Thank you for visiting our website and for you interest in H-TEC SYSTEMS GmbH. This Data Privacy Statement explains the extent to which we process data and for what purposes when you use our website and beyond that.
This data protection concerns personal data. Pursuant to Article 4 GDPR (EU General Data Protection Regulation), ‘personal data’ means any information relating to an identified or identifiable natural person (data subject). This includes information such as your name, address, email address or telephone number, but also usage data, e.g., your IP address or content data such as the messages you write and send to us via forms. We process personal data in compliance in particular with the EU General Data Protection Regulation (GDPR), with the German Data Protection Act (BDSG) and the German Telecommunications-Telemedia Data Protection Act (TTDSG).
1. Responsible Officer
H-TEC SYSTEMS GmbH
Tel. +49 (0)821 507697-0
2. Data Protection Officer
Dr. Andreas Gabriel
Tel. +49 (0) 821 322 47 22
Insofar as we obtain your consent for processing operations with personal data, the legal basis for this is set out in Article 6(1)(a) GDPR.
Where processing of your personal data is necessary for the performance of a contract between you and us, the legal basis for this is set out in Article 6(1)(b) GDPR. This also applies to processing operations that are necessary to execute steps prior to entering into a contract.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, the legal basis for this is set out in Article 6(1)(c) GDPR.
If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for this is set out in Article 6(1)(f) GDPR.
4. Data capture on our website
If our website is used for informational purposes, e.g., you register or otherwise submit information to us, we only collect the personal data that your browser sends to our server. If you want to visit our website, we collect the following data, which is a technical requirement for us, in order to show you our website and to ensure stability and security. The legal basis is set out in Article 6(1)(f) GDPR. As the website operator we have a legitimate interest in the smooth technical presentation of our website and its optimization – this requires the capture of the following server log files:
• IP address of the requesting computer;
• date and time of the request;
• time zone difference to Greenwich Mean Time (GMT);
• content of the request (specific page);
• access status / HTTP status code;
• data volume transferred in each case;
• name and URL of the requested file;
• website from which access is effected (referrer URL);
• browser being used and if applicable the operating system of your computer and the name of your access provider;
• operating system and its interface;
• language and version of the browser software.
4.2. Cookie-consent tool
When you visit our website for the first time, the cookie-consent tool Cookie_hint is displayed as a pop-up window. You can use this to activate or deactivate cookies categorized by function groups (statistics/marketing). The technically essential cookies (functional) are stored as soon as you visit the website. You can accept cookies by clicking on either “Accept all” or “Accept selected”. If technical cookies are deactivated, use of this website or individual functions of the website may be restricted or impossible.
4.3. Google Analytics
4.3.1. IP anonymization
We use IP anonymization. Accordingly, your IP address is first abbreviated by Google in the Member States of the European Union (EU) or in Other States Party to the Agreement on the European Economic Area (EEA) before transmission to the USA. However, it is possible that your full IP address may be transmitted as an exception to servers of Google LLC in the USA and abbreviated there. Only in exceptional cases is your full IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information to evaluate your use of this website, to create reports about the activities and to provide additional services connected with use to the website operator. You will find further information on conditions of use and data protection at marketingplatform.google.com/about/analytics/terms/de/ and policies.google.com;
4.3.2. Storage period
Data stored in connection with Google Analytics is anonymized or erased after 14 months. You will find more information at: support.google.com/analytics/answer/7667196.
4.4. Contact form
If you send us enquiries by filling in a contact form, your information and personal data from the contact form is processed for the purpose of handling the enquiry and any follow-up questions that may be necessary. The legal basis is set out in Article 6(1)(b) GDPR, providing your enquiry relates to performance of a contract or is necessary to execute steps prior to entering into a contract. Otherwise, processing is based on our legitimate interest in the effective processing of enquiries we receive pursuant to Article 6(1)(f) GDPR.
4.5. Google Maps
This website uses videos provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google) via YouTube in order to provide you with further information about our offer.
What data is collected and what this data is used for - by and through Google - can be found at: https://www.google.com/intl/de/policies/privacy/
Information on the cookies used by Google can be found at: https://policies.google.com/technologies/cookies?hl=de&gl=de
We have no influence on this processing activity. The legal basis for this processing is Art. 6 para. 1 lit. a DSGVO in the form of your granted consent via our consent-tool.
4.7. LinkedIn Insight Tag
We use the LinkedIn Insight Tag. The service provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. (LinkedIn). Through the use of LinkedIn Insight Tag, we receive statistical information about your interactions with our website and/or ads placed by us. For this purpose, a cookie with a unique ID is set on the end device. According to LinkedIn, the following personal data is collected:
• IP address
• Currently used website
• Website of origin, if applicable
• End device information
• Browser information
If you are registered as a website visitor on LinkedIn, we can, among other things, analyze your professional data such as career status, company size, country, location, industry, and job title and adapt our campaigns specifically to the respective target groups. In addition, we can evaluate whether you take an action as our website visitor (conversion measurement), which can also be done across devices. Furthermore, the use of LinkedIn Insight Tag enables us to retarget, so that we can use this data to show you targeted advertising outside of this website without being able to identify you. According to LinkedIn, members of LinkedIn can adjust the use of their personal data for advertising purposes in their account settings. According to LinkedIn, the collected data is pseudonymized after 7 days and deleted after 180 days. We do not receive any information from LinkedIn that we could assign to a specific person. For more information, please see the following link: https://business.linkedin.com/de-de/marketing-solutions/website-demographics. We have no influence on possible further processing by LinkedIn.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. a DSGVO and § 25 para. 1 TTDSG in the form of your given consent by means of our provided consent tool.
Our website is hosted by an external service provider (hoster). The service provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany. We have concluded a processing agreement with the service provider within the meaning of Article 28 GDPR. Personal data recorded on this website is stored on the hoster’s server. This may include IP addresses, contact enquiries, meta and communication data, contractual data, contact data, names, website visits and other data generated by a website. The hoster follows our instructions and only processes the data insofar as is necessary to fulfil its obligations.
6. MAN Energy Solutions
H-TEC is a company of MAN Energy Solutions (https://www.man-es.com/de). Therefore, it may be necessary to process your personal data within the existing or future corporate group. The legal basis is set out in Article 6(1)(f) GDPR. Our legitimate interest lies in the efficient organization of business processes.
Your personal data shall be processed as appropriate within the existing or future corporate group, insofar as this is necessary for the performance of a contract and to execute steps prior to entering into a contract. Data processing is undertaken at your request and is necessary for the stated purposes for both parties to fulfil obligations arising from the contract. The legal basis is set out in Article 6(1)(b) GDPR.
7. Contact by email, post, telephone, fax, social media etc.
When you make contact by email, post, telephone, fax, social media etc., your personal data (e.g., name, enquiry) is stored and used for the purpose of dealing with your concern or for contacting you including the processing this involves. The legal basis is set out in Article 6(1)(b) GDPR, providing your contact relates to fulfilment of a contract or is necessary to execute steps prior to entering into a contract. In all other cases, processing is based on your consent pursuant to Article 6(1)(a) GDPR and/or our legitimate interests pursuant to Article 6(1)(f) GDPR, as we have a legitimate interest in the effective handling of the enquiries we receive.
8. Direct marketing
We process your personal data for promotional use, in order to inform you, for example, by email, post, telephone (e.g., telephone marketing), using digital or printed media about products, services, events, trade fairs, etc., if you have consented to this processing. The legal basis is set out in Article 6(1)(a) GDPR.
We also process your personal data for promotional use within the scope of our legitimate interest (by post). Our legitimate interest lies in executing promotional measures. The legal basis is set out in Article 6(1)(f) GDPR.
In the case of telephone marketing, naturally we comply with the requirements of § 7 UWG (German Act against Unfair Competition).
9. Visiting our social media sites
We operate social media sites for the purpose of informing visitors about our services and also to communicate with you. When you visit social networks like Xing, LinkedIn, Twitter etc. or websites with integrated social media content (e.g., like buttons or advertising banners), it is possible for social networks to analyze your surfing behavior. Social networks may, for example, attribute your visit to our social media site to your user account, provided that you are logged into your social media account. Regardless of this, your personal data may also be recorded if you have no social media account. Data may be collected using cookies, which are stored on your end device, or by recording your IP address. Your personal data is usually processed for market research and promotional purposes. Social networks can use your surfing behavior and derived interests to create usage profiles, which are used, for example, to display corresponding adverts within and beyond the social network. Please note that your data may be processed outside the territory of the EU or EEA, e.g., in the USA. This may result in risks for you, as amongst other things it could make it harder to enforce your data subject rights. With respect to data transmission to the USA, please see the section relating to transmission to states outside the EU or the EEA. We are not able to track all processing activities by social networks, especially whether further processing activities are undertaken. You will find more information in the usage and data protection regulations of the respective social network (see below). We use social media to ensure our online presence is comprehensive. Our legitimate interest lies in providing users with effective information and communicating with users. The legal basis is set out in Article 6(1)(f) GDPR. Provided that corresponding consent was obtained (e.g., consent to the storage of cookies), processing is undertaken solely on the basis of Article 6(1)(a) GDPR or Article 49(1)(a) GDPR.
9.1. Controller and asserting data subject rights
We are responsible along with the operator of the social network for the data processing operation triggered by your visit. You may assert your data subject rights both against us and against the social network. However, please note that despite the shared responsibility with the social networks, we are not fully able to influence the data processing operations. Our opportunities for influence are determined by the corporate guidelines of each social network.
9.2. Storage period
Data we collect directly via our social media presence is erased once the reason it was stored no longer applies, you ask us to erase it, or you withdraw your consent to storage. This does not affect mandatory legal provisions, e.g., retention periods. We have no influence over how long your data is stored by social networks for their own purposes.
9.3. Social networks in detail
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland); more information on data processing: www.linkedin.com/legal/privacy-policy, opt-out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out;
• XING (New Work SE, Hamburg); more information on data processing: privacy.xing.com/de/datenschutzerklaerung;
• Twitter (Twitter Inc., San Francisco); more information on data processing: twitter.com/de/privacy.
10. Processing of interested visitors, customers, and contractual data
We process your personal data for the performance of the contract concluded between us and to execute steps in this regard prior to entering into a contract (e.g., to prepare and send a quote) or to end our contract. The data processing is necessary for the performance of the contract. The legal basis is set out in Article 6(1)(b) GDPR.
11. Data processing – contact details for contacts etc.
We process the contact details for contacts, employees, service providers or agents of our contractual partners. The legal basis is set out in Article 6(1)(f) GDPR. Processing pursuant to Article 6(1)(f) GDPR may only be undertaken insofar as this is necessary for the purposes of the legitimate interests pursued by us or by third parties and insofar as it does not override the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Business contacts (e.g., name of the contact, an employee etc.) do not include any highly sensitive data. It is therefore not apparent what legitimate interest contacts, employees etc. would have in not being contacted within the scope of the business relationship. Our legitimate interest lies in the smooth execution of the business relationship and overrides the interest of contacts, employees, service providers or agents.
12. Data processing – business contacts, trade fairs, events etc.
We process your personal data that we have collected, e.g., in the course of business contacts, at a trade fair, event etc. (e.g., you gave your business card and other data) for the performance of a contract and to execute steps in this regard prior to entering into a contract (e.g., to prepare a quote). Data processing is undertaken at your request and is necessary for the stated purposes for both parties to fulfil obligations arising from the contract. The legal basis is set out in Article 6(1)(b) GDPR.
13. Invitations to events, trade fairs etc.
We process your personal data to invite you to events, trade fairs etc. by email or post. The legal basis is set out in Article 6(1)(a) GDPR, provided that we have obtained your consent. Otherwise, processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR, as we have a legitimate interest in staying in touch with our contacts and business partners and in undertaking promotional measures.
14. Recruitment process
We process data that you have provided with your application, in order to assess your suitability for the position or other potential vacant positions, to contact you and to conduct the recruitment process. These applications may either be for a specific vacancy or may be unsolicited. We use the recruitment management system of softgarden e-Recruiting GmbH (softgarden), Tauentzienstr. 14, 10789 Berlin, to manage the recruitment process. We have concluded a processing agreement with softgarden pursuant to Article 28 GDPR.
14.1. Collection and processing of personal data
Your personal data is collected from you directly in the course of the recruitment process. We may also collect personal data from third parties, e.g., from recruiters or social platforms.
We process the following categories of your personal data in particular in the course of the recruitment process:
• contact details (first name, surname, email address, telephone number, address etc.);
• CV (details on your qualifications, skills, experience, and your career history etc.);
• nationality and entitlement to work in the country for which you are applying;
• if appropriate a recruitment photo, information about your driver’s license.
Insofar as we offer you an employment contract, we may also process your personal data as follows:
• bank details;
• contact information for emergencies;
• if appropriate and to the extent legally permissible, health information.
As the applicant (m/f/x) you are not obliged to provide your personal data. However, personal data must be provided for us to make a decision about an application. Applicants should only provide the personal data that is necessary though for the application to be made and processed. If applicants do not provide us with any personal data in their application, we will not be able to make a selection. There will be no further consequences for you.
14.2. Purpose and legal basis for processing of your personal data
If you send us an application, we process the personal data you include in order to assess your suitability for the position for which you have applied. We process your application data solely for the application process for the position for which you have applied. We only use your application data for other vacancies (talent pool) if you have explicitly given your consent.
The legal basis for the processing of your personal data in this recruitment process is set out in § 26 BDSG. Pursuant to § 26 BDSG, processing of data is permitted insofar as this is necessary in the context of making a decision about whether to start an employment relationship.
If the data is required for legal action after the application process has ended, data processing may be undertaken pursuant to Article 6 GDPR, especially for the purposes of legitimate interests pursuant to Article 6(1)(f) GDPR. The legitimate interest lies in asserting or defending claims, e.g., in a process in accordance with the German General Equal Treatment Act (AGG). Provided that corresponding consent was obtained (e.g., to the use of your data for later vacancies), processing is undertaken solely on the basis of Article 6(1)(a) GDPR.
Your personal data is only disclosed to persons within our company who are involved in handling your application.
If your application is successful, the personal data you submitted is stored in our data processing systems on the basis of § 26 BDSG for the purpose of conducting the employment relationship.
14.3. Retention and erasure of your personal data
If your application was not successful, your personal data is erased within 180 days once the application process is complete. In this context, we store the personal data you transferred for up to 180 days after your application is rejected on the basis of our legitimate interest within the meaning of Article 6(1)(f) GDPR. The data is retained in particular for evidential purposes in the event of a legal dispute. If it is apparent that the personal data will be required after the aforementioned period has lapsed (e.g., because of an imminent or pending lawsuit), it is only erased once the reason for continued retention no longer applies.
If we do not offer you a position, it is possible for you to be added to our talent pool. In this instance, all documents and information from your application are added to the talent pool so that we can contact you in the event of suitable vacancies. You are only added to the talent pool on the basis of your explicit consent (Article 6(1)(a) GDPR). Your consent is given voluntarily and has no bearing on the ongoing application process. You can withdraw your consent at any time with future effect. If you do so, the data is irreversibly erased, provided that there are no legal grounds for retention. The data from the talent pool is irreversibly erased at the latest 180 days after consent is given.
If your application was successful, your personal data from the application is transferred to your personnel file and then erased once the employment relationship ends, unless we are legally required to retain it for a longer period (e.g., § 147(1)(1) AO (German Fiscal Code) – for tax purposes 10 years after the employment relationship ends). Please contact our Human Resources department for more information.
15. Corporate transactions
Within the scope of a corporate transaction, it may be necessary to transmit your personal data to a third party. This is at least the case with asset deals. During due diligence, it is generally anonymized or pseudonymized data that is processed. However, in individual cases it may also be necessary to process personal data without anonymization or pseudonymization. The legal basis for the processing of your personal data in this case is set out in Article 6(1)(f) GDPR. Our legitimate interest lies in the implementation of corporate transactions.
16. Sources (third-party collection)
We also process personal data that we gather from publicly accessible sources, e.g., from the internet or social media or that we obtain from third parties, e.g., credit agencies.
17. Recipients or recipient categories
We sometimes use external service providers to process your data. These external providers are carefully selected, are required to comply with our guidelines and are regularly monitored. This is usually done on the basis of processing under an agreement pursuant to Article 28 GDPR. Otherwise, we only transmit personal data to third parties when there is legal authorization to do so or you have given prior consent. Your personal data is only disclosed or transmitted for the purposes stated above to the following recipients or recipient categories:
• IT service providers;
• credit institutes for payment processing;
• companies from the insurance industry in the course of settling claims;
• collection service providers and lawyers, e.g., to collect debts and enforce claims in court;
• lawyers, notaries, banks, tax advisors etc.;
• company buyers / potential buyers in connection with corporate transactions;
• controllers, processors;
• other entitled parties (e.g., authorities and courts), provided that there is a legal obligation or entitlement to do this;
• depending on the order, to other recipients, which we will agree with you as necessary.
18. Transmission to states outside the EU or the EEA
Insofar as we process data outside the EU or the EEA, or do so in the course of engaging the services of third parties or disclosing or transferring data to third parties, we shall only do this if it is done to meet our (pre)contractual obligations, on the basis of your consent, because of a legal obligation or on the basis of our legitimate interests.
We use EU standard contractual clauses to ensure an adequate level of data protection at the recipient of the data and to ensure additional guarantees are in place for the transfer of personal data to a third country, e.g., the USA. The EU standard contractual clauses remain valid even after the Judgement of the European Court of Justice of 16 July 2020 (C-311/18) on the EU-US Privacy Shield. In particular, the EU standard contractual clauses were updated with the Implementing Decision of 4 June 2021. Moreover, we ensure additional guarantees are in place or obtain the data subject’s consent to the data transfer pursuant to Article 49(1)(a) GDPR.
We use tools or services from service providers registered in the USA on our website and beyond. According to the case law of the European Court of Justice of 16 July 2020 (C-311/18) on the EU-US Privacy Shield, the level of data protection in the USA is not adequate. The USA is not a safe third country within the meaning of the GDPR. US service providers and their subsidiaries are subject to US laws and are also obliged to provide US authorities (e.g., intelligence services) with personal data. Data subjects have no legal recourse against this. Thus, it is possible that US authorities (e.g., for surveillance purposes) may access personal data and process, evaluate and store this. Within the meaning of the GDPR, this is an unauthorized disclosure of personal data. We have no influence over this processing activity.
19. Storage period
Your personal data is only stored for the stated purposes for as long as is necessary to fulfil this purpose. Afterwards (e.g., once we have finished handling your enquiry; if the matter in question has been conclusively resolved; once the order is complete or the business relationship ends etc.), your personal data is erased, unless we are obliged to retain it for legal reasons (e.g., retention obligations under commercial or tax law) for a longer period. In this instance, your personal data is initially blocked and then erased once the retention period has lapsed.
Data may also be retained if this is stipulated under European or German law in EU regulations, laws or other provisions that apply to our company. The data is then blocked or erased once the storage period stipulated by the stated standards lapses, unless there is a reason to continue storing the data. Data may also be stored if you have consented pursuant to Article 6(1)(a) GDPR.
In the case of obligations to respect objections permanently, we reserve the right to store your personal data (contact details, e.g., email address, telephone number, surname, first name, address etc.) in a blocklist (so-called “denylist”) for this purpose alone.
More information relating to the storage period and the erasure of your personal data may be provided in the individual sections of this Data Privacy Statement.
20. The data subject’s rights
Within the framework of the legal provisions, you have the right to
• confirmation whether your personal data is being processed by us and information about the circumstances of that processing (Article 15 GDPR);
• rectification, insofar as your personal data is incorrect (Article 16 GDPR);
• erasure of your personal data, providing there is no justification for processing and there is no (longer a) duty of retention (Article 17 GDPR);
• restriction of processing, if one of the conditions set out in Article 18(1)(a) to (d) GDPR applies (Article 18 GDPR);
• data portability of your personal data in a structured, commonly used, and machine-readable format (Article 20 GDPR);
• complain to a supervisory authority (Article 77 GDPR).
If the processing of your personal data is based on your consent, you have the right pursuant to Article 7(3) GDPR to withdraw said consent at any time, with the effect that your personal data may not be processed in the future. However, this does not affect the legality of the processing undertaken on the basis of your consent before this was withdrawn. You may withdraw consent informally by email to email@example.com or by post to our address provided at the start of this Data Privacy Statement.
Furthermore, in the case of processing based on a legitimate interest pursuant to Article 6(1)(f) GDPR, you have the right to object to processing pursuant to Article 21 GDPR, whereby, except in the case of direct marketing, you must demonstrate particular grounds. You may object informally by email to firstname.lastname@example.org or by post to our address provided at the start of this Data Privacy Statement.
21. Obligation or duty to provide data
In the course of the performance of a contract and to execute steps in this regard prior to entering into a contract with you, you need to provide the personal data that is required to establish and execute the contract and to fulfil the contractual obligations. You are not obliged to provide your personal data, but if you do not do so, it is not possible to establish and execute the contractual relationship.
22. No automated decision-making including profiling
We do not process your personal data for the purpose of automated decision-making including profiling pursuant to Article 22(1) and (4) GDPR.
23. Links to other websites
Our website includes links to other websites. Please note that our Data Privacy Statement does not apply to these other websites, unless explicitly stated.
24. Data security
We have taken the necessary technical and organizational steps to protect the personal data you have provided from loss, destruction, manipulation, and unauthorized access. All our employees and all persons involved in data processing are required to comply with the GDPR, BDSG and other laws concerning data protection and to treat personal data as confidential. Our employees are trained accordingly. Both internal and external reviews ensure compliance with all processes concerning data protection.
In order to protect our users’ personal data, we use a secure online transmission method, the so-called “Secure Socket Layer” (SSL) or “Transport Layer Security” (TSL) transmission. This is indicated by an ‘s’ added to the http:// address (“https://”) and a green, locked padlock symbol in the browser. You can click on the symbol to display information about the SSL certificate being used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees secure and complete transmission of your data.
25. Changes to the Data Privacy Statement
New legal requirements, corporate decisions or technical developments may necessitate changes to our Data Privacy Statement. The Data Privacy Statement is then adjusted accordingly. You will find the latest version on our website.
As at: November 2022