result, cookies cannot be tracked through the websites of ad clients. We ourselves do not collect and process any personal data in the advertising measures mentioned above. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and save your IP address.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data use by Google, on setting and objection options as well as on data protection can be found on the following Google websites:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. Please note that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. In addition, you can deactivate interest-related advertisements by clicking on the link optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

Google Web Fonts
We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access our website. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these Google Fonts is done by a server call, usually a Google server in the U.S. This transmits to the server which page of our website you have visited. Also, the IP address of the browser of the end device of the visitor is stored by Google.

We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. The legal basis for the data processing and transfer to Google is Art. 6 (1) lit. f GDPR.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data protection can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=en.

Further information on Google Fonts can be found at https://fonts.google.com/

Google Maps
Our homepage uses the online map service provider Google Maps via an interface. Provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to display interactive maps directly on the website and makes it easy for you to use the map function. To use the functionalities of Google Maps it is necessary to save your IP address.

Google uses Cookies, to collect information about user behaviour. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, Google uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on the handling of user data can be found in Google's privacy policy:
https://www.google.de/intl/de/policies/privacy/
Opt-out: https://www.google.com/settings/ads/

 

4. External social links

 

On our website Social Media is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will be only transferred after the redirection to the respective provider. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.

 

5. Data transfer and recipients

 

Your personal data is not transferred to third parties, unless

  • we have explicitly pointed this out in the description of the respective data processing.
  • you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

 

6. Data security

 

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

 

7. Storage period

 

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

 

8. Your rights

 

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail info@haselhorst-associates.com

 

9. Necessity of providing personal data

 

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

 

10. Automated decision making

 

Automated decision making or profiling according to Art. 22 GDPR does not take place.

 

11. Subject to change

 

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

 

Data protection information for applicants

1. Purposes and legal basis of the processing

 

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act (Subsequently referred to as BDSG 2018), insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis is Art. 88 GDPR in conjunction with § 26 BDSG 2018 and, if applicable, Art. 6 Para. 1 lit. b GDPR for the initiation or execution of contractual relationships.

Furthermore, we may process your personal data insofar as this is necessary to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or to defend asserted legal claims against us. The legal basis is Art. 6 para. 1 lit. f GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).

Once you give us express consent to process personal data for specific purposes, the lawfulness of this processing depends on your consent pursuant to Art. 6 para. 1 lit. a GDPR. Any consent given may be withdrawn at any time with effect for the future (see section 9 of this data protection information).

If there is an employment relationship between you and us, we may, pursuant to Art. 88 GDPR i. V. m. § 26 BDSG 2018, further process the personal data we have already received from you for the purposes of the employment relationship, insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the representation of the interests of the employees resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

 

2. Categories of personal data


We only process data that is related to your application. This may include general information about you (name, address, contact details, etc.), information about your professional qualifications and schooling, information about continuing vocational education and training and any other data that you provide to us in connection with your application.

 

3. Sources of data

 

We process personal data which we receive from you by post or e-mail.

 

4. Recipient of the data

 

We pass on your personal data within our company exclusively to those areas and persons who need this data to fulfil their contractual and legal obligations or to implement our legitimate interest.
Data will otherwise only be passed on to recipients outside the company if this is permitted or required by law, if this is necessary to fulfil legal obligations or if we have your consent.

 

5. Transfer to a third country

 

A transfer to a third country is not intended.

 

6. Duration of data storage

 

We store your personal data as long as this is necessary for the decision on your application. Your personal data or application documents will be deleted a maximum of six months  after completion of the application procedure (e.g. notification of the rejection decision), unless longer storage is legally necessary or permissible. In addition, we only store your personal data to the extent required by law or in a specific case to assert, exercise or defend legal claims for the duration of a legal dispute.

In the event that you have agreed to your personal data being stored for a longer period of time, we will store it in accordance with your declaration of consent.
If the application procedure is followed by an employment relationship, an apprenticeship relationship or an internship relationship, your data will, as far as necessary and permissible, initially continue to be stored and then transferred to the personal file.

If necessary, you will receive an invitation to join our talent pool following the application process. This allows us to consider you also in the future with suitable vacancies with our applicant selection. If we have received your corresponding consent, we will store your application data in our talent pool in accordance with your consent or future consent, as the case may be.

 

7. Your rights

 

Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to notification pursuant to Art. 19 GDPR and the right to data portability pursuant to Art. 20 GDPR.

In addition, you have the right lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR if you are of the opinion that the processing of your personal data is not lawful. The right to lodge a complaint shall be without prejudice to any other administrative or judicial remedy.

If the processing of data takes place on the basis of your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the withdrawal will only take effect in the future. Processing that took place before the revocation is not affected by this. Please also note that we may need to retain certain data for a period of time to comply with legal requirements (see Section 8 of this Privacy Policy).

 

8. Necessity of providing personal data

 

The provision of your personal data within the scope of application processes is voluntary. However, we can only decide or establish an employment relationship with you if you provide necessary personal information to complete the application.

 

9. Automated decision making

 

The decision on your application is not based exclusively on automated processing. Therefore, no automated decision is made in individual cases within the meaning of Art. 22 GDPR.