Data privacy statement

With this data privacy statement, we inform you about the personal data that is processed when you visit our website and about what rights you have. We would therefore request you to read the following explanations carefully.

Personal data is all information relating to an identified or identifiable natural person. This, for example, includes your name, your address and communication data or your e-mail address.

Processing means any operation or series of operations carried out with or without the aid of automated procedures using personal data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, reading out, querying, use, disclosure by transmission, dissemination or any other form of provision, adjustment or linking, restriction, deletion or destruction.

The person affected is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

The person responsible or ‘person responsible for processing’ is the natural or legal person, authority, institution or other body which either by themselves or jointly with others decides on the purposes for and means of processing personal data.

Users include all categories of persons affected by data processing. Such persons include our business partners and other visitors to our website.

We would also like to refer you to the definitions set out in Art. 4 of the General Data Protection Regulation – GDPR in regard to the terms used. The terms used, such as ‘user’, are to be understood as gender-neutral.

1. Name and address of the person responsible
HWA AG
Benzstraße 8
DE-71563 Affalterbach, Germany
Phone +49 (0) 71 44/87 17-0
Fax +49 (0) 71 44/87 17-100
E-mail info@hwaag.com

The representative of the person responsible is Mr. Ulrich Fritz, Chief Executive Officer.

2. Data protection officer
You can reach our data protection officer by e-mail at datenschutz@hwaag.com or by mail addressed to the ‘The Data Protection Officer’ at our postal address.

3. The processing of personal data
3.1. Visiting our website
3.1.1. Scope of data processing
Your browser will transfer certain types of data to our web server also for technical reasons when you visit our website. This is the following data (so-called server log files):
* IP address
* Date and time of the request
* Difference in time zones based on Greenwich Mean Time (GMT)
* Content of the request (concrete page)
* Operating system and its access status/ HTTP status code
* The amount of data transmitted
* Website from which the request is being made (‘referrer URL’)
* Browser, language and version of the browser software

3.1.2. Purpose of data processing
It is necessary to store this data in log files in order to ensure that the website is able to function. It helps us to optimize our website and safeguard the security of our information-technology systems.

3.1.3. Legal basis of processing
We collect this data on the basis of our legitimate interest within the meaning of Art. 6 (1) (f) of the GDPR for the purposes of being able to display our website and to guarantee its security.

3.1.4. Duration of storage
Information in the log files is stored for security reasons for a maximum of seven days (e.g. to investigate misuse or fraud), and then deleted after that. Data that needs to be stored for longer for the purposes of later evidence is excluded from deletion until the respective incident has been finally clarified.

3.1.5. Options for objecting and removing data
The collection of data for providing the website and the storage of this data in log files is absolutely necessary for technical reasons for the operation of the site. That is why consequently no options exist for the user to object in this regard.

3.2. Contact form and e-mail contact
3.2.1. Scope of data processing
You can get into contact with us via the contact forms on our website. In this context, we process the data from the entry mask: company, first name, last name, street, house number, ZIP code, town, e-mail, phone number, message.

As an alternative, you can also contact us via our e-mail address. The sender's personal data that is transferred with the e-mail will then be processed in such cases.

3.2.2. Recipients of the data
The data transmitted to us is processed by internal staff that is responsible for the according business process.

3.2.3. Purpose of data processing
The personal data provided via the entry mask helps us to process your request. The additional personal data that is processed during the process of sending (e.g. IP address, date, time) serves to prevent a misuse of the contact form to ensure the security of our information-technology systems.

3.2.4. Legal basis of processing
The details of users who get in touch with us (using the contact form or by e-mail) are processed in accordance with Art. 6 (1) (b) GDPR to enable us to process and deal with the contact request.

3.2.5. Duration of storage
We delete personal data when it is no longer required for achieving the purposes for which it was collected. This is the case for personal data received through the contact form's entry mask and data sent by e-mail when the respective conversation with the user has been concluded. The conversation will have been concluded when the circumstances indicate that the matter in question or the request for information has been ultimately clarified.

3.2.6. Options for objecting and removing data
You have at all times the option to revoke your consent to personal data being processed.

If you contact us by e-mail, you can object at any time to your personal data being stored. This will, of course, mean that it will no longer be possible to continue our conversation. Please direct such a revocation to info@hwaag.com. All personal data stored within the scope of your efforts to get in touch with us is then deleted.

3.3. Job applications
3.3.1. Scope of data processing
If you are interested in working for our company, you can send an application online. Under the ‘Careers‘ menu item, you can find open positions in our company. You can also send unsolicited applications.

We collect the following data in our applicant form. The fields marked with * are mandatory.
Personal data: Form of address*, Title, First name*, Last name*, Street*, Town*, Country*, Date of birth*, Phone*, E-mail*;
Framework data: How you found us*, Notice period
School, job training, profession: School degree, Professional experience, Job training
Others: Earliest possible date to join the company*, Desired salary
General skills: Other skills, MS Office

Attachments: Here you can attach either the whole application document or single documents such as e.g. photo, cover letter, resume, testimonials, school report cards, university certificates, or other attachments.

3.3.2. Recipients of the data
The personal data provided by you can be seen by the HR department and the specialist department in charge of filling the position.

In the framework of the order processing in line with data regulations in compliance with Art. 28 GDPR, we use the applicant system rexx recruitment by the manufacturer rexx systems GmbH, Süderstraße 77, DE-20097 Hamburg, www.rexx-systems.com. The data processing takes place in the Federal Republic of Germany.

3.3.3. Purpose of data processing
We process personal data for taking a decision on the establishment of an employment relationship, in particular for the selection process of suitable candidates and the administrative execution of the application process.

3.3.4. Legal basis of processing
The legal basis is § 26 (1) BDSG-neu [German Federal Data Protection Act -new]

3.3.5. Duration of storage
In case the application leads to an employment relationship, we process this data for the execution of the employment relationship. This will then be included into our HR administration system.

In case the application does not lead to an employment relationship, this data will be deleted within 3 months after the ending of the application procedures, taking into account the deadline for taking legal action according to AGG [German Equal Treatment Act] unless the applicant has given their consent for a longer-term retention of their personal data in accordance with Art. 6 (1) (a) GDPR and Art. 7 GDPR to be possibly considered in case of new open positions.

3.3.6. Options for objecting and removing data
You can have the information sent to us renewed or deleted at any time upon request. For this, please send an e-mail to info@hwaag.com. This is not effective when you have applied for a concrete position in an ongoing application process. In this case we save the information you provided for this position until the expiration of the legal deadlines for filing a law suit (in particular § 15 AGG [German Equal Treatment Act]).

3.4. Cookies
3.4.1. Scope of data processing
Our website uses cookies. Cookies are small text files that are stored on your computer when you visit our website. Cookies cause no damage on your computer and do not contain any malware, e.g. viruses. Cookies contain a characteristic sequence of characters that enables the browser to be uniquely identified when the website is revisited. Some elements of our website require that the browser making the request can be identified even after a page change.

This is done by assigning an identification number to the cookie (‘cookie ID’) and not by assigning it to you personally. The cookie ID is not combined with your name, your IP address or similar data that would enable the cookie to be assigned to you.

This website uses transient and persistent cookies.

a) Transient cookies are automatically deleted when you close your browser. These include in particular so-called session cookies. These store so-called session IDs, which allow different requests from your browser to be assigned to the joint session. It is possible to recognize your computer when you return to our website. The session cookies will be deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. Cookies may be deleted at any time with the help of your browser's security settings.

3.4.2. Purpose of data processing
We use cookies to make our website attractive and user-friendly, to improve it and to speed up inquiries.

Some of our website's elements, such as for example our applicant management system, require the ability to identify the browser making the request even after changing the page. It is necessary for these to be able to also recognize the browser even after a page change.

3.4.3. Legal basis for data processing
The legal basis for the processing of personal data using the technically necessary cookies is Art. 6 (1) (f) GDPR.

3.4.4. Duration of storage
Session cookies are deleted as soon as the browser is closed.

Persistent cookies are automatically deleted after a specified period.

3.4.5. Options for objecting and removing data
As a user, you have full control over the use of cookies. By changing the settings in your Internet browser, it is possible to set it so that cookies are not stored at all or are automatically deleted at the end of your Internet session. Please select ‘do not accept cookies’ in your browser's settings to this end. In Microsoft Internet Explorer, select ‘Tools > Internet Options > Privacy > Settings’; in Firefox select ‘Tools > Settings > Privacy > Cookies’); please refer to the browser's help function for instructions on how to block and delete cookies if you are using a different Internet browser.

Please note, however, that in this case you may not be able to use all our website's functions.

4. Data security
We take technical, contractual and organizational measures to ensure the security of data processing in accordance with best available technology. It is in this way that we ensure that the regulations set out in the data protection laws, in particular the General Data Protection Regulation, are observed and that the data we process is protected against destruction, loss, modification and unauthorized access. These security measures also include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions made over the Internet if the key symbol appears in the lower menu bar of your browser window and the address starts with https://. SSL (Secure Socket Layer) uses encryption technology to protect data transmission against illegal data access by third parties. You may also choose not to send certain data over the Internet if this option is not available.

All information that you transmit to us is stored and processed on our servers in the Federal Republic of Germany.

5. Forwarding of data to third parties and third-party providers
Data will only be forwarded to third parties within the framework of legal requirements. We will only forward user data to third parties if, for example, it is necessary to do so for contractual purposes on the basis of Art. 6 (1) (b) GDPR or on the basis of legitimate interests in the economic and effective operation of our business activities pursuant to Art. 6 (1) (f) GDPR.

We use subcontractors to help us provide our services, in particular for the operation, maintenance and hosting of the website within the scope of order processing in accordance with Art. 28 DSGVO. We have taken appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in compliance with the relevant statutory provisions. The data processing takes place in Germany.

6. External services and content on our website
We integrate external services or content on our website. This is done on the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR.

When such services are used or third-party content is displayed, communication data such as the date, time and IP address are exchanged between you and the respective provider for technical reasons. This, in particular, includes your IP address, which is required to display content in your browser.

The provider of the respective services or contents may process your data for own additional purposes. Due to the fact that we are unable to influence the data collected by third parties and how it is processed by such third parties, we are, however, also unable to make any binding statements about why and the extent to which your data is processed.

For more information about the purpose and scope of the collection and processing of your data, we would therefore refer you to the information about data protection provided by the providers of the services or content that we have incorporated, who are responsible for the legal aspects of data protection.
* Maps provided by the ‘Google Maps’ service for route planning are provided by the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/ Opt-out: https://www.google.com/settings/ads/.

7. Your rights
When we process your personal data, you are the person concerned in the meaning of the General Data Protection Regulation – GDPR and therefore possess the following rights concerning the personal data relating to you in regard to us:

Right of access by the data subject (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR),
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

8. Changes to this data privacy statement
We reserve the right to change the data privacy statement in order to adapt it to changed legal situations or in the event of changes to the service and to the data processing. This only applies, however, in regard to declarations about data processing. The changes will only be made with the user’s consent if user’s consent is required or if components of the data privacy statement contain provisions of the contractual relationship with the users.

Please keep yourself regularly informed about the contents of the data privacy statement.