I. General information and notes
In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
1. Contact options
HCS Holding GmbH, as the superordinate company, assumes the tasks in the area of data protection for HCS Group GmbH.
The responsible party pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:
HCS Holding GmbH
Telephone: +49 69 695386-241
Responsible data protection supervisory authority:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str.22, 7th floor
You can reach our data protection officer at:
In the Leppsteinswiesen 14
Telephone: +49 6154 57605-111
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
2. Your rights
You have the following rights with regard to the personal data concerning you:
- right to information,
- right to correction or deletion,
- right to restriction of processing,
- right to object to processing,
- right to data portability.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
To exercise your rights in relation to personal data concerning you, please contact firstname.lastname@example.org.
Objection or revocation to the processing of your data
If you have given your consent to the processing of your data, you may withdraw this consent at any time. Such a revocation will affect the permissibility of the processing of your personal data after you have expressed it to us.
Where we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising at the following contact details: email@example.com.
3. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “https://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
4. Objection to advertising e-mails
We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.
II. Use of the website
1. General information
In the case of merely informative use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server.
If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):
- IP address
- Browser type
- Domain name
- Internet service provider (ISP)
- Files viewed on the website (e.g. HTML pages and graphics)
- Operating system
- Clickstream data
- Access times
- Addresses of websites you used to access our website
- Access status/HTTP status code
- Amount of data transferred in each case
2. Data transfers to the USA
The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and monitoring purposes, possibly also without any legal remedy.
Many tools and services use so-called “cookies” (more on this below under the point “Cookies”). Typically, their use is accompanied by data transfers to the USA by US providers such as Google, Facebook, Twitter, YouTube, LinkedIn, etc.. If you do not wish this to happen, please ensure that you do not give the corresponding consent that we obtain when you call up the website.
- Browser-side deactivation or deletion of cookies
You can set your web browser to generally prevent cookies from being saved on your end device or to ask you each time whether you agree to cookies being set. Once cookies have been set, you can delete them at any time. How this works is described in the help function of the web browser you are using. A general deactivation of cookies may lead to functional restrictions of this website.
4. Further functions and offers of our website
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.
In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more detailed information on this when you provide your personal data or below in the description of the offer.
If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the offer.
4. Collection of personal data in the context of an application
Purpose and legal basis of processing
We process your personal data for the purpose of establishing an employment relationship in compliance with Art. 6 para. 1 p. 1 lit. b DSGVO in conjunction with Art. 88 DSGVO and Section 26 BDSG. The processing is carried out solely for the purpose of assessing your suitability, ability and professional performance with regard to the position for which you are applying. We also process your personal data for certain purposes (e.g. for longer storage) if you have given us your consent to data processing within the meaning of Art. 6 Para. 1 Sentence 1 lit. a DSGVO in conjunction with Art. 7 DSGVO.
If applicable, we are obliged to process your personal data pursuant to Art. 6 (1) sentence 1 lit. c DSGVO. Various legal obligations may exist in this regard (e.g. obligations under the German Commercial Code; the German Fiscal Code; to store tax-relevant data; under the German Social Security Code; under the General Equal Treatment Act; or other relevant regulations).
Nature of the categories of data processed
We process personal data that we receive from you as part of the application process, e.g. through letters of application, CVs, references, correspondence, telephone or verbal information.
The following categories of data may be affected:
- Personal data (surname, first name, date of birth)
- Address data (name, address)
- Contact data (telephone number, e-mail address)
- Application data (cover letter, certificates, curriculum vitae)
Recipients or categories of recipients of the data
Your data is first accessed by our HR department and accounting department, but also by the specialist department of the job for which you have applied. Our administrators and order processors have technically necessary access to data processed by means of IT. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases, we may need to disclose your personal data to third parties, such as our bank if you receive a reimbursement or the post office if we communicate with you by letter.
Furthermore, third parties may receive data for certain purposes if this is required by law as part of your application (e.g. notification to the Federal Employment Agency).
Data is not transferred to bodies in countries outside the European Union (so-called third countries).
Duration of data storage
Your personal data will be stored for as long as is necessary to fulfil our contractual and legal obligations in the application process. If your application is successful, your personal data will be placed in your personnel file and used to implement and terminate the employment relationship.
If we are unable to offer you employment, we will continue to process your personal data for up to 6 months after sending the rejection letter. In the event of your consent to the storage of your data beyond the prescribed period, the duration may be correspondingly longer (max. two years).
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted, unless storage is required due to legal retention periods (e.g. for the fulfilment of commercial and tax retention periods of ten years).
California Privacy Rights
If you are California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit CCPA Privacy Notice for California Residents.
III. Analysis tools
1. Google analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Google Analytics uses so-called “cookies”, which enable the analysis of your usage behaviour on the website. The data collected in this way is used by Google to provide us with an evaluation of your visit to our website and of your usage activities there. This data may also be used to provide other services related to the use of our website and the internet.
Categories of data processed
As part of the service, usage and user-related information, such as IP address, location, time or frequency of visits to our website, is collected.
The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
The legal basis for setting the cookie is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO. Details of this can be found above under the point “Cookies”.
Deactivation of data collection by Google Analytics
You can revoke your consent to the storage of cookies at any time. For this, we refer to the previous notes on “Cookies” and the rights to which you are entitled.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
We have implemented Google Analytics IP address anonymisation on this website. The anonymisation or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place. This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. More information on IP anonymisation can be found at: https://support.google.com/analytics/answer/2763052?hl=de.
Data protection of the provider
It is not excluded that processing is carried out by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Please note our information on data transfers to the USA.
2. Hubspot Analytics / Static / hscollectedforms.net
IV. Other tools
1. Google fonts
This website uses external fonts from Google Fonts. If your browser does not support web fonts, a standard font from your computer will be used.
The integration of these web fonts is done by a server call, usually a Google server in the USA. This transmits to the server which of our Internet pages you have visited. In the process, the user’s browser transmits various information for the uniform presentation of the website. This includes various browser and device data and also the IP address of the user himself.
The processing is carried out on the basis of our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO in the form of search engine optimisation, improved loading times, less administrative effort and uniform presentation across devices.
Further information by Google can be found at: https://fonts.google.com/about.
For our website as well as our online marketing, we use Hubspot (see https://www.hubspot.de), an integrated software hosting solution. This allows us to individualise your visit to this website and cover various aspects of our online marketing. These include
- Reporting (e.g. traffic sources, hits, etc. …)
- Contact management (e.g. user segmentation & CRM)
Our sign-up service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information.
This information, as well as our website content, is stored on servers hosted by our hosting partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest and relevance to them.
HubSpot is a software company from the USA with a branch office in Berlin. Contact: HubSpot, Koppenstraße 93, 10117 Berlin, telephone number+49 30 56796549.
More information from HubSpot regarding the General Data Protection Regulation can be found here: https://legal.hubspot.com/de/datenschutz.
By sending your enquiry, you consent to the processing of your transmitted data for the purpose of answering your enquiry and for us to contact you in accordance with Art. 6 Para. 1 a DSGVO. We use all collected information exclusively to optimise our sales activities and to generate leads. For this purpose, it may be necessary for us to store your data in our CRM system. In this case, the data will be stored until you revoke it.
You can find out more about the necessary cookies used by HubSpot here.
V. Embedded services
What is ShareThis?
ShareThis is a technology company that offers website operators tools to increase website quality. By using ShareThis’ social plugins, you can share content from our website on various social media channels such as Facebook, Twitter, Instagram and co. The company offers content sharing for over 40 different channels and is used by over 3 million website owners worldwide. The data collected by ShareThis is also used for customised ads.
Why do we use ShareThis on our website?
We want to convince with our content and of course we are happy if our content is also recommended to others. Then we know we are on the right track. The easiest way to do this is via “Share/Teilen-Buttons” directly on our website. Through the multitude of different social media channels, our content can also be presented to a wide audience. This helps us to become better known and more successful on the internet. In addition, the plug-ins also serve you, because you can share interesting content with your social media community with just one click.
What data is stored by ShareThis?
Cross-border transfers of personal data from the EU
ShareThis takes appropriate measures when transferring personal data outside the EEA to ensure that the transfer complies with the GDPR and that the personal data transferred is adequately protected, unless the recipient or the location to which the data is transferred has been determined by the European Commission to have an adequate level of protection for the processing of personal data.
When ShareThis transfers data to the United States, ShareThis includes EU standard contractual clauses. If you would like to know more about the processing of your data by ShareThis, you can find all the information at https://www.sharethis.com/privacy/.
VI. Social Media
1. Social media channels
We maintain publicly accessible profiles in social networks. The individual social networks we use are listed below.
Social networks can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection.
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Reference to risks
We would like to point out that the respective providers may process user data outside the European Union. This may result in risks for users because, for example, it may be more difficult to enforce users’ rights.
With regard to US providers who offer guarantees of a secure level of data protection through, for example, EU standard contractual clauses, we would like to point out that they thereby undertake to comply with EU data protection standards.
Please note our information on data transfers to the USA.
Purpose of processing/legal basis
Our own processing of personal data on our social media sites is carried out on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, in order to provide information about our offer there, to make posts more attractive, to find the right time for publication, as well as to communicate with customers, interested parties and users who are active there. We have no influence on any further processing by the providers.
The legal basis for the setting of the aforementioned cookies is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO. Details on this can be found above under the item “Cookies” or under “Social media plugins”.
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit.
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Exercise of rights
In principle, you can assert your rights both against us and against the operator of the respective social media portal.
However, we would like to point out that these can be asserted most effectively with the operators. Only the operators have access to the users’ data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, please do not hesitate to contact us.
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
Data protection of the providers
For a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information of the providers of the respective social media networks, over which we have no influence and which apply when calling up the respective presences.
Existing social media sites:
Own website: https://www.linkedin.com/company/hcs-group/
Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; data protection declaration: https://www.linkedin.com/legal/privacy-policy; opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Own website: https://www.xing.com/companies/hcsgroup
2. Facebook Fanpage
We operate our own fan page on Facebook at https://www.facebook.com/H-C-S-Group-1151738078177635/
The Facebook pages and technical functionality are each provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Facebook is a social network that generally allows users to communicate and interact with each other in virtual space. It serves as a platform for the exchange of opinions and experiences about personal or company-related information.
Personal data (e.g. personal information, IP address, etc.) of users are usually processed by Facebook for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and the interests of the users are stored. In addition, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).
“Insights data”: Furthermore, Facebook provides us with statistical data of different categories (so-called “Insights Data”) when our Fanpage is used, which we can access accordingly. These Page Insights are aggregated data that allow us to understand how people interact with our Page. This includes: total page views, likes, page activity, post interactions, video views, post reach, comments, content shared, replies, percentage of men and women, country and city origin, language, shop views and clicks, route planner clicks and phone number clicks.
For more information on “Insights data”, including how to exercise your rights, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data
Purpose of processing/legal basis
Our own processing of personal data on the fan page (user comments, news, page statistics) is based on our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, in order to provide information about our offer there, to make posts more attractive, to find the right time for publication, and to communicate with customers, interested parties and users active there. We have no influence on any further processing by the providers.
According to Art. 26 DSGVO, there is a joint responsibility of the fan page operator and Facebook.
For this purpose, a corresponding agreement has been reached with the fan page operators (available at: https://www.facebook.com/legal/terms/page_controller_addendum).
Facebook assumes primary responsibility under the GDPR for the processing of insights data and will fulfil all obligations under the GDPR with regard to the processing of insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
Exercise of rights
In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with Facebook. Only Facebook has access to users’ data and can directly take appropriate measures and provide information. If you still need help, please feel free to contact us.
Data protection of the provider
It is not excluded that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
You can contact Facebook’s data protection officer via the general contact form at https://www.facebook.com/help/contact/540977946302970 or, with regard to Insights data, at https://www.facebook.com/help/contact/308592359910928.
3. Linking to social media sites via graphics or text links
On our website, we also link to social media sites on the platforms listed below. The integration takes place via a linked graphic or a text link of the respective platform. The use of this linking prevents a connection from being automatically established to the respective server of the platform when a website with a social media link is called up in order to display a graphic of the respective platform itself. The user is only forwarded to the service of the respective platform by clicking on the corresponding graphic.
After the user has been forwarded, information about the user is collected by the respective provider. It cannot be ruled out that the data collected in this way is processed in the USA.
This is initially data such as IP address, date, time and page visited. If the user is logged into his or her user account of the respective platform during this time, the operator may be able to assign the collected information of the specific visit of the user to his or her personal account. If the user interacts via a “share” button of the respective platform, this information can be stored in the user’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his/her user account, he/she must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.