In this data protection declaration, we inform you about the personal data we process during your visit to our website and what rights you have. For the terms used, we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, your address and communication data or your e-mail address.
Processing means any operation or set of operations carried out with or without the aid of automated procedures in connection with Personal Data, such as collecting, recording, organizing, arranging, storing, adapting or modifying, reading, querying, using, disclosing by transmission, dissemination or any other form of making available, matching or linking, limiting, deleting or destroying.
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Controller or “the person responsible for the processing of data” shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
1. Name and address of the controller
We, HPC Aktiengesellschaft, are to be designated as responsible in the sense of the Data Protection Basic Regulation (DSGVO) and the Federal Data Protection Act (BDSG) as well as other data protection regulations for our website and the associated data processing. Comprehensive information about our company can be found in the imprint.
Tel. +49 621 460 84-0
Fax +49 621 460 84-400
Vertreter des Verantwortlichen ist der Vorstand Janni Wahrenburg
2. Data protection officer
You can reach our data protection officer via the following contact details:
3. Provision of the website and log files
3.1. Scope of data processing
When you visit our website, your browser also transmits certain data to our web server for technical reasons. These are the following data (so-called server log files):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Operating system and its access status / HTTP status code
- Amount of data transmitted
- Website from which the request comes (“referrer URL”)
- Browser, language and version of the browser software
- Retrieved files
This data is not stored together with other personal data of the users.
3.2. Purpose of data processing
The temporary storage of the user’s IP address by our web server is technically necessary to display the website. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session.
The above-mentioned data is stored in the log files to ensure the functionality of our website. This data is also used to optimize the website and to ensure the security of our information technology systems (e.g. to detect attacks). An evaluation of the data for marketing purposes does not take place in this context.
3.3. Legal basis of the data processing
The legal basis for the temporary storage of these data and the log files is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is to operate and ensure the security of our website.
3.4. Duration of storage
The above-mentioned data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of the data stored in the log files, this is after a maximum of seven days. Storage beyond this period is possible if this data is required for (e.g. clarification of attacks, abuse or fraud). Data whose further storage is required for evidential purposes is excluded from deletion until final clarification of the respective incident.
3.5. Possibility of objection and removal
The collection of data for the provision of the website and its storage in log files is absolutely necessary for the operation of our website for technical reasons. There is therefore no possibility of objection on the part of the user.
4. E-mail contact and contact form
4.1. Scope of data processing
You can contact us via our contact form and the provided e-mail addresses. In this case we will save the personal data of the sender transmitted with the inquiry.
4.2. Purpose of data processing
The processing of personal data serves us solely to process the contact.
4.3. Legal basis of the data processing
The legal basis for the processing of data transmitted in the course of sending a contact request is Art. 6, Paragraph 1, Letter f) of the DPA (legitimate interests of us as data controllers). If the purpose of the contact is the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO (fulfilment of a contract).
4.4. Duration of storage
The data transmitted to us will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
4.5. Possibility of objection and removal
You have the possibility to revoke your consent to the processing of your personal data at any time. In such a case the conversation cannot be continued. Please send a revocation to the following e-mail address: email@example.com. In this case, all personal data stored in the course of the contact will be deleted.
5.1. Scope of data processing
If you are interested in working for our company, you can apply online using the application form or by e-mail.
If you use the application form, we process the following data: First name, surname, e-mail address, telephone number, street, postcode, city, position for which you are applying, message text and the documents you provide as attachments. The fields marked with are mandatory fields.
If you apply to us by e-mail, we will process the data you send us.
5.2. Purpose of data processing
We process your personal data for the implementation of the application procedure and for the decision on the establishment of an employment relationship, in particular for the selection process of suitable candidates and the administrative implementation of the application procedure.
5.3. Legal basis of the data processing
The legal basis for the processing of your personal data in the application procedure is § 26 paragraph 1 BDSG.
5.4. Recipient of the data
The recipients of your personal data are the human resources department and the superiors responsible for filling vacancies.
In principle, only those persons who need access to your data for the proper conduct of the application procedure have access to your data.
We will not pass on your personal data to third parties unless you have expressly consented to the transfer of data or we are obliged to do so by law and/or official or court orders.
No data will be transferred to a third country or to an international organization.
5.5. No automated decision making
We do not use automated decision making.
5.6. Duration of storage
If your application does not lead to an employment relationship, we will delete your personal data, taking into account the AGG’s period of legal action, no later than 4 months after the end of the application procedure (e.g. notification of the rejection decision), unless you have given us your consent in accordance with Art. 6 Para. 1 lit. a) DSGVO to store your personal data for a longer period of time in order to be able to consider you for new job offers if necessary. In this case, we will ask you for separate consent in accordance with Art. 6 para. 1 lit. a) DSGVO.
If your application is successful and leads to an employment relationship with us, we will include your application documents in our personnel administration system and in your personnel file as far as necessary on the basis of Art. 6 para. 1 lit. b) DSGVO and § 26 para. 1 BDSG for the purpose of carrying out the employment relationship. In this case, your application documents are only deleted when your employment relationship is terminated and a further three years have elapsed since the end of the year.
5.7. Possibility of opposition and removal
You can have the personal data you have provided us with renewed or deleted at any time on request. To do so, please send an e-mail to HR-Recruiting@hpc.de.
This does not apply if you have applied for a specific position with us in an ongoing application procedure. In this case, we will store the information you have provided for this position until the legal action periods (in particular § 15 AGG) have expired.
6.2. Purpose of data processing
We use third-party cookies for the statistical analysis of our website, e.g. to find out how and when visitors use our website or to provide them with route planning functions.
6.4. Duration of storage
We use transient and persistent cookies. Transient cookies include so-called session cookies, which are automatically deleted when you close your browser. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
6.5. Possibility of objection and removal
To delete cookies, select “Tools > Internet Options > General > Browsing history > Delete” in Microsoft Internet Explorer. You can define the general handling of cookies under “Tools > Internet Options > Privacy > Advanced Settings”.
In Firefox, select “Settings > Privacy and Security > Cookies and Website Data”.
In Google Chrome, select Settings > Advanced > Privacy and Security > Website Settings > Cookies and Website Data.
If you are using a different web browser, please refer to your browser’s help section for instructions on how to prevent and delete cookies.
Please note that if cookies are deactivated, you may not be able to use all functions of our website.
7. Web analytics service Google Analytics
7.1. Scope of data processing
We have set Google Analytics so that your IP address is not stored completely, but the last octet of the IP address is masked (IP anonymization). This means that it is no longer possible to assign the shortened IP address to your end device. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
Google has subjected itself to the Privacy-Shield-Agreement between the European Union and the USA and is certified. As a result, Google undertakes to comply with the standards and regulations of European data protection law. You can find further information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
7.2. Purpose of the data processing
The processing of the user’s personal data (website visitors) with the help of Google Analytics enables us to analyze the surfing behaviour of our users. By evaluating the data obtained, we can compile the use of the individual components of our website. This helps us to improve our website and its usability.
7.3. Legal basis of the data processing
The legal basis for the processing of personal data is Art. 6 para. 1 lit. a) DSGVO (consent).
7.4. Duration of storage
The data stored by tracking is deleted as soon as it is no longer needed for our recording purposes. In our case this is after twelve months.
You can also use a browser add-on to deactivate Google Analytics Java scripts (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your data on our website. If you wish to deactivate Google Analytics, you can download and install the deactivation add-on at https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on or within browsers on mobile devices, please click the link below this paragraph to prevent Google Analytics from collecting data within this website in the future (the opt out only works in the browser and only for this domain). An opt-out cookie will be placed on your device. If you delete your cookies in this browser, you must click this link again. Deactivate Google
8. Sales viewer
8.1. Scope of data processing
Instead, the visiting company is identified by comparison with generally accessible information. For this purpose, the online identification of the website visitor is encrypted via a one-way function (so-called hashing) that can no longer be retroactively calculated and, after a pre-selection via which private accesses are filtered out, is pseudonymized and transmitted to SalesViewer®. These online identifiers are compared by SalesViewer® with a database limited to company-related data. As far as company-related accesses can be identified within the scope of this procedure, corresponding company-related data about the website visit are made available to us on an Internet platform of SalesViewer®, on which it is furthermore possible to research further generally accessible data (e.g. address and contact data) about the companies visiting the website.
8.3. Legal basis of the data processing
The legal basis for the processing of personal data is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the above-mentioned purposes of data processing.
8.4. Duration of storage
The data stored within the framework of Salesviewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any legal storage obligations.
8.5. Possibility of objection and removal
You can object to the collection and storage of data at any time with effect for the future by clicking this link here to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website will be placed on your device. Please note: If you delete your cookies in your browser, you have to click this link again.
9. Adobe typekit
9.1. Scope of data processing
9.2. Purpose of data processing
We use Adobe Typekit to design our website according to your needs.
9.3. Legal basis of the data processing
In the above-mentioned purposes of data processing, our interest lies in the data processing according to Arat. 6 para. 1 lit. f) DSGVO (legitimate interests of us as the responsible party).
10. Google reCAPTCHA
10.1. Scope of data processing
We use the reCAPTCHA function of the provider Google, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which protects our contact form from SPAM software and abuse by non-human visitors.
This function includes sending the IP address and any other data required by Google for the service to Google.
10.2. Purpose of data processing
We use this service to ensure sufficient data security when transmitting the entries in the contact form and to be able to distinguish whether an entry is made by a natural person or abusively by machine and automated processing.
10.3. Legal basis of the data processing
The legal basis for the processing of personal data is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is to avoid abuse and spam.
10.4. Further information on data processing
In the course of using Google reCAPTCHA, personal data may be transferred to the servers of Google LLC. in the USA. For this the deviating data protection regulations of Google apply
For more information on how Google handles your data, please visit https://policies.google.com/privacy.
Google is committed to complying with the EU-U.S. Privacy Shield Agreement, published by the U.S. Department of Commerce, regarding the collection, use and retention of personal data from EU member states. Google, including Google Inc. and its wholly owned subsidiaries in the United States, has certified that it is in compliance with the relevant privacy and security principles. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
11.1. Scope of data processing
You have the opportunity to subscribe to a free newsletter on our website, which will inform you about news on SAP topics and events at irregular intervals.
To subscribe to the newsletter, we collect your e-mail address. Optionally, you can enter your gender, title, first name, last name, company and telephone number for a personal address.
We use a double opt-in procedure to register for the newsletter. After registering for the newsletter, you will receive an e-mail in which you must confirm your registration. We use this procedure so that nobody can register with a foreign e-mail address. We log the registrations for the newsletter in order to be able to prove the registration process according to the legal requirements.
This includes date, time and IP address at the time of registration.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. The data will be used exclusively for sending the newsletter.
11.3. Legal basis of the data processing
The legal basis for the processing of the data after registration for the newsletter by the user is his consent in accordance with Art. 6 Paragraph 1 letter a) DS-GVO.
11.4. Recipient of the data processing
Your personal data, which we receive from you as part of the newsletter registration, is processed by our marketing department.
For the dispatch of the newsletter we use the service provider Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, within the scope of an order processing according to data protection law according to article 28 DS-GVO. The data processing takes place in Germany. You can view the data protection regulations of our mail order service provider here: https://www.newsletter2go.de/datenschutz/
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The user’s e-mail address is therefore stored as long as the subscription to the newsletter is active.
11.5. Possibility of objection and removal
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. For this purpose, each newsletter contains a link to cancel the newsletter. Alternatively, you can also simply contact us by e-mail at firstname.lastname@example.org.
12. Google Maps
12.1. Scope of data processing
We integrate the maps of the Google Maps service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for the display of interactive (land) maps in order to visualize geographical information. In order to provide the map material, Google processes technically necessary data for this purpose.
12.2. Purpose of data processing
By using this service, our locations will be displayed and a possible journey to us will be made easier.
12.4. Recipient of the data processing
When calling up the sub-pages of our website, in which Google Maps are integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account.
12.5. Possibility of objection and removal
If you do not want the assignment with your profile on Google, you have to log out before activating the button. Google saves your data (even for users who are not logged in) as user profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 Para. 1 lit.f DSGVO on the basis of Google’s legitimate interest in the display of personalised advertising, market research and/or needs-based design of its website. You have a right of objection to the creation of these user profiles, whereby you must contact Google in order to exercise this right.
Google is responsible for further data processing. For more information on how Google handles your data, please visit https://policies.google.com/privacy and https://www.google.com/intl/de_US/help/terms_maps/.
Google is committed to complying with the EU-US Privacy Shield Agreement published by the U.S. Department of Commerce regarding the collection, use and retention of personal data from EU member states. Google, including Google Inc. and its wholly owned subsidiaries in the U.S., has declared by certification that it complies with the relevant privacy shield principles. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
13. Social media appearances
Our website contains buttons with hyperlinks to the social network XING and the employer assessment platform kununu, where we maintain publicly accessible profiles. You can recognize the respective providers by their logo. We use these presences to communicate with users and inform them about our offers and professional opportunities.
When you visit our site, no personal data is initially transmitted to these social media platforms. Only when you click on the respective button will data be transferred to them. In this case, the respective provider receives the information that you have called up the corresponding website of our online offer (e.g. date, time, IP address, website called up).
If you are logged in with the social media provider, your data collected by us may be directly assigned to your existing account with the provider. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can then avoid being assigned to your profile with the plug-in provider.
It is possible that the provider of the respective services or content may process your data for further, own purposes. However, since we have no influence on the data collected by third parties and the processing of such data by them, we cannot provide any binding information on the purpose and scope of the processing of your data. Further information about the purpose and scope of the collection and processing of your data can therefore be found in the data protection information of the respective providers responsible for data protection. Here you will also find further information on the processing of data and the possibility to object. For a detailed presentation of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the providers.
14. Data security
We take technical and organizational measures to ensure the security of data processing in accordance with the state of the art. In this way we ensure that the provisions of the data protection laws, in particular the basic data protection regulation, are observed and that the data processed by us is protected against destruction, loss, alteration and unauthorized access. These security measures also include the encrypted transmission of data between your browser and our web server. Please note that SSL/TLS encryption is only activated for transmissions carried out via the Internet if the key symbol appears in the lower menu bar of your browser window and the address begins with https://. SSL/TLS uses encryption technology to protect data transmission from illegal data access by third parties. If this option is not available, you can also choose not to send certain data over the Internet.
All information that you transmit to us is processed on our servers in the Federal Republic of Germany.
15. Transfer of data to third parties and third party providers
Data will only be passed on to third parties within the framework of the legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Art. 6 Para. 1 lit. b) DS-GVO for contractual purposes or on the basis of justified interests in accordance with Art. 6 Para. 1 lit. f) DS-GVO in the economic and effective operation of our business operations.
Within the framework of an order processing under data protection law in accordance with Art. 28 DS-GVO, we use service providers for the operation and maintenance of our website and information technology systems who may, if necessary, become aware of your personal data in connection with the maintenance and servicing of the IT systems. We have therefore taken appropriate legal, technical and organizational measures with the service providers to ensure the protection of personal data in accordance with the relevant legal provisions. Your personal data will not be transferred to a third country or to an international organization.
16. Your rights
If we process personal data from you, you are a data subject within the meaning of the Basic Data Protection Regulation (DS-GVO) and you have the following rights with regard to the personal data concerning you:
- Right to information (Art. 15 DS-GVO)
- Right of rectification (Article 16 DPA)
- Right of cancellation (Art. 17 DS-GVO)
- Right to restrict processing (Art. 18 DPA),
- Right to data transferability (Art. 20 DS-GVO)
- Right to object to processing (Article 21 DPA)
Furthermore, you have the right to complain to a data protection supervisory authority (Art. 77 DS-GVO). An overview of the German supervisory authorities can be found at https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html.
is the regulatory agency responsible for us:
The state commissioner for data protection and freedom of information
Website with further contact details:
Status of the data protection declaration: 22 January 2020