• Expertise
  • Sectors
  • Success Stories
  • Insights
  • Careers
  • About us
  • Contact us
    • Apply now!
    H&Z

    Privacy Policy

    1. Home
      2. /
    2. Privacy Policy

    Status: January 2022

     

    1. Data protection at a glance

    General information

    When you visit this website, personal data is processed. Personal data is any data with which you can be personally identified. The following notes explain which data we collect and the purpose for which this is done. For detailed information on data protection, please refer to our privacy policy listed below this text.

     

    Data collection on our website

    Who is responsible for data collection on this website?

    Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

     

    How do we collect your data?

    On the one hand, your data is collected when you voluntarily provide it to us. This can be, for example, data that you transmit to us in the context of an application.

    On the other hand, data is automatically collected by our IT systems when you visit this website. This is mainly technical data, e.g. Internet browser, operating system type and version, time of access and IP address.

     

    What do we use your data for?

    Part of the data is collected to ensure error-free provision of the website, as well as the security of our website.

    Another part of the data may be used to analyze your usage behavior, as well as for statistical evaluation of your interests.

     

    What rights do you have in connection with your data?

    You have the right to obtain information free of charge at any time about the purpose, the categories of personal data processed, the recipient, the duration of storage, as well as the origin of the data stored about you. You also have the right to request the correction of incorrect data and/or the deletion or restriction of processing. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

     

    2. General notes and mandatory information

    Data protection

    The operator of this website takes the protection of your personal data very seriously. We treat your personal data with the utmost confidentiality and in accordance with the statutory data protection regulations and this data protection declaration.

    We point out that data transmission over the Internet (e.g. communication by e-mail) security gaps. Complete protection of data against access by third parties is not possible.

     

    Note on the responsible entity

    The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

    The responsible body for data processing on this website is:

    H&Z Unternehmensberatung AG

    Max-Joseph-Strasse 6

    80333 Munich

    Telephone: +49 89 2429690

    E-mail: hq@hz.group

    Internal data protection contact:

    Stefan Franz

     

    You can reach our company data protection officer at:

    José Reyes Schmitt

    E-mail: Datensicherheit@hz.group

     

    Revocation of consent to data processing

    Many data processing operations are only possible with your express consent.

    You can revoke an already given consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. Your revocation will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

     

    Right of appeal to the competent supervisory authority

    If you are of the opinion that the processing of personal data concerning you violates data protection regulations, you have the right to lodge a complaint with the competent supervisory authority.

    As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office location (Bavarian State Commissioner for Data Protection and Freedom of Information) for this purpose. A list of the state data protection commissioners in Germany, as well as their contact details, can be found in the following link:

    https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

     

    Right to data portability

    You also have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, it will only be carried out insofar as this is technically feasible.

     

    SSL or TLS encryption

    This site uses SSL or TLS encryption in compliance with the data protection regulations according to Art. 32 GDPR (General Data Protection Regulation) for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as site operator. You can recognize an encrypted connection on the one hand by the fact that the address line of the browser changes from "http://" to "https://" and on the other hand by the lock symbol in your browser line.

    If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

    Analysis tools and tools from third parties

    By visiting our website, your surfing behavior can be statistically analyzed. This is done in particular through the use of cookies and with so-called analysis programs. The analysis is anonymous, so that the surfing behavior can not be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following data protection declaration.

     

    Transfer of personal data to third countries

    If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legal requirements.

    If the transfer of data to a third country is not for the purpose of fulfilling our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims, and no other exemption under Article 49 of the GDPR applies, we will only transfer your data to a third country if an adequacy decision under Article 45 of the GDPR or appropriate safeguards under Article 46 of the GDPR are in place.

     

    Right to information, correction, deletion, restriction, objection

    You have the right to obtain information free of charge at any time about your personal data processed and stored by us, the purposes of the data processing, the categories of personal data processed, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as about the existence of automated decision-making, including profiling, and, if applicable. Request meaningful information about their details. To exercise your rights, you can contact us at any time by e-mail at Datensicherheit@huz.de.

     

    Objection to advertising e-mails

    We hereby object to the use of the contact data published in the imprint to send advertising and information material that has not been expressly requested. In the case of unsolicited sending of advertising information, such as spam e-mails, the operator of the site reserves the right to take legal action.

     

    3. Data collection on our website in detail

    Cookies

    Our website uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. They serve to make our offer more user-friendly, more effective and safer.

     

    On the one hand, we use so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies, so-called persistent cookies, remain stored on your terminal device until you delete them yourself. These cookies enable us to recognize your browser on your next visit. We also use cookies that are managed by third parties to provide certain services, so-called third-party cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. However, if cookies are deactivated, the functionality of this website may be limited.

     

    Cookies that are required to carry out the electronic communication process are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, these are treated separately in this data protection declaration.

     

    Server log files - Vercel

    This website uses the service Vercel. The provider is Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel is a cloud platform through which we provide our website. This means that your visit to our website is processed or passed through Vercel's servers. The data associated with your visit to our website is also transmitted to Vercel. This is necessary in order to successfully process your browser request. This data includes:

    - the browser type/version,

    - the operating system used,

    - the referrer URL (the previously visited page),

    - the IP address,

    - the time of the server request

    These files are not merged with other data sources.

    Depending on the server location, this data is also transferred to the USA. The basis for data processing is Art. 6 (1) lit. b, f and a GDPR, which permits the processing of data for the fulfillment of a contract or a pre-contractual measure, as well as for the protection of legitimate interest. The legitimate interest here is the technically error-free and optimized provision of our services to you.

    For more information, please see Vercel's privacy policy at

    https://vercel.com/legal/privacy-policy

     

    Inquiries by e-mail, contact form, telephone, fax

    If you contact us by e-mail, contact form (also to register for the newsletter subscription or in the alumni area), telephone or directly, your request including all resulting personal data (name, contact details, request itself, e-mail address, any other documents / files provided to us) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

    The processing is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent pursuant to Art. 6 para. 1 lit a GDPR and /or on our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR, as we have a legitimate interest in the effective processing of requests addressed to us. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. Your revocation will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

    The data you send to us by contact request will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies, e.g. due to the completed processing of your request. Mandatory legal provisions - in particular retention periods - remain unaffected.

     

    Applications

    If you send us applications in electronic form, we store the data you provide (e.g. e-mail address, name, address, telephone number). The storage of your data is necessary for the execution of the application process (first and last name, address, e-mail address, telephone number, possibly how you became aware of us). In addition, you have the option of attaching meaningful documents to your application, which may contain further personal data (e.g. date of birth). Immediately after receipt of your application, you will receive detailed instructions on how we handle your personal data during the application process and afterwards.

     

    Your application documents will only be made available to authorized employees who are directly involved in the application process.

    The legal basis for the processing of personal data in the context of the application is based on Article 6 (1) lit. b GDPR and thus allows data processing if this is necessary for the initiation and execution of a contract.

    The purpose of the data processing is the necessary decision on the establishment of an employment relationship (Article 88 (1) GDPR in conjunction with Section 26 BDSG (Bundesdatenschutzgesetz – German Federal Data Protection Act)).

     

    Your data will be stored by us until the application process is completed. In the event that your application is rejected, your application documents will be retained by us for a further 6 months due to the potential possibility of legal action under the General Equal Treatment Act (Section 15 (4) AGG) and then deleted or anonymized. In the event of anonymization, the data will then only be available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men, number of applications in a certain period, etc.).

     

    If your application leads to an employment relationship with us, we store the personal data collected during the application process for at least the duration of the employment relationship. If, on the other hand, no employment relationship is established, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the data controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

     

    4. Analysis tools and advertising

    Google Analytics

    This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

    Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. With Google Analytics, we collect information on user behavior in order to improve the user-friendliness of the website.

     

    The recipient of the data thus collected is Google. The legal basis for the processing is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke this at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

    The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of your Internet connection is shortened and anonymized by Google if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

     

    Google AdWords

    This website uses Google AdWords. This is an Internet advertising service that allows advertisers to place ads in Google's search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

     

    The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

     

    The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertisements on the websites of third-party companies and in the search engine results of the Google search engine, as well as to display third-party advertisements on our website.

    If you access our website via a Google advertisement, a so-called conversion cookie is stored on your end device by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. The conversion cookie is used to track whether certain sub-pages on our website have been called up. Through the conversion cookie, both we and Google can track whether you have reached our website via an AdWords ad and/or have completed or cancelled a purchase of goods.

    The data and information collected through the use of the conversion cookie is used by Google to compile visitor statistics for our website. This is used by us to determine the total number of users and thus the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which you could be identified.

     

    The legal basis for the processing is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke this at any time by unsubscribing from the newsletter or sending us an email. The legality of the data processing operations already carried out remains unaffected by the revocation.

    You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

    Furthermore, you have the option to object to interest-based advertising by Google. To do this, you must call up www.google.de/settings/ads from each of the Internet browsers you use and make the desired settings there.

    Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/.

     

    Google Remarketing

    Google Remarketing services are used on this website. Google Remarketing is a function of Google AdWords that enables a company to display advertisements to users who have previously visited the company's website. The integration of Google Remarketing allows a company to create user-related advertisements, which are then displayed to the Internet user through interest-relevant advertisements.

    The operating company of the Google AdWords services is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

    The purpose of Google Remarketing is the insertion of interest-relevant advertisements in order to display advertisements via the Google advertising network or to have advertisements displayed on other Internet pages that are tailored to the interests of the user.

    Google Remarketing sets a cookie on your terminal device. By setting the cookie, Google is able to recognize the visitor to our website when he or she subsequently visits websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. Within the scope of this technical procedure, Google obtains knowledge of personal data, such as the IP address or the user's surfing behavior, which Google uses, among other things, to display interest-relevant advertising.

    The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter or sending us an email. The legality of the data processing operations already carried out remains unaffected by the revocation.

     

    You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

    Furthermore, you have the option to object to interest-based advertising by Google. To do this, you must call up www.google.de/settings/ads from each of the Internet browsers you use and make the desired settings there.

    Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/.

     

    HubSpot

    This website uses the functions of HubSpot. The provider is HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA.

    HubSpot is a service for the implementation of marketing campaigns, the management of customer and business partner data and for contact management measures, such as newsletter dispatch. If you enter data for the purpose of receiving newsletters or in the alumni area (e.g. e-mail address), this data is stored on HubSpot's servers in the USA.

    With the help of HubSpot, we can analyze our marketing and newsletter campaigns and implement them in an addressee-specific manner. Furthermore, HubSpot serves us in part as a CRM system. The following personal data is stored on HubSpot's servers:

    - Name

    - address

    - e-mail address

    - IP address

    We have concluded an order processing contract with HubSpot. The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke this at any time by unsubscribing from the newsletter or sending us an e-mail. The legality of the data processing operations already carried out remains unaffected by the revocation.

    The data you provide us with for the purpose of receiving the newsletter or contacting us will be stored by us until you request to unsubscribe, after which it will be deleted from our servers as well as from HubSpot's servers. 

    The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR. You can revoke this at any time by unsubscribing from the newsletter or sending us an email. The legality of the data processing operations already carried out remains unaffected by the revocation.

    For more information on HubSpot's privacy policy, please visit:

    https://legal.hubspot.com/de/privacy-policy

     

    IP anonymization

    We would like to point out that the IP anonymization function has been activated on this website, unless a version of the analysis tool is used anyway in which no IP addresses are logged and stored. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA in order to ensure anonymized recording of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. More information on terms of use and data protection can be found at

    https://support.google.com/analytics/answer/2763052?hl=de

    On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

    The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

    The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

     

    Objection to data collection

    You can revoke your consent to the storage of cookies and prevent their storage by making the appropriate settings in your browser software.

    For more information on the general terms of use of Google Analytics, please visit: https://policies.google.com/terms?hl=de. The privacy policy for Google Analytics can be obtained at:

    https://marketingplatform.google.com/about/analytics/terms/de/

     

     Demographic characteristics at Google Analytics

    This website uses the "Demographic Characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

     

    Order processing

    We have concluded an order data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

    The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 (1) lit. a GDPR.

     

    Social Media

    You can share articles that you like on social networks such as Twitter, LinkedIN and XING. Buttons of the social networks are used for this purpose. When you click on the button to share the article with friends and contacts, a connection is established with the respective social network.

    Normally, the plugins of the social networks transmit user data to the server of the social network - regardless of whether you have clicked the button or are even registered as a user in the social network. This allows the social networks to track your surfing behavior (user tracking). 

     

    LinkedIN

    We use the so-called "Retargeting Tool" of LinkedIn as well as the "Conversion Tracking" of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical, pseudonymous data about your visit and use of our website and to provide us with corresponding statistics on this basis. Among other things, the LinkedIn user ID (cookie ID), IP address, browser type, etc. are collected.

    In addition, this information is used to be able to show you interest-specific and relevant offers and recommendations after you have informed yourself about certain services, information and offers on the website. The information in this regard is stored in a cookie.

    The legal basis for the use of the service is your consent pursuant to Art. 6 para. 1 lit. a GDPR. The recipient of the data collected in this process is LinkedIn.

    For more information on data processing, please refer to LinkedIn's privacy policy.

     

    XING

    The "XING Share button" is used on this website. When you click on the XING button, a connection is briefly established via your browser to servers of XING SE ("XING"), with which the "XING Share Button" functions (in particular the calculation and display of the counter value) are provided. XING does not store any personal data about you when you call up this website, nor does it store your IP address. There is also no evaluation of your usage behavior via the use of cookies in connection with the "XING Share button". The current data protection information on the "XING Share button" and supplementary information can be found on this website:

    https://dev.xing.com/plugins/share_button/privacy_policy

     

    Twitter

    The Twitter button is used on this website. The Twitter button allows you to quickly share this website with your followers. Clicking the Twitter button provides you with an already pre-filled tweet with the link to the website, which you can edit before sending. The provider of this function is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.. The data controller for individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. 

    When you view Twitter content that has been integrated with Twitter for Websites on other websites, such as embedded tweets, buttons, or timelines, Twitter may receive information, including the website you visited, your IP address, browser type, operating system, and cookie information. For more information, see Twitter's privacy policy and cookie policy.

    The legal basis for the use of the service is your consent pursuant to Art. 6 (1) lit. a GDPR. The recipient of the data collected in the process is Twitter.

     

    5. Up-to-dateness and change of this privacy policy

    Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be accessed at any time on our website.

    Back to Homepage