Data privacy statement

HWA AG appreciates you visiting our website and your interest in our company.

This privacy policy statement is to inform you on which of personal data we process when visiting our website and on your rights. Therefore, we kindly ask you to read the following carefully.

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, your name, address and communication data or your e-mail address.

Processing means any any operation or set of operations which is performed on personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Subject is any identified or identifiable natural person whose personal data are processed by the controller.

Controller means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

User includes all data subject categories. This includes our business partners and other visitors of our website.

We also refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR) for the terms used. All terms used, such as "user", are to be understood as gender neutral.

1. Controller's Name and Address
HWA AG
Benzstraße 8
DE-71563 Affalterbach, Germany
Phone +49 (0) 71 44/87 17-0
Fax +49 (0) 71 44/87 17-100
E-mail info@hwaag.com

The controller's representative is CEO Martin Marx and CTO Gordian von Schöning.


2. Data Protection Officer

We have appointed a data protection officer for our company.

You can contact our data protection officer by e-mail at datenschutz@hwaag.com or via our postal address with the reference " data protection officer".


3. Processing of Personal Data

Visiting our website
Extend of data processing
When visiting our website, your browser also transmits certain data to our web server for technical reasons. These are the following data (so-called server log files):
• IP-Address
• Date and time of request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Operating system and its access status / HTTP-Status code
• Quantity of transmitted data
• Source website of the request („Referrer-URL “)
• Browser, language, and browser software version

Purpose of Data Processing
It is necessary to store this data in log files to ensure the website functionality. They help us to optimise the website and to make sure that our information technology systems are secure.

Legal basis of processing
We collect this data based on our legitimate interest within the meaning of Article 6 Paragraph 1 Letter f) GDPR to display our website and to ensure its security.

Storage Duration
Log file information is stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of seven days and thereafter deleted. Data which must be retained for evidence purposes are exempt from deletion until the respective incident has been finally clarified.

Possibility of Option and Removal
Due to technical reasons, the collection of data is essential for the provision of the website and its storage in log files. Consequently, there is no possibility for a user to object.


4. Contractual Implementation
Name, address, bank details, E-Mail-address, telephone- or fax number, Client-IP-address at the time of placing a customer order are collected, stored and processed solely for the purpose of establishing or executing the contract, which includes in particular billing and processing the contract.

Personal data will only be passed on to third parties if this is essential for executing the contract, for example commissioning a shipping company or using a payment service company.

Storage Duration
The data will be deleted as soon as the purpose for which it was collected or otherwise processed is no longer met. The deadlines are five years for personal data subject to clause 147 of the German Tax Code (AO) and ten years for personal data subject to clause 257 of the German Commercial Code (HGB), beginning with the end of the calendar year in which it was collected.

Legal Basis
The data is stored on the legal basis of Article 6 Paragraph 1 Letter b and Letter c, General Data Protection Regulation (GDPR).

Possibility of Objection and Removal
The possibility to object is not given due to the fact, that legally standardised retention periods for storing and processing personal data while executing a contract are in place.


5. Contact Form and E-Mail Contact

Extend of data processing
You can contact us via our contact form. We process the following data company, first name, last name, street and house number, postal code, and city, email, telephone number, message. Alternatively, you can send us a message via email. In this case we’ll process the personal data provided by the sender.

Data Recipients
Any data transmitted will be processed by the internal departments responsible for the business process in question.

Data Processing Purpose
Data collected from the input mask is processed for the purpose of handling your request. Any other personal data processed during submission (e.g., IP address, date, time) is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Legal Basis of Processing
When contacting us via contact form or e-mail, the user's details are processed for the purpose of handling the contact request and its processing in accordance with Article 6 Paragraph 1 Letter b) GDPR.

Storage Duration
We delete any personal data when the purpose for which it was collected is no longer met. Regarding the personal data collected via the contact form or via e-mail, we delete the data when the respective conversation with the user has ended. The conversation is considered to have ended when it is unmistakably clear that the matter in question or the request for information has been clarified.

Possibility of objection and removal
You have the right to revoke your consent to the processing of your personal data at any time.
If you contact us via e-mail, you can object to the storage of your personal data at any time. In this case, our conversation will obviously no longer be able to continue. Please send such a revocation to info@hwaag.com. All personal data stored in the course of contacting us will then be deleted.

6. Applications
Extend of Data Processing
If you are interested in working for our company, you can apply to us online. Under the menu item "Career" you will find jobs that we have advertised. You can also send us an unsolicited application.

We collect the following data in our applicant form. The fields marked with * are mandatory.
Personal data: Form of address*, Title, First name*, Last name*, Street*, Postcode*, Town*, Country*, Date of birth*, Phone*, E-mail*;
Framework data: How you found us*, Notice period
School, job training, profession: School degree, Professional experience, Job training
Others: Earliest possible date to join the company*, Desired salary
General skills: Other skills, MS Office

Attachments: Here you can either attach an entire application document or individual documents, such as a photo, cover letter, CV, job references, school reports, university reports or other attachments.

Data Recipients
The personal data you provide may be accessed by the HR department as well as the specialist department responsible for filling the vacancy.

Within the boundries of a commissioned data processing according to Article 28 GDPR, we use the application system *. prescreenapp.io and *. jobbase.io by Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna. The processing of data takes place in the Federal Republic of Germany.

Data Processing Purpose
We process personal data to decide whether to establish an employment relationship, particularly for the selection process of suitable candidates and the administrative management of the application process.

Legal Basis of Processing
Legal Ground is clause 26 Paragraph 1 BDSG-neu.

Storage Duration
If the application leads to an employment, we will process this data for the purpose of carrying said employment. These are then entered into our personnel management system.

If the application does not lead to an employment, this data will be deleted 3 months after the application procedure has ended, taking into account the time limit for action under the General Equal Treatment Act (AGG), unless the applicant has given consent in accordance with Article 6 Paragraph 1 Letter a) GDPR and Article 7 GDPR for the longer-term storage of his/her personal data in order to be considered for new job offers.

Possibility of Objection and Removal
Upon request, you can have the information you provided to us renewed or deleted at any time. To do so, please send us an email to info@hwaag.com. This does not apply if you have applied for a specific position with us in an ongoing application process. In this case, we will store the information you have provided for this position until the expiry of the deadlines for legal action (in particular clause 15 AGG).

7. Newsletter
Processing's Nature and Purpose
Your data is used solely to send you the newsletter you have subscribed to by e-mail. Your name is provided to be able to address you personally in the newsletter and, if necessary, to identify you if you wish to claim your rights as a data subject.

To receive the newsletter, it is sufficient to provide your e-mail address. When registering to receive our newsletter, the data you provide will be used solely for this purpose. Subscribers may also be informed by e-mail about circumstances relevant to the service or registration (e.g., changes to the newsletter services or technical circumstances).

To register effectively, a valid e-mail address is required. In order to verify that a registration is actually made by the e-mail address holder, we use the "double-opt-in" procedure. For this purpose, we log the newsletter subscription, the sending of a confirmation email and the receipt of the response requested herewith. No further data is collected. The data is used solely for sending the newsletter and is not passed on to third parties.

Legal Basis
We regularly send you our newsletter or comparable information by e-mail to the e-mail address you have provided on the basis of your explicit consent (Article 6 Paragraph 1 Letter a GDPR).

You can revoke your consent to the storing of your personal data and its use for sending future newsletters at any time. Each newsletter contains a specific link for this purpose. You can also unsubscribe directly on this website at any time or inform us of your revocation using the designated contact option.

Recipient
Possible data recipients are data processors.

Storage Duration
The data will only be processed if the corresponding consent has been given. Afterwards it is deleted.

Prescribed or Required Provision
The provision of your personal data is voluntary, based solely on your consent. Unfortunately, without your consent, we cannot send you, our newsletter.


8. Cookies

Extend of Data Processing
The provision of your personal data is voluntary. Our website uses cookies. Cookies are small text files that are stored on your computer when you access our website. Cookies do not cause any damage to your computer and do not contain any malware, such as viruses. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some elements of our website require that the accessing browser can be identified even after a page change.

This is not done by identifying you personally, but by assigning an identification number to the cookie ("cookie ID"). The cookie ID is not associated with your name, your IP address or similar data that would enable the cookie to be associated with you.

This website uses transient and persistent cookies.

a) Transient cookies are automatically deleted when you close your browser. Among these are so-called session cookies. These store a so-called session ID, with which various requests from your browser can be allocated to the joint session. When you return to our website, your computer can be recognised. The session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a predefined duration, which may differ depending on the cookie. You can delete the cookies at any time in the browser's security settings.

Cookies we use:

Domain

Name

Duration

www.hwaag.com

0179d77cd22effa017ea99f483673d2e

Session

hwa-ag.jobbase.io

PHPSESSID

12 hours

www.hwaag.com

ps_widget_token

Session

Processing Purpose
We use cookies to enhance the attractiveness and user-friendliness as well as to improve our website and speed up enquiries.

Some of our website elements, such as our application management system, require that the accessing browser can be identified even after switching pages. For these, it is necessary that the browser is also recognised after switching pages.

Legal Basis of Processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 Paragraph 1 Letter f, GDPR.

Storage Duration
Session cookies are deleted as soon as the browser is closed.
Persistent cookies are automatically deleted after a predefined period.

Prescribed or Required Provison
As a user, you have full control over the use of cookies. By changing your internet browser settings, you can specify that cookies are not stored at all or are automatically deleted upon ending your internet session. To do so, select "do not accept cookies" in your browser settings. In Microsoft Internet Explorer, select "Tools > Internet Options > Privacy > Setting"; in Firefox, select "Tools > Settings > Privacy > Cookies"). If you are using a different Internet browser, please refer to the browser's help function for instructions on preventing and deleting cookies.

However, please be aware that in this case you may not be able fully to use all of our website's functions.

9. Data Security
We implement technical, contractual, and organisational measures to ensure the security of data processing in accordance with the state of the art. By doing so, we ensure that the provisions laid down in the data protection laws, the GDPR, are complied with and that the data processed by us is protected against destruction, loss, modification, and unauthorised access. These security measures also include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions carried out via the Internet if the key symbol appears in the bottom menu bar of your browsers window and the address begins with https://. SSL (Secure Socket Layer) encryption technology protects data transmission from illegal access by third parties. If this option is not available, you can also choose not to send certain data via the Internet.

All information that you submit to us is stored and processed on our servers in the Federal Republic of Germany.

10. Data Transmission to Third Parties and Third-Party Providers
Data is only passed on to third parties within the boundaries of legal requirements. We only pass on user data to third parties if this is necessary, e.g., based on Article 6 Paragraph 1 Letter b) GDPR for contractual purposes or based on legitimate interests pursuant to Article 6 Paragraph 1 Letter f. GDPR in the economic and effective operation of our business operations.

Within the scope of a commissioned processing pursuant to Article 28 GDPR, we use subcontractors for the provision of our services, particularly for operating, maintaining, and hosting the website. We have taken appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations. Data processing takes place in Germany.

Disclosure to Recipients Outside the EEA
In order to cover the wide range of services worldwide, HWA has wholly owned subsidiaries in Wilmington, Delaware, USA and in Mornington, Victoria, Australia.

Your data will only be transferred to countries outside the European Economic Area - EEA (third countries) if this is necessary to carry out your enquiries or orders or is required by law or you have given your consent.
In this case, we ensure that the recipient's country has an adequate level of data protection before transferring the data. In this context, we take the following measures, insofar as this is required by law:

We only share your personal data with subsidiaries and external subcontractors (e.g. suppliers) in countries if they have entered into EU standard contractual clauses with us.

EU-Standard Contractual Clauses
The EU standard contractual clauses used can be viewed via the following link:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32021D0914&qid=1624875860199

11. External Services and Content on our Website
External services or content are integrated into our website. This is done on the basis of our legitimate interests in the analysis, optimisation and economic operation of our online services within the meaning of Article 6 Paragraph 1 Letter f GDPR.

When using such a service or displaying third-party content, communication data such as the date, time and IP address are exchanged between you and the respective provider for technical reasons. This is your IP address, which is required for your browser to display content.

It is possible that the provider of the respective services or content processes your data for further, for their own purposes. However, since we have no influence on the data collected by third parties and their processing, we cannot make any binding statements on the purpose and scope of the processing of your data.

Use of script libraries (Google Webfonts)
Processing Nature and Purpose
In order to display our content correctly and in a graphically appealing manner throughout browsers, we use "Google Web Fonts" by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") on this website to display fonts.

The library operator Google's privacy policy can be found here: https://www.google.com/policies/privacy/

Legal Basis
The legal basis for integrating Google Webfonts and the associated data transfer to Google is your consent (Article 6 Paragraph 1 Letter a GDPR).
 
Recipient
Script libraries or font libraries that are opened automatically trigger a connection to the library operator. It is theoretically possible - although it is currently unclear whether and for which purposes - that the operator collects Google data in this case.

Storage Duration
We do not collect any personal data by integrating Google Web Fonts.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data privacy statement: https://www.google.com/policies/privacy/.
 
Third-Country Transfer
Google processes your data in the USA and is subject to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
 
Prescribed or Required Provision
The provision of personal data is neither legally nor contractually required. However, it is not possible to display the contents of standard fonts correctly.
 
Withdraw of Concent
The programming language JavaScript is regularly used to display the content. You can therefore object to data processing by deactivating the execution of JavaScript in your browser or installing a JavaScript blocker. Please be aware that this may result in functional restrictions of the website.

Please refer to the respective providers of the services or content we integrate for further information on the purpose and scope of the collection and processing of your data.

Google Maps
Maps for route planning are provided by the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/ Opt-out: https://www.google.com/settings/ads/.
 

Usercentrics
Processing’s Nature and Purpose
We have integrated Usercentrics within our website. Usercentrics isa consent managing tool hosted by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which consent to the storage of cookies can be obtained and documented. Usercentrics uses cookies or other web technologies to recognise users and to store consent given or withdrawn.

Purpose and legal Basis
The use of this service is based on obtaining the legally required consent for the use of cookies in accordance with Article 6 Paragraph 1 Letter c. GDPR.

Storage Duration
The precise storage period of the processed data cannot be influenced by us, but is determined by Usercentrics GmbH. For further information, please refer to Usercentrics data privacy statement: https://usercentrics.com/privacy-policy/.


Prescreen
Processing’s Nature and Purpose
We have integrated components of Prescreen on our website. Prescreen is a service of Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria, which offers applicant and personnel management software.

Prescreen is used in connection with application procedures in order to optimize applicant management, for example through an automated analysis of job references. Furthermore, Prescreen enables us to create and evaluate job advertisements.

Purpose and legal basis
The service is used on the basis of our legitimate interests, i.e. interest in optimizing our application procedures pursuant to Art. 6 para. 1 lit. f. DSGVO. The legal basis for the data processing is § 26 BDSG.

Storage Duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Prescreen International GmbH. Further information can be found in the privacy policy for Prescreen: https://prescreen.io/de/privacy-policy-website/.

Social Media
HWA AG's website links to the corporate websites of HWA AG on the following social networks. The applicable criteria are those set out in the EU General Data Protection Regulation, which can be accessed via the respective link:
Facebook
Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
The data processing is based on an agreement on the joint processing of personal data in accordance with Art. 26 GDPR.
 
YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
 
Instagram
Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
 
Twitter
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
 
LinkedIn
Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
 
Xing
Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

12. Your rights
When we process your personal data, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and you are entitled to claim the following rights in respect of your personal data:

  • Right of Access (Article 15 GDPR)
  • Right to Rectification (Article 16 GDPR)
  • Right top Erasure (Article 17 GDPR)
  • Right to Restriction of Processing (Article 18 GDPR),
  • Right to Data Portability (Article 20 GDPR)
  • Right to Object (Article 21 GDPR)

Regarding the right to information and the right of deletion, the restrictions according to clauses 34 and 35 of the German Data Protection Act (BDSG) apply.

Right to Lodge a Complaint with a Supervisory Authority
Furthermore, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR in conjunction with clause 19 BDSG).

Our competent supervisory authority is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit in Baden-Württemberg
Postfach 10 29 32
70025 Stuttgart
Tel.: 0711/615541-0
Fax: 0711/615541-15
E-Mail: poststelle@lfdi.bwl.de

13. Changes to Data Privacy Statement
We reserve our right to change this data privacy statement to adapt it to amended legal situations or in the event of changes to the service as well as data processing. However, this only applies to declarations on data processing. Insofar as user consent is required or components of this data privacy statement contain provisions of the contractual relationship with the users, the changes will only be made with the users' consent.

Please stay informed on the contents of the privacy statement regularly.

As of: Dec 2021