H&Z

H&Z Privacy Policy

 

Status: July 2020

 

1. Data protection at a glance

General notes

When visiting this website, personal data of you will be processed. Personal data is any data with which you can be personally identified. The following notes explain which data we collect and the purpose for which this is done. For detailed information on data protection, please refer to our privacy policy listed below this text.

 

Data collection on our website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

 

How do we collect your data?

Your data is collected on the one hand because you provide it to us voluntarily. This may, for example, be data that you provide to us as part of an application.

On the other hand, data is automatically collected by our IT systems when you visit this website. This is mainly technical data, e.g. Internet browser, operating system type and version, time of access and IP address.

 

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website, as well as the security of our website.

Another part of the data may be used to analyze your usage behavior, as well as for statistical evaluation of your interests.

 

What rights do you have in connection with your data?

You have the right to obtain information free of charge at any time about the purpose, the categories of personal data processed, the recipient, the duration of storage, as well as the origin of the data stored about you. You also have the right to request the correction of incorrect data and/or the deletion or restriction of processing. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

 

2. General notes and mandatory information

Privacy

The operator of this website takes the protection of your personal data very seriously. We treat your personal data with the utmost confidentiality and in accordance with the statutory data protection regulations and this privacy policy.

We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.

 

Note on the responsible body

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

 

The responsible party for data processing on this website is:

H&Z Management Consulting AG

 

Max-Joseph-Strasse 6

80333 Munich

 

Phone: +49 89 2429690

E-mail: hq@hz.group

Internal data protection contact: Stefan Franz

 

Data Protection Officer

You can reach our company data protection officer at:

José Reyes Schmitt

Email: Datensicherheit@hz.group

 

Revocation of consent to data processing

Many data processing operations are only possible with your express consent.

You can revoke an already granted consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. Your revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

Right of appeal to the competent supervisory authority

If you are of the opinion that the processing of personal data concerning you violates data protection regulations, you have the right to lodge a complaint with the competent supervisory authority.

 

As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office (Bavarian State Commissioner for Data Protection and Freedom of Information). A list of the state data protection commissioners, as well as their contact details, can be found in the following link:

 

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

 

Right to data portability

You also have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another controller, it will only be carried out insofar as this is technically feasible.

 

SSL or TLS encryption

This site uses SSL or TLS encryption in compliance with the data protection regulations according to Art. 32 DS-GVO for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection on the one hand by the fact that the address line of the browser changes from "http://" to "https://" and on the other hand by the lock symbol in your browser line.

 

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Third-party analytics and tools

By visiting our website, your surfing behavior can be statistically evaluated. This is done in particular through the use of cookies and with so-called analysis programs. The analysis is anonymous, so that the surfing behavior can not be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

 

Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legal requirements.

 

If the transfer of data to a third country is not for the performance of our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims, and no other exemption under Article 49 of the GDPR applies, we will only transfer your data to a third country if an adequacy decision under Article 45 of the GDPR or appropriate safeguards under Article 46 of the GDPR are in place.

 

One of these adequacy decisions is the Commission's Implementing Decision (EU) 2016/1250 of July 12, 2016 on the so-called "EU-US Privacy Shield" ("Privacy Shield") for the USA. For transfers to companies certified under the EU-US Privacy Shield, the level of data protection is generally considered adequate within the meaning of Article 45 GDPR.

 

Right to information, correction, deletion, restriction, objection

You have the right at any time to request information free of charge about your personal data processed and stored by us, the purposes of data processing, the categories of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. Request meaningful information about its details. To exercise your rights, you can contact us at any time by e-mail at Datensicherheit@huz.de.

 

Objection to advertising e-mails

The use of contact data published in the imprint for the purpose of sending unsolicited advertising and information materials is hereby prohibited. In the event of the unsolicited sending of advertising information, such as spam e-mails, the operator of the site reserves the right to take legal action.

 

3. Data collection on our website in detail

 

Cookies

Our website uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. They serve to make our offer more user-friendly, effective and secure.

 

On the one hand, we use so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies, so-called persistent cookies, remain stored on your terminal device until you delete them yourself. These cookies enable us to recognize your browser on your next visit. We also use cookies that are managed by third parties to provide certain services, so-called third-party cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, however, the functionality of this website may be limited.

 

Cookies that are required to carry out the electronic communication process are stored on the basis of Art. 6 (1) lit. f DS-GVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately in this privacy policy.

 

Server log files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us when you visit the website. These are:

 

- Browser type and version

- Operating system used

- Referrer URL

- Amount of data transferred

- End device used by the user, including MAC address

- Host name of the accessing computer

- Date and time of the server request

- IP address

These files are not merged with other data sources.

 

The basis for data processing is Art. 6 para. 1 lit. b, f DSGVO, which permits the processing of data for the fulfillment of a contract or a pre-contractual measure, as well as for the protection of legitimate interest. The legitimate interest here is the technically error-free and optimized provision of our services to you.

 

Inquiries by e-mail, telephone, fax

If you contact us by e-mail, phone or directly, your request including all resulting personal data (name, contact details, request itself) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

 

The processing is based on Art. 6 (1) lit. b DS-GVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent pursuant to Art. 6 para. 1 lit a DS-GVO and /or on our legitimate interest pursuant to Art. 6 para. 1 lit. f. DS-GVO, as we have a legitimate interest in the effective processing of requests addressed to us. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. Your revocation will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

The data you send to us by contact request will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies, e.g. due to the completed processing of your request. Mandatory legal provisions - in particular retention periods - remain unaffected.

 

Applications

If you send us applications in electronic form, we store the data you provide (e.g. e-mail address, name, address, telephone number). The storage of your data is necessary for the execution of the application process (first and last name, address, e-mail address, telephone number, if applicable how you became aware of us). In addition, you have the option of attaching meaningful documents to your application, which may contain further personal data (e.g. date of birth).

 

Your application documents will only be made available to authorized employees who are directly involved in the application process.

The legal basis for the processing of personal data in the context of the application is based on Article 6 (1) lit. b DSGVO and thus allows data processing if this is necessary for the initiation and execution of a contract.

The purpose of the data processing is the required decision on the establishment of an employment relationship (Art. 88 (1) DS-GVO in conjunction with Section 26 BDSG).

We will store your data until the application process has been completed. In the event that your application is rejected, your application documents will be retained by us for another 6 months due to the potential possibility of legal action under the General Equal Treatment Act (Section 15 (4) AGG) and then deleted or anonymized. In the event of anonymization, the data will then only be available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men, number of applications in a certain period, etc.).

If an employment relationship with us is established following your application, we will store the personal data collected during the application process at least for the duration of the employment relationship. If, on the other hand, no employment relationship is established, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the data controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

 

4. Analysis tools and advertising

 

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. With Google Analytics, we collect information on user behavior in order to improve the user-friendliness of the website.

The recipient of the data collected with this is Google. The personal data is transferred to the USA under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission (Art. 45 DS-GVO).

The person responsible for the processing uses the addition "_gat._anonymizeIp" for the web analysis via Google Analytics. By means of this addition, the IP address of your Internet connection is shortened and anonymized by Google if our Internet sites are accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

 

Google AdWords

This website uses Google AdWords. Google AdWords is an Internet advertising service that allows advertisers to display ads both in Google's search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The purpose of Google AdWords is both to advertise our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine, and to display third-party advertising on our website.

If you access our website via a Google ad, a so-called conversion cookie is stored on your terminal device by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. The conversion cookie is used to track whether certain sub-pages on our website have been called up. Through the conversion cookie, both we and Google can track whether you have reached our website via an AdWords ad and/or have completed or cancelled a purchase of goods.

The data and information collected through the use of the conversion cookie are used by Google to create visitor statistics for our website. This is used by us to determine the total number of users and thus the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which you could be identified.

The legal basis for the processing is Art. 6 (1) lit. f DSGVO, as we have a legitimate interest in the personalized display of targeted advertising and the statistical analysis of the effectiveness of the advertising.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, you have the option to object to interest-based advertising by Google. To do this, you must call up www.google.de/settings/ads from each of the Internet browsers you use and make the desired settings there.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

 

Google Remarketing

Google Remarketing services are used on this website. Google Remarketing is a function of Google AdWords that allows a company to display advertisements to users who have previously visited the company's website. The integration of Google Remarketing allows a company to create user-related advertisements, which are then displayed to the Internet user through interest-relevant advertisements.

The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The purpose of Google Remarketing is the insertion of interest-relevant advertising in order to display advertisements via the Google advertising network or to have them displayed on other websites that are tailored to the interests of the user.

Google Remarketing sets a cookie on your terminal device. By setting the cookie, Google is able to recognize the visitor to our website when he or she subsequently visits websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. Within the scope of this technical procedure, Google obtains knowledge of personal data, such as the IP address or the surfing behavior of the user, which Google uses, among other things, to display interest-relevant advertising.

The legal basis for the processing is Art. 6 (1) lit. f DSGVO, as we have a legitimate interest in the personalized display of targeted advertising and the statistical analysis of the effectiveness of the advertising.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, you have the option to object to interest-based advertising by Google. To do this, you must call up www.google.de/settings/ads from each of the Internet browsers you use and make the desired settings there.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

 

Mail Chimp

This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on MailChimp's servers in the USA.

With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns and can be used to better adapt future newsletters to the interests of the recipients.

 

The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a DSGVO. You can revoke this at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

MailChimp has a certification according to the "EU-US Privacy Shield".

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.

For more information about MailChamp's privacy policy, please visit:

https://mailchimp.com/legal/terms/.

 

IP anonymization

We would like to point out that the IP anonymization function has been activated on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA in order to ensure anonymized recording of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can find more information on terms of use and data protection at

https://marketingplatform.google.com/about/analytics/terms/de/target="_blank">https://www.google.com/analytics/terms/de.html</a>

 

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

 

The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 (1) lit. a DS-GVO.

 

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

 

Objection to data collection

You can revoke your consent to the storage of cookies and prevent their storage by selecting the appropriate settings on your browser software.

 

Browser plugin

This sets an opt-out cookie that prevents the collection of your data during future visits to this website. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used.

 

To do so, it is necessary that you download and install the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

 

For more information on the general terms of use of Google Analytics, please visit: http://www.google.com/analytics/terms/de.html. The privacy policy for Google Analytics is available at:

https://marketingplatform.google.com/about/analytics/terms/de/

 

Demographic characteristics in Google Analytics

This website uses the "Demographic Characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

 

Job processing

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

Google Maps

This site uses the map service "Google Maps" to display interactive maps and to create directions. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, can be transmitted to Google in the USA and stored there. Therefore, we have no influence on the scope of the data collected by Google in this way. In any case, the data collected from you includes:

 

- Date and time of the visit to the website in question,

- Internet address or URL of the accessed web page,

- IP address, (start) address entered as part of route planning.

 

For the purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de

 

The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 (1) lit. a DS-GVO.

 

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use the map display.

 

Social media

You can share articles that you like on social networks such as Twitter, LinkedIn and XING. Buttons of the social networks are used for this purpose. When you click on the button to share the article with friends and contacts, a connection is established with the respective social network.

 

Normally, the plugins of the social networks transmit user data to the server of the social network - regardless of whether you have clicked the button or are even registered as a user in the social network. This allows the social networks to track your surfing behavior (user tracking). To avoid this, Shariff is used on the h&z website. With Shariff, the connection to the network's server is only established when you click on the social network's button.

Shariff is kindly provided by the computer magazine c't and heise online as open source software. You can find more information on the pages of https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

 

LinkedIn

We use the so-called "Retargeting Tool" of LinkedIn as well as the "Conversion Tracking" of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical, pseudonymous data about your visit and use of our website and to provide us with corresponding statistics on this basis. Among other things, the LinkedIn user ID (cookie ID), IP address, browser type, etc. are collected.

 

In addition, this information is used to be able to show you interest-specific and relevant offers and recommendations after you have informed yourself about certain services, information and offers on the website. The information in this regard is stored in a cookie.

 

The legal basis for the use of the service is your consent according to Art. 6 para. 1 lit. a DS-GVO. The recipient of the data collected in this process is LinkedIn.

 

For more information on data processing, please see LinkedIn's privacy policy.

You can opt-out of data collection on the following link: LinkedIn Data Collection Opt-Out.

 

XING

The "XING Share Button" is used on this website. When you click on the XING button, a connection is briefly established via your browser to servers of XING SE ("XING"), with which the "XING Share Button" functions (in particular the calculation and display of the counter value) are provided. XING does not store any personal data about you when you call up this website, nor does it store your IP address. There is also no evaluation of your usage behavior via the use of cookies in connection with the "XING Share button". The current data protection information on the "XING Share Button" and supplementary information can be found on this website:

https://www.xing.com/app/share?op=data_protection

 

Youtube

Our website uses plugins from the Youtube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you have a YouTube account and are logged in to it, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

 

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

 

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

 

You can object to the collection of your data by Google by giving an opt-out on the following link: https://adssettings.google.com/authenticated

 

5. Up-to-dateness and modification of this privacy policy

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access the current data protection declaration at any time on our website.

 

Headquarters
Max-Joseph-Straße 6
80333 Munich
Carbon Neutral Company
menu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram