Data protection

Data protection information

and at the same time informing data subjects in accordance with Article 13 and Article 14 GDPR

GENERAL, RESPONSIBLE, DATA PROTECTION OFFICER

PREAMBLE

Thank you for your interest in our website and our offers on our web pages. The protection of your personal data (hereinafter referred to as “data”) is a major and very important concern for us. In the following, we would therefore like to inform you in detail about which data is collected when you visit our website and use our offers there and how it is processed or used by us in the following, as well as about the accompanying protective measures we have also taken in technical and organizational terms.

HJS Emission Technology GmbH & Co KG (hereinafter referred to as “HJS”, “we”, “us”, “our”) provides services in which data and in particular personal data are processed. This applies in particular to the online store, communication and marketing activities, the provision of this website and all associated activities.

NOTE ON THE RESPONSIBLE BODY

The controller pursuant to Art. 4 (7) of the General Data Protection Regulation (hereinafter referred to as “GDPR”) and other national data protection laws of the member states as well as other data protection regulations is

HJS Emission Technology GmbH & Co. KG

Dieselweg 12
58706 Menden| Germany

T: +49 (0) 2373 987 0
M: hjs(at)hjs.com

DATA PROTECTION OFFICER

We have appointed a data protection officer for our company:

Thorsten Schröers | SAFE-PORT Consulting GmbH
c/o DPO HJS
Hülshoff-Straße 7
59469 Ense | Germany

T: +49 (0) 2938 977 978
M: privacy(at)safe-port.de

SCOPE OF THE PROCESSING OF PERSONAL DATA

We only process our users’ personal data insofar as this is necessary to provide a functional website and our content and services. The processing of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

DATA DELETION AND STORAGE DURATION

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

HOSTING, CDN, COOKIES AND LOGFILES

PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

Informational use / description and scope of data processing

It is generally not necessary for you to provide personal data in order to use our website for information purposes only. Rather, in this case we only collect and use the data that your Internet browser automatically transmits to us, such as:

Date and time of access to one of our web pages
Your browser type
the browser settings
the operating system used
the last page you visited
the amount of data transferred and the access status (file transferred, file not found, etc.)
Your IP address.

Purpose

We collect and use this data during an informational visit exclusively in non-personalized form. This is done to enable you to use the web pages you have accessed, for statistical purposes and to improve our website. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after fourteen days at the latest; storage beyond this is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing user. Access to the log data is only possible directly and exclusively for administrators.

Possibility of objection and removal

The collection of data for the provision of services and the storage of data in log files is absolutely necessary for the operation of the services offered. Consequently, the user has no option to object.

HOSTING OF THE WEBSITE

This website is hosted by an external service provider (Müller & Walther GbR, Am Kraehenacker 6c, 58791 Werdohl, Germany, hereinafter referred to as the “Host”). The personal data collected on this website is stored on the Host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

If we commission service providers with the processing of data, this is always done in accordance with Art. 28 GDPR on the basis of a so-called order processing contract. In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

NOTE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES

Among other things, we use tools from companies based in third countries that are not secure under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (“DPF”). If these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not secure under data protection law.

We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the EU-US Data Privacy Framework (“DPF”) or has suitable additional guarantees. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

We have additionally concluded valid suitable guarantees with the service providers for the transfer to these third countries in accordance with Art. 46 para. 2 GDPR. If you have any further questions, please contact our data protection officer.

Data is transferred to the USA exclusively on the basis of the consent of the data subject (Art. 6 para. 1 lit. a GDPR). You can revoke any consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

CONTENT DELIVERY NETWORK

CLOUDFLARE

This website uses the Cloudflare service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”). See also “NOTICE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES“.

Cloudflare offers a globally distributed Content Delivery Network (“CDN”) with DNS. The information transfer between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze the traffic between your browser and our website and to serve as a filter between our servers and potentially malicious traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://www.cloudflare.com/privacypolicy/.

The company is certified in accordance with the EU-US Data Privacy Framework (“DPF”). Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5666.

In order to ensure data protection-compliant processing, we have also concluded an order processing contract with Cloudflare in accordance with Art. 28 GDPR.

USE OF COOKIES

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

When accessing our website, the user is informed about the use of cookies by a consent banner and his consent to the processing of the personal data used in this context is obtained and documented in accordance with data protection regulations. In this context, reference is also made to this data protection information. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

You can also determine yourself whether cookies can be set and retrieved using the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback. For technical reasons, however, it is necessary to allow the cookies we use in order to use the full functionality of our website.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies (and comparable recognition technologies) for analysis purposes and for ad control or evaluation is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG; consent can be revoked at any time.

Purpose of data processing

If technically necessary cookies are used:

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. We require cookies for the following applications: Storage of visitor settings selected in the consent banner.

These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

The user data collected by technically necessary cookies is not used to create user profiles.

Duration of storage, objection and removal options

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

COOKIE CONSENT WITH THE "BORLABS CONSENT TOOL"

Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document them in accordance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as “Borlabs”).

Description and scope of data processing

When you enter our website, your consent and other declarations regarding the use of cookies are obtained via our consent tool. The consent tool then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them.

Legal basis for data processing

The consent tool is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Purpose of data processing

The purpose of providing the consent tool is to comply with overriding legal provisions and to inform users of the context in which cookies are used on this website.

Possibility of objection and removal

The data collected by the consent tool remains stored until you delete the consent cookie yourself, adjust the settings again via the consent banner or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Further information

We have concluded an order processing contract with Borlabs. This is a contract prescribed by data protection law, which ensures that Borlabs processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

PLUGINS AND TOOLS

ANALYSIS AND MEASUREMENT

GOOGLE ANALYTICS

Our website uses Google Analytics 4, provided by Google Ireland Limited, Gordon House, Barrow St, Dublin, Ireland (“Google”), which can be used to analyze the use of websites. Cookies are used when Google Analytics 4 is used. The information collected by cookies about your use of the website (including the IP address transmitted by your end device, shortened by the last digits, see below) is usually transmitted to a Google server, where it is stored and processed. This may also result in information being transmitted to the servers of Google LLC based in the USA and further processing of the information there (see also the section ” NOTICE ON DATA TRANSMISSION TO THE USA AND OTHER THIRD COUNTRIES“).

When using Google Analytics 4, the IP address transmitted by your end device when you use the website is always collected and processed in anonymized form by default and automatically. This means that the information collected cannot be linked to you personally. This automatic anonymization is carried out by shortening the IP address transmitted by your device by Google within member states of the European Union (EU) or other signatory states to the Agreement on the European Economic Area (EEA) by the last digits.

Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activity and usage behavior and to provide us with other services relating to your use of the website and the Internet. The abbreviated IP address transmitted by your device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for 2 months and then deleted.

Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the use of third-party information via a special function, the so-called “demographic characteristics”. This makes it possible to determine and differentiate between user groups of the website for the purpose of target group-optimized marketing measures. However, data collected via the “demographic characteristics” cannot be assigned to a specific person and therefore not to you personally. This data collected via the “demographic characteristics” function is stored for two months and then deleted.

Since a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website.

In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals, we can have Google create cross-device reports (so-called “cross-device tracking”). If you have activated “personalized ads” in your Google account settings and linked your internet-enabled devices to your Google account, Google can analyze usage behavior across devices and create database models based on this if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 Para. 1 lit. a GDPR. This takes into account the logins and device types of all website users who were logged into a Google account and carried out a conversion. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the relevant conversion took place. We do not receive any personal data from Google, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the “personalized ads” function in the settings of your Google account and thus deactivating the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de.

Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de.

We have concluded a so-called order processing contract with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.

To ensure compliance with the European level of data protection, including in the event of any transfer of data from the EU or the EEA to the USA and possible further processing there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.

Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites.

The company is certified in accordance with the EU-US Data Privacy Framework (“DPF”). Further information on this can be found at the following link: https://www.dataprivacyframework.gov/participant/5780.

In order to ensure data protection-compliant processing, we have also concluded an order processing contract with the provider in accordance with Art. 28 GDPR.

MATOMO

This website uses the open source web analysis service Matomo.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.

We have configured Matomo so that Matomo does not store any cookies in your browser.

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

MARKETING

No plugins or tools in this category in use.

SETTINGS

GOOGLE FONTS (VIA GOOGLE API)

If Google services are activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you access Google services, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

YOUTUBE WITH EXTENDED DATA PROTECTION

Our website integrates videos from YouTube. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “YouTube”).

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. When using this plugin, data transmission to the USA is not excluded. See also the section “NOTICE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES“.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de.

OPEN STREET MAP

We use the map service of OpenStreetMap (“OSM”) on our website; for this purpose, we integrate the map material of OpenStreetMap on the server of the OpenStreetMap Foundation, St John’s Innovation Center, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a safe third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation (“OSMF”). Among other things, your IP address and other information about your behavior on this website may be forwarded to OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies.

The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information can be found in OpenStreetMap’s privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

GOOGLE MAPS (WITH 2-CLICK SOLUTION)

This site uses the map service Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there (see also the section “NOTICE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES“). The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you access Google Maps, your browser may load the required web fonts into your browser cache in order to display texts and fonts correctly. The provider of this site also has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG; the consent can be revoked at any time.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

VIMEO WITH ENHANCED DATA PROTECTION

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”).

When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. However, we have configured Vimeo so that Vimeo does not track your user activities and does not set any cookies.

The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

When using this plugin, data transfer to the USA is not excluded. See also the section “NOTICE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES“.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. You can find details here: https://vimeo.com/privacy.

Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.

SOCIAL MEDIA

META PIXEL

This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). However, according to Facebook, the data collected is also transferred to the USA and other third countries (see also the section “NOTICE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES“).

This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy(https://de-de.facebook.com/about/privacy/). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
You can find further information on protecting your privacy in Facebook’s data protection information: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

INSTAGRAM

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Instagram”). However, according to Instagram, the data collected is also transferred to the USA and other third countries (see also the section “NOTICE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES“).

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

You can find more information on this in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

Functions of the X service are integrated on this website. These functions are offered by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter “X”. The Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the data processing of persons living outside the USA. However, according to X, the data collected is also transferred to the USA (see also the section “NOTICE ON DATA TRANSFER TO THE USA AND OTHER THIRD COUNTRIES“).

When the social media element is active, a direct connection is established between your device and the X server. X thereby receives information about your visit to this website. By using X and the “Re-Tweet” or “Repost” function, the websites you visit are linked to your X account and made known to other users. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X. Further information on this can be found in X’s privacy policy at: https://twitter.com/de/privacy.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

You can change your data protection settings for X in the account settings at https://twitter.com/account/settings.

OTHER

GOOGLE TAG MANAGER

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information on the use of Google Tag Manager: https://support.google.com/tagmanager/answer/9323295?hl=de.

When processing the data, information may also be transmitted to the servers of Google LLC based in the USA and further processing of the information may take place there (see also the section “NOTICE ON DATA TRANSMISSION TO THE USA AND OTHER THIRD COUNTRIES“).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

FRIENDLYCAPTCHA

We use Friendly Captcha (hereinafter referred to as “Friendly Captcha”) on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.

Friendly Captcha is used to check whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, Friendly Captcha analyzes the behavior of the website visitor based on various characteristics. For the analysis, Friendly Captcha evaluates various information (e.g. anonymized IP address, referrer, visit time, etc.). You can find more information on this at: https://friendlycaptcha.com/legal/privacy-end-users/.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We have concluded a data processing agreement (“DPA”) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

USE OF SERVICES AND OFFERS

POSTAL ADVERTISING

We use your address in compliance with all legal provisions for sending postal advertising (“postal advertising”).

The legal basis for this is our legitimate interest in direct advertising in accordance with Art. 6 para. 1 lit. f in conjunction with recital 47 GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. More specific regulations may be communicated to you in the context of data collection and take precedence over this regulation.

Your address will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to postal advertising, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

ORDERING CATALOGS, BROCHURES AND CUSTOMER MAGAZINES

We use your address in compliance with all legal provisions for sending postal advertising (“postal advertising”) in the form of catalogs, brochures and customer magazines.

CARPARTS WEB CATALOG

It is possible to access an online catalog on our website. This is a service provided by DVSE Gesellschaft für Datenverarbeitung, Service und Entwicklung mbH, Lise-Meitner-Straße 4, 22941 Bargteheide, Germany (hereinafter referred to as “TOPMOTIVE”).

With the help of TOPMOTIVE, the content of our online catalog (“CARPARTS”) is made accessible and displayed in the browser without having to load a corresponding file.

When you visit a subpage of our website on which such a publication is embedded, a connection to the TOPMOTIVE servers is established and displayed within our website. This tells TOPMOTIVE which website you have visited. In addition, your IP address and information about the time and duration of use is also transmitted to TOPMOTIVE. TOPMOTIVE uses cookies and JavaScript for this purpose.

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG; the consent can be revoked at any time. CARPARTS is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In principle, we have no influence on the specific storage period; this is determined by the provider of the service.

Further information can be found in TOPMOTIVE’s privacy policy at https://topmotive.eu/datenschutzerklarung/.

OWN SERVICES

CONTACT FORM AND E-MAIL CONTACT

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are

Your e-mail address
IP address of the user
Date and time of the message
Further information that you enter in the contact form

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

Contacting us by providing an e-mail address is only possible from the age of 16 or with the consent of a parent or guardian. By using this function, you confirm that you are over 16 years of age or that you have the consent of a parent or guardian.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment or conclusion of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. You can make use of your right to object by contacting us using the contact details above. All personal data stored in the course of contacting us will be deleted in this case.

INQUIRIES BY PHONE OR FAX

If you contact us by telephone or fax, we will store and process your inquiry including all personal data (name, inquiry) for the purpose of processing your request. We will not pass this data on to third parties without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The processing of personal data serves us solely to process your request.

The data you send to us via inquiries will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed).

The user has the option to object to the processing of their personal data at any time. You can exercise your right to object by contacting us using the contact details above.

All personal data stored in the course of making contact will be deleted in this case. Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

SOCIAL MEDIA

SOCIAL MEDIA - GENERAL INFORMATION

When you visit our social media page, personal information about you is processed. If you have your own user account on a social network and are logged in to this account when you visit our presence on this social network, all the data collected about you will be assigned directly to your existing account.

Social networks can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). The data collected about you is stored as a user profile and can be analyzed for advertising and/or market research purposes.

If you actively interact with us via our social media sites (messages, comments, downloads, etc.), we may be informed of your actions. The functions of the social media pages allow us to view your public profile data. You determine which data is visible in your social media account settings.

Legal basis

In principle, the legal basis for the processing of your personal data on our social media pages is Art. 6 para. 1 lit. f GDPR. Data processing is necessary in order to provide you with the functions and information you have requested, in the interest of our public relations work and communication with you. If you require further information on the balancing of interests to be carried out in accordance with Art. 6 para. 1 lit. f GDPR, please contact our data protection officer using the contact details provided in this data protection notice. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG).

If your contact is aimed at the conclusion of a contract (or is related to an existing contract), the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

If necessary, we will obtain your consent for data processing (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG). Consent can be revoked at any time.

Responsible party and assertion of rights

If you visit one of our social media sites, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal. Further information can be found under “SOCIAL MEDIA ACCESS” under the respective website.

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

SOCIAL MEDIA PRESENCE

FACEBOOK

We would like to point out that, according to current case law, there is joint responsibility between Meta (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, hereinafter “Facebook”) and the operator of the Facebook fan page (“joint controller”). You can find more information at: www.facebook.com/legal/terms/information_about_page_insights_data. If you have any questions about data processing by Facebook, you can contact Facebook’s data protection officer(https://www.facebook.com/help/contact/540977946302970).

By interacting with our Facebook fan page (e.g. in the form of messages, comments or “Like” information), the data you provide will be transmitted by Facebook to us as the operator of the fan page. The legal basis for this data transfer is Art. 6 para. 1 lit. f GDPR. You can specify which personal data is publicly accessible in the settings of your Facebook account. To do this, go to the settings of your Facebook account under “Privacy”. You can check and adjust these settings at https://www.facebook.com/settings?tab=privacy. You can also control the behavior of the “Like” information there (visibility for other users).

We store your personal data that Facebook makes available to us for as long as knowledge of the data is required for the purposes of the business relationship or the purposes for which it was collected, or for as long as statutory or contractual retention requirements exist. You can also object to data storage at any time (right to object). Facebook offers fan page operators analysis functions (“Facebook Insights”). These functions allow fan page operators to analyze a summary of data in the form of page statistics within a tool. We use this data to compile anonymized statistics (“likes”, page views, regional distribution of users, reach of posts, etc.) and to examine the effectiveness of fan page posts. The “Facebook Insights function” is used in accordance with Art. 6 para. 1 lit. f GDPR. See “LEGITIMATE INTEREST AND DATA SUBJECT RIGHTS” in this section.

Facebook is responsible for all processing related to Facebook Insights and the further processing of user data. Further information can be found at: https://www.facebook.com/legal/terms/page_controller_addendum and here: https://www.facebook.com/privacy/explanation.

The company is certified in accordance with the EU-US Data Privacy Framework (“DPF”). Further information on this can be found at the following links: https://www.dataprivacyframework.gov/participant/4452, https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

In order to ensure data protection-compliant processing, we have also concluded an order processing contract with the provider in accordance with Art. 28 GDPR.

INSTAGRAM

By interacting with our Instagram presence (e.g. in the form of messages, comments or “likes”), the data you provide will be transmitted to us by Instagram as the operator of the Instagram account. The provider of the service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as “Facebook” or “Instagram”). We would like to point out that we are joint controllers with Facebook within the meaning of Art. 26 GDPR. We have concluded a Joint Controller Addendum with LinkedIn. Further information can be found here: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.

The legal basis for these data transfers is also Art. 6 para. 1 lit. f GDPR. You can decide for yourself which personal data is publicly accessible in the settings of your Instagram account under “Privacy and security”. You can check and adjust these settings at https://www.instagram.com/accounts/privacy_and_security/. If you use Instagram forms to generate leads (the legal basis is consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, whereby consent can be revoked at any time), personal data (e.g. your name, specified company, your e-mail address or your telephone number) will be stored by Instagram or Facebook and made available to us. We use this contact data to provide you with further information about our services and products. The use of the lead forms as part of our Instagram presence is in accordance with Art. 6 para. 1 lit. f GDPR. We have legitimate interests in the processing, which can be seen in the section “Legitimate interests and data subjects’ rights” in this section. You can object to the use of your data from the lead form at any time. The lead data is stored on Instagram/Meta for 90 days and then deleted. For more information on how Meta, as the operator of Instagram, uses your data, please refer to Meta’s further information at: https://www.facebook.com/business/help/563690893827148?id=735435806665862.

We store your personal data that Instagram/Facebook makes available to us for as long as knowledge of the data is required for the purposes of the business relationship or the purposes for which it was collected, or for as long as statutory or contractual retention requirements exist. You can also object to data storage at any time (right to object). Instagram offers the operators of the fan page analysis functions (“Instagram Insights”). These functions allow account holders to analyze a summary of data in the form of page statistics within a tool. We use this data to compile anonymized statistics (“likes”, page views, regional distribution of users, post reach, etc.) and to examine the effectiveness of the Instagram presence. The “Instagram Insights function” is used in accordance with Art. 6 para. 1 lit. f GDPR.

The responsibility for all processing related to Instagram Insights and the further processing of user data lies with Instagram or Facebook (Instagram as a product of Facebook). You can find more information on this at: https://www.facebook.com/help/instagram/155833707900388.

YOUTUBE

By interacting with our YouTube channel (e.g. in the form of comments or “likes”), the data you provide will be transmitted to us by YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “YouTube”).

The legal basis for these data transfers is also Art. 6 para. 1 lit. f GDPR. You can specify which personal data is publicly accessible in the settings of your YouTube account under “Privacy”. You can check and adjust these settings at https://www.youtube.com/account_privacy If you use YouTube forms to generate leads (the legal basis is consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 TDDDG), personal data (e.g. your name, specified company, your email address or your telephone number) will be stored by YouTube or Google and made available to us. We use this contact data to provide you with further information about our services and products. The lead forms on our YouTube channel are used in accordance with Art. 6 para. 1 lit. f GDPR. We have legitimate interests in the processing, which can be found in the section “Legitimate interests and data subjects’ rights” in this section. You can object to the use of your data from the lead form at any time. The lead data is stored on YouTube/Google for 90 days and then deleted. For more information on how Google, as the operator of YouTube, uses your data, please refer to the additional information provided by Google at: https://support.google.com/google-ads/answer/9423235?hl=en.

We store your personal data that YouTube/Google makes available to us for as long as knowledge of the data is required for the purposes of the business relationship or the purposes for which it was collected, or for as long as statutory or contractual retention requirements exist. You can also object to data storage at any time (right to object). YouTube offers the operators of the channel analysis functions (“YouTube Analytics”). These functions allow account holders to summarize and analyze data in the form of page statistics within a tool. We use this data to compile anonymized statistics (“likes”, page views, regional distribution of users, etc.) and to examine the effectiveness of the YouTube channel. The YouTube Analytics function is used in accordance with Art. 6 para. 1 lit. f GDPR.

YouTube or Google Inc. (YouTube as a product of Google) is responsible for all processing related to YouTube Analytics and the further processing of user data. You can find further information on this at: https://policies.google.com/privacy.

The controller operates an X site in order to present itself to and communicate with the users of X and other interested persons who visit this X site. These functions are offered by the parent company X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the data processing of persons living outside the USA.

By using X and the “Re-Tweet” function, the websites you visit are linked to your X account and made known to other users. Data is also transmitted to X in the process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X. The processing of users’ personal data is based on the legitimate interest of the controller in an optimized company presentation (Art. 6 para. 1 lit. f GDPR). The use of X is the responsibility of the respective user on the basis of X’s privacy policy. Further information on this can be found in X’s privacy policy at: http://twitter.com/privacy.

You can change your data protection settings at X in the account settings at: http://twitter.com/account/settings.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

LEGITIMATE INTEREST AND DATA SUBJECT RIGHTS

In part, the use of our social media presence is based on Art. 6 para. 1 lit. f GDPR (“legitimate interests”). Our interests lie in analyzing trends, interacting with our social media users and improving our campaigns and services. If you require further information on the balancing of interests to be carried out in accordance with Art. 6 para. 1 lit. f GDPR, please contact our data protection officer using the contact details provided in this privacy policy. If necessary, we will obtain your consent for data processing (Art. 6 para. 1 lit. a GDPR).

Your rights as a data subject vis-à-vis us can be found in the section: “YOUR RIGHTS AS A DATA SUBJECT”.

FURTHER INFORMATION ON OUR SOCIAL MEDIA PRESENCE

Facebook – Further information on how you can assert or implement your data subject rights directly against Facebook can be found at: https://www.facebook.com/privacy/explanation. You can find information on Page Insights data at: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.

Instagram – Further information on how you can assert or implement your data subject rights directly against Facebook (as the operator of Instagram) can be found at: https://www.facebook.com/help/instagram/155833707900388. Information on Page Insights data can be found at: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.

YouTube – Further information on how you can assert or implement your data subject rights directly against Google (as the operator of YouTube) can be found at: https://policies.google.com/privacy.

X – Further information on how you can assert or implement your data subject rights directly against X can be found at: https://twitter.com/privacy?lang=de.

HANDLING OF APPLICANT DATA

PERSONAL INFORMATION AND PERSONAL DATA

In the application process, we only process the personal data that you send us with your application. As a rule, this is the following data:

Surname, first name and date of birth;
Contact details (telephone number, e-mail address);
Application data such as CV, cover letter and references;
if applicable, information on health status or severe disability;
an application photo, if applicable;
Account details in the event of reimbursement of travel expenses;
Any other information you may provide during the interview.

We do not require any information from you that is not usable under the General Equal Treatment Act (“AGG”) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sex life).

Please refrain from adding such information to the application documents.

The personal data is stored in the applicant management system used by the controller.

PURPOSES OF COLLECTION AND PROCESSING

We collect, process and use your personal data to the extent necessary to establish a possible contractual relationship. This also includes contacting you to process the contract and, depending on the type of employment, providing evidence as part of the applicant screening process, if this is absolutely necessary for the position to be filled (this information is not transferred to the applicant management system, only that the necessary evidence has been provided).

In some cases, we use external service providers to process your data. These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. They are regularly monitored by us. The service providers will not pass this data on to third parties, but will delete it once the contract has been fulfilled and the statutory storage periods have expired, unless you have consented to it being stored beyond this.

LEGAL BASIS FOR THE PROCESSING

Data processing for the purpose of contract initiation and processing (Art. 6 para. 1 lit. b GDPR)

Data is only collected and processed to the extent necessary to decide on the establishment of an employment relationship.

Data processing based on a balancing of interests (Art. 6 para. 1 lit. f GDPR)

A legitimate interest may arise, for example, from internal organizational and administrative purposes. Processing of your data is permitted here if the protection of your interests, fundamental rights and freedoms does not prevail. The following areas can also be regarded as legitimate interests:

ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
for the assertion of legal claims and
Defense in legal disputes.

Data processing based on consent (Art. 6 para. 1 lit. a GDPR)

In addition, we may process your personal data on the basis of your voluntary consent, e.g:

by voluntarily providing data that is not absolutely necessary for the purpose or
the transfer of your data to the applicant pool.

If the processing of personal data is based on your consent, you have the right to withdraw this data protection consent in accordance with Art. 7 (3) GDPR. To assert your rights as a data subject with regard to the data processed in this application process, please contact our data protection officer using the contact details above.

TRANSMISSION OF YOUR PERSONAL DATA

Your application data will be reviewed and processed by the HR department after receipt of your application. Suitable applications are then forwarded to the department managers or their authorized representatives for the respective open position, whereby the “need to know” principle is applied. The further process is then coordinated. Within the company, only those persons have access to your data who need it for the proper conduct of our application process.

There is no data transfer outside the European Union and there are no plans to do so.

DURATION OF STORAGE

Your personal data will be deleted six months after the end of the application process in accordance with Section 61b (1) ArbGG in conjunction with Section 15 AGG. § 15 AGG. You will not be informed separately about the deletion of your data.

If you have been accepted for a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving your consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

The data from the applicant pool will be irrevocably deleted no later than one year after consent has been given. You will not be informed separately about the deletion of your data.

REPORTING OF VIOLATIONS

If you believe that applicable laws have been violated during the application process, you can use our whistleblower protection platform at https://applicants.safe-trusty.de to report the incident.

We use the “SAFE trusty” service of SAFE-PORT Consulting GmbH, Hülshoff-Straße 7, 59469 Ense, Germany (“SAFE-PORT”) to implement the requirements of the Whistleblower Protection Act (“HinSchG”) in connection with the application process. The platform and the incoming notices are managed centrally on the SAFE-PORT servers. For the use of the “SAFE trusty” services, we have concluded an order processing contract with the provider in accordance with Art. 28 GDPR.

NECESSITY OF PROVISION

The provision of personal data is neither legally nor contractually required, nor are you obliged to provide it. However, the provision of personal data is necessary for the application process and for the conclusion of an employment contract. If you do not provide it, it will not be possible to carry out the application process or conclude a contract.

FURTHER INFORMATION FOR CUSTOMERS AND INTERESTED PARTIES

PERSONAL INFORMATION AND PERSONAL DATA

HJS collects and processes information from customers and interested parties in both paper and digital form. This data may include

Personal master data (name, academic title, address, customer number, etc.)
Contact details (telephone number, e-mail address, etc.)
Billing data (name, address, billing office, etc.)
Communication data (e-mails, postal correspondence, etc.)
If applicable, health data (degree of care), if support is required when applying for subsidies from the care insurance fund

The personal data is stored in the customer management system used by HJS, among others.

PURPOSES OF COLLECTION AND PROCESSING

HJS collects, processes and uses your personal data to the extent necessary to provide contractual or pre-contractual services. Any further processing will only take place if you have given your consent or if there is an overriding legal provision.

LEGAL BASIS FOR THE PROCESSING

Data processing for the purpose of contract initiation and processing (Art. 6 para. 1 lit. b GDPR)

Data is only collected and processed for this purpose if this is required by law and for the purpose of establishing, fulfilling or terminating the contract concluded between you and us or for the implementation of pre-contractual measures (e.g. submission of offers, cost estimates, etc.). Insofar as other data may not be directly required for the execution of the business relationship, the processing is based on a legitimate interest of the company.

Data processing based on a balancing of interests (Art. 6 para. 1 lit. f GDPR)

A legitimate interest may arise, for example, from internal organizational and administrative purposes. Processing of your data is permitted in this case unless the protection of your interests, fundamental rights and freedoms prevails.

Data processing based on consent (Art. 6 para. 1 lit. a GDPR)

In addition, we may process your personal data on the basis of your voluntary consent, e.g. to support applications or to send product information.

TRANSMISSION OF YOUR PERSONAL DATA

We pass on your personal data within the company to those areas that require this data to fulfill contractual and legal obligations or to implement our legitimate interest. Your personal data will only be transmitted or disclosed to external parties to the extent that this is required by law to fulfill the contract concluded with you, e.g. to other external project participants as part of projects. Service providers used by us, e.g. for the provision of IT services, may also be recipients of your personal data as part of order processing in accordance with Art. 28 GDPR.

There is no data transfer outside the European Union and there are no plans to do so.

DURATION OF STORAGE

Your personal data will only be stored for as long as knowledge of the data is required for the purposes of the business relationship or the purposes for which it was collected, or for as long as statutory or contractual retention requirements exist.

Different statutory retention periods result, for example, from tax law regulations or possible contractual warranty and guarantee rights and extend up to ten years for documents and receipts relevant to tax law.

Otherwise, the data will not be deleted for the period after the purpose has been achieved if this is still necessary for the assertion, exercise or defense of legal claims. The regular limitation period for other claims is three years (§ 195 BGB), in the cases of § 197 BGB thirty years.

If an interested party decides not to conclude a contract, the data will be deleted after 12 months (after the last contact). An interested party who is not interested in concluding a contract may request the controller to delete their data immediately, unless the reasons stated in this section apply.

NECESSITY OF PROVISION

We would like to point out that if you do not provide personal data or if you withdraw your consent, the fulfillment of (contractual) obligations will be made more difficult or even impossible under certain circumstances. The provision of your data on the basis of your consent is always voluntary.

FURTHER INFORMATION FOR SUPPLIERS AND BUSINESS PARTNERS

PERSONAL INFORMATION AND PERSONAL DATA

We process personal data that we receive from you as part of our business relationship. This data may include

Master data (name, address, company, company address, etc.)
Contact details (telephone number, e-mail address, company contact details, etc.)
Order data (order data, product data, etc.)
Communication data (e-mails, postal correspondence, etc.)
Documentation data (interview notes, etc.)
Other comparable data from the above categories

Insofar as access to systems at HJS is granted within the framework of the supplier or service provider relationship, the data required for access is stored (e.g. user accounts and passwords as well as the date and duration of the last access, etc.).

The personal data is stored in the supplier management system used by HJS, among others.

PURPOSES OF COLLECTION AND PROCESSING

HJS collects, processes and uses your personal data to the extent necessary to enable the initiation and execution of the respective supplier or service provider contractual relationship. This also includes establishing contact for contract processing, the provision and maintenance of applications and notification of faulty products/performance of services. Further processing will only take place if you have given your consent or if there is an overriding legal provision.

LEGAL BASIS FOR THE PROCESSING

Data processing for the purpose of contract initiation and processing (Art. 6 para. 1 lit. b GDPR)

Data is only collected and processed for this purpose if this is required by law and is necessary for the purpose of the appropriate processing of orders and for the mutual fulfillment of obligations arising from the contract. Insofar as further data may not be directly required for the execution of the business relationship, the processing is based on a legitimate interest of the company.

Data processing based on a balancing of interests (Art. 6 para. 1 lit. f GDPR)

for the assertion of legal claims and
Defense in legal disputes.

Data processing based on consent (Art. 6 para. 1 lit. a GDPR)

We may also process your personal data on the basis of your voluntary consent, e.g. to send you product information.

TRANSMISSION OF YOUR PERSONAL DATA

We pass on your personal data within the company to those areas that require this data to fulfill contractual and legal obligations or to implement our legitimate interest. Service providers used by us, e.g. for the provision of IT services, may also be recipients of your personal data as part of order processing in accordance with Art. 28 GDPR.

There is no data transfer outside the European Union and there are no plans to do so.

DURATION OF STORAGE

Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.

In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (“HGB”), the German Fiscal Code (“AO”) and the German Income Tax Act (“EStG”), including the more detailed legal provisions issued in each case. The retention and documentation periods specified therein are up to ten years after the end of the business relationship or the pre-contractual legal relationship.

Ultimately, the storage period is also determined by the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (“BGB”), are generally three years, but in certain cases can be up to thirty years.

NECESSITY OF PROVISION

YOUR RIGHTS AS A DATA SUBJECT

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

RIGHT TO INFORMATION

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing has taken place, you can request the following information from the controller:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information about the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

RIGHT TO RECTIFICATION

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

RIGHT TO RESTRICTION OF PROCESSING

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

RIGHT TO ERASURE

Obligation to delete

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you has been processed unlawfully.
The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Exceptions

The right to erasure does not exist if the processing is necessary

to exercise the right to freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and lit. i and Art. 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
for the assertion, exercise or defense of legal claims.

RIGHT TO INFORMATION

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

RIGHT TO DATA PORTABILITY

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons may not be impaired by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

RIGHT OF OBJECTION

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

RIGHT TO REVOKE THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

AUTOMATED DECISION MAKING IN INDIVIDUAL CASES INCLUDING PROFILING

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the controller,
is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or lit. g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the performance of the contract and consent, the controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

DATA SECURITY, THIRD PARTY WEBSITES, CHANGES

DATA SECURITY

Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our services via the Internet. However, we take technical and organizational measures to protect our services and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons. In particular, your personal data is transmitted to us in encrypted form. We use the SSL (Secure Socket Layer) [or TLS (Transport Layer Security)] coding system.

We also use technical and organizational security measures to protect personal data that is generated or collected, in particular against accidental or intentional manipulation, loss, destruction or attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.

DATA PROTECTION AND THIRD PARTY WEBSITES

The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you transmit personal data to these websites.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend these data protection provisions at any time with effect for the future. A current version is always available on the website. Please visit the website regularly and inform yourself about the applicable data protection provisions.

TIMELINESS OF THIS PRIVACY POLICY

We use the “SAFE policy” service of SAFE-PORT Consulting GmbH, Hülshoff-Straße 7, 59469 Ense, Germany (“SAFE-PORT”) to ensure up-to-date data protection notices in connection with the services of our website. The content of this privacy policy is managed centrally on the servers of SAFE-PORT and integrated directly on this page.

We have a legitimate interest in always providing our website visitors with up-to-date information on data processing. For the use of the “SAFE policy”, we have concluded an order processing contract with the provider in accordance with Art. 28 GDPR.

FURTHER INFORMATION

TRANSLATION

For language versions other than DE: the data protection information is translated from German. In the event of discrepancies, the German version shall prevail.

VERSIONING

Version: v1.0.1-250224-0953

Data protection

Data protection information

Get in touch with us

© 2025 HJS Emission Technology GmbH & Co. KG