1. Privacy at a Glance – General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our Privacy Policy listed below this text.
Data Collection on Our Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the Legal Notice (Impressum) of this website.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter into a contact form. Other data is collected automatically by our IT systems when you visit the website. This primarily includes technical data (e.g. the internet browser, operating system, or the time the page was accessed). The collection of this data occurs automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. For this purpose, as well as for further questions about data protection, you can contact us at any time at the address provided in the Legal Notice. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Details can be found in the Privacy Policy under “Right to Restriction of Processing.”
Analytics Tools and Third-Party Tools
When visiting this website, your browsing behavior may be statistically evaluated. This happens primarily with cookies and so-called analytics programs. The analysis of your browsing behavior is usually anonymous; your browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information about these tools and about your options to object can be found in the Privacy Policy below.
2. Hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the servers of the host. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
The use of the hoster is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR). Our host will process your data only to the extent necessary to fulfill its service obligations and in accordance with our instructions regarding this data.
We use the following host:
SIEGNETZ.IT GmbH
Einheitsstr. 2
D-57076 Siegen, Germany
Conclusion of a Data Processing Agreement
To ensure data processing is compliant with data protection regulations, we have concluded a data processing agreement with our host.
3. General Information and Mandatory Disclosures
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this Privacy Policy. When you use this website, various personal data is collected. Personal data is any data by which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this takes place.
Please note that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Notice Regarding the Responsible Entity
The party responsible for data processing on this website is:
HERING Management GmbH
Neuländer 1 | Holzhausen
D-57299 Burbach
Telefon: +49 2736 27-0
E-Mail: gruppe(at)hering-bau.de
The responsible entity is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Storage Duration
Unless a more specific storage period is stated within this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.
General Information on the Legal Bases of Data Processing on this Website
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of data pursuant to Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing additionally takes place on the basis of § 25 (1) TDDDG. Consent can be revoked at any time.
If your data is required to fulfill a contract or for pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6 (1) (c) GDPR. Data processing may also be based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. The relevant legal basis in each individual case is specified in this Privacy Policy.
Legally Required Data Protection Officer
We have appointed a data protection officer for our company:
Dipl.-Ing. Lars Ebertz
on behalf of EBERTZ DATENSCHUTZ GmbH
Ober den Wiesen 17
35756 Mittenaar
www.ebertz-datenschutz.de
E-Mail: lars(at)ebertz-datenschutz.de
Recipients of Personal Data
In the course of our business activities, we work with various external parties. This may also involve the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. transfer of data to tax authorities), if we have a legitimate interest under Art. 6 (1) (f) GDPR in the disclosure, or if another legal basis permits the transfer of data. When using processors, we only pass on personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may revoke any consent already given at any time. A simple email notification to us is sufficient. The legality of data processing carried out up to the time of revocation remains unaffected by the revocation.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
If data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data; this also applies to profiling based on these provisions. The applicable legal basis for processing can be found in this Privacy Policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21 (2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process on the basis of your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of data to another controller, this will only be done insofar as it is technically feasible.
SSL and TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Right of Access, Deletion, and Correction
Within the framework of applicable legal provisions, you have the right at any time to free access to your stored personal data, its origin and recipient, and the purpose of the data processing, and, if applicable, a right to rectification or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the Legal Notice.
Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You may contact us at any time for this purpose at the address provided in the Legal Notice. The right to restrict processing applies in the following cases:
- If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you require it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing instead of deletion.
- If you have objected pursuant to Art. 21 (1) GDPR, a balancing of interests must be carried out between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, such data – apart from being stored – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
Objection to Promotional Emails
We hereby object to the use of contact data published within the scope of the legal notice obligation for the purpose of sending unsolicited advertising and information materials. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.
4. Data Collection on Our Website
The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data are not combined with other data sources.
The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, server log files must be collected.
Contact Form
If you send us inquiries via the contact form, the information you provide in the form, including the contact details you entered, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your inquiry has been fully processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Inquiries by Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your inquiry, including all personal data resulting from it (such as name and request), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR if your inquiry is related to the performance of a contract or is required for pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) (a) GDPR) and/or on our legitimate interests (Art. 6 (1) (f) GDPR), since we have a legitimate interest in the effective processing of inquiries addressed to us.
The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
5. Analytics Tools and Advertising
This website uses the open-source web analytics service Matomo. The use of this analytics tool is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both the website offering and its advertising.
If you do not agree with the storage and use of your data, you can deactivate storage and use here. In this case, an opt-out cookie will be stored in your browser that prevents Matomo from saving usage data. If you delete your cookies, this also results in the Matomo opt-out cookie being deleted. The opt-out must be reactivated when you visit this website again.
Hosting
We host Matomo exclusively on our own servers so that all analytics data remains with us and is not shared with third parties.
6. Plugins and Tools
YouTube with Enhanced Privacy Mode
When you visit one of our pages equipped with a YouTube plugin, a preview image with the “YouTube” logo will first be displayed for each embedded YouTube video. A connection to YouTube’s servers is only established once you click on one of these preview images to load and play the corresponding video.
The operator of the YouTube services is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, once a video starts, YouTube may store various cookies on your device. These cookies enable YouTube to obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud attempts. These cookies remain on your device until you delete them. Further data processing operations may also be triggered once a YouTube video starts, over which we have no control.
The use of YouTube is in the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) GDPR. Where consent has been requested (e.g. consent to store cookies), processing is based exclusively on Art. 6 (1) (a) GDPR; consent can be revoked at any time.
For more information on how user data is handled, please refer to YouTube’s Privacy Policy.
The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Any company certified under the DPF is obliged to comply with these data protection standards. Further information can be obtained from the provider via the following link.
Meta Pixel (formerly Facebook Pixel)
To measure conversion rates, this website uses the visitor activity pixel of Meta. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta’s statement the collected data will be transferred to the USA and other third-party countries too. This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Meta ad. This makes it possible to analyze the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Meta archives the information and processes it, so that it is possible to make a connection to the respective user profile on Facebook or Instagram and Meta is in a position to use the data for its own promotional purposes in compliance with the Meta Data Usage Policy. This enables Meta to display ads on Facebook or Instagram and other advertising channels. We as the operator of this website have no control over the use of such data. The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Within the meta pixel, we are using the expanded alignment function. The expanded alignment allows us to transfer to Meta different types of data (e.g., place of residence, federal state, zip code, hashed email addresses, names, gender, date of birth or phone number) of our customers and prospects we collect through our website. Herewith, we can tailor the offers presented in our advertising campaigns on Facebook and Instagram to individuals interested in what we offer even more precisely. Moreover, this expanded alignment optimizes the allocation of website conversions and expands custom audiences. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Meta. The processing by Meta that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us have been jointly set out in a joint processing agreement. The wording of the agreement can be found here. According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the privacy-secure implementation of the tool on our website. Meta is responsible for the data security of Meta products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here and here. In Meta’s Data Privacy Policies, you will find additional information about the protection of your privacy. You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section. To do this, you first have to log into Facebook. If you do not have a Facebook or Instagram account, you can deactivate any user-based advertising by Meta on the website of the European Interactive Digital Advertising Alliance. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under this link.
7. Audio and Video Conferences
For communication with our customers, we use, among other things, online conferencing tools. The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed both by us and by the provider of the respective conferencing tool.
The conferencing tools collect all data that you provide for use of the tools (e.g. your email address and/or telephone number). In addition, the tools process the duration of the conference, start and end time of participation, number of participants, and other “context information” in connection with the communication process (metadata).
The provider of the tool also processes all technical data required to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection. If content is exchanged, uploaded, or otherwise provided within the tool, it is also stored on the servers of the tool providers. Such content may include, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.
Please note that we do not have full influence on the data processing procedures of the respective tools used. Our options are largely determined by the corporate policies of the respective provider. Further information on data processing by the conferencing tools can be found in the privacy policies of the respective providers listed below this text.
Purpose and Legal Bases
The conferencing tools are used to communicate with prospective or existing contractual partners or to provide certain services to our customers (Art. 6 (1) (b) GDPR). In addition, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest pursuant to Art. 6 (1) (f) GDPR). Where consent has been requested, the use of the relevant tools is based on this consent; consent may be revoked at any time with future effect.
Storage Duration
The data directly collected by us via the video and conferencing tools will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams Privacy Policy.
The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Any company certified under the DPF is obliged to comply with these data protection standards. Further information can be obtained from the provider.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
8. Own Services
We offer you the opportunity to apply with us (e.g. by email, by post, or via the online application form). Below we inform you about the scope, purpose, and use of the personal data collected during the application process. We assure you that the collection, processing, and use of your data will be carried out in compliance with applicable data protection laws and all other legal provisions, and that your data will be treated with strict confidentiality.
Scope and Purpose of Data Collection
If you send us an application, we process the associated personal data (e.g. contact and communication details, application documents, notes taken during interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new under German law (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general contract initiation), and – if you have given consent – Art. 6 (1) (a) GDPR. Consent can be revoked at any time. Within our company, your personal data will only be shared with persons involved in processing your application. If the application is successful, the data you submitted will be stored in our data processing systems on the basis of § 26 BDSG-new and Art. 6 (1) (b) GDPR for the purpose of implementing the employment relationship.
HERING Career Portal / myjobboard
Our integrated career portal offers you many options and conveniences for selecting a suitable vacant position and guides you through the application process. If you provide us with your documents (e.g. CV) via the career portal, we use external service providers to optimize our recruiting processes. These service providers act as data processors under Art. 28 GDPR and process your personal data exclusively according to our instructions and only for the duration of the application process (see also “Retention Period of Data”).
The process optimization also includes so-called CVlizer services, which allow documents to be automatically read and categorized into existing process software in order to minimize manual effort. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interest in process-optimized implementation of business processes). In this context, there is currently and will in future be no scoring and no automated decision-making concerning you, your documents, or your application.
Some of these CVlizer services are provided within cloud applications (Microsoft Azure) – therefore, we draw attention to the possible transfer of such data to third countries and refer to the section “Notice on Data Transfer to the USA.”
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned services with the provider perbit Software GmbH, Siemensstraße 31, 48341 Altenberge. This is a contract required under data protection law that ensures that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR. Further information on data protection at perbit can be found here.
Retention Period of Data
If we are unable to offer you a position, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided to us based on our legitimate interests (Art. 6 (1) (f) GDPR) for up to six months after the end of the application process (rejection or withdrawal of the application). Thereafter, the data will be deleted and any physical application documents destroyed. Retention serves in particular as evidence in the event of legal disputes. If it is foreseeable that the data will still be required after the six-month period (e.g. due to an impending or pending legal dispute), deletion will only take place once the reason for further retention no longer applies. A longer retention period may also occur if you have given your consent (Art. 6 (1) (a) GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the Applicant Pool
If we are unable to offer you a position, you may have the option of being included in our applicant pool. In the event of inclusion, all documents and information from the application will be transferred into the applicant pool so that we can contact you in case of suitable vacancies. Inclusion in the applicant pool is based solely on your explicit consent (Art. 6 (1) (a) GDPR). The provision of consent is voluntary and has no connection to the ongoing application process. You may withdraw your consent at any time. In this case, the data from the applicant pool will be permanently deleted, unless statutory retention requirements prevent deletion.
Data in the applicant pool will be permanently deleted no later than 12 months after consent has been granted.