Data protection - Haidro Brands

Data Protection Statement

HAIDRO GmbH appreciates your interest in our company and our products and services.

In the following Data Protection Statement, we would like to inform you of which personal data we collect, process and, if applicable, transfer, as well as the scope and purpose thereof, when you visit our website and access the products and services available there.

Where this website contains links to the external sites of other providers, you leave our website when you follow these links. The providers of these linked sites, not HAIDRO GmbH, are solely responsible for compliance with legal data protection provisions on them.

Data protection principles of HAIDRO GmbH

The protection of your privacy and the security of all commercial data are very important to us and we take them into consideration in our business processes. Data protection and information security are part of our company policy.

We place great importance on protecting your personal data and only process it in compliance with the laws and regulations of the Federal Republic of Germany and superordinate European legislation, including the EU General Data Protection Regulation (GDPR). Your personal data is processed within the scope described below for the purposes explained. This means that we only use your personal data if this is explicitly permitted by data protection laws or you have already given us explicit consent.

Definition of terms

The EU General Data Protection Regulation uses specific terms, which are defined in Article 4, e.g. personal data, processing, pseudonymisation, controllers, processors, recipients, third parties and consent.

Definitions

Within the meaning of the EU General Data Protection Regulation the term:

'personal data'

means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

'processing'

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

'profiling’

means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

'pseudonymisation’

means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

'controller'

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

'recipient’

means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

'third party’

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

‘consent’

of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Name and contact details of the controller

The controller in accordance with the General Data Protection Regulation, other national data protection laws of the Member States and other legal data protection provisions is:

HAIDRO GmbH

Liegnitzer Straße 6

83395 Freilassing

Germany

Tel.: +49 160 97997740 (main point of contact)

Email: info@haidro.com

Website: www.haidro.com

Name and address of the data protection officer

The controller’s data protection officer is:

Nicolas Kurze

Liegnitzer Straße 6

83395 Freilassing

Germany

Email: info@haidro.com

General information on the processing of personal data

Scope of the processing

In principle, we only process our users’ personal data when it is necessary to do so in order to provide a functioning website and for the content and services we offer. Personal data is only processed on the basis of currently applicable legal foundations.

Purposes of the processing

The purposes of the processing of personal data lie in conducting the business of the HAIDRO GmbH and all associated secondary business.

Legal basis for the processing
The legal basis for processing personal data that is necessary for the performance of a contract to which the data subject is party is Article 6 (1)(b) GDPR. This also applies for processing operations that are necessary for the implementation of pre-contractual measures.
If the processing is necessary for the protection of the legitimate interests of our company or a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 (1)(f) GDPR forms the legal basis for the processing.
When we obtain consent for processing operations for personal data from the data subject, Article 6 (1)(a) GDPR forms the legal basis.
When the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1)(c) GDPR forms the legal basis.
In the event that the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1)(d) GDPR forms the legal basis

Statutory or contractual duties to provide personal data

There may be statutory or contractual requirements for you to provide personal data under certain circumstances, or it may be necessary to do so in order to enter into a contract.

In particular, you may be obliged to provide personal data to us when entering into contracts. Failure to provide the personal data could mean it is not possible to enter into the contract with you.

Transfer of personal data

We only share your personal data with third parties when

it is necessary for the performance of an existing contract with you.
it is necessary for the protection of our legitimate interests or those of a third party, unless such interests are overridden by your (the data subject’s) interests or fundamental rights and freedoms requiring the protection of personal data.
we are legally required to do so.
it is necessary for the enforcement of our claims and rights.
we receive requests from official institutions (e.g. supervisory authorities or law enforcement authorities, when transfer is necessary for the prevention of threats to public security and order and the prosecution of criminal offences).

However, in the case of such transfer, the personal data may only be used for the purpose concerned.

Involvement of external service providers

Like most other companies, we are not specialists in everything. We therefore use service providers to support us in some areas of our business activity, e.g.

IT service providers to maintain our infrastructure
IT developers to develop our applications
computer centres to securely run our services
agencies and printers to send out email newsletters or printed information

We have entered into the legally required contracts on processing that specifically state what the service provider may do with which data. In particular, transfer to third parties is also excluded here. In these contracts, service providers are placed under obligation to comply with the applicable data protection provisions.

Data erasure and storage period

Personal data will be erased or made unavailable as soon as the purpose of storage ceases to apply. Storage can also be carried out if this is provided for by the European or national legislator in Union regulations, laws or other rules to which the controller is subject. Data will only be made unavailable or erased if a storage period prescribed by the aforementioned standards lapses, unless continued storage of the data is necessary.

Operation of the website and creation of log files

In principle, you can visit our website without registering or logging in. When you visit our website, data is collected by the web server for the transfer of data (information on the system of the computer used) and sometimes stored in log files on the web server. This data is so-called “usage data”.

Data protection information on provision of the website and production of log files

Description and scope of data processing

When you visit our website, data is collected from the web server for the transfer of data (information from the computer system of the requesting computer) and sometimes stored in log files on the web server, which give information on e.g. the end device and browser used, the time of access, the so-called referrer and the quantity of data transferred.

The following data is collected in this way:

Document requested (URL)
Quantity of data requested
Status of the request (success/error)
Information on the browser type and version used
The user’s IP address
The user’s operating system
Internet service provider of the user
The referring URL (referrer)
Date and time of access
Websites from which the user’s system reaches our website
Websites which are visited by the user’s system via our website

The data is stored in our system’s log files. This data is not stored together with the user’s other personal data.

Data retrieval / download

With each retrieval of a file (download), additional data about this process is stored in a log file:

Name of the file retrieved
Date and time of access
Quantity of data requested
Status of the request (success/error)
The user’s IP address

Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Article 6(1)(f) GDPR.

Purpose of data processing

It is necessary for the system to store the IP address temporarily to enable the website to be sent to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. An analysis of the data for marketing purposes is not carried out in this context.

We also have a legitimate interest in data processing for these purposes in accordance with Article 6(1)(f) GDPR.

Duration of storage

The data will be erased as soon as it is no longer required to achieve the purpose of its collection. When data is collected to operate a website, this is the case when the relevant session ends.

When data is stored in log files, this is the case after seven days at the latest. Extended storage is possible. In this case, users’ IP addresses will be erased or distorted so that assignment to the requesting client is no longer possible.

Right to object and right to rectification

Recording data to operate the website and storing the data in log files is essential for running the website. Therefore, the user does not have any right to object.

Use of cookies

In principle, cookies are not bad; they actually enable user interaction and other useful things when visiting websites. Cookies do not damage your computer or contain viruses.

Data protection information on the use of cookies

Cookies facilitate user interactions and other expedient things when you use websites. Cookies do not damage your computer or contain viruses.

In order to make the visit to our website appealing and to enable usage of certain functions, we use cookies on various pages. Cookies are small text files that your browser saves on your device at our website’s command. When a user visits a website, a cookie may be saved on his or her device. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is visited again.

Description and scope of data processing

On the one hand we use temporary cookies which are deleted automatically when you close your browser, and on the other so-called “persistent” (permanent) cookies, the expiry of which is set for a date in the future for your convenience. Cookies may be provided by us or by third-party providers.

The data collected from users in this way is pseudonymised. Therefore, assignment of the data to the requesting user is no longer possible. The data is not stored together with users’ other personal data.

There is an important difference between technically necessary cookies, preference and statistics cookies and marketing cookies.

Category: technically necessary

Technically necessary cookies help to make our website usable by enabling basic functions such as page navigation and access to secure areas of the website or, for example, to collect and provide goods in baskets. These cookies do not require the user’s consent. The website cannot work properly without these cookies.

We also use technically necessary cookies on our website. These cookies store and transmit the following data:

Name: _ga / Provider: haidro.com / Purpose: To register a unique ID for statistical data on website usage. Expiration: 2 year / Type: HTTP / Data sent to: Germany

Category: Preferences

Preference cookies allow a website to remember information which affects how the website behaves or looks, such as your preferred language or the region where you are located.

Currently we do not use preference cookies on our website:

Category: Statistics

Statistical cookies help website owners to understand how visitors interact with websites by collecting information anonymously and evaluating it statistically.

We use statistical cookies on our website. These cookies store and transmit the following data:

Name: _ga / Provider: haidro.com / Purpose: To register a unique ID for statistical data on website usage. Expiration: 2 year / Type: HTTP / Data sent to: Germany

Name: _gat / Provider: haidro.com / Purpose: Used by Google Analytics to limit the request rate / Procedure: Session / Type: HTTP / Data sent to: Germany

Name: _gid / Provider: haidro.com / Purpose: Register a unique ID for statistical data about website usage / Procedure: Session / Type: HTTP / Data sent to: Germany

Category: Marketing

Marketing cookies are used, for example, to track users on websites. The intention is to display adverts which are relevant and appealing for the individual user.

We use statistical cookies on our website. These cookies store and transmit the following data:

Name: GPS / Provider: youtube.com / Purpose: To register a unique ID on mobile devices to enable tracking based on geographical GPS location. Procedure: Session / Type: HTTP / Data sent to: USA

Name: VISITOR_INFO1_LIVE / Provider: youtube.com / Purpose: Try to estimate user bandwidth on pages with integrated YouTube videos. Expiration: 179 days / Type: HTTP / Data sent to: USA

Name: YSC / Provider: youtube.com / Purpose: Register a unique ID to record statistics of videos from YouTube that the user has seen. Procedure: Session / Type: HTTP / Data sent to: USA

When the user accesses our website, he or she is informed about the use of cookies for preference, statistical, analytical and marketing purposes via an information banner and, unless Article 6 (1) (f).(legitimate interest of the company or a third party) is used as a legal basis, his or her consent to the processing of the personal data used for this purpose is obtained.

In this context, a reference is also made to this data protection declaration and how the storage of cookies in the browser settings can be prevented and consent revoked.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary, preference, statistical and analysis and marketing cookies is Article 6(1)(f) (legitimate interest).

Purpose of data processing

The purpose of using technically necessary cookies is to make the website easier for users to use. Some functions of our website cannot be offered without the use of these cookies. These services require, for example, that the browser is recognised again after a page change.

The user data collected by the technically necessary cookies are not used to create user profiles.

Preference, statistical and analysis and marketing cookies are used to improve the quality of our website and its content and to provide you with personalised content and offers. The cookies tell us how the website is used, enabling us to constantly optimise our offering.

We also have a legitimate interest in the processing of personal data for these purposes in accordance with Article 6(1)(f) GDPR for the use of cookies not requiring consent.

Duration of storage

Cookies are stored on the user’s computer, which transmits them to our website. “Session cookies” are automatically deleted at the end of your visit. Other cookies stay stored on your end device until a storage period, which may vary, has expired or until you delete them.

Right to object and right to rectification

You, as the user have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies which have already been saved may be deleted at any time.

Many third-party applications which use cookies offer deactivation functions which allow you to place deactivation cookies in your browser. These cookies must be preserved in order for the deactivation to remain active. If you have deleted all your cookies in your browser, you must replace the opt-out cookie on your next visit to our site.

If you disable cookies for our website, it may no longer be possible to fully use all the website’s functions.

You can check cookie settings in your browsers and adjust them to match your preferences via the following links:

Contact forms and email contact

On our website there is a contact form that can be used to contact us electronically. If you choose this option, the data entered into the entry form will be transferred to us and stored.

Data protection information on contact forms and email contact

Description and scope of data processing

Communication by contact form

On our website there is a contact form that can be used to contact us electronically . If a user takes this option, the data entered in the input form is transmitted to us and processed.

Mandatory fields:

Title
Last name
Email address
Zip code
City
Address
Telephone number

You may optionally provide:

Content of the message
Company
First name
Project / Reference

When you submit messages via the contact form the following data is also stored:

Web server log file

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration

Communication by email

Alternatively, you have the option to contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

Email address
Content of the message
Signature if required with
- First and last name
- Address
- Telephone number
- Company

The following data is also stored when you submit the message:

The date and time when it was sent
Message ID and transmitting mail server

Please note: Communication by email may be subject to security loopholes. For example, emails may be stopped and viewed by unauthorised persons during online transmission. If we receive an email from you, we assume that we are entitled to answer you by email. Otherwise we must explicitly refer you to another means of communication.

Neither form of contact entails forwarding of your data to third parties. The data is used exclusively to process your enquiry.

Legal basis for data processing

The legal basis for processing of data transmitted either contacting us via the contact form or sending an e-mail is Art. 6 (1) (f ) GDPR.

Purpose of data processing

We processing of the personal data transmitted solely in order to process your enquiry. This also constitutes the required legitimate interest in the processing of the data.

The other personal data processed during submission is used to prevent misuse of the contact form and ensure the security of our IT systems.

Duration of storage

The data entered in the contact form will be deleted depending on the purpose, as soon as the purpose for the processing is fulfilled, i.e. if the respective conversation with the user is finished and there are no legal considerations (retention periods, traceability) which prevent this.

The other personal data processed during submission will be deleted after a period of seven days at the latest, unless they need to be stored longer for verification purposes.

Right to object and right to rectification

The user has the possibility of withdrawing his or her consent to the processing of his or her personal data at any time, or, in the case of e-mail contact, to object to the processing and storage of his personal data.. Depending on the legal basis of processing for the various contact options, the data will be deleted , if no legal consideration (retention periods, traceability) prevents this.

In case of deletion, the conversation cannot be continued.

Processing of business contacts

We receive business contact information from employees and managing directors of other companies on various occasions. This information, which is usually provided personally, is stored in our contact database as a business contact.

Data protection information for the processing of business contact

Description and scope of data processing

In addition to contact information provided electronically, employees and managing directors of our company are also provided with e.g. business cards or lists of participants at events containing business contact information.

These personal business contact data will be transferred to the contact database/CRM system.

Title
First and last name
Company
Position
Company address
Email address
web address
Telephone number
Mobile phone number
Fax number

In addition, the time and purpose of the handing-over of contact data and, if applicable, further information from business communication are stored, e.g.:

Line of business
Appointment details
History of contacs
Customer reference number, customer type

The data will be processed exclusively within the context of our business relationship. The data will not be passed on to third parties unless you expressly agree.

Legal basis for data processing

The legal basis for the processing of data provided in the context of the collection and storage of business contact data is Article 6 (1) (f) GDPR.

If the establishment of contact is based on pre-contractual measures or aims at the conclusion of a contract, Article 6 (1) (b) GDPR is the additional legal basis for the processing.

In case of the user's consent, the legal basis for processing of the data, is Article 6(1)(a). GDPR

Purpose of data processing

Administration and provision of contacts to individuals, companies, employees of companies or public authorities. The processing of business contact data may be used for one or more of the following purposes:

Maintenance of contact
Information exchange/transmission of information material
Cooperation/ business cooperation
Prospective future ccoperation / business cooperation
Offer preparation and contract processing
Financial statement
Project management

The necessary legitimate interest in the processing of the data is related to the aforementioned purposes.

Duration of storage

After a period of four years (at the end of each calendar year), the system will check whether additional storage of personal data is required in contact management. Data will be deleted unless they need to be stored longer depending on the purpose. The check is carried out in accordance with the respective purpose.

If you withdraw your consent to the further processing of your contact data, the data will be deleted immediately.

The data will be deleted after four years or objection, if no legal consideration (retention periods, traceability) prevents this.

Right to object and right to rectification

You have the possibility of withdrawing your consent to the processing and storage of your personal business contact data at any time.

If you have given your consent to the processing of personal business contact data, you have the possibility to withdraw your consent for processing at any time.

In both cases, all personal data stored in the context of contact management will be deleted, unless there are legal reasons to the contrary (retention periods, verifiability).

In case of deletion or blocking of data an existing conversation cannot be continued or future contact will not be established.

Use of third-party providers’ add-ons

Like many other companies, we use add-ons from third-party providers (social media, analytics tools, marketing tools, etc.). They enable personal data (e.g. IP numbers, information from pseudonymised cookies, geodata, etc.) to be passed on or automatically transferred to the third-party providers. The nature, scope, purpose and duration of such processing of personal data can differ from case to case.

Data privacy policies for the use of third-party extensions

Like many other companies, we use extensions from third-party providers. Contents from third parties (social media, analysis tools, marketing tools, videos from YouTube, cartographic material from Google Maps, RSS feeds and graphics, etc.) can thus be found on our website. Personal data (e.g. IP addresses, information from pseudonymised cookies, geodata, etc.) may be disclosed or automatically transmitted to the third-party providers in this process. The IP address is required to display these contents, for example. The nature, scope, purpose and duration of the processing of personal data can be handled differently in the individual case here.

The legal basis for processing the personal data is provided by Art. 6(1) f) of the General Data Protection Regulation (GDPR) (legitimate interest). Where consent has been given by the user, the legal basis for processing the data is provided by article 6(1) a) GDPR.

You can learn how to object to the use of cookies here.

YouTube (embedded videos)

We embed YouTube videos on some of our web pages. The service on de.youtube.com is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

A connection to the YouTube servers is established when you visit a web page furnished with a YouTube plugin. The YouTube server is informed here of which pages you have visited. If you are logged in to your YouTube account, you enable YouTube to attribute your surfing behaviour personally to you. You can prevent this by logging out of your YouTube account.

We operate YouTube in extended data protection mode which, according to the provider, only initiates the storage of user information when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider uses cookies to collect information about user behaviour. According to YouTube, these cookies are used, among other things, to collect video statistics, improve user-friendliness and prevent abusive practices.

If you are logged in to Google, your information will be directly associated with your account when you click on a video. If you do not want your profile to be associated with YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them.

In particular, such evaluation is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the design of its website to meet requirements. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right.

Further information on how user data is handled at "YouTube" can be found in the provider's data protection declaration.

Data privacy policies for the use of analysis tools

Web analysis tools allow website operators to analyse and monitor visitors. User journeys on the website are recorded and evaluated by the service providers.

The processing of the personal data of the website user enables us to analyse surfing behaviour. By evaluating the data, we are able to compile information about the use of individual elements of our website. This helps us to constantly improve our websites and how user-friendly it is. These purposes also constitute our legitimate interest in processing the data pursuant to article 6(1) f) GDPR.

Use of SalesViewer® technology:

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

Google Analytics

This website uses functions of the Google Analytics web analysis service. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

Google Analytics uses cookies. These text files are stored on your computer and enable your use of our website to be analysed. The information about your use of this website that is created by the cookie is generally transmitted to and stored on a Google server in the US.

IP anonymisation

We have activated the IP anonymisation function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before it is sent to the US. The full IP address will be transmitted to a Google server in the US and shortened there only in exceptional circumstances. Google will use this information on behalf of the owner of this website in order to evaluate your use of the website, in order to compile reports on the website activities and to perform other services associated with the use of the website and Internet use for the website owner. The IP address transmitted from your browser in connection with Google Analytics is not combined with other data by Google.

Browser plug-in

You can prevent cookies from being stored by setting your browser software not to accept them; please note, however, that you may not be able to use all the functions of this website in full in this event. You can furthermore prevent the data generated by the cookie and relating to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in from the following link:
https://tools.google.com/dlpage/gaoptout?hl=en

Objection to data collection

You can prevent your data from being collected by Google Analytics by clicking the link below.

‎An opt-out cookie will be stored that prevents your data from being collected in the future when you visit this website: Deactivate Google Analytics. If you delete your cookies, you must click this link again.

Contract data processing

We have entered into an agreement for contract data processing with Google and implement the requirements of the GDPR in full when using Google Analytics.

Transfer of data to third countries

Google is certified under the EU-U.S. Privacy Shield Framework, providing a guarantee of compliance with European data protection law.

You can find more information on how Google Analytics handles user data in Google’s privacy policy.

Data privacy policies for the use of other applications

Use of script libraries (Google Webfonts)

In order to present our contents correctly and in a graphically appealing manner in all browsers, we use script and font libraries such as Google Webfonts on this website. Google Webfonts are transferred to your browser’s cache in order to prevent repeated loading. The retrieval of script or font libraries automatically triggers a connection to the operator of the library. As far as can be seen, the IP address is transferred in this process at the least. It is theoretically possible for the operator of relevant libraries to collect other data.

If the browser does not support Google Webfonts or prevents access, contents are displayed in a standard font.

Use of Google Maps

This website uses Google Maps API to provide visual presentations of geographical information. When Google Maps is used, data on the use of the map functions by visitors is collected, processed and used by Google. You can find more detailed information on the data processing carried out by Google in the Google privacy policies. You can also change your personal data protection settings in the data privacy centre there.

You can amend your settings relating to Google products by following the instructions on managing your information.

When you make an application online

You have the option to make an application via our website. We solely process the personal data that you send us during an online application to carry out the application process.

Data protection information on advertising

Description and scope of data processing

This data protection information informs you of how we handle personal data which you transmit to us in the course of your application by email, upload or by post. When applying by email, please bear in mind that, depending on the settings of your mail server, your data may be transmitted without encryption.

Direct contact

Our careers site allows you to contact the careers department (“contact”). The personal data which you provide us with in the course of your application is only used for the application process .

This data will not be processed for any other purpose or passed on to third parties.

à Link should take you to page www.haidro.com/deen/security-and-data-protection/

We process the following data:

Application documents
Email address
First and last name
Address,
Telephone number
Birthday
Surname
forename

The HR department will view your applicant data after we receive your application. Suitable applications will then be forwarded internally to the responsible person for the relevant open position within the department. Your data is generally only accessible to persons within the company who require it so that our application process can run smoothly.

Legal basis for data processing

The legal basis for the processing of the data is Article 88 GDPR in connection with section 26 (1) clause 1 BDSG (Federal Data Protection Act) 2018. Personal data may be processed if this is necessary in order to decide on the justification for an employment relationship.

Should data be necessary for prosecution after the application process has been completed, data may be processed on the basis of the requirements of Article 6 GDPR, especially in order to safeguard legitimate interests according to Article 6(1)(f) GDPR. Our interest then lies in the assertion of or defence from claims.

Purpose of data processing

In the course of your application we only use data which comes directly and personally from you (details from the application) and use these exclusively for the purpose of carrying out the selection procedure and to occupy the advertised position. We do not carry out any other research on you, e.g. using search engines or on social media.

Duration of storage

Unless we have agreed a longer period with your consent, your application documents will be deleted no more than six months after the application process has been completed. This applies equally to written and electronic applications.

If you consent to longer storage in our applicant pool, the data will be deleted after two years have gone by.

Should you be awarded a position in the application process, the data from the applicant data system will be brought across into our HR information system.

Right to object and right to rectification

Of course, it is possible to withdraw applications. If you do this, we will immediately delete all associated data, unless a storage period prescribed by law prevents this.

Your rights as a data subject

If your personal data is processed, you are a data subject in accordance with GDPR and you have the following rights against the controller:

Right of access
You can request confirmation as to whether and which personal data concerning you is processed by us.

Right to rectification
You have a right to rectification and/or completion if the processed personal data concerning you is incorrect or incomplete.

Right to erasure (“Right to be forgotten”)
You can request the personal data concerning you to be erased immediately and the controller is obliged to erase this data immediately where certain grounds apply.

Right to restriction of processing
Under certain circumstances, you can request restriction of processing of personal data concerning you (e.g. block processing)

Right to information
If you have enforced the right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing.

Right to data portability
You have the right to receive personal data concerning you that you have provided to the controller in machine-readable format.

Right to object
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is performed in accordance with Article 6 (1)(e) or (f) GDPR.

This concerns in particular the objection against direct advertising.

Right to withdraw the legal data protection declaration of consent
You have the right to withdraw your legal data protection declaration of consent at any time.

Automated decision-making including profiling
Automated decision in individual cases including profiling:- In certain cases scoring and profiling may not be carried out without the involvement of an examining person.

Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority. However, we ask you to contact us first to exercise your rights.

Details on your rights as a data subject

Right of information (Article 15 GDPR)

You can request confirmation from us on whether we process personal data concerning you. If such processing is carried out, you can request details of the following information from the controller:

the purposes for which the personal data is processed;
the categories of personal data which are processed;
the recipients or categories of recipients to whom personal data concerning you has been or will be disclosed;
the planned length of storage of the personal data concerning you or, if it is not possible to provide specific details of this, the criteria for determining the storage period;
the existence of a right to the rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to this processing;
the existence of a right to complain to a supervisory authority;
all available information on the origin of the data, if the personal data is not collected from the data subject;
the presence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved as well as the significance and the intended consequences of such processing for the data subject.

You have the right to request information on whether personal data concerning you will be transferred to a third country or to an international organisation. In this regard, you can request information on the appropriate safeguards in accordance with Article 46 GDPR related to transmission.

Right to data rectification (Article 16 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must carry out the rectification immediately.

Right to erasure (“right to be forgotten” (Article 17 GDPR)

Duty to erase

You can ask the controller to erase personal data concerning you immediately and the controller is obliged to erase this data immediately where one of the following grounds applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and there are no other legal grounds for the processing.
You submit an objection to the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you submit an objection to the processing in accordance with Article 21(2) GDPR.
The personal data concerning you was processed unlawfully.
The erasure of personal data concerning you is necessary to fulfil a legal obligation under EU law or the law of a Member State to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered in accordance with Article 8(1) GDPR.

Disclosing information to third parties

If the controller has made personal data concerning you public and is obliged to delete it in accordance with Article 17(1) GDPR, it shall take reasonable steps, taking into account available technology and implementation costs, including technical measures, to inform controllers who are processing the personal data that you as the data subject, have requested the erasure of all links to this personal data or of copies or replications of this personal data.

Exceptions

The right to erasure is not granted if the processing is necessary

to exercise the right to freedom of expression and information;
to fulfil a legal obligation which requires processing in accordance with EU law or the Member States to which the controller is subject or to perform a task that is carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons in the public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, if the right set out in (a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
to establish, exercise or defend legal claims.
1. Right to restriction of processing (Article 18 GDPR)

Under the following circumstances, you can request the processing of personal data concerning you to be restricted:

for a period enabling the controller to verify the accuracy of the personal data, if you are contesting the accuracy of the personal data concerning you;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of use of the personal data instead;
if the controller no longer needs the personal data for processing purposes, but you need it to establish, exercise or defend your legal rights, or
if you have objected to the processing in accordance with Article 21(1) GDPR and verification of whether the controller’s legitimate grounds override your grounds is still pending.

If the processing of personal data concerning you has been restricted, this data may, with the exception of storage, only be processed with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.

Where processing has been restricted under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

Right to information (Article 19 GDPR)

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you was disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or would involve a disproportionate effort.

You have the right vis-à-vis the controller to information on these recipients.

Right to data portability (Article 20 GDPR)

You have the right to receive personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, if

the processing is based on consent in accordance with Article 6(1)(a) GDPR or Article 9 (2)(a) GDPR or on a contract in accordance with Article 6(1)(b) GDPR and
the data is being processed with the help of automated processes.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where this is technically feasible. The freedom and rights of others may not be adversely affected by this.

The right to data portability does not apply for the processing of personal data that is necessary to perform a task that is carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object (Article 21 GDPR)
You have the right, for reasons arising from your own particular situation, to object at any time to the processing of personal data concerning you that is performed in accordance with Article 6(1)(e) or (f) GDPR; this also applies to any profiling based on these provisions.The controller will no longer process the personal data concerning you, unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing facilitates the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct advertising purposes, the personal data concerning you will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you are also entitled in the context of the use of information society services to exercise your right of objection by means of automated procedures for which technical specifications are used.
1. Right to withdraw the declaration of consent given under data protection law in accordance with Article 7(3)

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent will not affect the lawfulness of processing carried out based on the consent prior to withdrawal.

Automated individual decision-making, including profiling (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or similar significant adverse effects for you. This does not apply if the decision

is necessary for the conclusion or fulfilment of a contract between you and the controller,
is permissible under the law of the EU or the Member States to which the controller is subject, and this law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
is made with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with Article 9(1) GDPR, unless Article 9(2)(a) or (g) applies and suitable steps to protect rights and freedoms and your legitimate interests have been taken.

In the cases stated in (1) and (3), the controller will take suitable steps to safeguard rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of the personal data concerning you infringes the GDPR.

The supervisory authority where the complaint was lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial legal remedy in accordance with Article 78 GDPR.

Changes to the data protection declaration

We reserve the right to adapt this data protection declaration when new services are introduced or changed so that it always complies with current legal requirements. When you return to our website, the current version will apply.

Version 26.09.2022