Skip to main content

Privacy

Data Protection Policy

Thank you for your interest in our company and for visiting our website. In the following we would like to inform you about the scope of your personal data, in particular which of your personal data we collect during your visit to our website and for what purposes they are used.

As a company with international presence, we are subject to the data protection regulations applicable in the countries in which we operate. The requirements as well as rights and obligations regarding personal data or data processing by us may vary depending on the location and the applicable law in each case. The following information represents in each case what applies within the scope of the General Data Protection Regulation (hereinafter "GDPR") and the German Federal Data Protection Act (hereinafter "BDSG"). This data protection declaration does not establish any rights or obligations that go beyond what is applicable under the locally applicable data protection law.

According to Article 4(1) GDPR, personal data is all information relating to an identified or identifiable natural person. This includes information such as your first and last name, your address, your telephone number, your e-mail address and also your IP address.

I. General Information

1. Material scope
 
This data protection policy applies to the Henn GmbH website. It does not apply to other Internet offers to which we merely refer by means of a so-called hyperlink.

Please note: Our website contains so-called hyperlinks to websites of other providers. When these hyperlinks are activated, they are directly forwarded from our website to the website of the respective other provider. You can recognize this by the change of the Internet address (URL) in the display of your browser software.

2. Controller

Controller within the meaning of Article 4(7) GDPR and other national data protection laws of the member states of the European Union as well as other data protection regulations is HENN GmbH, Augustenstr. 54, 80333 Munich, Tel. No.: +49 89 52 35 7-0, Fax No.: +49 89 52 35 7-123, e-mail address: info@henn.com. Authorized to represent the responsible persons are their managing directors Gunter Henn, Martin Henn, Stefan Sinning and Werner Sonnleitner

3.Contact data of the Data Protection Officer
You can contact our data protection officer if you have any questions about data protection (e.g. about the protection of your personal data or about this data protection declaration) or if you have objections under data protection law.

Robert Faußner, M.A. 
c/o HEUSSEN Rechtsanwaltsgesellschaft mbH 
Brienner Straße 9 / Amiraplatz
80333 München / Munich
Germany
Tel: +49 89 290 97 0
Fax: +49 89 290 97 200
E-Mail: datenschutzbeauftragter@heussen-law.de

4. Processing of your personal data

Processing (e.g. collection, storage, readout, retrieval, use, transmission, deletion or destruction) in accordance with Article 4(2) GDPR always requires a legal basis or your consent.

Details on the processing of your personal data are provided in the description of the respective data processing operation. This applies in particular:

- the purposes for which your personal data are to be processed and the legal basis for the
processing
- if the processing is based on Article 6(1)(f) GDPR  the legitimate interests pursued by us or
a third party;
- if third parties receive your personal data from us: the recipients or categories of recipients
of the personal data;
- if applicable, our intention to transfer your personal data to a third country;
- whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether you are obliged to provide the personal data and what the possible consequences would be if you did not provide the personal data.

5. Transmission of your personal data to third parties

We only pass on your personal data to third parties if you have given us your consent or if a legal basis exists (e.g. due to the GDPR).

In accordance with Article 28 GDPR, we use external service providers as processors for the processing of personal data in the following areas:

- IT
- telecommunications
- distribution
- marketing

When transferring data to external entities in third countries (i.e. outside the European Union (EU) and the European Economic Area (EEA)), we ensure that these entities treat your personal data with the same care as they would within the EU and EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data by contractual agreements or other suitable guarantees.

6. Deletion and blocking of your personal data

Your personal data will be deleted or blocked as soon as this is no longer necessary for processing in order to fulfill legal obligations and the purpose for which the data was stored no longer applies.

Even after termination of a contract it may be necessary to store your personal data in order to fulfill contractual or legal obligations, e.g.

- to comply with commercial or fiscal retention obligations (e.g. under the German Commercial Code and the German Fiscal Code) with retention periods of up to ten years, calculated from the end of the calendar year, or

- to assert or exercise claims or rights or to defend against rights or claims, this within the scope of the statutory provisions on limitation, which may be up to 30 years from the respective statutory commencement of limitation. 

Further information on the storage period or deletion or blocking can be found in the description of the respective data processing operation.

7. No Automated individual decision-making, including profiling

When using our website, you will not be subject to an exclusively automated processing of your data, including profiling (Article 13(2)(f) GDPR, Article 22(1) to (4) GDPR, Article 4(4) GDPR in conjunction with § 37 BDSG), which would have legal effect on you or would affect you considerably in a similar way.

II. Individual data processing operations

1. Provision and use of the website/ server log files
   

a) Type and extent of data processing

With each access of a user to our website and each retrieval of a file, data about this procedure will automatically be recorded in a log file and will then be processed. Specifically, on every access/ retrieval the following data will be recorded:

If you use this website without otherwise (e.g. through registration or when using the contact form) transmitting data to us, we will collect technically necessary data over server log files, which will automatically be transmitted to our server:

- complete IP-address of the requesting computer
- date and time of the request
- accessed page/ name of the retrieved file
- transferred data volume
- notification, whether the access/ retrieval was successful
- internet address, from which the site respectively the file or the desired function was initiated
- used web browser

b) Purpose and legal basis

Legal basis for the collection and processing of the data is Article 6(f) GDPR. The legitimate interest for the collection and processing of the mentioned data including the IP-address is based on the fact, that this data is necessary in order to provide the use of our web offer, for instance to display the accessed website. In addition, the legitimate interest in the storage of the IP-address is based on the requirement to guarantee IT security, in particular the protection of our IT systems against misuse and to ward off attacks.

c) Storage period

The aforementioned data will be recorded for the duration of the communication process. To guarantee IT security, the IP-address will be saved for an additional short period of time of no more than seven calendar days. Subsequently, this data shall be deleted.

d) Right of objection

If your personal data is processed in accordance with Article 6(1)(f) GDPR you have a right of objection in accordance with Article 21 GDPR. However, in the case of the specific data processing operation, we have compelling legitimate grounds for the processing the data that are necessary for the protection of these data, because without the processing of these  data we cannot provide and operate our website.

2. Cookies

a) What are cookies?

When you visit our website, cookies, i.e. small text files containing certain information, are stored for a certain period of time on your computer or terminal device which you use to visit our website. Some web browsers create a separate file for each cookie, other web browsers store all cookies in a single file. Cookies may contain information that makes you personally identifiable.

If we are responsible for storing the cookie, we can access the information stored in the file. If a third party is responsible for the storage of the cookie (so-called third-party cookies), the third party can access this information.

Depending on the storage period, temporary cookies and persistent cookies can be distinguished.

- Temporary cookies are automatically deleted when you close your browser. This includes so-called session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to your visit to our website.

- Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete such cookies in the security settings of your browser at any time.

Depending on the purpose of the cookie, the following categories of cookies can be distinguished, among others:

- technically necessary cookies (without which we cannot or cannot properly enable you to use the website or certain functionalities)

- Cookies for web analysis

b) Which cookies do we use?

In the following we will explain,

- which cookies are stored on your computer when you visit our website, stating the name of the cookie in question,
- who is responsible for the storage (especially if it is a third party cookie)
- what purpose the storage serves,
- on which legal basis the data processing is based and
- for which period of time the respective cookie is stored.

Technically necessary cookies

Name: has_js
Host: Henn GmbH
Purpose of storage: Documentation of the browser activation of the client Javascript
Legal basis: Article 6(1)(f) GDPR
Storage period: until the end of the session / site visit

Cookies for web analysis

Name: pk_id
Host: Matomo
Purpose of storage: Analysis/ evaluation of user behavior
Legal basis: Article 6(1)(a) GDPR
Storage period: 13 months

Name: _pk_ses
Host: HENN GmbH
Purpose of storage: Analysis/ evaluation of user behavior
Legal basis: Article 6(1)(f) GDPR
Storage period: 30 minutes

Name: NID
Host: Google LLC
Purpose of storage: Unlock the Google Maps content.
Legal basis: Article 6(1)(f) GDPR
Storage period: 6 months

c) Prevention of the storage of cookies

aa) Insofar as we process your personal data on the basis of Article 6(1)(f) GDPR. You have a right of objection according to Article 21 GDPR. In the case of technically necessary cookies, however, we have compelling reasons worthy of protection for processing the data, because without processing this data we cannot properly provide our website or the respective functionality of the website.

bb) Insofar as we process your personal data on the basis of your consent pursuant to Article 6(1)(a) GDPR, you are entitled to withdraw your consent with effect for the future.

cc) You can prevent the storage of cookies via the settings of your browser software. Browsers usually provide you with various functions for this purpose, which you can find out more about in the help section of your browser software. You can usually set your browser software to automatically block all cookies, to allow only cookies from certain Internet services or to warn you before a cookie is stored. You can also set your browser so that stored cookies are deleted. You can obtain further information on this using the help function of your browser.

Matomo
   

a) Type and scope of data processing

Matomo is an open source software tool for web analysis. Among other things, a web analyst tool collects data about the last website accessed prior to loading the current website (so-called referrer), which sub-sites of the website you accessed or how often and for how long you viewed a sub-page.

Matomo sets a cookie to analyse the use of our website. With each access of an individual page of the website, the internet browser is automatically prompted by the Matomo component to transmit data to our servers for the purpose of online analysis. As part of this technical process, we gain knowledge of your personal data, such as your IP address, which is used, among other things, to track the origin of visitors and clicks.

Personal information such as the access time, the location from which an access originated and the frequency of visits to our website are stored by means of cookies. Each time you visit our website, this personal data, including the IP address of the Internet connection you use, is transferred to our server. This personal data is stored by us and will not be disclosed to third parties.

We use Matomo with the with enabled IP anonymization “automatically anonymize visitor IPs“. This anonymization function shortens your IP address by two bytes to make it impossible to assign it to you or the internet connection you are using.

b) Purpose and legal basis

The purpose of the Matomo component is the analysis of flows of visitors to our website. Amongst other things, we use the obtained data and information to evaluate the use of this website.
The legal basis for the use of Matomo is your consent pursuant to Article 6(a) GDPR.

c) Storage period

The stored data will be deleted as soon as the cookie expires, or you withdraw your consent.

d) Right of withdrawal

The stored data will be deleted as soon as you withdraw your consent by deselecting the selected cookie category "Statistics" under "Change cookie settings".

e) Further information

Further information and the valid data protection regulations of Matomo can be found here: https://matomo.org/privacy/

4. Contact options by e-mail

a) Type and scope of data processing

You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account used by you to contact us as well as to the personal data provided by you in the course of contacting us. If you send us an e-mail without encryption, the e-mail is not protected against unauthorized access or modification by third parties during transmission.

b) Purpose and legal basis

The purpose of data processing is to be able to answer your request appropriately. The legal basis for this is Article 6(f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request appropriately, e.g. to answer your inquiry or to fulfil your request for information.

c) Storage period

The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted on a regular basis if the intended purpose of the communication ceases to apply and storage is no longer necessary. This may result, for example, from processing your request.

d) Right of objection

If your personal data is processed in accordance with Article 6(1)( f) GDPR, you generally have a right of objection in accordance with Article 21 GDPR.

5. Online applications

a) Type and scope of data processing

You can find job offers on our website under "careers" and apply for a job with us using the online form.

If you apply using the online form, we collect and store the data you enter in our online form and send it to us.

We need the information in the fields marked with an asterisk in order to process your application, electronically confirm the receipt of your application and communicate with you. You can only send us your application if you have completed these fields. If you do not provide us with your data, or do not provide it completely, this will not have any disadvantageous consequences for you, but in this case we will generally not be able to process your application.

Our decisions regarding your invitation to a job interview and whether or not to hire or not to hire you will be made by us on a case-by-case basis, depending on our assessment, and in particular not automatically.

We reserve the right to make applicant data anonymous, so that it is no longer possible to draw conclusions about your person, and to subsequently evaluate it for internal company statistical purposes. We will not carry out any further evaluation without your consent.

Alternatively, you are free to send us your application by e-mail. If you decide to communicate with us by e-mail, we recommend that you encrypt your documents and send us a separate message containing your password. If you send us your application by e-mail without encryption, your message and attachments are not protected against unauthorized access or modification by third parties during data transmission. We recommend that you use only one e-mail box for your communication with us, to which only you have personal access.

You can still send us your application by letter post. There is no obligation to use our online carrer service.

b) Purpose and legal basis

We process your data to process your application (in particular to assess and select candidates, to prepare and conduct job interviews, to evaluate and assess the results of these interviews and any further necessary related measures) including the decision on the establishment of the employment relationship and to communicate with you. We also process some applicant data in order to fulfill certain obligations arising from legal norms.

The legal basis for processing is Article 88(1) GDPR in conjunction with § 26(1)(1), (8)(2) BDSG and additionally Article 6(1)(b) GDPR.

Within our company, only those persons who are involved in the decision-making process (e.g. the company management, the human resources department and your respective specialist contact persons) are granted access to your personal data, insofar as this is necessary in each case.

Data will only be passed on to third parties if we are obliged to do so by a legal provision or if you have given us your consent. For example, we are legally obliged to transfer your data to public bodies and institutions (e.g. tax office and social insurance agencies) in connection with the hiring of an employee.

If you apply for a job in the People's Republic of China online under "careers" and you expressly consent to the transfer of data, Henn Ltd., Sanlitun Soho-A-2102, Chaoyang District, 100027 Beijing, China will be given access to your application documents via the applicant management software Persis. The legal basis for this data transfer is Article 6(1)(a) GDPR in conjunction with Article 49(1)(1)(a) GDPR

When transferring data to external bodies in third countries, i.e. outside the EU or EEA, we ensure that these bodies treat your personal data with the same care as within the EU or EEA.

c) Storage period

aa) Your applicant data will be stored for the duration of the examination of your application.

bb) If the application procedure ends with a hiring, i.e. the conclusion of an employment contract, our personnel department will take your data to the personnel file. In this case, the general time limits for the retention of personal data belonging to the personnel file apply. We will provide you with further information on the processing of your personal data in connection with your employment separately in advance of your employment.

cc) If the application procedure ends with a non-employment (e.g. because your application is not successful or you withdraw your application), our human resources department will proceed as follows, unless we are entitled or obliged by law to retain your application in individual cases:

We store your data - protected against access by unauthorized persons - under consideration of § 61b(1) ArbGG in conjunction with § 15 AGG for a maximum period of six months from the date of receipt of the decision of non-employment, i.e. the receipt of the rejection letter by you. During this period, your data will only be accessed in order to be able to justify our documented decision if necessary on request.

After this period, we will delete or destroy your data. If you have applied by letter post, we will send your application documents back to you by letter post once the application procedure has been completed, provided you give us a domestic postal address and inform us of your request in good time.

You can also find further information in our data protection information for applicants in accordance with Articles 13, 14 GDPR [Link].

6. Linking to social networks

We link our website to our social media platforms.

Therefore, we have linked a graphic of the respective network. When calling our website, there is no automatic connection to the respective server of the social network. The respective provider or operator of the pages is always responsible for the contents of the linked pages.

Only by clicking on the corresponding graphic you will be forwarded to the service of the respective social network.

Here the following data is processed by the respective network:

• IP address
• date, time
• visited website

If you are logged in to your user account for the respective network during this time, the network operator may be able to assign the information collected during the visit to the user's personal account.

If you interact via a "share" button of the respective network, this information can also be stored in the user's personal user account and published if necessary. If you want to prevent the collected information from being directly assigned to your user account, the user must log out of the respective social network before clicking on the graphic.

You can also configure the respective user account accordingly.

We include the following social networks on our website by linking to them:

• Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Further information can be found in the privacy policy: https://www.facebook.com/policy.php

The Facebook Page privacy policy is available here [link] and on the Facebook Page under "About" in the sub-section "Imprint" and "Privacy Policy".

• Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Further information can be found in the privacy policy:
https://help.instagram.com/155833707900388

• LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland

Further information can be found in the privacy policy:
https://www.linkedin.com/legal/privacy-policy

III. Your rights as a data subject

1. Individual rights

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you are entitled in particular to the following rights against us as the person responsible:
 
> Right of access according to Article 15 GDPR in conjunction with § 34 BDSG

You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about your personal data and to receive further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.
 
> Right to rectification and completion under Article 16 GDPR
 
You have the right to demand the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
 

> Right to erasure ("right to be forgotten") in accordance with Article 17 GDPR in conjunction with § 35 BDSG
 
You have the right of erasure, as far as the processing is not necessary.
This is the case, for example, if your data are no longer necessary for the original purposes, if you have withdrawn your declaration of consent under data protection law or if the data was processed unlawfully.
 
> Right to restriction of processing in accordance with Article 18 GDPR

You have the right to limit the processing, for example if you believe that personal data is incorrect.
 
> Right to data portability according to Article 20 GDPR
 
You have the right to receive personal data concerning you in a structured, common and machine-readable format.

------------------------------------------------------------------------------
> Right to object according to Article 21 GDPR in conjunction with § 36 BDSG
 
You have the right to object at any time for reasons arising from your particular situation to the processing of certain personal data concerning you.

In the case of direct marketing, you, as the data subject, have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing, including profiling, insofar as it relates to such direct marketing
We have provided contact data that you can use for the declaration of revocation in this data protection declaration under the section "controller".

------------------------------------------------------------------------------

> Right to withdraw your data protection consent in accordance with Article 7(3) GDPR

You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, the legality of the processing carried out up to the time of withdrawl is not affected by this.

We have provided contact data that you can use for the declaration of revocation in this data protection declaration under the section "controller".

2. Data processing in the exercise of right

a) Type and scope of data processing
If you assert your rights under the GDPR and the BDSG against us, we will process the data you provide to us in order to fulfil your claim.

b) Purpose and legal basis
The legal basis for the processing of your data is Art. 6(1)(f) GDPR. The legitimate interest results from our obligation to fulfil your claim and our interest in avoiding sanctions (e.g. a fine) by being able to demonstrate and prove whether and in what way we have fulfilled our obligations.

c) Storage period
We store the data you provide to us and the data we provide to you for the purpose of fulfilling our obligations for the purpose of documentation until the expiry of the limitation periods under civil law and the law on administrative offences, i.e. generally for a period of three years.
The period begins at the end of the respective calendar year.

d) Right of objection
If your personal data is processed in accordance with Article 6(1)(f) GDPR you have a right of objection in accordance with Article 21 GDPR. However, in the case of the specific data processing operation, we have compelling legitimate grounds for the processing the data that are necessary for the protection of these because without storage of this data we can neither explain nor prove whether and in what way we have fulfilled our obligations.

3. Right to lodge a complaint with a data protection supervisory authority according to Article 77 GDPR
 
You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Germany
Postanschrift:  Postfach 1349, 91504 Ansbach
Tel.:   0981/180093-0
Fax:   0981/180093-800
E-Mail:   poststelle@lda.bayern.de
Homepage:  https://www.lda.bayern.de

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

IV. Changes to our data protection policy

Our data protection policy serves to fulfil legal information obligations. We update our data protection declaration as far as this becomes necessary. You can access, save and print out our data protection declaration in its current version at any time.

Last changed: September 09, 2020