Data protection
Data protection information in accordance with Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR)
- Data Controller and Contact Data
- a) If you as an investor join an investment fund managed by the hep Group (this can also take place in the form of a trust agreement between you and HEP Treuhand GmbH), the data controller is the company that is named in the “Information on the processing of your personal data in accordance with Art. 13, 14 and 21 GDPR”, which is included as an annex to the membership declaration of the respective investment fund.
- b) In all other cases, the data controller responsible for processing your data is:
- c) You can contact our data protection officer as follows:
- Processed Personal Data and its Origin
- a) If you join an investment fund managed by the hep Group as an investor, we process the personal data from the membership declaration (your name, date of birth, place of birth, nationality, contact data, data from identification documents, tax and bank data, subscription amount) and the declarations and insurances made with this membership declaration. This includes, in particular, information on the development of capital accounts, information on payments, holding shareholders’ meetings and communication with the tax authorities.
- b) In all other cases (e.g., if you work as an agent for a company of the hep group) we process the personal data that we receive from you as part of our business relationship.
- Purposes of Processing and Legal Basis
- a) To fulfill pre-contractual obligations (Art. 6 para. 1 lit b) GDPR)
- b) According to legal requirements (Art. 6 para. 1 c GDPR) or when it is in the public interest (Art. 6 para. 1 lit. c of the GDPR)
- c) Within the Framework of the Balancing of Interests (Art. 6 para. 1 lit. f) GDPR)
- d) On the basis of your consent (Art. 6 para. 1 lit. a) GDPR).
- Categories of Recipients of your Personal Data
- Transfer to a Third Country or International Organization
- Duration of storage of your data
- Your Data Protection Rights
- Necessity to Provide your Personal Data
- a) If you as an investor join an investment fund managed by the hep Group, we will require your personal data so that we can examine your offer of participation in the respective investment fund in accordance with the legal regulations to be observed.
- b) In other cases, too, in establishing a business relationship – especially if this is directly related to the commercial activities of HEP Kapitalverwaltung AG – you can be obligated to provide the personal data required to verify your identity in accordance with the aforementioned provisions of the Money Laundering Act; otherwise, we would also be obligated to refrain from a business relationship or to terminate it. In all other cases, you must only provide the personal data that is necessary to prepare, implement and terminate a business relationship. Without these items of data, we will usually have to refuse the conclusion of the respective contract or we will no longer be able to execute an existing contract and may have to terminate it.
- Automated Individual Decisions Including Profile Creation
- Data Controller and Contact Data
- a) If your company joins an investment fund managed by the hep Group (this can also take place in the form of a trust agreement between your company and HEP Treuhand GmbH), the data controller is the company that is named in the “Information on the processing of your personal data in accordance with Art. 13, 14 and 21 GDPR”, which is included as an annex to the membership declaration of the respective investment fund.
- b) In all other cases, the data controller responsible for processing your data is:
- c) You can contact our data protection officer as follows:
- Processed Personal Data and its Origin
- a) If your company joins an investment fund managed by the hep Group as an investor, we process your personal data from the membership declaration (name, date of birth, place of birth, nationality, contact details, data from identification documents).
- b) In all other cases (e.g., if your company works as an agent for a company of the hep group) we process the personal data that we receive from you in your function as a representative or employee of your company.
- Purposes of Processing and Legal Basis
- a) To fulfill pre-contractual obligations (Art. 6 para. 1 lit b) GDPR)
- b) According to legal requirements (Art. 6 para. 1 c GDPR) or when it is in the public interest (Art. 6 para. 1 lit. c of the GDPR)
- c) Within the framework of the balancing of interests (Art. 6 para. 1 lit. f) GDPR)
- d) On the Basis of Your Consent (Art. 6 para. 1 lit. a) GDPR).
- Categories of Recipients of Your Personal Data
- Transfer to a Third Country or International Organization
- Duration of Storage of Your Data
- Your Data Protection Rights
- Necessity to Provide Your Personal Data
- Automated Individual Decisions Including Profile Creation
- Data Controller and Contact Data
- a) The data controller responsible for processing your data is:
- b) You can contact our data protection officer as follows:
- Collection of Personal Data When you Visit our Website
- Collection and Processing of Personal Data When Using the Contact Form and When Contacting us by Email
- Website Optimization
- f) GDPR.
- Disclosure of Personal Data to Third Parties
- Use of Social Media Plug-ins
- a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA: www.facebook.com/policy.php;
- b) Xing AG, Gänsemarkt 43, 20354 Hamburg, DEU: www.xing.com/privacy
- c) Instagram LLC represented by Kevin Systrom und Mike Krieger 1601 Willow Rd., Menlo Park CA 94025, USA:
- d) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, IRL:
- Statutory Deadlines for the Deletion of Data
- Data Security
- Links to Other Websites
- Voluntary Provision of Data
- Your Data Protection Rights
This privacy policy informs you about how within the hep group your personal data is processed when you apply for a job with us. It also describes your data protection rights, including the right to object to part of the processing that hep carries out. For more information about your rights and how to exercise them, please see section “7. Your Data Protection Rights”.
This privacy policy applies in addition to our existing general privacy policy, which provides you with specific information on how we process your personal data in the context of website visits or non-application-specific topics.
1. person responsible and contact details
a) The responsible party for processing is the hep group company named in the job description together with hep global GmbH, which handles recruiting centrally for the group.
a) hep global GmbH
Römerstr. 3
74363 Güglingen
E-mail: application@hep.global
b) You can reach our data protection officer as follows:
hep global GmbH
Data protection officer of hep global GmbH
Römerstr. 3
74363 Güglingen
E-mail: datenschutz@hep.global
2. processed personal data and their origin
As part of the selection process, we collect and process the following categories of personal data:
Contact details in your application profile (e.g. first and last name, country, e-mail, telephone number).
Information from the application form (this includes e.g. salary requirements, your motivation, information on disability (only if relevant for the advertised position).
Application documents (including, for example, CV, cover letter, career development data, qualifications and language skills).
References that you provide to us
Information from your public profile on professional social networks.
Information and details from personal job interviews.
We may also obtain the above data about you from other sources, including external business partners, such as recruitment companies. We may also receive data that you have made public on job-related social networks, such as LinkedIn, or that you submit to us through other websites, such as Indeed, or from other publicly available sources (only if the data has relevance to your professional life). The purpose is to contact you about job offers or to verify the accuracy of your information from the application documents.
3. purposes of processing and its legal basis
a) To fulfill contractual obligations (Art. 6 para. 1 lit. b) GDPR in conjunction with §26 para. I BDSG).
If your application is successful and an employment relationship is established, your data will be processed for the purpose of initiating and implementing the employment relationship.
b) For the defense of asserted legal claims Art. 6 Para. 1 b) and f) GDPR
If necessary, we process your personal data to defend asserted legal claims against us arising from the application process. The legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
c) Inclusion of public profile on professional social networks in the selection process (Art. 6 1 lit. f) in conjunction with Art. 9 para. 2 lit. e) GDPR).
When we include information from your public profile on professional social networks, we base the processing on our legitimate interest in forming part of the basis for the decision to establish an employment relationship with you.
d) Inclusion and storage of your data in the applicant pool (Art. 6 para. 1 lit. a) GDPR).
If, after an unsuccessful application, you give us your consent to include you in our applicant pool, we will store your data there in order to contact you for further vacancies in our group of companies.
4. categories of recipients of your personal data
Within the respective processing company of the hep group, access to your personal data is only granted to those persons and bodies who need it to fulfill your contractual and legal obligations or to safeguard legitimate interests. Service providers employed by us who process your data on our behalf (Art. 28 GDPR) or companies that act as (independent) “data controllers” within the meaning of Art. 4 No. 7 GDPR may also receive your data if the respective necessary requirements of the GDPR are met. These are companies active in the categories IT services and legal advice.
5. transfer to a third country
To the extent that we transfer your personal data to recipients in third countries (countries outside the European Union or the European Economic Area), one of the following safeguards for an adequate level of protection of your personal data applies:
Adequacy Decision of the EU Commission (Art. 45 GDPR);
Binding internal data protection rules (Art. 46 (2) lit. b., Art. 47 GDPR);
Standard data protection clauses of the EU Commission (Art. 46 para. 2 lit. b GDPR).
You can obtain a copy of the applicable safeguards in each case from the contact details provided in Section I.1.
Data will only be transferred to a third country if you apply for a position in the hep Group that is located outside the European Union or the European Economic Area.
6. duration of the storage of your data
We store your personal data for a period of 6 months after the decision has been made to you, except for the rump data of the application. This is necessary for the burden of proof in proceedings under the General Equal Treatment Act (AGG). The core data includes your name and email address. We store the core data exclusively in our applicant tool. The core data will be permanently deleted after 2 years. Insofar as an employment relationship is entered into, we store your data for at least 3 years after the end of the employment relationship, whereby the period ends with the calendar year.
If you have given us your consent to include you in our applicant pool, we will delete your data after a period of 2 years from the date of consent.
7. your data protection rights
Under certain conditions, if you are affected by the processing of personal data, you have the following data protection rights against us:
You have the right to receive information from us about your data stored by us according to the rules of Art. 15 GDPR (if necessary with restrictions according to § 34 BDSG).
Upon your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other statutory regulations (e.g. statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. for the defense of our rights and claims) do not prevent this.
Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the processing of your data.
Under certain circumstances, you may object to the processing of your personal data pursuant to Art. 21 GDPR.
This right may apply, among other things, if the processing of your personal data is based on the legitimate interests of the company or if decisions about you are based exclusively on automated processing, including profiling. Notwithstanding the above, you may object at any time to the processing of your personal data for direct marketing purposes.
You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transfer it to a third party.
In addition, you have the right to revoke a given consent to the processing of personal data at any time vis-à-vis us with effect for the future (Art. 7 (2) GDPR).
Your requests about the exercise of your rights should be addressed – if possible in writing – to the controller mentioned in section 1.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In the case of complaints against hep GmbH, a complaint can be addressed to the following body, among others:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
Telephone number
0711/615541-23
E-mail: pressestelle@lfdi.bwl.de
8. necessity of providing your personal data
In order for our applicant process to run smoothly and efficiently, it is necessary for you to provide the data listed above for the purpose of assessing your suitability to perform the appointed job at the hep group.
9. automated decision making including profiling.
We do not use automated decision making based on profiling without the input of a natural person.
5. transfer to a third country
To the extent that we transfer your personal data to recipients in third countries (countries outside the European Union or the European Economic Area), one of the following safeguards for an adequate level of protection of your personal data applies:
Adequacy Decision of the EU Commission (Art. 45 GDPR);
Binding internal data protection rules (Art. 46 (2) lit. b., Art. 47 GDPR);
Standard data protection clauses of the EU Commission (Art. 46 para. 2 lit. b GDPR).
You can obtain a copy of the applicable safeguards in each case from the contact details provided in Section I.1.
Data will only be transferred to a third country if you apply for a position in the hep Group that is located outside the European Union or the European Economic Area.
6. duration of the storage of your data
We store your personal data for a period of 6 months after the decision has been made to you, except for the rump data of the application. This is necessary for the burden of proof in proceedings under the General Equal Treatment Act (AGG). The core data includes your name and email address. We store the core data exclusively in our applicant tool. The core data will be permanently deleted after 2 years. Insofar as an employment relationship is entered into, we store your data for at least 3 years after the end of the employment relationship, whereby the period ends with the calendar year.
If you have given us your consent to include you in our applicant pool, we will delete your data after a period of 2 years from the date of consent.
7. your data protection rights
Under certain conditions, if you are affected by the processing of personal data, you have the following data protection rights against us:
You have the right to receive information from us about your data stored by us according to the rules of Art. 15 GDPR (if necessary with restrictions according to § 34 BDSG).
Upon your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other statutory regulations (e.g. statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. for the defense of our rights and claims) do not prevent this.
Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the processing of your data.
Under certain circumstances, you may object to the processing of your personal data pursuant to Art. 21 GDPR.
This right may apply, among other things, if the processing of your personal data is based on the legitimate interests of the company or if decisions about you are based exclusively on automated processing, including profiling. Notwithstanding the above, you may object at any time to the processing of your personal data for direct marketing purposes.
You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transfer it to a third party.
In addition, you have the right to revoke a given consent to the processing of personal data at any time vis-à-vis us with effect for the future (Art. 7 (2) GDPR).
Your requests about the exercise of your rights should be addressed – if possible in writing – to the controller mentioned in section 1.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In the case of complaints against hep GmbH, a complaint can be addressed to the following body, among others:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
Telephone number
0711/615541-23
E-mail: pressestelle@lfdi.bwl.de
8. necessity of providing your personal data
In order for our applicant process to run smoothly and efficiently, it is necessary for you to provide the data listed above for the purpose of assessing your suitability to perform the appointed job at the hep group.
9. automated decision making including profiling.
We do not use automated decision making based on profiling without the input of a natural person.