Name and address of the person responsible
Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Heimbach GmbH
Commercial register: Local court Düren B 85
Tax number: 207/5837/0357
VAT ID No.: DE 122 279 865
An Gut Nazareth 73
52353 Düren
Germany
Phone: +49 (0) 2421 802 0
Fax: +49 (0) 2421 3 045 609
E-Mail: info@heimbach.com

Name and address of the data protection officer
The data protection officer of the controller is

Deutsche Datenschutz Consult GmbH
https://www.deutsche-datenschutz-consult.de
Stresemannstrasse 29
22769 Hamburg 
Germany
Phone: +49 40 228 60 70 402
Email: datenschutzbeauftragter@heimbach.com

Access Log
When you visit our website, we log the following data that your browser transmits:

• IP address

• Date and time of the request

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (specific page)

• Amount of data transferred in each case

• Browser

• Version of the browser software

• Operating system

The data is also stored in the log files of our system.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. 

The logging is used for the internal evaluation of our offer, to optimize the display of our website and to identify and prevent misuse. The stored data is not merged with other data sources or used for marketing purposes.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

For the storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible for the investigation of possible attacks. In this case, the IP addresses of the users are deleted as soon as the investigation is completed.

Communication
Our website contains e-mail addresses that can be used to contact us electronically. If a user makes use of this option, the data collected for this purpose is transmitted to us and stored. This data includes the user's e-mail address and information from the e-mail header in addition to the formulated request.

No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing of the data is the similar legitimate interests of the user and of us in enabling communication with each other, Art. 6 para. 1 lit. f GDPR, unless processing is necessary for the initiation or execution of a contractual relationship, Art. 6 para. 1 lit. b GDPR. This does not include surprising or excessive processing that is detrimental to the user.

The data from your email is collected solely for the purpose of processing your inquiry and providing information about our services. Your data will not be passed on or used for other purposes.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Applications
As part of the application process, we only collect the data that you provide to us.

If you send us your application documents, this is done unencrypted by email. We would like to point out that this unencrypted transmission is not secure under data protection law. We are currently unable to provide an encrypted alternative for electronic transmission.

After receiving your application, we will use the information you provide to check your suitability for the position and carry out the application process. If necessary, suitable applications will be forwarded internally to the department managers in the company responsible for the vacant position. The further procedure is then coordinated. Within the company, only those persons have access to your data who need it for the proper conduct of our application process.

Your data is processed exclusively in data centers in the Federal Republic of Germany.

The processing of the data that you provide to us in connection with an application is carried out on the basis of Section 26 BDSG, in particular paragraph 1, which permits the processing of data required in connection with the decision to establish an employment relationship.

Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion of or defense against claims. Deletion usually takes place 6 months after the position in question has been filled.

If we are still interested in your profile in the event of a rejection, we will obtain your consent for further storage and checking for matches with other open positions in the company. Your data will then only be used with your consent. If you do not respond to the request within the time window in which we store your data on the basis of our legitimate interests, your data will be automatically deleted. In all other cases, your data will be deleted immediately upon rejection.

In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool on the basis of Art. 6 para. 1 lit. a GDPR. The data will be deleted there after two years. You can revoke your consent at any time with effect for the future. To do so, please send us an email to datenschutzbeauftragter@heimbach.com.

If you have been accepted for a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

Website analysis with Matomo
This website uses the open source software tool Matomo (formerly PIWIK), which collects and stores data. This information is used for marketing and optimization purposes. Matomo uses the data to create user profiles with a pseudonym. For these purposes, the software stores cookies (text files) on your computer, which can be used to analyze your use of the website. Your IP address is anonymized immediately after processing and before storage. The data is processed directly on our server and is not transmitted to third parties.

The processing is carried out on the basis of our legitimate interests, which lie in the optimization of our website and thus the public perception of the company. 

If you do not want Matomo to store cookies, you have the option of preventing the installation of cookies via your browser settings (information on this can be found in the browser's help function). In this case, you may not be able to use all the functions of the website.

You have the option of preventing the actions you take here from being analyzed and linked. This will protect your privacy, but will also prevent the website operator from learning from your actions and improving usability for you and other users.

[ ] Your visit to this website is currently being recorded by Matomo Web Analytics. Uncheck this box to opt-out.

Your rights

Right to information
You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing, in accordance with applicable law, which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.

Right to rectification
You have the right to have your data stored by us corrected if it is incorrect. You can also request a restriction of processing, e.g. if the accuracy of your personal data is disputed.

Right to blocking
You can also have your data blocked. To ensure that your data can be blocked at any time, this data must be kept in a lock file for control purposes.

Right to erasure
You can also request the deletion of your personal data, provided there are no statutory retention obligations. If such an obligation exists, we will block your data upon request. If the relevant legal requirements are met, we will delete your personal data even if you have not made a corresponding request.

Right to data portability
You are entitled to request that we provide the personal data transmitted to us in a format that allows it to be transmitted to another location.

Right to lodge a complaint with a supervisory authority
You have the option of lodging a complaint with a data protection supervisory authority of your choice. The supervisory authority responsible for us is

Note on data security
We use the SSL (Secure Socket Layer) method on our website in conjunction with the highest level of encryption supported by your browser. As a rule, this is 128-bit encryption. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

No automated decision-making
We would like to point out that in the context of the use of our services and the use of our services, you will not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.