HABAU GROUP regards all data as an asset worth protecting. The protection of your personal data is our highest priority.
Personal data in terms of data protection law are all data that contain information regarding personal or factual circumstances, for example name, address, email address, telephone number, date of birth, age, gender, social insurance number, video recordings, photos and voice recordings of persons. This may also include sensitive data, such as health data or data in connection with a criminal proceeding.
Your personal data are processed confidentially and exclusively in the context of the data protection provisions (General Data Protection Regulation, or GDPR for short, and national data protection provisions) in the currently applicable version. With regard to the terms used, such as “processing”, “data controller” or “data subject”, we refer you to the definitions found in Art. 4 of the GDPR.
For reasons of readability, the masculine form is used here. However, the statements refer equally to female and male persons.
This data privacy statement regulates the handling and processing of personal data, and applies to all employees of HABAU GROUP and to all other persons integrated in the business, as well as to our partners, customers and suppliers.
HABAU GROUP comprises all subsidiaries and other associated companies. You can find the contact partners for each subsidiary company in the respective imprints.
2. Legal basis of the processing
The processing of your data takes place on the legal bases of
- the fulfilment of the contract or pre-contractual measures with the respective (potential) partners, customers and suppliers as well as employees and applicants,
- your consent,
- processing due to a legal obligation,
- the performance of a task carried out in the public interest,
- legitimate interests.
3. Purposes of the processing
3.1. Processing of applicant data
We process the applicant data submitted by you via email, online form or post exclusively for the purpose of handling the application procedure.
In the event of a successful application, the data provided by you may be further processed and stored by us for the purposes of an employment relationship. Otherwise, the data will be automatically deleted at the latest 7 months after notification of the rejection decision, unless this is contrary to any other legitimate interests of the data controller or unless the applicant has provided consent to further processing.
In the event of an unsolicited application or if you grant consent to have your application kept on file, your application may be forwarded to a company of HABAU GROUP, where it will be stored until a revocation of the granted consent is received.
3.2. Processing of data of our partners, customers and suppliers
In order to fulfil our contractual and pre-contractual obligations, various personal data of our partners, customers and suppliers are processed. Information regarding the respective personal data that are processed is always provided beforehand.
3.3. Getting in contact via email or a form on our web pages
The primary objective of our website is to inform you of our scope of activity and to provide you with suitable options for getting in touch with us.
When you get in contact with us using the contact form or via email, your details are automatically stored and processed for the exclusive purpose of responding to your inquiry. Unless this inquiry gives rise to other legal retention periods, these personal data are deleted within 90 days.
3.4. Server log data
The providers of our web pages automatically process information in so-called server log files, which your internet browser automatically transmits to us. This information includes browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server inquiry and IP address. This data is not brought into connection with any other data sources.
3.5. Website analysis, tracking and cookies
In part, our web pages use so-called cookies. Cookies are small text files that are deposited on your terminal device and that your internet browser stores. Cookies are used on the basis of a legitimate interest in the optimised provision of our services free from technical errors. Most of the cookies used by us are so-called “session cookies”. These are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your internet browser next time you visit our website. You can set your internet browser so that you are informed when cookies are placed and only allow cookies on a case-by-case basis, so that you exclude the acceptance of cookies in specific cases or generally, and activate the automatic deletion of cookies when you close the internet browser. Deactivating cookies may limit the functionality of these web pages.
3.6. Plug-ins and tools
On our web pages, on the basis of a legitimate interest in a uniform, appealing presentation of our web presence and in making it easier to access the places shown on our web pages, we use an API of the map service Google Maps. To use the functions of this service, your IP address is transmitted to the Google server in the USA and processed there. We have no access to the information transmitted to Google. Further details are available at https://www.google.de/intl/de/policies/privacy/.
On our web pages, on the basis of a legitimate interest in a uniform, appealing presentation of our web presence, we use YouTube plug-ins. When you visit our web pages with the YouTube plug-in, your IP address and the visiting behaviour of the web pages is processed by YouTube in the USA. If you are logged in to YouTube, this information is linked to your profile. You may prevent this information from being transmitted to YouTube by being logged out of YouTube before you visit our web pages.
- Google Web Fonts
On our web pages, on the basis of a legitimate interest in the uniform presentation of fonts and an appealing presentation of our web presence, we use Google Web Fonts when necessary. When you use one of our web pages, your internet browser loads the necessary Web Fonts in your browser cache in order to correctly display texts and fonts. When you download these texts and fonts, your internet browser transmits your IP address to the Google server in the USA. Further details are available at https:// developers.google.com/fonts/faq. We would like to point out that restrictions in the use of our web pages may occur if your internet browser does not support this service.
On our web pages, we use Facebook plug-ins as necessary. When you visit our web pages with the Facebook plug-in (recognisable by the Facebook logo), your IP address and the visiting behaviour of the web pages is processed by Facebook in the USA. If you are logged in to Facebook, this information is linked to your profile. On these web pages, you can activate the “Like” function in order to share this information in Facebook. We have no access to the information transmitted to Google. Further details are available at https://www.facebook.com/policies. You may prevent this information from being transmitted to Facebook by being logged out of Facebook before you visit our web pages.
- Google Analytics (with anonymisation function)
4. Data transmission
Within HABAU GROUP, personal data are exchanged for the fulfilment of legal requirements and to make work processes easier.
In the course of the contractual and pre-contractual activity (potential employees/customers/suppliers), it may be necessary for personal data to be transmitted to other companies within as well as outside of the European Economic Area. These countries partly have a lower level of data protection than in the European Union.
When we forward personal data, we arrange for appropriate guarantees for the data transmission, such that an adequate level of protection is ensured. You have the option to receive a copy of the security measures.
We differentiate between the following categories of recipients of personal data in HABAU GROUP:
- Sub-contractors, general contractors, suppliers
- Processors, if they require the data to perform their respective services
- Authorities, public bodies and institutions
- Notaries, legal and tax advisors, collection service providers as well as experts on the assertion, exercise or defence of legal claims
- Auditing firms for the fulfilment of accountability obligations
- Insurance companies
- Credit and financial institutions or similar institutions
- Courts for the assertion, exercise or defence of legal claims
- Arbitration boards
5. Duration of the data storage
Personal data processed by us are only stored until the purpose for which they are being processed is fulfilled. Criteria for storage are:
Insofar as retention periods related to corporate and fiscal law must be observed, the duration of the storage of certain data may last up to seven years. Further criteria for the storage are, among others, claims related to civil and labour law (depending on the legal basis, may last up to 30 years).
6. Technical and organisational measures
HABAU GROUP’s fundamental goals of information security include the realisation of appropriate availability, confidentiality and integrity as well as ensuring data protection. This understanding of protection applies not only to personal data, but also to all other information processed in our company.
Our technical and organisational measures in information security are in line with the latest technology and are based on internationally recognised standards and norms. As part of a management system, these are regularly evaluated and improved.
7. Your rights as a data subject
As a data subject, the following rights are available to you with regard to the processing of your data:
7.1. Right to information
You may request information on the type and content of the processing of your data as well as on the data stored on you at any time. At your request, the data controller must issue a confirmation of the use of your data.
7.2. Right to rectification
You have the right to request the rectification of incorrect data. Depending on the purpose of the processing, you also have the right to the completion of incomplete data by means of a supplementary statement.
7.3. Right to deletion
You may request the deletion of your data at any time. The data controller is obliged to delete the data concerned immediately unless legitimate grounds dictate otherwise.
7.4. Right to restriction of the processing
You have the right to request the restriction of the processing of your data unless legitimate grounds dictate otherwise.
7.5. Right to data portability
You have the right to receive the data provided to the data controller in a structured, common and machine-readable format. You also have the right to transmit these data to another data controller without obstruction by the data controller to whom the data were made available, unless legitimate grounds dictate otherwise.
7.6. Right to revocation of your consent
You have the right to revoke your consent unless the processing occurs based on other grounds stipulated by law. For this, an informal notification via email to email@example.com is sufficient. The revocation of this consent has no effect on the processing that has already taken place.
7.7. Right to objection
You have the right to objection unless the processing is necessary for the performance of a task, is of public interest and is carried out in the exercise of official authority that was transferred to the data controller or is necessary for the protection of the legitimate interests of the data controller or a third party, unless your interests or basic rights and freedoms that require the protection of the data outweigh these interests.
Please direct your questions on the exercise of your data subject rights or other questions regarding data protection directly to firstname.lastname@example.org. If you believe that HABAU GROUP is not implementing your data protection rights in accordance with the law, you are free to lodge a complaint with the responsible supervisory authority.
If your personal data changes, we request immediate corresponding notification thereof.
8. Data protection contact
Insofar as a legal appointment of a data protection officer is required, we have accordingly appointed one and informed the respective supervisory authority thereof.
As the central point of contact for all data protection matters, you may get in contact by sending an email to email@example.com at any time. Your inquiry will be forwarded to the responsible employee for processing.
9. Changes to the data privacy statement
In the course of ongoing development, this data privacy statement will continue to be adapted. Changes will be announced on our web pages in good time. Thus you should regularly read this data privacy statement in order to stay up to date with the latest version.
Status: June 2018