- www.hoeveler-holzmann.com -
1. Provider of www.hoeveler-holzmann.com
1.1 HÖVELER HOLZMANN CONSULTING GmbH, Bahnstraße 16, 40212 Düsseldorf, Germany, Tel.: +49 (0) 211 56 38 75 0, Fax: +49 (0) 211 56 38 75 69, E-Mail: info
1.2 The provider takes the protection of your personal data very seriously and observes the applicable data protection regulations, in particular the Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). The following declaration gives you an overview of how the provider guarantees this protection and what kind of data is collected for what purpose.
1.3 If you have questions or problems with data protection issues, please contact the provider's data protection officer (see item 12).
2. Collection, Processing and use of General Data
2.1 The provider automatically collects and stores information when you call up the website, which your browser - unless the corresponding functions are deactivated - transmits to the provider. This data is evaluated exclusively to ensure trouble-free operation of the website and to improve the service and does not allow the provider to draw any conclusions about your person.
The access logs of the web servers record which pages were called up at which time. They contain the following data: IP, directory protection user, date, time, pages called up, logs, status code, data volume, referrer, user agent, host name called up.
The IP addresses are stored anonymously. For this purpose the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymized IP addresses are stored for 60 days. Details of the directory protection user used are anonymized after one day. Error logs, which log incorrect page views, are deleted after seven days. In addition to the error messages, these logs contain the accessing IP address and, depending on the error, the website called up.
Accesses via FTP are logged anonymously and kept for 60 days. The mail logs for sending e-mails from the web environment are anonymised after one day and then retained for 60 days. During anonymization, all data on the sender/recipient etc. is removed. Only the data on the time of sending and information on how the e-mail was processed (queue ID or not sent) are retained. Mail logs for sending via the provider's mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of the mail services and to combat spam.
3. Personal Data
3.1 Personal data is only collected, processed and used in the context of the use of the website as described below. Personal data are all individual details about personal or factual circumstances of a specific or determinable natural person (not included: legal entities, such as a GmbH or AG). Personal data includes above all information such as the name, address, e-mail address or professional circumstances of a person.
4. Collection, Processing and use of Personal Data
4.1 The provider collects, processes and stores your personal data, if you provide the provider with this data in the context of a contact (e.g. by e-mail or telephone).
Within the framework of the above-mentioned interaction with you, the data required for this purpose is collected. In addition, further data may be requested which is helpful for consultation and information tailored to your needs; however, the entry of this data is voluntary and marked accordingly. The provider will use the data you provide to process your enquiries or for contract processing. In order that you do not have to repeatedly provide the provider with the same information in the event of inquiries or during ongoing consultations, the provider stores this information for as long as it is needed to clarify the inquiry or for the customer relationship.
Data processing is carried out on the basis of Art. 6 Para. 1 Sentence 1 lit. b DSGVO if it serves the purpose of contract processing or contract preparation measures. Insofar as you have consented to data collection and data processing, the data processing is based on Art. 6 para. 1 sentence 1 lit. a DSGVO. For justified internal purposes (such as market research, marketing, internal company statistics or offer optimisation) data will be processed in accordance with Art. 6 para. 1 sentence 1 lit. f) DSGVO. Insofar as data processing is carried out to fulfil a legal obligation, this is done in accordance with Art. 6 Abs. 1 lit. c) DSGVO.
4.2 All personal data is stored or processed on servers in Germany or within the EU. A data transfer to places outside the EU is only carried out in accordance with Art. 44 ff. DSGVO permissible framework.
4.3 You have the right to object to the collection of data for direct marketing purposes. In order to exercise this right of withdrawal, you can send an informal message to firstname.lastname@example.org stating your e-mail address and indicating your intention to withdraw.
5. Data Transfer to Third Parties
5.1 The provider will only pass on your personal data to third parties in the following cases:
5.1.1 If a service provider, in whose services you are interested, requires this data to prepare an individual offer for you or to contact you. Unless you are expressly informed otherwise and you give your consent, these service providers are only entitled to use your data to the extent that this is necessary for the respective purpose or is approved by you; or
5.1.2 If the transmission is otherwise necessary for the provision of a service requested or commissioned by you (e.g. newsletter registration); or
5.1.3. where there is a mandatory administrative or judicial order
6. Deletion and Correction of Data
6.1 Upon request or after termination of the contract with the provider, your personal data will be deleted immediately if this is not contrary to tax or commercial law storage or documentation obligations or if the safeguarding of the legitimate interests of the provider is at risk.
6.2 As long as not all contractual obligations have been fulfilled and your data is required for this purpose, there is no claim to data deletion.
6.3 Should data be faulty, it will be corrected as soon as it becomes known or at your request.
7. right of information / further rights
7.1 Upon request, the provider will provide you with information about
- the collection of personal data,
- the purpose of the data processing,
- the categories of data processed, and
- where appropriate, the recipients to whom data are disclosed as a result of legal obligations or contractual relations.
7.2 Upon request, the provider will provide you with a copy of the data collected and processed by you.
7.3 Upon request, your data may be provided in a format readable by you and any subsequent service provider, in order to enable rapid transmission.
7.4 In the event of violations of data protection regulations, you have a right of complaint, which you can exercise at the responsible supervisory authority, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia https://www.ldi.nrw.de/.
8.1 The website uses so-called "cookies" in several places. They serve, among other things, to make the offer of the website more user-friendly, effective and secure. Cookies are text information that a website transfers to the cookie file of the browser on your computer hard drive or other terminal device so that the website can remember which terminal device accessed it, among other things. A cookie typically contains the name of the domain from which the cookie originates, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. The website uses the following types of cookies:
8.1.1 Session Cookies: These are temporary cookies that remain in the cookie file of your browser until you leave the website. Session cookies make it possible to identify the terminal device during the period of use. This information is no longer stored after you have left the website.
8.1.2 Persistent Cookies: These remain in the cookie file of your browser for a longer period of time. The time frame depends on the "lifetime" of the specific cookie. After this lifetime the cookie deletes itself. The purpose of using these permanent cookies is to ensure the functionality of the website (e.g. affiliate links to current coupon codes and offers). The permanent cookies contain no personal data. Name, IP address etc. are not stored in them.
8.1.3 Web Beacons: These are electronic characters (also called "clear GIFs" or "web bugs") that allow us to count the number of users who have visited the website.
8.2 If you do not wish to accept cookies or web beacons, you may refuse them and prevent access to previously stored information by selecting the appropriate setting in the cookie banner that appears when you visit the Site. Please note, however, that you may not be able to use all the features of the website if cookies and/or web beacons are disabled.
8.3 Google Analytics, Google Tag Manager, Google Data Studio, Google ReCaptcha
ReCaptcha: We incorporate the "ReCaptcha" function to detect bots when entering data in online forms. The behavioral information of the users (e.g. mouse movements or queries) is evaluated in order to be able to differentiate between people and bots. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/; Data protection declaration: https://policies.google.com/privacy; Opposition option (opt-out): opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements: https://adssettings.google.com/authenticated
8.4 Youtube Videos
For the sending of newsletters, the provider uses Mailchimp, a service of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA ("Rocket Science"), on the basis of a contract processing relationship. For this purpose, your e-mail address as well as your IP address will be processed within the scope of the newsletter dispatch. Rocket Science may use data in pseudonymized form (i.e. without attribution to you as a person) to improve its own services or to compile statistics. However, Rocket Science does not use the data to contact you as a newsletter recipient independently or to pass on your data to third parties. Further details about the processing and compliance of data protection by Rocket Science can be found at mailchimp.com/legal/privacy/.
Rocket Science has joined the Privacy Shield Agreement (see www.privacyshield.gov/participant) and has thus committed itself to comply with the European data protection standards.
8.6 Web Fonts
9. Social Plugins
The provider maintains online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in the Provider's data protection declaration, the Provider processes the data of the users if they communicate with the Provider within the social networks and platforms, e.g. write articles on online presences or send messages to the Provider.
On the basis of legitimate interests (i.e. interest in the analysis, optimisation and economic operation of the online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook Social Plugins can be viewed here: developers.facebook.com/docs/plugins/.
Facebook has joined the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active) and has thus committed itself to comply with European data protection standards. When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer by the user. User profiles can be created from the processed data. The provider therefore has no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs the users accordingly about this level of knowledge.
By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. If users interact with the plugins, for example, by pressing the Like button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his or her IP address and store it. According to Facebook, in Germany only
According to Facebook, only an anonymised IP address is saved in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options to protect the privacy of users, can be found in the Facebook data protection information: www.facebook.com/about/privacy/
If a user is a Facebook member and does not want Facebook to collect data about him or her via this website and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using this website of the provider. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: www.facebook.com/settings; or via the US site www.aboutads.info/choices/ or the EU site www.youronlinechoices.com The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Within the online offer of the provider, functions and contents of the service LinkedIn, offered by the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"), can be integrated. This may include, for example, content such as images, videos or text and buttons with which users can share content from this website within LinkedIn. The provider also uses conversion tracking and retargeting from Linkedin Corporation. This technology enables visitors to this website to play personalized advertisements on LinkedIn. There is also the possibility of creating anonymous reports on the performance of the advertisements and information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated on this website, which creates a connection to the LinkedIn server if you visit this website and are logged in to your LinkedIn account.
Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our internet pages with your IP address. When you click on LinkedIn's "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our site with you and your account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. The use of the LinkedIn plugin is based on art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
10. Data Protection in the context of the career section
In the "Career" section, the provider provides the opportunity to apply for jobs advertised by the provider. In this context, the personal data of the applicant is processed by the Provider. The following, possibly deviating or supplementary regulations apply:
10.1 Data Processing within the Application Process
The Provider processes personal information about you for the purpose of your application for employment to the extent necessary to make a decision about establishing an employment relationship with the Provider. The legal basis for this is Section 26 (1) in conjunction with (8) sentence 2 of the BDSG and, where applicable, Article 6 (1) lit. b DSGVO for the initiation or execution of contractual relationships. Furthermore, the provider may process personal data about you to the extent that this is necessary to defend against legal claims asserted against the provider in the application process (legal basis: Art. 6 para. 1 lit. f DSGVO - the legitimate interest is, for example, a duty of proof in proceedings under the General Equal Treatment Act) or to fulfil legal obligations (legal basis: Art. 6 para. 1 lit. c DSGVO). If an employment relationship should arise between you and the provider, the provider may, pursuant to Section 26 (1) of the BDSG, continue to process the personal data already received from you for the purposes of the employment relationship to the extent that this is necessary to implement or terminate the employment relationship or to exercise or fulfil the rights and obligations of employee representation arising from a law or a collective agreement, works or service agreement (collective agreement).
10.2 Information on Data processed in the Application Process
The provider only processes the data that are related to your application. This can be general data about you (such as name, address and contact details), information on professional qualifications, school education and further vocational training or other information that you provide to the provider in connection with your application. Furthermore, the Provider may process job-related information that you have made publicly available, such as a profile on professional social media networks. The Provider shall only store your personal data for as long as is necessary to decide on your application. If an employment relationship between you and the Provider does not materialize, the Provider may also store data for an additional period of time if this is necessary to defend against possible legal claims. In this case, the application documents will be deleted 6 months after notification of the rejection decision, unless longer storage is necessary due to existing or impending legal disputes.
The provider reserves the right to adapt security and data protection measures, as far as this is necessary due to technical or legal developments. In these cases, the provider will also adapt this declaration on data protection accordingly. Therefore, please note the current version of the provider's data protection declaration.
12. Questions and Contact
You have a right to free information about the data stored by the provider about your person as well as a right to correction, blocking or deletion of this data. If you have any questions about the collection, processing or use of your personal data, about information, correction, blocking or deletion of data as well as revocation of any consents granted or objection to a specific use of data, please contact info
13. Data Protection Officer
The provider has appointed an external company data protection officer, whom you can contact as follows:
Mr. Patrick Rayermann
(TÜV-certified data protection officer)
CERTITUT - Society for Compliance and Data Protection
E-Mail: dsb [at] certitut [dot] de