Privacy Policy of HÖRMANN Intralogistics GmbH

The data controller pursuant to Article 4(7) of the GDPR is:

HÖRMANN Intralogistics GmbH

Mr. Dr. Christian Baur

Hauptstraße 45-47

GER-85614 Kirchseeon

Phone +49 8091 5630-0

E-Mail: info@hoermann-gruppe.com

HÖRMANN Intralogistics Solutions GmbH

Mr. Steffen Dieterich und Mr. Rainer Baumgartner

Gneisenaustraße 15

GER-80992 Munich

Phone +49 89 149898-0

E-Mail: datenschutz@hoermann-intralogistics-solutions.com

HÖRMANN Intralogistics Solutions Ges.m.b.H.

Mr. Matthis König

Eggenberger Allee 49/1/3

AUS-8020 Graz

Phone +43 31622 8611-510

E-Mail: datenschutz@hoermann-intralogistics-solutions.com

HÖRMANN Intralogistics Solutions Sp.Z.O.O.

Mr. Oleg Solovey

Azymutalna 9

POL-80-299 Gdańsk

Phone +48 577 400 145

E-Mail: info@hoermann-logistik.pl

Data Protection Officer

We have appointed a Data Protection Officer who operates for HÖRMANN Intralogistics GmbH and HÖRMANN Intralogistics Solutions GmbH in accordance with Articles 37 et seq. of the GDPR:

Prof. Dr. Thorsten B. Behling

Partner · Geschäftsführer / Managing Director

Rechtsanwalt / Attorney at Law (Germany) · ISO/IEC 27001 Lead Auditor

WTS Legal Rechtsanwaltsgesellschaft mbH

Sachsenring 83 · 50677 Köln / Cologne · Deutschland / Germany

Phone +49 (0) 221 348 9362-45

Mobile +49 (0) 162 2 444 965

E-Mail: thorsten.behling@wts-legal.de

Purpose of Processing

When visiting the website:

• Ensuring a smooth connection
• Guaranteeing comfortable use
• Evaluating system security and stability
• Administrative purposes
• Using the contact form and email communication

Processing your inquiries

• Fulfillment of contractual or pre-contractual measures
• Download request for the whitepaper

Contacting after the download

• Use of cookies

Improving user experience

• Statistical collection to optimize the website
• Analysis and tracking tools

Design and optimization of the website

• Statistical collection of usage

Legal Bases

When visiting the website:

• Art. 6(1)(f) GDPR (legitimate interest)

Use of contact form and email communication:

• Art. 6(1)(b) GDPR (contractual or pre-contractual measures)
• Art. 6(1)(c) GDPR (legal retention obligations)
• Art. 6(1)(f) GDPR (legitimate interest)

Download request for the whitepaper:

• Art. 6(1)(b) GDPR (contractual or pre-contractual measures)
• Art. 6(1)(c) GDPR (legal retention obligations)
• Art. 6(1)(f) GDPR (legitimate interest)

Use of cookies:

• Art. 6(1)(f) GDPR (legitimate interest)

Analysis and tracking tools:

• Art. 6(1)(f) GDPR (legitimate interest)

Data Recipients

When visiting the website:

• No specific data recipients

Use of contact form and email communication:

• Internal departments responsible for processing

Download request for the whitepaper:

• Internal departments responsible for processing

Use of cookies:

• No specific data recipients; cookies are used internally on the website

Analysis and tracking tools:

• Google Analytics (for web analysis)
• Leadinfo (lead generation service)

Data Transmission

When visiting the website:

• No transmission to third parties

Use of contact form and email communication:

• No transmission to third parties, except when necessary for processing

Download request for the whitepaper:

• No transmission to third parties, except when necessary for processing

Use of cookies:

• No transmission to third parties, except for third-party cookies

Analysis and tracking tools:

• Transmission to Google LLC and Leadinfo B.V. (USA and Netherlands)

Retention Period

When visiting the website:

• Data will be deleted after a maximum of 14 days

Use of contact form and email communication:

• Data will be deleted after processing, unless legal retention periods apply

Download request for the whitepaper:

• Data will be deleted after processing, unless legal retention periods apply

Use of cookies:

• Cookies will be automatically deleted after a defined period (maximum 6 months)

Analysis and tracking tools:

• Google Analytics: Data will be stored for a maximum of 14 months
• Leadinfo: Data will be retained according to Leadinfo’s guidelines

Weitere Informationen

• Google Analytics: Google Privacy Policy
• Leadinfo: Opt-out options at Leadinfo
• YouTube: Google Privacy Policy regarding YouTube
• Google Maps: Google Privacy Policy

Purpose of Processing

The processing of your personal data within the framework of the application process serves the following purposes:

• Application for a specific job vacancy
• Unsolicited application
• Inclusion in the applicant pool

Legal Bases

• Consent (Art. 6(1)(a) GDPR): If you have given us consent to process your personal data, this serves as the basis for processing. You can withdraw your consent at any time with effect for the future.
• Fulfillment of contractual obligations (Art. 6(1)(b) GDPR): Your personal data will be processed to carry out measures and activities in the context of pre-contractual relationships as well as to execute our contracts.
• Compliance with legal obligations (Art. 6(1)(c) GDPR): We process your data to comply with legal obligations, such as commercial or tax obligations. This includes archiving data according to statutory retention periods as well as gathering evidence in the context of official or judicial actions.
• Legitimate interest (Art. 6(1)(f) GDPR): Your data may be processed based on a balancing of interests to protect legitimate interests of us or third parties. This includes, among other things:
  • Communication during the application process and when drafting contracts.
  • Consideration of your application for similar or comparable open positions within our company.

Purpose Expansion

If your data are to be processed for further purposes, you will be informed about this and, if necessary, your consent will be obtained in accordance with Art. 6(1)(a) GDPR.

Data Recipients

Your data will be forwarded within our company to the relevant departments responsible for filling the position, typically the HR department and the relevant specialist department.

In addition, your data may be shared with the following entities:

• Processors (Art. 28 GDPR) and service providers, particularly in the area of our application portal (Softgarden: hoermann-logistik.softgarden.io).
• Headhunters and personnel service providers in a consulting role.
• Public authorities and institutions in case of legal or regulatory obligations.
• Other entities based on our legitimate interest or the legitimate interest of third parties (e.g., authorities, credit agencies, debt collection, lawyers, courts).

Data Transmission

Currently, there is no transmission of your data to a third country or an international organization.

Retention Period

• Unsuccessful applications: Your data will be deleted 4 months after the conclusion of the application process.
• Consent for inclusion in the applicant pool: Your data will be stored for 2 years and then deleted.

We will store your personal data only as long as necessary for the conduct of our business relationship or as required by statutory retention periods. Data will be deleted when the purpose of processing no longer applies or statutory retention periods have expired. If necessary, we may store your data longer based on your consent.

Purpose of Processing

We process your personal data for various purposes, which depend on the nature and scope of our contractual relationship. The main purposes of data processing include:

• Conducting the Business Relationship: Handling contracts, orders, and services, including the procurement of goods and services.
• Communication: Collecting and processing contacts, including outreach and communication, as well as handling correspondence such as emails and incoming mail.
• Logistics and Shipping: Sending packages and gifts, as well as preparing and processing invoices for spare parts and services.
• Project Management: Collecting and documenting project-related information, including recording decisions and meetings.
• Customer Service: Assisting with complaints, inquiries, and order confirmations, as well as conducting customer satisfaction surveys.
• Security and Maintenance Planning: Planning maintenance measures, emergency management, and collecting service-specific information.

Legal Bases

The processing of your personal data is based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): If you have given us consent to process your data, this serves as the basis for processing the relevant data. You can withdraw your consent at any time with effect for the future.
• Fulfillment of contractual obligations (Art. 6(1)(b) GDPR): We process your data to fulfill our contracts with you, including processing orders and services. This also includes pre-contractual measures.
• Compliance with legal obligations (Art. 6(1)(c) GDPR): Your data will be processed to comply with legal obligations, such as commercial and tax laws. This includes fulfilling tax reporting obligations and archiving data.
• Legitimate interest (Art. 6(1)(f) GDPR): We process your data based on a legitimate interest, for example, for:
  • Creating and sending address lists and gifts to maintain the business relationship.
  • Gathering information and data exchange with credit agencies.
  • Defense in legal disputes.
  • Conducting internal and external investigations or security audits.

Data Recipients

Your personal data may be shared with the following entities:

• Processors: IT service providers, logistics companies, external data centers, accounting firms, and other service providers that assist us in fulfilling our contractual and legal obligations.
• Public Authorities: Authorities or other public institutions when legal obligations exist.
• Third Parties: Based on a balancing of interests, data may be shared with authorities, credit agencies, debt collection companies, or lawyers.

Data Transmission

Transmission of your data to countries outside the European Union (EU) or the European Economic Area (EEA) will only occur if necessary or if you have given your consent.

Currently, data may be transferred to the following third countries:

• Switzerland (partner)
• Norway (partner)
• Israel (partner)

If your data are processed in a third country, we ensure an adequate level of data protection through appropriate contracts.

Retention Period

We store your personal data only as long as necessary to conduct our business relationship or as required by statutory retention periods. Data will be deleted when the purpose of processing no longer applies or statutory retention periods have expired. If necessary, we may store your data longer based on your consent.

Purpose of Processing

The processing of your personal data takes place for the following purposes, depending on the agreed or requested service:

• Conducting the Business Relationship: Handling contracts, orders, and services, including the procurement of goods and services, clarification of questions, handling complaints, settling invoices, and preparing quotes.
• Project Management and Documentation: Describing project contents, recording decisions, votes, and relevant meetings.
• IT Management and Documentation: Setting up VPN remote access, logging into the company network (Active Directory account), filing and sorting orders, requests, bookings, and general correspondence, as well as documenting maintenance and deployment planning.
• Logistics and Customer Service: Shipping packages or gifts, preparing invoices for spare parts and billing for services, and conducting satisfaction surveys.
• Compliance and Security Management: Collecting service-specific information (e.g., on-call duty, maintenance, licenses) and implementing the Supply Chain Due Diligence Act (LkSG).

Legal Bases

• Consent (Art. 6(1)(a) GDPR): If you have given us consent to process your personal data, this serves as the legal basis for the respective processing. You can withdraw your consent at any time with future effect.
• Fulfillment of contractual obligations (Art. 6(1)(b) GDPR): We process your personal data to fulfill our contracts, particularly in the context of order processing and service utilization, as well as in the context of pre-contractual measures.
• Fulfillment of legal obligations (Art. 6(1)(c) GDPR): We process your personal data to fulfill legal obligations (e.g., from commercial and tax laws). This includes tax control and reporting obligations, archiving obligations, and evidence collection in the context of official or judicial proceedings.
• Legitimate interests (Art. 6(1)(f) GDPR): Your personal data may be processed based on a balancing of interests to safeguard legitimate interests of us or third parties. This includes, among other things:
  • Sending gifts to long-term business partners to promote the business relationship.
  • Obtaining information and data exchange with credit agencies to assess economic risks.
  • Assertion of legal claims and defense in legal disputes not directly related to the contractual relationship.
  • Internal and external investigations or security checks.
  • Communication during the execution of the contract and maintaining the business relationship.

Purpose Expansion

If your data is to be processed for further purposes, you will be informed, and your consent will be obtained in accordance with Art. 6(1)(a) GDPR if necessary.

Data Recipients

Your personal data will be shared within our company with the relevant departments that need this data to fulfill contractual and legal obligations or to safeguard our legitimate interests.

In addition, your data may be shared with the following entities:

• Processors (Art. 28 GDPR) and service providers for supporting activities, particularly in the areas of IT services, logistics, printing services, external data centers, maintenance of IT applications, accounting, data destruction, procurement, customer management, and marketing.
• Public authorities and institutions, where there is a legal or regulatory obligation to provide information, report, or disclose data.
• Entities and institutions based on legitimate interests (e.g., authorities, credit agencies, debt collection, lawyers, courts, experts, affiliated companies).

Data Transfer

A transfer of your data to third countries outside the EU/EEA may occur, particularly to:

• United Kingdom (customer)
• USA (customer)

In these cases, we ensure the protection of your rights and freedoms according to EU data protection regulations through appropriate contractual agreements. Detailed information on this is available upon request.

Retention Period

We only store your personal data as long as necessary for the performance of our business relationship or as required by legal retention periods. Data will be deleted when the purpose of processing ceases or legal retention periods have expired. If necessary, we can store your data longer based on your consent.

When the newsletter of our company is subscribed, the data in the respective input mask is transmitted to the data controller responsible for processing. Subscription to our newsletter is done via a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent someone from signing up with someone else's email address. During the registration for the newsletter, the user's IP address, as well as the date and time of registration, are stored. This serves to prevent misuse of the services or the email address of the affected person. Data will not be passed on to third parties. An exception applies when there is a legal obligation to disclose. The data will only be used for sending the newsletter. The subscription to the newsletter can be terminated by the affected person at any time. Similarly, consent to the storage of personal data can be revoked at any time. For this purpose, there is a corresponding link in every newsletter. The legal basis for processing the data after the user subscribes to the newsletter, if the user has given consent, is Art. 6 para. 1 lit. a) GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 para. 3 UWG.

Use of rapidmail

Description and Purpose

We use rapidmail for sending newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. rapidmail is used, among other things, to organize and analyze the sending of newsletters. The data you entered for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For analysis purposes, the emails sent via rapidmail contain a so-called tracking pixel that connects to rapidmail's servers when the email is opened. This way, it can be determined whether a newsletter message has been opened. Furthermore, we can determine with the help of rapidmail whether and which links in the newsletter message have been clicked. Optionally, links in the email can be set as tracking links, allowing your clicks to be counted.

Legal Basis

The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of the data is rapidmail GmbH.

Transfer to Third Countries

There is no transfer of data to third countries.

Duration

The data you stored with us for the purpose of the newsletter based on your consent will be kept by us until you unsubscribe from the newsletter, and after unsubscribing, will be deleted from both our servers and rapidmail's servers. Data that has been stored with us for other purposes (e.g., email addresses for the member area) will remain unaffected.

Revocation Possibility

You have the option to revoke your consent to data processing with effect for the future at any time. The lawfulness of data processing operations that have already occurred remains unaffected by the revocation.

Further Privacy Notices

For more details, please refer to the data security notices of rapidmail at: https://www.rapidmail.de/datensicherheit. For more information on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe.

Right to Information

According to Article 15 of the GDPR, you have the right to request information from us regarding whether and which personal data about you is being processed. Upon request, you will receive an overview of the processing purposes, the categories of processed data, the recipients or categories of recipients, as well as a copy of the stored data.

Right to Rectification, Deletion, and Restriction of Processing

• Rectification: According to Article 16 of the GDPR, you can request the correction of inaccurate or the completion of incomplete personal data.
• Deletion: According to Article 17 of the GDPR, you can request the immediate deletion of your personal data, provided that there is no legal obligation to retain it.
• Restriction: According to Article 18 of the GDPR, you can request the restriction of the processing of your personal data if:
  • You contest the accuracy of the data,
  • the processing is unlawful and you request restriction of use instead of deletion,
  • we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims,
  • you have objected to the processing.

Right to Object

You have the right to object at any time to the processing of your personal data if the processing is based on Article 6 (1) lit. e or lit. f of the GDPR. We will then no longer process the data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

Right of Withdrawal

You can withdraw your consent to the processing of personal data at any time. The withdrawal does not affect the lawfulness of the processing up to the point of withdrawal. In the event of a withdrawal, your application will be removed from the applicant pool and will not be further considered. Your application data will be deleted promptly unless legal retention obligations require longer storage.

Right to Complain

If you believe that the processing of your personal data violates applicable data protection regulations, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for HÖRMANN Intralogistics GmbH is the Bavarian State Office for Data Protection Supervision.

Technical and Organizational Measures of HÖRMANN Intralogistics Solutions GmbH

Sample TEmplate for Data processing agreement of HÖRMANN Intralogistics Solutions GmBH

• For a modifiable version of the Data Processing Agreement, please contact: datenschutz@hoermann-intralogistics-solutions.com