1. Data controller’s name and address
The data controller, within the meaning of the General Data Protection Regulation (GDPR) and further national data protection laws of the member states as well as other data protection regulations, is:
Hamberger Industriewerke GmbH
Rohrdorfer Straße 133
83071 Stephanskirchen
Germany
Tel.: +49 8031 7000
E-mail: info@hamberger.de
You can reach our Data Protection Officer at:
Datenschutz Prinz GmbH
Tim Prinz (Graduate in Computer Science)
Südliche Ringstraße 26
91126 Schwabach
Tel.: +49 9122 6937302
E-mail: info@datenschutz-prinz.de
2. General information on data processing
1. Scope of the processing of personal data
We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services.
2. Purposes and legal bases for the processing of personal data
Personal data is routinely collected and used only with your consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
3. Data erasure and duration of storage
Your personal data will be erased or blocked as soon as the purpose of storage no longer applies. Furthermore, data may be stored if this has been stipulated by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Your data will also be blocked or erased if a given storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3. Processing on this website
3.1 Provision of the website and creation of log files
1. Scope of the processing of personal data
Each time our website is accessed, the web server automatically saves what are known as server log files from the computer system of the accessing computer. This data includes the name of the requested file, your IP address, the date and time of access, the amount of data transferred, the requesting provider (access data) and documentation of the access.
2. Purposes and legal bases for the processing of personal data
This access data is processed exclusively to ensure that the website operates smoothly and to provide the website. The legal basis for the temporary storage of your IP address is Art. 6 para.1 (f) GDPR, our legitimate interest in the correct presentation of our website.
3. Data erasure and duration of storage
The access data will be erased no later than seven days after your visit to the site has ended.
4. Data transfer
If data is processed on our behalf, a third-party provider will provide services for hosting and displaying the website. All data which is collected as described below when you use this website or the forms provided will be processed on the service provider’s servers. This service provider shall be based within a country which is part of the European Union or the European Economic Area. Processing is regulated by a data processing agreement in accordance with Art. 28 GDPR.
5. Objection and removal options
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, you do not have the option to object to this.
3.2 Contact by e-mail, telephone and fax
1. Description and scope of data processing
You can contact us using the e-mail address or telephone/fax number provided. In this case, your e-mail address, and the data transmitted with your email, or your telephone numbers and the message content transmitted by fax will be processed.
2. Purposes and legal bases for the processing of personal data
Your data will be used exclusively for the processing of our mutual conversation.
The legal basis for the processing of the data you transmit when using our e-mail address or telephone numbers is Art. 6 para. 1 (f) GDPR, our necessary legitimate interest in responding to you. If your enquiry concerns the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 (b) GDPR, steps taken prior to entering into a contract.
3. Data erasure and duration of storage
Your data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. If your personal data was transmitted via e-mail, it will be erased once the conversation with you has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved. If you contact us by telephone or fax, no personal data will be stored.
4. Passing data on
Your data will not be passed on to third parties in this context.
5. Right to object
You can object to the storage of your data at any time by informing us that you object. In such a case, the conversation cannot be continued.
All personal data stored as a result of your contact with us will be erased in this case, as long as there are no legal provisions to the contrary.
3.3 Contact form
1. Scope of the processing of personal data
You can contact us using the contact form provided. In this case, the following data will be processed: details of the enquiry, first and last name, e-mail address and message; and voluntary information: title, company, telephone, street and house number, postcode, town/city, region/province, country.
2. Purposes and legal bases for the processing of personal data
Your data will be used exclusively for the processing of our mutual conversation.
The legal basis for the processing of the data you transmit when using the contact form is Art. 6 para. 1 (f) GDPR, our legitimate interest in responding to you. If your enquiry made via the contact form concerns the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 (b) GDPR, steps taken prior to entering into a contract.
3. Data erasure and duration of storage
Your data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. Any personal data transmitted via the contact form will be erased once the conversation with you has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.
4. Passing data on
Your data will not be passed on to third parties in this context.
5. Right to object
You can object to the storage of your data at any time by informing us that you object. In such a case, the conversation cannot be continued.
All personal data stored as a result of your contact with us will be erased in this case, as long as there are no legal provisions to the contrary.
3.4 Application by e-mail
1. Scope of the processing of personal data
By publishing our e-mail address on our website, we can receive an application and the associated personal data from you through this channel. In this way, we will process and store your digital application documents electronically to allow us to handle the application process. This is done by integrating the SuccessFactors program from SAP. Your application documents are stored in SuccessFactors by the HR department and an account is created for the applicant in SuccessFactors. This concerns the following data as a minimum: e-mail address, login password, uploaded documents (cover letter, CV and any additional documents), first and last name, address, town/city, country, postcode and telephone number, if applicable.
2. Purposes and legal bases for the processing of personal data
The application documents and data submitted by you will be processed for the purpose of carrying out the application process and, if necessary, stored for the purpose of implementing an employment relationship, if one is established.
The legal basis for the processing of your data received via e-mail is Art. 6 para. 1 (b) GDPR and Section 26 of the German Federal Data Protection Act (BDSG) and Art. 9 para. 2 (b) GDPR. Furthermore, the legal basis for the storage of your data is Art. 6 para. 1 (f) and Art. 9 para. 2 (f) GDPR, as we have a legitimate interest in legal defence or enforcement.
3. Data erasure and duration of storage
If an employment contract is concluded after the application process, we will store your application data for the purpose of implementing and managing the employment relationship. We will automatically erase your applicant data after six months from the date on which we notified you that your application was rejected, provided that no employment relationship has been established.
If an employment relationship has been established, we will erase your data in accordance with the statutory periods after termination of the employment relationship. Every applicant also has the option of deleting their profile in SuccessFactors.
4. Data transfer, data recipients
The recruiters in the HR department and the hiring managers in the respective departments have access to your data within this software, although the latter have limited access and cannot view all application data. Your data will not be passed on to entities outside SuccessFactors. Data processing within SuccessFactors is governed by a data processing agreement with SAP.
5. Right to object
If you wish to object to the processing of your data within the scope described above, please note that we cannot proceed with your application process by e-mail and we will not be able to process your application documents. This means that we will not be able to consider you for the position for which you applied.
3.5 Applications via the online portal job.hamberger.com
1. Scope of the processing of personal data
You can apply to Hamberger Industriewerke GmbH online via our application portal at www.job.hamberger.com (in German). In such cases, your IP address and other log files will be processed by our service provider wix.com. You can find more detailed information on this in the privacy policy on our application website.
2. Purposes and legal bases for the processing of personal data
The processing of your data in the context of providing the online application page is based on our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR to provide this application option.
For online applications, we process your data on the basis of steps taken prior to entering into a contract in accordance with Art. 6 para. 1 (b) GDPR and Section 26 BDSG and Art. 9 para. 2 (b) GDPR to for the purpose of managing the application. Furthermore, the legal basis for the storage of your data is Art. 6 para. 1 (f) and Art. 9 para. 2 (f) GDPR, as we have a legitimate interest in legal defence or enforcement.
3. Data erasure and duration of storage
We store the information and application documents we receive from you for a maximum of six months.
4. Data transfer, data recipients
We use SuccessFactors from SAP to handle the application process, for which we have concluded a data processing agreement with the provider. To submit an application, you need to register with the provider SuccessFactors. The following data will be processed when you register: e-mail address, password, first and last name, country/region of residence, consent to notifications and career opportunities, Captcha query. The processing of this registration data is based on Art. 6 para. 1 (b) GDPR, step taken prior to entering into a contract during the application process. Only the internal recruiters/department heads responsible for the position have access to the application, which is not passed on to external third parties.
5. Right to object
If you wish to object to the processing of your data within the scope described above, please note that we cannot proceed with your application process by e-mail and we will not be able to process your application documents. This means that we will not be able to consider you for the position for which you applied.
3.6. Consent management platform
1. Scope of the processing of personal data
The consent management platform provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich is used on the website. The processed data comprises consent data (consent ID, date and time, user agent of the browser used and consent status), device data (HTTP agent, HTTP referrer), the URL accessed, language, IP address and location.
Please also refer to Cookiebot’s privacy policy at www.cookiebot.com/en/privacy-policy and Usercentrics’ cookie statement at www.cookiebot.com/en/cookie-declaration.
2. Purposes and legal bases for the processing of personal data
The legal basis for this processing is Art. 6 para. 1 (c) GDPR in conjunction with Section 25 para. 1 of TDDDG. The purpose of processing the data is to integrate the content that requires consent in a manner that is compliant with data protection law.
3. Data erasure and duration of storage
Consent is retained until it is revoked.
4. Data transfer, data recipients
The provider Cookiebot/Usercentrics processes data on the basis of a data processing agreement in accordance with Art. 28 GDPR.
5. Right to object
If you object to processing within the scope described above, you will not be able to use our website.
4. Social media channels
1. Scope of the processing of personal data
We operate company profiles on the social media channels Facebook and LinkedIn.
We ensure that data processing is carried out in accordance with the applicable data protection laws in so far as we, as Hamberger Industriewerke GmbH, have the power to do so.
2. Purposes and legal bases for the processing of personal data
We process your data for the purpose of providing information and to offer other ways to contact our company. We use our profiles on Facebook and LinkedIn for marketing purposes by providing information or for communication purposes if you contact us voluntarily through one of our profiles.
By processing data for these purposes, we are exercising our legitimate interest in promoting our company by providing information on social media.
The legal basis for data processing is therefore Art. 6 para. 1 (f) GDPR.
3. Data erasure and duration of storage
Everyone has access to the data that you post publicly on our profile. We, Hamberger Industriewerke GmbH, do not store any personal data that is processed as a result of an individual contacting us via one of our profiles. The posts that you make publicly on our profiles are generally not deleted. However, you can delete them yourself at any time. We delete comments that violate the law or do not comply with our guidelines.
4. Data transfer, data recipients
We do not transfer data that we receive from you through the profiles to third parties.
5. Right to object
If you object to processing within the scope described above, you will not be able to visit our social media profiles.
4.1 Data processing by Meta/Facebook
Facebook is a social network operated by Meta Platforms Ireland Limited, which has its registered office in Ireland. Your data will only be processed within Facebook.
Transfers from the EU to the US Group Meta Platforms, Inc. are certified under the US adequacy decision.
Facebook processes data for its own purposes. You can find Meta’s privacy policy here: www.facebook.com/privacy/policy. Facebook draws on the EU standard contractual clauses when transferring data to third parties.
We have a joint controllership relationship with Facebook in accordance with Art. 26 GDPR when it comes to what are known as Page Insights, which Facebook creates and makes available to us, Hamberger Industriewerke GmbH, within our capacity as site operator. Information on the creation and provision of these Page Insights by Facebook can be found here: www.facebook.com/legal/terms/information_about_page_insights_data.
The provisions governing the joint controllership arrangement between Facebook and us with regard to Page Insights can be found here: www.facebook.com/legal/terms/page_controller_addendum.
4.2 Data processing by LinkedIn
LinkedIn is a platform provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. In some cases, there is a data processing relationship in place and, in some cases, LinkedIn and Hamberger Industriewerke GmbH, as the site operator, act as independent data controllers. You can find detailed information in the Data Processing Agreement between us and LinkedIn: www.linkedin.com/legal/l/dpa?
The processing of data by LinkedIn in the USA is covered by its participation in the US adequacy decision.
LinkedIn uses data for its own purposes. Information on data processing by LinkedIn can be found here: www.linkedin.com/legal/privacy-policy?
LinkedIn provides profile operators with Insights. The standard contractual clauses of the European Commission in Module 1 or 2 apply here.
For certain services (integrated display and exporting the personal data of LinkedIn members), LinkedIn and we, as site operators, are independent data controllers.
According to LinkedIn, it applies the e-standard contractual clauses for third-party transfers when it processes data outside the EU/EEA.
5. Rights of data subjects
As a data subject, you have the following rights:
- in accordance with Art. 15 GDPR, the right to obtain information about your personal data processed by us within the scope specified therein;
- in accordance with Art. 16 GDPR, the right to obtain the rectification of inaccurate or incomplete personal data stored by us without undue delay;
- in accordance with Art. 17 GDPR, the right to obtain the erasure of your personal data stored by us, unless further processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation;
- for reasons of public interest; or
- for the establishment, exercise or defence of legal claims; - in accordance with Art. 18 GDPR, the right to obtain the restriction of the processing of your personal data if
- you contest the accuracy of the data;
- the processing is unlawful, but you oppose the erasure of the personal data;
- we no longer need the data, but you need it for the establishment, exercise or defence of legal claims; or
- you have objected to the processing in accordance with Art. 21 GDPR; - in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
- in accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. You can contact the authority responsible for us as follows:
Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht)
Promenade 18
91522 Ansbach
Phone: +49 981 180093 0
Fax: +49 981 180093 800
E-mail: poststelle@lda.bayern.de
Website: www.lda.bayern.de (in German)
6. Right to object
If we process personal data as described above to safeguard our legitimate interest – in other words, an interest that is overriding when the interests of all parties are taken into account – you can object to this processing with effect for the future. If data is processed for direct marketing purposes, you can exercise this right as described above at any time. If data is processed for other purposes, you may object only if there are reasons for doing so resulting from your particular situation.
If you exercise your right to object, we shall no longer process your personal data for these purposes unless we can demonstrate compelling, legitimate grounds for such processing which outweigh your interests, rights and freedoms or if such processing is necessary to assert, exercise or defend legal claims.
This shall not apply if data is processed for direct marketing purposes. In this case, we shall not process your personal data further for this purpose.
7. Integration of Matomo
1. Scope of the processing of personal data
We use Matomo, an open source software, on our website. It is not possible to draw conclusions about a specific person when processing the data, as the IP addresses are anonymised immediately after processing and before storage.
2. Purposes and legal bases for the processing of personal data
The software is integrated for the statistical evaluation of visitor access and for the purpose of improving our website.
The legal basis for the temporary storage of data is Art. 6 para. 1 (f) GDPR, our legitimate interest in improving the quality of our website and its content.
3. Data erasure and duration of storage
No personal data is stored.
4. Data transfer, data recipients
This is a local application, so no data is transmitted to third parties.
5. Right to object
We give our users the option of opting out of the analysis process on our website.
Opt-out link
If you opt out, another cookie is set on your system, which signals to our system not to save your user data. If you delete the corresponding cookie from your own system in the meantime, you must set the opt-out cookie again. Further information on the privacy settings of the Matomo software can be found at the following link: matomo.org/docs/privacy/.
8. Cookies, external content (information according to Usercentrics)
We provide information about all integrated external content and cookies used below:
Integrated technologies (verified with Usercentrics CPM)
Stephanskirchen, 25.03.2024