DATA PROTECTION

We, the company Hammerl GmbH, would like to thank you for visiting our website and for your interest in our company and our services. The protection of your privacy during processing is an important concern for us. Therefore, your personal data will only be processed in accordance with the provisions of German and European data protection law. We want you to feel safe when visiting our website.

Introduction
With this data protection declaration we fulfil our duty to inform our visitors and users of these pages in accordance with Article 13 of the EU General Data Protection Regulation (EU-DSGVO). The protection of personal data is of central importance to us. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. This includes information such as name, address, e-mail and telephone number. The legal basis for data protection can be found in the EU Data Protection Regulation, the German Telemedia Act (TMG) and the EU ePrivacy Regulation.

Your data protection rights as a user of this website (data subject rights)
Data protection law regards you as the person affected by the collection of personal data initiated by us when you visit our website. Accordingly, the law provides for a number of data subject rights which you have as a user of this website. In detail, these are the following rights:

You have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing – without giving reasons. You also have the right to have this data corrected, blocked or deleted. You can also restrict the processing of your data and/or object to the processing (right of objection) for reasons arising from your particular situation; you also have the right to data portability in principle. If you have given us consent to process your data, you can revoke this consent at any time. You also have the right to lodge a complaint with the supervisory authority in accordance with Art. 77 EU-DSGVO.

Contact details: Person responsible – Data protection coordinators – Data protection officer.
If you have questions about data protection at Hammerl GmbH that are not answered by this data protection declaration or if you want to implement your data subject rights, the following contact options are open to you:

The management stated in the imprint is responsible for data processing. However, as they deal with many other issues, we recommend that you contact our data protection coordinators (datenschutz@hammerl.de) by e-mail. The postal route is also open to you; the address can also be found in the imprint.

In addition, Hammerl GmbH has appointed an external data protection officer. You can also contact him at: datenschutz@hammerl.de.

We would like to point out that you can ask any of our employees about your data protection rights. However, it is a great relief for us if you contact our data protection coordinators (datenschutz@hammerl.de) directly with data protection enquiries.

If you want to use the right of complaint according to Art. 77 EU-DSGVO, please contact the competent supervisory authority.

Recipients of personal data
If you transmit personal data to us, the main recipients are the employees entrusted by Hammerl GmbH to do so. In addition, it is possible that we commission other companies and individuals to perform tasks for us, e.g. services which you have requested from us by means of the contact enquiry (for example a printed product brochure). In this case, your data may be processed by the company commissioned by us for the purpose specified by you. More details can also be found in the section “Obligation of employees and external service providers” and “Cooperation with external service providers”.

Transfer of personal data to a third country
We do not intend to transfer personal data beyond the scope of the EU GDPR. Generally, data is only transferred to third countries with a recognised level of data protection or on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission. Depending on the browser settings, IP addresses and/or so-called “referral links” or online identifiers may be passed on. Due to the combination of this data not initiated by us, it cannot be ruled out that personal data will be generated and processed outside the scope of the EU-DSGVO. You can prevent the transfer of data in your browser; for more information, please refer to the section “Google Web Services”.

Storage period
Personal data provided to us via our website will only be stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to ten years.

Purpose of data collection
The use of our website is generally possible without providing personal data. For the use of individual services of our site, different regulations may apply, which in this case are explained separately below and inform you in particular about the type, scope and purpose of the collection, use and processing of personal data. Nevertheless, we only process personal data to the extent necessary to provide a functioning website and our content and services. If personal data is collected, the purpose is the technical provision of our website, for information purposes and for contractual purposes in the provision of services. Data may also be collected for marketing and advertising purposes. Any use of your personal data will only be for the purposes stated and to the extent necessary to achieve these purposes.

Legal basis for data collection
Personal data may only be processed on the basis of a legal basis. If we process personal data within the scope of our website, this is usually based on the protection of the legitimate interests of the responsible party in accordance with Art. 6 (1) lit. f EU-DSGVO.

The protection of legitimate interests is a balancing of interests and includes both our interests as the company responsible for the processing and the interests of the users of our websites. We as a company would like to inform you about our company and its products and services. You as a user and potential customer, supplier, competitor, information seeker and/or applicant have an interest in finding out about us, our services and products in a technically accessible and convenient manner. In addition, we give our visitors the opportunity to contact us via the website. Accordingly, the processing is in the interest of both parties. At the same time, the processing of personal data is reduced to a minimum, so that we conclude that the protection of legitimate interests is the legally sufficient basis for the processing.

In the context of the application process, we use the legal ground of the contract and the initiation of the contract (Art. 6 para. 1 lit. b EU-DSGVO), in particular Section 26 BDSG-neu (data processing for purposes of the employment relationship). You can find more details in the section “Applications”.

In addition, we also use the legal ground of consent in the context of the application procedure (Art. 6 para. 1 lit. a EU-DSGVO). This consent is voluntary and serves the purpose of recruiting personnel and transferring your data to an internal talent pool. You can find more details in the section “Applications”. Art. 7 EU GDPR places conditions on consent, these include: You are free to decide whether you want to give consent or not. There are no negative consequences if you do not give your consent. You can also revoke a given consent in whole or in part at any time for the future. The lawfulness of the processing based on the consent remains in effect until the revocation. This means that despite the revocation of consent, the processing does not become unlawful even in the past.

In the context of the application procedure, special categories of personal data within the meaning of Art. 9(1) EU GDPR (in particular health data) may be disclosed, transferred and/or requested by applicants in order for the controller to fulfil the obligations arising from labour law and social security and social protection law. At the same time, the data subject (usually the applicant) may disclose special categories of personal data in order to exercise his/her rights. The processing then takes place on the basis of Art. 9 para. 2 lit. b. EU-DSGVO. In the case of a possible assessment of the applicant’s ability to work for medical diagnosis, care or treatment in the health or social sector or for the management of systems and services in the health or social sector, the processing is based on Art. 9 (2) lit. h. EU-DSGVO.
The legal ground of consent may also be used by us in the context of marketing operations. If necessary, consent can be requested from you via technical measures linked to these web pages. You will then find the content and scope of the consent in the appropriate place. For this type of consent, the requirements according to Article 7 of the EU Data Protection Regulation, which were described in the previous paragraph, also apply.

Cookies

Cookie-settings

Our website uses so-called cookies, which serve to make our Internet presence more user-friendly, effective and secure overall – for example, when it comes to speeding up navigation on our website. Cookies also enable us to measure, for example, the frequency of page views and the generic use of the web pages.

Cookies are small text files that are stored on your computer system. Cookies do not cause any damage to your computer and do not contain viruses. We would like to point out that some of these cookies are transferred from our server to your computer system, whereby these are mostly so-called “session cookies”. “Session cookies” are characterised by the fact that they are automatically deleted from your hard drive at the end of the browser session. Other cookies remain on your computer system and enable us to recognise your computer system on your next visit (so-called permanent cookies). Of course, you can reject cookies at any time, provided your browser allows this. However, we would like to point out that in this case you will not be able to use all the functions of our website to their full extent.
The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie or how to switch off all cookies you have received.
Of course, you can also delete cookies afterwards. The procedure depends on the browser and operating system. We ask you to research the procedure for subsequent deletion for your system yourself.

Server log
Every visit to the pages of this website is recorded and stored in the so-called server log files. This data is used exclusively for the technical analysis of server use, e.g. to avoid server overload and/or to control the server load.
Specifically, the following data is collected:

  • Requesting host address (IP address)
  • Date and time of the request
  • Name of the retrieved file
  • HTTP status code
  • amount of data transferred
  • Internet page from which you are visiting us (referrer URL)
  • Browser/operating system/interface
  • Information about the server service used
  • Protocol version

This anonymous data is stored separately from any personal data you may have provided and thus does not allow any conclusions to be drawn about a specific person. They will only be passed on to third parties if required by law or a court order. It will not be passed on for commercial or non-commercial purposes. However, we reserve the right to check this data retrospectively if we become aware of concrete indications of unlawful use. This may be the case, for example, in the event of DDoS attacks on our websites.

Contact option
On our website, we offer you the opportunity to contact us by e-mail and via contact forms. The information you provide in the enquiry form, including the contact details you enter there, will be forwarded to us in encrypted form and stored by us for the purpose of processing the enquiry and in the event of follow-up questions.
If you wish to contact us by e-mail, we would like to point out that the confidentiality of the information transmitted cannot be guaranteed in the case of unencrypted e-mails. The content of unencrypted e-mails can be viewed by third parties (see also section “Information security”).

Applications
Please use the postal service to apply for positions with us. If you apply by e-mail, please note that we cannot guarantee confidentiality. Although we offer transport encryption (TLS) via our mail server, confidentiality may depend on various mail relay servers over which we have no control: Whether they also use TLS and whether they evaluate the e-mails is beyond our control. If you have any concerns in this regard, please use the postal service for your application.
Applicant data will be stored for up to six months after the end of the selection process.

Use of Google web services
Like many other websites and service providers on the Internet, we use technical web services from Google. It can be assumed that Google collects and links the data generated by, for example, their cookies (such as online identifiers and IP address). In combination with unique identifiers and other information received on Google servers, Google may also create profiles of users of this website and enhance existing profiles.
If you do not agree to this processing of your data, you have the option of deactivating Google’s technologies and thus preventing the transfer of data to Google. You have several options to do this: You can install suitable browser extensions (such as uMatrix or Disconnect, as of 25.04.2018) and instruct them. to prevent the transmission to Google. You can also deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use parts of our website or only to a limited extent.

Google Analytics
We also use Google Analytics, a web analytics service provided by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics also uses cookies that enable an analysis of your use of our websites and online services. The information generated by the cookie about your use of these websites and online services will be transmitted to and stored by Google on servers in the United States. We use Google Analytics with the extension “_anonymizeIp()”, so that the IP addresses transmitted to Google are shortened and processed beforehand on servers located in Europe in order to exclude any direct personal reference. Google will use this information for the purpose of evaluating your visit to the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can object to the collection and storage of data for Google Analytics at any time with effect for the future by using a Google browser plug-in. If you visit our site via a mobile device (e.g. smartphone or tablet), you can use this link to object to the use of Google Analytics for the future. By activating the link, we set a cookie in your browser, which signals to us to prevent the use of Google Analytics for your end device. Please note that the objection must be carried out again by you if you remove the cookies in your browser.

Google Maps
This website uses the Google Maps component to display maps and site plans, operated by the company Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Each time the Google Maps component is called up, Google sets a cookie (this is a so-called third-party cookie) in order to process user settings and data when displaying the page on which the Google Maps component is integrated. This cookie from the third-party provider Google is usually not deleted by closing the browser, but expires after a certain time, unless you delete it manually beforehand. If you do not agree to this processing of your data, you have the option of deactivating the Google Maps service and thus preventing the transfer of data to Google. The use of Google Maps and the information obtained via Google Maps is in accordance with the Google Terms of Use http://www.google.de/intl/de/policies /terms/regional.html and the additional terms and conditions for Google Maps https://www.google.com/intl/de_de/ help/terms_maps.html.

Use and disclosure of personal data
If you commission us to provide a service, your personal data will only be used to the extent necessary for the provision of the service (e.g. to process information requests or brochure orders). This includes in particular the transfer of your data to transport companies, credit companies or other service providers used to provide the service or process the contract.
Any further transfer, in particular the sale of your personal data to third parties, does not take place.
There are the following exceptions to this procedure: We disclose customer accounts and personal data about customers if we are legally obliged to do so or in exceptional cases if such disclosure is necessary to protect central rights of us and/or our customers and third parties, e.g. in the event of attacks on our network infrastructure. This may include, for example, sharing data with companies specialising in the prevention and minimisation of abuse and credit card fraud and/or in IT security. It is expressly clarified that in this context, no data will be passed on to these companies for commercial use, which is in contradiction to this privacy policy.

Obligation of employees and external service providers
It goes without saying that our employees and the service providers we commission are obliged to maintain confidentiality and to comply with the provisions of the EU-DSGVO.

Cooperation with external service providers
We commission other companies and individuals to perform tasks for us. Examples include, but are not limited to, parcel delivery, sending letters or emails, analysing our databases, IT services, advertising measures, processing payments and customer service. These service providers have access to personal information needed to perform their tasks. However, they are not allowed to use it for other purposes. Furthermore, they are obliged to treat the information in accordance with this privacy policy as well as the EU-DSGVO.
If these subcontractors are processors in accordance with Art. 28 EU-DSGVO, we have concluded corresponding contracts with them that comply with the law.

Information security
Hammerl GmbH uses appropriate technical and organisational security measures according to the current state of knowledge in order to protect the data you have made available to us from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. For example, your data is stored in a secure operating environment that is not accessible to the public. Our security measures are reviewed at regular intervals and continuously improved in line with technological developments.
Should you wish to contact us by e-mail, we would like to point out that the confidentiality of the information transmitted cannot be guaranteed in the case of unencrypted e-mails. The content of unencrypted e-mails can be viewed by third parties. We therefore recommend that you send us confidential information either encrypted or by post.
Your e-mail address will only be used for correspondence with you. It will not be used for any other purpose or passed on to third parties.

Protecting your data with TLS or SSL
For secure data transmission on the Internet, we use the hybrid encryption protocol Transport Layer Security (TLS), more widely known by its predecessor name Secure Sockets Layer Software (SSL). This software encrypts the information that is transmitted by you. All information relevant to data protection is stored in encrypted form in a protected database.

Status and changes to this data protection declaration
The current status is 14.12.2020. We reserve the right to change this data protection declaration at any time in compliance with the applicable data protection regulations with effect for the future. We will publish the changes here.

DISCLAIMER: The English version is a translation of the original in German for information purposes only. In case of discrepancy the German original will prevail.