Data privacy policy / information obligations according to Art. 13 GDPR

Thank you for your interest in our company. We are pleased to inform you below in accordance with Art. 13 of the EU General Data Protection Regulation (hereinafter: GDPR) about the processing of personal data when using this website www.hoenle.com.

Controller of this website within the meaning of the EU GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Hoenle AG
Otto-Nicolaus-Otto-Str. 2
82205 Gilching
Telefon: +49 8105 2083 - 0
Telefax: +49 8105 2083 - 148
E-Mail: info@hoenle.de

The data protection officer of the controller is:

Herr Rechtsanwalt Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Nordstr. 17A
50733 Köln
Tel.: +49 (0)221 – 222 183 – 0
E-Mail: mail@kinast.eu
Website: https://www.kinast.eu

This privacy policy applies to the website of Hoenle AG, which can be accessed under the domain www.hoenle.com and the various subdomains (hereinafter referred to as "our website").

I. Principles of data processing

The legal foundations of data protection are anchored in the GDPR and the German Federal Data Protection Act (BDSG), among others.

We only process our users' personal data to the extent necessary to provide a functional website and our content and services.

1. Personal data

Personal data is any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behavior.

2. Processing of personal data

The term "processing" of personal data within the meaning of Art. 4 No. 2 GDPR is broadly defined and includes any operations that are carried out with personal data - regardless of whether they are automated. This includes, among other things, the collection, storage, adaptation, transmission or deletion of data.

3. Legal basis for the processing of personal data

Every processing of personal data is based on a legal basis:

• Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
• When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
• Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
• In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.

4. Storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the processing has been achieved or no longer applies. Data may also be stored if longer retention periods are stipulated by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a retention period prescribed by the aforementioned standards ends, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

5. Disclosure of personal data to third parties

We use specialized providers for the provision of our website or certain services on the website (e.g. for hosting the pages or sending newsletters). These providers act as service providers for us and may also obtain knowledge of your personal data in connection with the maintenance and care of the systems. We have concluded so-called order processing contracts with these providers in accordance with Art. 28 GDPR, which ensure that data processing is carried out in a permissible manner.

As part of this, personal data may also be transferred to countries outside the EU/EEA. However, we take the necessary precautions in accordance with the provisions of the GDPR to ensure that your data is transferred in compliance with data protection regulations. Such a transfer to a so-called third country only takes place under the conditions of Art. 44 et seq. GDPR.

II. Individual processing operations

1. Provision and use of the website

First, we will inform you about all relevant information on data processing operations that are initiated in connection with the general use of our website, i.e. without actively triggered data transmissions.

a) Type and scope of data processing

The following personal or personal-related data is collected in this context:

1. Information about the browser type incl. version and language used
2. The user's operating system incl. interface
3. The IP address of the user
4. Date and time of access
5. Origin page (HTTP referrer)
6. Address called up (2nd-level-domain.1st-level-domain/ page called up)
7. Call status (HTTP status code)
8. amount of data transferred

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

b) Legal basis

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR.

c) Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected or the purpose no longer applies. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of users are anonymized after two days at the latest, so that it is no longer possible to identify the accessing client.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right to object, as the interests of the processor outweigh those of the data subject (Art. 6 (1) (f) GDPR).

2. Newsletter

You can subscribe to a free newsletter on our website by clicking on the following link.

a) Type and scope of data processing

To send you the newsletter, which you can subscribe to free of charge, we process your e-mail address, your relationship to our company and the language. You can also voluntarily provide further information about your first name and surname. We process the data you enter exclusively for the purpose of sending the newsletter.

b) Legal basis

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The user can freely withdraw their consent at any time (Art. 7 para. 3 GDPR).

c) Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's data will therefore be stored for as long as the subscription to the newsletter is active.

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

3. Contact forms and e-mail contact

Contact forms are available on our website which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

Alternatively, it is possible to contact us via the e-mail address(es) provided. In this case, the user's personal data transmitted with the e-mail will be stored.

a) Type and scope of processing

The data processed by the contact form includes the first and last name, address, zip code, city, company, email address, telephone number and country. The first name is not a mandatory field.

You can also (optionally) enter an application, your interest in a product and a free text. Your details may also contain personal data.

b) Legal basis

The legal basis for the processing of data transmitted in the course of using the contact form or sending an email is Art. 6 (1) (f) GDPR.

If the use of the contact form or the transmission of an email serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the legal basis for the processing of the data is Art. 6 para. 1 lit. b) GDPR.

The processing of personal data from the input mask or, in the case of contact by e-mail, serves us solely to process the contact.

For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f) GDPR, insofar as it is not already the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures.

c) Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If there are statutory retention periods for the communication content, e.g. due to commercial and/or tax law requirements, the corresponding data will be deleted after these periods have expired.

Provided there are no statutory retention obligations, the user can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

4. Career portal

a) Type and scope of processing

As part of our career portal, we collect and process personal data from applicants that is provided to us in the course of an application or unsolicited application. This includes in particular:

• Master data (e.g. name, address, date of birth, contact details)
• Application documents (e.g. CV, certificates, cover letter)
• Further information provided voluntarily
• Communication data (e.g. e-mail correspondence, interview notes)

This data is processed exclusively for the purpose of carrying out the application process and, if applicable, the following employment and contractual relationships.

b) Legal basis

The processing of your application data takes place on the basis of:

For the purpose of contract fulfillment/pre-contractual measures Art. 6 para. 1 lit. b) GDPR, as the processing is necessary for the decision on an employment relationship. Processing may also take place on the basis of the legitimate interest Art. 6 para. 1 lit. f) GDPR, if we need the data to protect our interests, e.g. for legal defense. If consent is obtained (e.g. for longer storage in the applicant pool), the processing is carried out on the basis of Art. 6 para. 1 lit. a) GDPR.

c) Storage duration

Your application data will be stored for as long as is necessary for the application process. In detail:

• Successful application: Data is transferred to the personnel file and stored and retained in accordance with the applicable labor law regulations.
• Rejected applications: this data is generally deleted six months after completion of the application process, provided that no further consent has been given or there are no statutory retention obligations to the contrary.
• Applicant pool (with consent, see above): Storage for a maximum of 12 months, then deletion or new consent obtained.

III. Use of cookies and third-party providers

1. Cookies

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

a) Technically required cookies

(1) Type and scope of processing

We use cookies to make our website more user-friendly. These are so-called technically necessary cookies, which are deleted after leaving the website. Technically necessary cookies are used to ensure the presentation and usability of our website. These may contain language settings, for example.

(2) Legal basis

The legal basis for the use of technically necessary cookies in order to provide visitors with the expressly requested service is Art. 6 para. 1 lit. f) GDPR and therefore our legitimate interest in the processing of personal data.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

(3) Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. However, deletion will only take place if there are no legal retention periods to the contrary.

b) Technically unnecessary cookies (marketing and analysis cookies)

(1) Type and scope of processing

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

These cookies collect information about how you use our website. They help us to measure and improve the performance of our website by providing statistics and analysis. We use this information to optimize the user-friendliness and relevance of our content. This enables us to make our website more user-friendly and effective for you.

(2) Legal basis

The legal basis for the use of technically necessary cookies for the associated storage of information on your end device and its subsequent reading is § 25 para. 2 no. 2 TDDDG. The following processing of your personal data is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

The processing of the personal data collected on this basis takes place exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

(3) Storage duration

As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law. You can find more detailed information on the respective storage periods in our cookie banner.

However, you can change your cookie settings at any time by clicking on the cookie settings option on our website. You have control over your cookie preferences.

c) Listing of individual cookies

2. Data transmission to third-party providers

Our website uses so-called Content Delivery Networks (CDN) and other third-party tools. CDNs shorten the loading time of common JavaScript libraries and fonts because the files are transferred from fast, local or underutilized servers. We also use Google Maps to display geographical information visually.

a) Integration of various Google services

(1) Type and scope of processing

We use Google Inc. for the use of "Google Fonts" and "Google Maps"

When using CDN and other tools, your IP address is transmitted to the third-party providers, among other things. Although the third-party providers operate servers in the EU, it cannot be ruled out that your browser may also access servers outside the EU. You can find more information about which personal data Google Inc. processes in this context at https://policies.google.com/privacy?hl=de&gl=de.

(2) Legal basis

The use of CDN and other tools is in the interest of a uniform and appealing presentation of our website. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f) GDPR.

(3) Storage duration

By changing the settings in your Internet browser, you can deactivate the execution of Java Script altogether. If Java-Script is deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

b) Use of Google Analytics

(1) Type and scope of processing

We use tracking and analysis tools to ensure the continuous optimization and needs-based design of our website. With the help of tracking measures, we are also able to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained in this way.

(2) Legal basis

Based on these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") provided by us on the website, the legality of the use is also based on Art. 6 para. 1 sentence 1 lit. a) GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the data processed.

This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The IP address is only stored in anonymized form, i.e. your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link: Deactivate Google Analytics. An opt-out cookie will be installed on your device. This will prevent Google Analytics from collecting data for this website and for this browser in the future as long as the cookie remains installed in your browser.

Further information and the applicable data protection provisions of Google may be retrieved under https://policies.google.com/privacy?hl=de&gl=de and under https://marketingplatform.google.com/about/analytics/terms/de/. Google Analytics is explained in more detail at this link https://marketingplatform.google.com/about/.

c) Social media

As part of our company's public relations work, we operate accounts on various social networks. We have linked the corresponding data protection declarations here:

• Facebook by Meta Platforms Ireland Limited, (Ireland) https://www.facebook.com/privacy/policy.
• Instagram by Meta Platforms Ireland Limited, (Ireland) https://privacycenter.instagram.com/policy/
• LinkedIn by LinkedIn Ireland Unlimited Company, (Ireland) https://de.linkedin.com/legal/privacy-policy.
• XING by New Work SE, (Hamburg) https://privacy.xing.com/de/datenschutzerklaerung/
• Youtube by Google Ireland Limited (Ireland) https://support.google.com/youtube/answer/10364219?hl=de

In light of the case law of the European Court of Justice, there is regularly joint responsibility between the operator of a company profile and the provider of the social network (e.g. Meta) for the collection and further processing of personal user data when visiting the social network. Where available, we have therefore concluded a joint controllership agreement with the relevant providers in accordance with Art. 26 GDPR.

The joint responsibility means in particular that you can make requests for information and assert other data subject rights with the respective provider and with us. However, it makes sense to assert these directly with the providers, as the providers of the social networks alone have direct access to the necessary information and can also immediately take any necessary measures and provide information. Should our support nevertheless be required, we can be contacted at any time.

If you would like to contact us, we would also recommend that you use the contact options provided directly.

IV. Rights of data subjects

The GDPR gives rise to the following rights for those affected by the processing of personal data, about which we inform you below in accordance with Art. 13 GDPR:

• In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, about a transfer to third countries or to international organizations and about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
• In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.
• In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing pursuant to Art. 21 GDPR.
• In accordance with Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you can request that it be transferred to another controller.
• In accordance with Art. 7 para. 3 GDPR, you can revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future.
• In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters for this purpose.

V. Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the case of direct advertising, you can assert your right to object without giving reasons.