Data protection

Data protection information in accordance with Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR)

The information listed below gives you an overview of how your personal data is processed by the companies of the hep Group and of your rights under data protection law. Our data protection information is divided as follows:
The data protection notices listed in this Part I apply in all cases in which you are in contact with us exclusively as a natural person (e.g., as an investor to invest only your own assets) and not as a representative or employee of a legal entity.   The specific determination of which of your personal data is processed in each individual case and how it is used for what purpose depends on the manner in which contact was established between you and us and the connection (e.g., a contract) between you and our companies.   If you as an investor join or have joined an investment fund managed by the hep Group (this can also be done in the form of a trust agreement between you and HEP Treuhand GmbH), the data protection information that is attached to your membership declaration, with regard to the specifically named companies of the hep Group and the service providers, takes precedence over the information listed below; in this event, the following explanations are only to be used as a supplement.  
  1. Data Controller and Contact Data
 
  1. a) If you as an investor join an investment fund managed by the hep Group (this can also take place in the form of a trust agreement between you and HEP Treuhand GmbH), the data controller is the company that is named in the “Information on the processing of your personal data in accordance with Art. 13, 14 and 21 GDPR”, which is included as an annex to the membership declaration of the respective investment fund.
 
  1. b) In all other cases, the data controller responsible for processing your data is:
  hep global GmbH Römerstr. 3 74363 Güglingen Phone: 07135 93446 – 616 Email: info@hep.global  
  1. c) You can contact our data protection officer as follows:
  hep global GmbH Datenschutzbeauftragter der hep global GmbH Römerstr. 3   74363 Güglingen Email: datenschutz@hep.global  
  1. Processed Personal Data and its Origin
 
  1. a) If you join an investment fund managed by the hep Group as an investor, we process the personal data from the membership declaration (your name, date of birth, place of birth, nationality, contact data, data from identification documents, tax and bank data, subscription amount) and the declarations and insurances made with this membership declaration. This includes, in particular, information on the development of capital accounts, information on payments, holding shareholders’ meetings and communication with the tax authorities.
  Insofar as we do not collect this data directly from you, we process personal data that we have legitimately received either from companies of the hep group, such as HEP Vertrieb GmbH, or from agents or sales partners, or from publicly accessible sources such as land registers and commercial registers, press and other media as well as debtor registers and that we are permitted to process.  
  1. b) In all other cases (e.g., if you work as an agent for a company of the hep group) we process the personal data that we receive from you as part of our business relationship.
In addition, we process personal data that we have legitimately received from third parties (e.g., to fulfil contracts or based on your consent). On the other hand, we process personal data that we are allowed to collect and process from publicly accessible sources (e.g., land registers, commercial registers, association registers, the press, media).   The type and scope of this data depends on the respective business relationship between you and us; typically, this can be: your name, your address and other contact details, such as telephone number and email address, tax and bank data as well as legitimation and authentication data (ID data and signature samples).  
  1. Purposes of Processing and Legal Basis
 
  1. a) To fulfill pre-contractual obligations (Art. 6 para. 1 lit b) GDPR)
  If you join an investment fund managed by the hep Group as an investor, your personal data will be processed in particular to prepare, manage and support your investment in this investment fund and for the purpose of billing the sales partner and informing them in accordance with the contractual provisions regarding your participation. In other cases, too, your personal data is processed to carry out the respective contract concluded with you or to carry out pre-contractual measures.  
  1. b) According to legal requirements (Art. 6 para. 1 c GDPR) or when it is in the public interest (Art. 6 para. 1 lit. c of the GDPR)
  In addition, we process your personal data to fulfil our statutory or supervisory obligations, such as those resulting for us from the Money Laundering Act (GwG), the Capital Investment Code (KAGB) or the tax laws. The purposes of processing include, inter alia, identity checks, residency checks, preventing fraud and money laundering, fulfilling tax control and reporting obligations as well as assessing and managing risks in our company.  
  1. c) Within the Framework of the Balancing of Interests (Art. 6 para. 1 lit. f) GDPR)
  In addition, your personal data is processed in individual cases to safeguard our legitimate interests or the legitimate interests of a third party.   This applies in particular:   to obtain information about your economic performance (such as credit and default risks), to combat money laundering, terrorist financing and criminal offenses that endanger assets, to assert, exercise or defend legal claims, to fulfil regulatory requirements, for example the Federal Financial Supervisory Authority (BaFin), the Deutsche Bundesbank or the European Central Bank (ECB), to ensure IT security and our IT operations, to control our business operations and further develop services and products, to develop and implement advertising measures for market and opinion research, provided you have not objected to the processing for these purposes.
  1. d) On the basis of your consent (Art. 6 para. 1 lit. a) GDPR).
  Insofar as you have consented to the processing of personal data for specific purposes in individual cases, this consent forms the legal basis for the processing based on it. You can withdraw your consent at any time. This also applies to withdrawing consent – such as any Schufa consent – were given to us before May 25, 2018. Please note that a withdrawal only takes effect in the future and does not affect the legality of any processing carried out before the withdrawal.  
  1. Categories of Recipients of your Personal Data
  Access to your personal data is only given to those persons and offices within the respective processing company of the hep group who need it to fulfil their contractual and legal obligations or to safeguard legitimate interests. Service providers used by us who process your data on our behalf (Art. 28 GDPR) or companies that operate as (self-employed) “controllers” within the meaning of Art. 4 No. 7 GDPR, can receive your data if the necessary requirements of the GDPR are fulfilled. These are companies in particular in the categories of IT services, logistics, telecommunications, sales and marketing, legal and tax advice and debt collection.   It can also be passed on to public bodies such as the Federal Financial Supervisory Authority, the Deutsche Bundesbank or the European Central Bank, as well as to tax offices, insofar as we are obligated to do so by law or by supervisory law.   If you are an investor in an investment fund managed by the hep Group, the data processing for the aforementioned purposes also includes the transmission of the data, in particular to HEP Vertrieb GmbH and the investment fund’s respective depositary, to the Federal Central Tax Office and – if you have instructed us accordingly – to a tax advisor appointed by you.   In addition, other investors may also receive part of your personal data, provided that they claim information about their co-shareholders or co-distributors.  
  1. Transfer to a Third Country or International Organization
  As a rule, we will not pass on your personal data to recipients in third countries (countries outside the European Union or the European Economic Area) or to international organizations. Something else only applies to the extent that:   it is necessary to carry out your participation as an investor in our investment funds, it is required by law (e.g., due to tax reporting obligations) or you have consented to the disclosure. We will inform you separately about the details of such a transfer, as far as legally required.  
  1. Duration of storage of your data
  If necessary, your personal data will be stored for the period of our business relationship (typically a contractual relationship). The duration of the storage also includes the initiation and processing of such a business relationship. In addition, we are subject to various retention and documentation obligations, which result from the Commercial Code (HGB), the Tax Code (AO) and the Money Laundering Act (GwG). The periods for storage and documentation specified there are between two and ten years after the end of the business relationship.   Finally, the retention period is also assessed according to the statutory limitation periods, which, for example, according to Art. 195 et seq. of the German Civil Code (BGB) may, as a rule, be three years, but in certain cases also up to thirty years.   After the aforementioned deadlines have expired, your personal data will be regularly deleted, unless the – in turn limited – further processing of this data is necessary in order to safeguard our interests or the legitimate interests of a third party, as exemplified in Clause 3©. Such a legitimate interest can also exist, for example, if deletion is only possible with disproportionate effort due to the special type of storage and at the same time processing for purposes other than those mentioned is excluded by suitable technical and organizational measures.  
  1. Your Data Protection Rights
  Under certain conditions, if you are affected by the processing of personal data, you have the following data protection rights:   You have the right to receive from us information about your data stored by us according to the provisions of Art. 15 GDPR (possibly with restrictions according to Section 34 BDSG [Federal Data Protection Act]). At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect. If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g., statutory retention requirements or the restrictions according to Section 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not oppose this. Taking into account the requirements of Art. 18 GDPR, you can ask us to restrict the processing of your data. You can also object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop processing your data. However, this right of objection only applies in the event of very special circumstances regarding your personal situation, whereby our company’s rights may conflict with your right of objection. You also have the right, subject to the requirements of Art. 20 GDPR, to receive your data in a structured, common and machine-readable format or to transmit it to a third party. In addition, you have the right to withdraw your consent to the processing of personal data at any time with future effect. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to us first. If possible, your requests to exercise your rights should be addressed in writing to the data controller named in Clause 1.
  1. Necessity to Provide your Personal Data
 
  1. a) If you as an investor join an investment fund managed by the hep Group, we will require your personal data so that we can examine your offer of participation in the respective investment fund in accordance with the legal regulations to be observed.
According to money laundering regulations, we are obligated to identify you, for example using your identity card, and to collect and record your name, place of birth, date of birth, nationality and home address. In accordance with Section 8 para. 2 in conjunction with Section 12 para. 1 GwG, we are also obligated to record the type, number and issuing authority of the document submitted to verify identity. For us to be able to meet these legal obligations, according to Section 11 para. 6 GwG you must provide the necessary information and documents and also notify us immediately of any changes that arise after accepting your offer to manage your participation. If you do not provide your information, we cannot review and accept your offer for participation and, in the event of acceptance, we cannot manage your participation in accordance with the contractual provisions agreed between us. Furthermore, we would not be able to fulfil our legal obligations to combat money laundering without your details to verify your identity or to change this information. We would therefore be legally obligated to refrain from a business relationship with you or to terminate an existing business relationship, see Section 10 para. 9 GwG.  
  1. b) In other cases, too, in establishing a business relationship – especially if this is directly related to the commercial activities of HEP Kapitalverwaltung AG – you can be obligated to provide the personal data required to verify your identity in accordance with the aforementioned provisions of the Money Laundering Act; otherwise, we would also be obligated to refrain from a business relationship or to terminate it. In all other cases, you must only provide the personal data that is necessary to prepare, implement and terminate a business relationship. Without these items of data, we will usually have to refuse the conclusion of the respective contract or we will no longer be able to execute an existing contract and may have to terminate it.
 
  1. Automated Individual Decisions Including Profile Creation
  We may process your data with the aim of evaluating certain personal aspects (“profiling”). Profiling can be used, in particular, due to regulatory requirements. We are obligated to combat money laundering, the financing of terrorism and criminal offences that endanger assets. We may also use profiling for these measures, which also serve to protect you.   We also use profiling to provide you with targeted information and advice about our products. No special categories of personal data according to Art. 9 GDPR are processed.   Furthermore, we do not use purely automated decision-making in accordance with Art. 22 GDPR. Should we use these procedures in individual cases, however, we will inform you separately, insofar as this is required by law.   Information on the Right to Object to the Processing of Your Data at any Time   You have the right at any time to object to our processing of your personal data for the purpose of direct mail (sending advertising material in whatever form). If you object, your personal data will no longer be processed for advertising purposes. Please address your objection to:   hep global GmbH Römerstr. 3 74363 Güglingen Phone: 07135 93446 – 616 E‑Mail: info@hep.global or datenschutz@hep.global   Moreover, you have the right at any time, for personal reasons, to object to the processing of your data that is necessary to safeguard our legitimate interests. Please send your objection and its justification to:   hep global GmbH Römerstr. 3 74363 Güglingen Phone: 07135 93446 – 616 E‑Mail: info@hep.global or datenschutz@hep.global   Based on the justification you provide, we will review immediately, at the latest within one month after receipt of your objection, whether we are obligated to delete your data or whether further processing of your data is required to safeguard overriding legitimate interests or to assert, exercise or defend legal claims. We will inform you of the result of our review in writing or in text form.
The data protection notices listed in this Part II apply in all cases in which you are in contact with us as the owner, representative or appropriately authorized employee of a legal entity (hereinafter “your company”) and do act not for yourself, but for or on behalf of your company.   The specific determination of which of your personal data is processed in each individual case and how it is used for what purpose depends on the manner in which contact was established and the connection (e.g. a contract) between you and our companies.   If your company joins or has joined an investment fund managed by the hep Group (this can also be done in the form of a trust agreement between your company and HEP Treuhand GmbH), the data protection information that is attached to your membership declaration, with regard to the specifically named companies of the hep Group and the service providers, takes precedence over the information listed below; in this event, the following explanations are only to be used as a supplement.  
  1. Data Controller and Contact Data
 
  1. a) If your company joins an investment fund managed by the hep Group (this can also take place in the form of a trust agreement between your company and HEP Treuhand GmbH), the data controller is the company that is named in the “Information on the processing of your personal data in accordance with Art. 13, 14 and 21 GDPR”, which is included as an annex to the membership declaration of the respective investment fund.
 
  1. b) In all other cases, the data controller responsible for processing your data is:
  hep global GmbH Römerstr. 3 74363 Güglingen Phone: 07135 93446 – 616 E Mail: info@hep.global  
  1. c) You can contact our data protection officer as follows:
  hep global GmbH Datenschutzbeauftragter der hep global GmbH Römerstr. 3   74363 Güglingen Email: datenschutz@hep.global  
  1. Processed Personal Data and its Origin
 
  1. a) If your company joins an investment fund managed by the hep Group as an investor, we process your personal data from the membership declaration (name, date of birth, place of birth, nationality, contact details, data from identification documents).
  Insofar as we do not collect this data directly from you, we process personal data that we have legitimately received either from companies of the hep group, such as HEP Vertrieb GmbH, or from agents or sales partners, or from publicly accessible sources such as land registers and commercial registers, press and other media as well as debtor registers and that we are permitted to process.  
  1. b) In all other cases (e.g., if your company works as an agent for a company of the hep group) we process the personal data that we receive from you in your function as a representative or employee of your company.
  Moreover, we process personal data that we are allowed to collect and process from publicly accessible sources (e.g., land registers, commercial registers, association registers, the press, media).   The type and scope of this data depends on the respective business relationship between your company and us; typically, this can be: your name, your address and other contact details, such as Telephone number and email address for your company as well as legitimation and authentication data (ID data and signature samples).  
  1. Purposes of Processing and Legal Basis
 
  1. a) To fulfill pre-contractual obligations (Art. 6 para. 1 lit b) GDPR)
  Your personal data will be processed, in particular, to prepare, manage and support business relationship between your company and us and is primarily used to communicate with your company.  
  1. b) According to legal requirements (Art. 6 para. 1 c GDPR) or when it is in the public interest (Art. 6 para. 1 lit. c of the GDPR)
  In addition, we process your personal data to fulfil our statutory or supervisory obligations, such as those resulting for us from the Money Laundering Act (GwG), the Capital Investment Code (KAGB) or the tax laws. The purposes of processing include, inter alia, identity checks, residency checks, preventing fraud and money laundering, fulfilling tax control and reporting obligations as well as assessing and managing risks in our company.  
  1. c) Within the framework of the balancing of interests (Art. 6 para. 1 lit. f) GDPR)
  In addition, your personal data is processed in individual cases to safeguard our legitimate interests or the legitimate interests of a third party. This applies, in particular,   to assert, exercise or defend legal claims, to fulfil regulatory requirements, for example the Federal Financial Supervisory Authority (BaFin), the Deutsche Bundesbank or the European Central Bank (ECB), to ensure IT security and our IT operations.
  1. d) On the Basis of Your Consent (Art. 6 para. 1 lit. a) GDPR).
  Insofar as you have consented to the processing of personal data for specific purposes in individual cases, this consent forms the legal basis for the processing based on it. You can withdraw your consent at any time. This also applies to the withdrawal of consent given to us before 25 May 2018. Please note that a withdrawal only takes effect in the future and does not affect the legality of any processing carried out before the withdrawal.  
  1. Categories of Recipients of Your Personal Data
  Access to your personal data is only given to those persons and offices within the respective processing company of the hep group who need it to fulfil their contractual and legal obligations or to safeguard legitimate interests. Service providers used by us who process your data on our behalf (Art. 28 GDPR) or companies that operate as (self-employed) “controllers” within the meaning of Art. 4 No. 7 GDPR, can receive your data if the necessary requirement of the GDPR is fulfilled. These are companies, in particular, in the categories of IT services, logistics, telecommunications, sales and marketing, legal and tax advice.   It can also be passed on to public bodies such as the Federal Financial Supervisory Authority, the Deutsche Bundesbank or the European Central Bank, as well as to tax offices, insofar as we are obligated to do so by law or by supervisory law.   If your company is an investor in an investment fund managed by the hep Group, the data processing for the aforementioned purposes also includes the transmission of the data to HEP Vertrieb GmbH and the investment fund’s respective depositary.  
  1. Transfer to a Third Country or International Organization
  In principle, we will not pass on your personal data to recipients in third countries (countries outside the European Union or the European Economic Area) or to international organizations. Something else only applies to the extent that:   it is necessary for your company’s participation in our investment funds, it is required by law (e.g., due to tax reporting obligations) or you have consented to the disclosure. We will inform you separately about the details of such a transfer, as far as legally required.  
  1. Duration of Storage of Your Data
  If necessary, your personal data will be stored for the period of our business relationship (typically a contractual relationship). The aforementioned duration of the storage also includes the initiation and processing of such a business relationship.   In addition, we are subject to various retention and documentation obligations, which result from the Commercial Code (HGB), the Tax Code (AO) and the Money Laundering Act (GwG). The periods for storage and documentation specified there are between two and ten years after the end of the business relationship.   After the aforementioned deadlines have expired, your personal data will be regularly deleted, unless the – in turn limited – further processing of this data is necessary in order to safeguard our interests or the legitimate interests of a third party, as exemplified in Clause 3©. Such a legitimate interest can also exist, for example, if deletion is only possible with disproportionate effort due to the special type of storage and at the same time processing for purposes other than those mentioned is excluded by suitable technical and organizational measures.  
  1. Your Data Protection Rights
  Under certain conditions, if you are affected by the processing of personal data, you have the following data protection rights:   You have the right to receive from us information about your data stored by us according to the provisions of Art. 15 GDPR (possibly with restrictions according to Section 34 BDSG [Federal Data Protection Act]). At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect. If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g., statutory retention requirements or the restrictions according to Section 35 BDSG) or an overriding interest on our part (e.g., to defend our rights and claims) do not oppose this. Taking into account the requirements of Art. 18 GDPR, you can ask us to restrict the processing of your data. You can also object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop processing your data. However, this right of objection only applies in the event of very special circumstances regarding your personal situation, whereby our company’s rights may conflict with your right of objection. You also have the right, subject to the requirements of Art. 20 GDPR, to receive your data in a structured, common and machine-readable format or to transmit it to a third party. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to us first. If possible, your requests to exercise your rights should be addressed in writing to the data controller named in Clause 1.
  1. Necessity to Provide Your Personal Data
  In the context of our business relationship with your company, you must provide us with the personal data that is required to record the representation/authorization and the fulfilment of the related contractual obligations or that we are legally obligated to collect. Without this data, we usually have to reject you as an representative/authorized signatory or we have to revoke an existing representation/authorization.   In particular, according to money laundering regulations, we are obligated to identify you, for example using your identity card, before setting up the representation representation/authorization and to collect and record your name, place of birth, date of birth, nationality and home address. In accordance with Section 8 para. 2 in conjunction with Section 12 para. 1 GwG, we are also obligated to record the type, number and issuing authority of the document submitted to verify identity. For us to be able to meet these legal obligations, according to Section 11 para. 6 GwG, the contractual partner must provide the information and documents necessary for clarification and immediately notify any changes that arise in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not set up or continue the business relationship desired by the respective company.   Your personal data can also be processed in accordance with money laundering regulations insofar as you are to be regarded as the “beneficial owner” (Section 3 Money Laundering Act) of your company. If you do not provide us with the information and documents required in this context, we may not commence the business relationship with your company or we would have to terminate it.  
  1. Automated Individual Decisions Including Profile Creation
  When processing your personal data as the owner, representative/authorized signatory or another employee of your company, neither “profiling” nor a purely automated decision-making process in accordance with Art. 22 GDPR takes place.   Information on the Right to Object to the Processing of Your Data at any Time   You have the right at any time, for personal reasons, to object to the processing of your data that is necessary to safeguard our legitimate interests. Please send your objection and its justification to:   hep global GmbH Römerstr. 3 74363 Güglingen Phone: 07135 93446 – 616 EMail: info@hep.global or datenschutz@hep.global   Based on the justification you provide, we will review immediately, at the latest within one month after receipt of your objection, whether we are obligated to delete your data or whether further processing of your data is required to safeguard overriding legitimate interests or to assert, exercise or defend legal claims. We will inform you of the result of our review in writing or in text form.
The data protection information listed in this Part III will inform you about the type and scope of the processing of personal data when you visit our website. Personal data within the meaning of the General Data Protection Regulation (GDPR) means any information relating to a person and with the help of which this person can be identified, such as the name or email address of the data subject.   Processing within the meaning of the GDPR means any action that is carried out in relation to personal data, such as the collection, storage, transmission or deletion of personal data.   In the following, we explain which data is processed and with whom it is shared when you visit our website and when you use our online offering. You will also find information on your rights as a data subject.  
  1. Data Controller and Contact Data
   
  1. a) The data controller responsible for processing your data is:
  hep global GmbH Römerstr. 3 74363 Güglingen Phone: 07135 93446 – 616 Email: info@hep.global  
  1. b) You can contact our data protection officer as follows:
  hep global GmbH Datenschutzbeauftragter der hep global GmbH Römerstr. 3 74363 Güglingen Email: datenschutz@hep.global  
  1. Collection of Personal Data When you Visit our Website
  When you visit our website, we collect data that your browser transmits to our server (“log files”). These log files, which are temporarily stored in our server’s log files, are technically necessary both for you to access our website and for our legitimate interest in showing you our website as well as to ensure its stability and security. The following information is recorded without your intervention and stored until it is automatically deleted:   the IP address of your internet-capable computer, the date and time of request, the name and URL of the file retrieved, the website/application from which access is made, the request status/HTTP status code, the amount of data transmitted, the browser you are using and, if applicable, the operating system of your internet-capable computer, the language and version of your browser software, The legal basis for processing is your consent under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest arises from the purposes of data collection listed below.   ensuring a smooth connection to the website, ensuring convenient use of our website, evaluating system security and stability. The data is stored for a period of 60 days and then automatically deleted. Collection of data required to make the website available and storage of the data in log files is essential for the operation of the website. Consequently, you have no option to object to its collection.  
  1. Collection and Processing of Personal Data When Using the Contact Form and When Contacting us by Email
  To make our online offering available to you, we use web or contact forms on our website.   Our homepage has a form for you to contact us. The data entered here in the mask will be transmitted to us when the message is sent and will then be saved. The connection is SSL-encrypted.   We ask for your name, your email address and your request in an input mask. Optionally, you can give us further information about e.g., your address or phone, but this is not absolutely necessary for contact.   In addition, the time of sending is also saved.   You can only complete the process if you give us your consent to process the contact information you have provided.   Alternatively, you can contact us via the email address provided. In this case, your personal data that you transmitted along with the email will be stored.   When you contact us, we will process the data you provide us exclusively for the purpose of processing your contact. No data will be disclosed to third parties in the context of this data processing.   The legal basis for processing in the event that our contact form is used is Art. 6 para. 1 lit. a) GDPR.   If you send us an email, the legal basis for processing is Art. 6 para. 1 lit. f) GDPR.   Insofar as contact is established for the purposes of potentially concluding a contract, an additional legal basis is Art. 6 para. 1 lit. b) GDPR.   We delete the data arising in this context when it is no longer required to achieve the purpose. For the personal data from the contact form input screen and the data you sent by email, this is the case when the respective conversation with the user has been completed. The conversation is terminated when the circumstances indicate that the matter in question has been finally resolved.   You have the option to withdraw your consent to data processing at any time. If you have contacted us by email, you can object to the storage of your personal data. You can send your withdrawal or objection to the contact address given above.   Please note that in such a case the conversation cannot be continued and must be ended. We then delete the data transmitted and stored in the course of making contact.  
  1. Website Optimization
  4.1 Cookies   To make your visit to our website more pleasant, and to enable you to use certain functions, we use “cookies”. These are small text files that are stored on your hard drive and assigned to the browser you are using and through which we, as the entity setting the cookie, receive certain information. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier.   Cookies do not cause any damage to your computer and cannot run programs or deliver viruses to your computer. We use cookies to make our website more user-friendly and effective for you as a whole.   We use cookies that are deleted when the browser is closed (transient cookies) and cookies that are stored on your computer for a certain period, which can differ depending on the cookie (persistent cookies).   The transient cookies include, in particular, session cookies that save what is known as a session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser. You can delete persistent cookies at any time in the security settings of your browser.   This use of cookies is intended to help you in handling our website (functional cookies) and to enable us to statistically analyze access to our website (performance cookies). The data originating from our website is recorded by a service provider commissioned by us, however, hep global GmbH exclusively determines the use of the data. The data we collect includes:   the internet protocol address from which you access the internet, the day and time, the files or search terms searched for, the browser you are using, the operating system, your internet-capable computer used. To meet our data protection standard, your internet protocol address is always processed anonymously via cookies in 1‑byte.   We use this information to record the number of visitors to the various areas of our website, measure system performance and identify problem areas.   We use this information to make our website more comprehensive and to increase your benefit. This information is not linked to personal data.   Insofar as we use cookies that are absolutely necessary for the provision of our website, the legal basis for the processing of personal data using these cookies is Art. 6 para. 1 lit.  
  1. f) GDPR.
  Processing of personal data by functional and/or performance cookies only takes place if you have given us your consent. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. You may withdraw your consent at any time without giving reasons under the following link by adjusting the permitted functionalities. Cookies are stored on your end device and you have full control over their use. You can deactivate or restrict the transmission of cookies by changing the settings of your internet browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, you may no longer be able to use all functions of the websites to their full extent.   4.2 Web Analysis with Matomo   We use “Matomo” (formerly “Piwik”) on our website – an open-source tool for web analysis. With Matomo, no data is transmitted to servers that are beyond our control. Matomo is generally deactivated when you visit our website. Your usage behavior will only be recorded anonymously if you actively consent.   Among other things, Matomo uses the cookies listed above and similar technologies such as device fingerprinting. On computers with internet access (devices), device fingerprinting is used to read stored information (e.g. installed fonts, resolution, plugins, MAC or IP addresses). We collectively refer to cookies and similar technologies such as device fingerprinting to their uniform functionality as “cookies”.   The cookies used by Matomo enable us to analyze the use of our website. For this purpose, the information obtained by the cookie about usage is transmitted and stored so that usage behavior can be evaluated.   Your IP address is immediately 2‑byte anonymized so that you as a user remain anonymous. The information generated by the cookie when visiting our website is not transferred to any third party.   We understand this analysis to be part of our internet service. We would like to use it to further improve the website and adapt it even more to your needs.   You may also withdraw your consent at any time without giving reasons under the following Cookie Settings by adjusting the permitted functionalities.   For more information on terms of use and data protection at Matomo, see their Privacy Policy: https://matomo.org/privacy-policy/  
  1. Disclosure of Personal Data to Third Parties
  We transmit your personal data to the following recipients:   Telehouse Deutschland GmbH, Kleyerstraße 75–87, D‑60326 Frankfurt a.M.,   The legal basis for the transfer is Art. 28 GDPR, since Telehouse Deutschland GmbH works for us as a processor in the field of hosting. If we use service providers to process your personal data, who in turn process your personal data on our behalf (processors), we have contractually bound them by concluding order processing contracts to process your personal data only in accordance with our instructions and to the extent permitted by law.  
  1. Use of Social Media Plug-ins
Our websites currently contain links to the following social media websites:   Facebook, Xing, LinkedIn, Instagram When you visit our website, no personal data is passed on to the operators of the social media websites. You can recognize the Cookie Settings to the social media website by the marking on the box above its first letter or by the logo. We give you the option of using this link to go directly to the corresponding social media website. We recommend that you log out regularly after using a social network, but especially before activating the link, as this way you can avoid being assigned to your profile on the social media website.   If you visit one of the linked social media websites, we have no influence on the data collected and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the social media provider.   Further information on the purpose and scope of data collection and its processing by the social media service can be found in the following privacy policies of these providers. There you will also find further information about your rights and options for protecting your privacy.   You can find the addresses of the respective plug-in providers and URL with their data protection information at:  
  1. a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA: www.facebook.com/policy.php;
Further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info Facebook has submitted to the EU-US privacy shield: www.privacyshield.gov/EU-US-Framework  
  1. b) Xing AG, Gänsemarkt 43, 20354 Hamburg, DEU: www.xing.com/privacy
 
  1. c) Instagram LLC represented by Kevin Systrom und Mike Krieger 1601 Willow Rd., Menlo Park CA 94025, USA:
help.instagram.com  
  1. d) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, IRL:
  www.linkedin.com/legal/privacy-policy  
  1. Statutory Deadlines for the Deletion of Data
  Once consent has been given, it may be withdrawn at any time with effect for the future. Personal data that you have provided to us through our website is only stored until the purpose for which it was provided has been met. If you are no longer happy for your personal data to be stored or if the personal data is no longer correct, then with appropriate notice we will have your data deleted or blocked or make the necessary corrections (to the extent that this is possible, according to the applicable law). On request and at no cost, you may receive information about the personal data that we have stored about you. We have listed further information on your rights under Clause 11.  
  1. Data Security
  hep global GmbH takes state-of-the-art technical and organizational security measures to protect your data as comprehensively as possible from loss, destruction, falsification or unwanted access. When entering personal data in web forms, hep global GmbH protects this personal data with great care.   Your personal data will be protected by hep global GmbH and the processors we have carefully selected in accordance with Art. 28 GDPR, applying the relevant legal regulations through technical and organizational measures.   Please note that data transmitted via the internet (e.g., via email communication), however, may be subject to security breaches. Completely protecting data against third-party access is impossible.  
  1. Links to Other Websites
  Our on-line offer contains links to other websites. We do not have any influence on whether their operators observe the data protection provisions. Despite careful checks of the content, we cannot accept any liability for external links to third-party content. For information on data processing operations on these pages, we would like to refer you to the respective pages’ data protection information.  
  1. Voluntary Provision of Data
  The provision of your personal data on our website takes place exclusively on a voluntary basis. You are neither legally nor contractually obligated to do so. If you send us queries via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your query and for any follow-up questions. We do not share this data without your permission.  
  1. Your Data Protection Rights
  Under certain conditions, if you are affected by the processing of personal data, you have the following data protection rights:   You have the right to receive from us information about your data stored by us according to the provisions of Art. 15 GDPR (possibly with restrictions according to Section 34 BDSG [Federal Data Protection Act]). At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect. If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g., statutory retention requirements or the restrictions according to Section 35 BDSG) or an overriding interest on our part (e.g., to defend our rights and claims) do not oppose this. Taking into account the requirements of Art. 18 GDPR, you can ask us to restrict the processing of your data. You can also object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop processing your data. However, this right of objection only applies in the event of very special circumstances regarding your personal situation, whereby our company’s rights may conflict with your right of objection. You also have the right, subject to the requirements of Art. 20 GDPR, to receive your data in a structured, common and machine-readable format or to transmit it to a third party. In addition, you have the right to withdraw your consent to the processing of personal data at any time with future effect. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to us first. If possible, your requests to exercise your rights should be addressed in writing to the data controller named in Clause 1. Information on the right to object to the processing of your data at any Time You have the right at any time, for personal reasons, to object to the processing of your data that is necessary to safeguard our legitimate interests. Please send your objection and its justification to:   hep global GmbH Römerstr. 3 74363 Güglingen Phone: 07135 93446 – 616 Email: info@hep.global or datenschutz@hep.global   Based on the justification you provide, we will review immediately, at the latest within one month after receipt of your objection, whether we are obligated to delete your data or whether further processing of your data is required to safeguard overriding legitimate interests or to assert, exercise or defend legal claims. We will inform you of the result of our review in writing or in text form.

This privacy policy informs you about how within the hep group your personal data is processed when you apply for a job with us. It also describes your data protection rights, including the right to object to part of the processing that hep carries out. For more information about your rights and how to exercise them, please see section “7. Your Data Protection Rights”.

This privacy policy applies in addition to our existing general privacy policy, which provides you with specific information on how we process your personal data in the context of website visits or non-application-specific topics.

1. person responsible and contact details
a) The responsible party for processing is the hep group company named in the job description together with hep global GmbH, which handles recruiting centrally for the group.

a) hep global GmbH

Römerstr. 3

74363 Güglingen

E-mail: application@hep.global

b) You can reach our data protection officer as follows:

hep global GmbH

Data protection officer of hep global GmbH

Römerstr. 3

74363 Güglingen

E-mail: datenschutz@hep.global

2. processed personal data and their origin
As part of the selection process, we collect and process the following categories of personal data:

Contact details in your application profile (e.g. first and last name, country, e-mail, telephone number).
Information from the application form (this includes e.g. salary requirements, your motivation, information on disability (only if relevant for the advertised position).
Application documents (including, for example, CV, cover letter, career development data, qualifications and language skills).
References that you provide to us
Information from your public profile on professional social networks.
Information and details from personal job interviews.
We may also obtain the above data about you from other sources, including external business partners, such as recruitment companies. We may also receive data that you have made public on job-related social networks, such as LinkedIn, or that you submit to us through other websites, such as Indeed, or from other publicly available sources (only if the data has relevance to your professional life). The purpose is to contact you about job offers or to verify the accuracy of your information from the application documents.

3. purposes of processing and its legal basis
a) To fulfill contractual obligations (Art. 6 para. 1 lit. b) GDPR in conjunction with §26 para. I BDSG).

If your application is successful and an employment relationship is established, your data will be processed for the purpose of initiating and implementing the employment relationship.

b) For the defense of asserted legal claims Art. 6 Para. 1 b) and f) GDPR

If necessary, we process your personal data to defend asserted legal claims against us arising from the application process. The legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

c) Inclusion of public profile on professional social networks in the selection process (Art. 6 1 lit. f) in conjunction with Art. 9 para. 2 lit. e) GDPR).

When we include information from your public profile on professional social networks, we base the processing on our legitimate interest in forming part of the basis for the decision to establish an employment relationship with you.

d) Inclusion and storage of your data in the applicant pool (Art. 6 para. 1 lit. a) GDPR).

If, after an unsuccessful application, you give us your consent to include you in our applicant pool, we will store your data there in order to contact you for further vacancies in our group of companies.

4. categories of recipients of your personal data
Within the respective processing company of the hep group, access to your personal data is only granted to those persons and bodies who need it to fulfill your contractual and legal obligations or to safeguard legitimate interests. Service providers employed by us who process your data on our behalf (Art. 28 GDPR) or companies that act as (independent) “data controllers” within the meaning of Art. 4 No. 7 GDPR may also receive your data if the respective necessary requirements of the GDPR are met. These are companies active in the categories IT services and legal advice.

5. transfer to a third country
To the extent that we transfer your personal data to recipients in third countries (countries outside the European Union or the European Economic Area), one of the following safeguards for an adequate level of protection of your personal data applies:

Adequacy Decision of the EU Commission (Art. 45 GDPR);

Binding internal data protection rules (Art. 46 (2) lit. b., Art. 47 GDPR);

Standard data protection clauses of the EU Commission (Art. 46 para. 2 lit. b GDPR).

You can obtain a copy of the applicable safeguards in each case from the contact details provided in Section I.1.

Data will only be transferred to a third country if you apply for a position in the hep Group that is located outside the European Union or the European Economic Area.

6. duration of the storage of your data
We store your personal data for a period of 6 months after the decision has been made to you, except for the rump data of the application. This is necessary for the burden of proof in proceedings under the General Equal Treatment Act (AGG). The core data includes your name and email address. We store the core data exclusively in our applicant tool. The core data will be permanently deleted after 2 years. Insofar as an employment relationship is entered into, we store your data for at least 3 years after the end of the employment relationship, whereby the period ends with the calendar year.

If you have given us your consent to include you in our applicant pool, we will delete your data after a period of 2 years from the date of consent.

7. your data protection rights
Under certain conditions, if you are affected by the processing of personal data, you have the following data protection rights against us:

You have the right to receive information from us about your data stored by us according to the rules of Art. 15 GDPR (if necessary with restrictions according to § 34 BDSG).

Upon your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.

If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other statutory regulations (e.g. statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. for the defense of our rights and claims) do not prevent this.

Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the processing of your data.

Under certain circumstances, you may object to the processing of your personal data pursuant to Art. 21 GDPR.

This right may apply, among other things, if the processing of your personal data is based on the legitimate interests of the company or if decisions about you are based exclusively on automated processing, including profiling. Notwithstanding the above, you may object at any time to the processing of your personal data for direct marketing purposes.

You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transfer it to a third party.

In addition, you have the right to revoke a given consent to the processing of personal data at any time vis-à-vis us with effect for the future (Art. 7 (2) GDPR).

Your requests about the exercise of your rights should be addressed – if possible in writing – to the controller mentioned in section 1.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In the case of complaints against hep GmbH, a complaint can be addressed to the following body, among others:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Lautenschlagerstrasse 20

70173 Stuttgart

Telephone number

0711/615541-23

E-mail: pressestelle@lfdi.bwl.de

8. necessity of providing your personal data
In order for our applicant process to run smoothly and efficiently, it is necessary for you to provide the data listed above for the purpose of assessing your suitability to perform the appointed job at the hep group.

9. automated decision making including profiling.
We do not use automated decision making based on profiling without the input of a natural person.

5. transfer to a third country
To the extent that we transfer your personal data to recipients in third countries (countries outside the European Union or the European Economic Area), one of the following safeguards for an adequate level of protection of your personal data applies:

Adequacy Decision of the EU Commission (Art. 45 GDPR);

Binding internal data protection rules (Art. 46 (2) lit. b., Art. 47 GDPR);

Standard data protection clauses of the EU Commission (Art. 46 para. 2 lit. b GDPR).

You can obtain a copy of the applicable safeguards in each case from the contact details provided in Section I.1.

Data will only be transferred to a third country if you apply for a position in the hep Group that is located outside the European Union or the European Economic Area.

6. duration of the storage of your data
We store your personal data for a period of 6 months after the decision has been made to you, except for the rump data of the application. This is necessary for the burden of proof in proceedings under the General Equal Treatment Act (AGG). The core data includes your name and email address. We store the core data exclusively in our applicant tool. The core data will be permanently deleted after 2 years. Insofar as an employment relationship is entered into, we store your data for at least 3 years after the end of the employment relationship, whereby the period ends with the calendar year.

If you have given us your consent to include you in our applicant pool, we will delete your data after a period of 2 years from the date of consent.

7. your data protection rights
Under certain conditions, if you are affected by the processing of personal data, you have the following data protection rights against us:

You have the right to receive information from us about your data stored by us according to the rules of Art. 15 GDPR (if necessary with restrictions according to § 34 BDSG).

Upon your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.

If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other statutory regulations (e.g. statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. for the defense of our rights and claims) do not prevent this.

Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the processing of your data.

Under certain circumstances, you may object to the processing of your personal data pursuant to Art. 21 GDPR.

This right may apply, among other things, if the processing of your personal data is based on the legitimate interests of the company or if decisions about you are based exclusively on automated processing, including profiling. Notwithstanding the above, you may object at any time to the processing of your personal data for direct marketing purposes.

You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transfer it to a third party.

In addition, you have the right to revoke a given consent to the processing of personal data at any time vis-à-vis us with effect for the future (Art. 7 (2) GDPR).

Your requests about the exercise of your rights should be addressed – if possible in writing – to the controller mentioned in section 1.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In the case of complaints against hep GmbH, a complaint can be addressed to the following body, among others:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Lautenschlagerstrasse 20

70173 Stuttgart

Telephone number

0711/615541-23

E-mail: pressestelle@lfdi.bwl.de

8. necessity of providing your personal data
In order for our applicant process to run smoothly and efficiently, it is necessary for you to provide the data listed above for the purpose of assessing your suitability to perform the appointed job at the hep group.

9. automated decision making including profiling.
We do not use automated decision making based on profiling without the input of a natural person.

Consent Management Platform by Real Cookie Banner