Privacy Policy

We have appointed a Data Protection Officer for our company.
novinet GmbH & Co. KG
Daniel Steffen
Untere Marktstraße 21
D-85092 Kösching

Fon +49 8456 300 98 80
E-Mail: datenschutz@herionlinner.com

Rights of the persons affected
By using the contact details provided by our Data Protection Officer, you can exercise the following rights at any time:

• Information regarding the data we have stored about you and the processing of these data,
• Correction of incorrect personal data,
• Deletion of the data we have stored about you
• Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations,
• Objection to the processing of your data with us and
• Data portability, if you have consented to the data processing or have signed a contract with us.

If you have given us your consent, you can revoke it at any time which is effective immediately for the future.

If you have a complaint, you can always contact the supervisory authority responsible for you. Your competent supervisory authority depends on the state of your domicile, your work or the alleged infringement. A list of non-public-sector supervisory authorities can be found at: bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Purposes of data processing by the responsible body and third parties
We process your personal data only for the purposes stated in this privacy policy. Forwarding your personal data to third parties for purposes other than those stipulated, will not occur. We only share your personal information with third parties if:

• we have received your express consent to do so,
• it is necessary to complete a contract with you, and/or
• it is necessary to fulfill a legal obligation,

processing is necessary to protect legitimate interests and there is no reason to believe, that you have an overriding legitimate interest in not disclosing your information.

Deletion or blocking of data
We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated here, or in accordance with the Data storage periods stipulated by Law. After discontinuation of the respective purpose or expiration of these deadlines, the corresponding data are routinely and according to the Legal Regulations, blocked or deleted.

Collecting general information when visiting our website
When you access our website, a cookie automatically records information of a general nature. This information (server log files) contains, for instance, the type of web browser, the operating system used, the domain name of your ISP (Internet Service Provider) and the like. This is only information that does not allow conclusions about your person.

This information is technically a necessity in order to correctly deliver the contents of web pages requested by you and is mandatory when using the Internet. They are processed in particular for the following purposes:

• ensuring problem-free connection of the website,
• ensuring smooth access and usage of our website,
• evaluation of system security and stability, as well as
• for further administrative purposes.

The processing of your personal data is based on our legitimate interest for the purposes mentioned above for collecting data. We do not use your information to draw conclusions about you. The recipient of the data is only the responsible body and, where appropriate, the Processor.

Anonymous information of this kind may be statistically evaluated by us to optimize our website and the underlying technology.

Cookies
Like many other websites, we also use "cookies". Cookies are small text files that are transferred from a website server to your hard drive. This automatically gives us certain data, such as: IP address, browser used, operating system and your connection to the Internet.

Cookies cannot be used to launch programs or to transfer viruses to a computer. Based on the information contained in cookies, we can facilitate navigation and enable the correct display of our websites.

In no case will the data collected by us, be passed on to third parties or a link with personal data be established, without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time through the settings of your browser. Please use the help functions of your Internet browser to find out how to change these settings. Please note that some features of our website may not work if you have disabled the use of cookies.

SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) via HTTPS.

Using script libraries (Google Webfonts)
In order to render our content correctly and visually appealing across browsers, we use script libraries and font libraries on this website, such as Google webfonts (google.com/webfonts). Google webfonts are transferred to the cache of your browser to prevent multiple loading. If the browser does not support Google webfonts or prohibits access, content will be displayed in a standard font.

The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible - but currently also unclear whether and, if so, for what purposes - that operators of such libraries collect data.

The privacy policy of the library operator Google can be found here: google.com/policies/privacy

Using jquery.com
Our website uses Java script code of the website www.jquery.com. If you have activated JavaScript in your browser and have not installed a JavaScript Blocker, your browser may transfer personal data. We do not know what data is associated with the data received and for what purposes that data is used. If you do not want our website to collect data about you, you must disable the use of JavaScript code in your browser or block the execution of scripts for the domain www.jquery.com as a whole (eg. noscript.net or ghostery.com). Further information on jQuery Foundation.

Map integration through Open Street Maps
For the card integration under contact, the provision takes place via openstreetmap.org under OdBL license. If you have activated JavaScript in your browser and have not installed a JavaScript Blocker, your browser may transfer personal data. We do not know what data is associated with the data received and for what purposes that data is used.

Online job applications / publication of job advertisements

We offer you the opportunity to apply with us on our website. In these digital applications, your Application and Application Data will be electronically collected and processed by us, in accordance with our standard Applications process.

The legal basis for this processing is § 26 (1) sentence 1 BDSG in conjunction with Article 88 (1) GDPR.

Successful applications resulting in a job offer and Employment Contract, your submitted data will be saved in your personal file for the purpose of the normal organizational and administrative procedures - of course, taking into account the further legal obligations.

The legal basis for this processing is also § 26 (1) sentence 1 BDSG in conjunction with Article 88 (1) GDPR.

Unsuccessful applications and all submitted data, are automatically and completely deleted two months after notification of the rejection. However, the deletion does not take place if the data requires a longer storage period of up to four months or until the conclusion of a judicial procedure due to legal provisions, for example because of the proof obligations under the AGG.

The legal basis in this case is Article 6 (1) lit. f) GDPR and § 24 (1) No. 2 BDSG. Our legitimate interest lies in the legal defense and enforcement.

If you expressly agree to a longer storage of your data, for example, for your inclusion in an Applicant or Interest database, the data will be further processed on the basis of your consent. The legal basis is then Article 6 (1) lit. a) GDPR. Of course, in accordance with Article 7 (3) GDPR, you can revoke it at any time which is effective immediately for the future.

Our social media appearances

Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Legal basis

Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks

Facebook
We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.

You can customise your advertising settings independently in your user account. Click on the following link and log in: facebook.com/settings?tab=ads

Details can be found in the Facebook privacy policy: facebook.com/about/privacy.

XING
We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: privacy.xing.com/de/datenschutzerklaerung.

LinkedIn
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: linkedin.com/psettings/guest-controls/retargeting-opt-out.
For details on how they handle your personal information, please refer to LinkedIn's privacy policy: linkedin.com/legal/privacy-policy.

Instagram
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

You can find details on how they handle your personal data in Instagram's data protection declaration: help.instagram.com/519522125107875

Change of our privacy policy
We reserve the right to change this privacy policy from time to time to comply with current legal requirements or in order to implement changes to our services in the privacy policy, such as, e.g. when introducing new services. Your new visit will be subject to the new privacy policy.

Questions to the data protection officer
If you have questions about data protection, please write us an e-mail or contact our Data Protection Officer directly:

novinet GmbH & Co. KG
Daniel Steffen
Untere Marktstraße 21
D-85092 Kösching

Fon +49 8456 300 98 80
E-Mail: datenschutz@herionlinner.com

This Privacy Policy is an adapted translation of the German version, available at: wmh-herion.de/datenschutz