Data Protection Declaration

1. Introduction

We, HACK Formenbau GmbH, are pleased that you are visiting our website (hereinafter also referred to collectively as the ‘website’) and that you are interested in our company. We attach great importance to the protection and security of your personal data. The following information is intended to inform you about which personal data we process about you, for what purposes, and what rights you have in respect of your personal data under the relevant data protection laws.

As the controller for processing, we have implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative methods.

2. Controller

The Controller within the context of the GDPR is:

HACK Formenbau GmbH
Wielandstraße 11
73230 Kirchheim unter Teck
Germany
Telephone: +49 7021 9756-0
E-Mail: vasb@unpx-sbezraonh.qr

3. Data Protection Officer

Our data protection officer can be reached at the following contact details:

FAO Data Protection Officer
HACK Formenbau GmbH
Wielandstraße 11
73230 Kirchheim unter Teck
Germany
Telephone: +49 7021 9756-0
E-Mail: qngrafpuhgm@unpx-sbezraonh.qr

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Terminology

„Personal data“ (hereinafter also referred to as “data”) are all the details that make a statement about a natural person. Personal data are not just details that allow a direct conclusion to be drawn about a certain person (such as the name or e-mail address of a person), but also information with which with suitable additional knowledge a connection can be made with a certain person.
„Processing“ means any action taken with your personal data (such as collection, recording, organisation, structuring, storage, use or erasure of data).

5. Your rights as a data subject

You have the following rights within the legal scope:

Right of access Art. 15 GDPR
You have the right to receive information from us at any time, free of charge, about the personal data stored about you, including a copy of this data, in accordance with the legal scope.
Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
Right to erasure Art. 17 GDPR
You have the right to request that we erase any personal data concerning you without delay, provided that one of the reasons specified by law applies and that processing or storage is not necessary.
Right to restriction of processing Art. 18 GDPR
You have the right to request that we restrict processing if the legal requirements are fulfilled.
Right to data portability Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to which the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out using automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
Right to object Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the legal basis of Art. 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) of the GDPR.
This also applies to profiling based on these provisions within the meaning of Article 4(4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims.
In individual cases, we process personal data for direct marketing purposes. You can object to the processing of personal data for such marketing purposes at any time. This also applies to profiling insofar as it is related to such direct marketing. If you object to us processing your data for direct marketing purposes, we will no longer process your personal data for these purposes.
In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Revocation of consent under GDPR
You have the right to withdraw your consent for the processing of personal data at any time with effect for the future.

If you assert any of the above-stated rights, please understand that we may require you to provide evidence showing that you are the person you claim to be.

Furthermore, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the GDPR.

6. Transfer of data to third parties

Your personal data will not be transferred to third parties except for the purposes listed below.

We will only transfer your personal data to third parties if:

you have provided us with your explicit consent in accordance with Art. 6(1)(a) GDPR,
the transfer is lawful in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest in the non-transfer of your data,
in the case that there is a legal obligation for the transfer in accordance with Art. 6 (1) (c) GDPR, and
in accordance with Art. 6 (1) (b) GDPR, it is necessary for the performance of a contract with you.

As part of the processing described in this data protection declaration, personal data may be transferred to the United States. Companies in the United States only have an adequate level of data protection if they are certified under the EU-US Data Privacy Framework and therefore fall under the adequacy decision of the European Commission in accordance with Art. 45 GDPR. We have explicitly mentioned this in the data protection declaration for the service providers concerned. In order to protect your data in all other cases, we have concluded agreements on order processing based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent in accordance with Art. 49(1)(a) GDPR may be used as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

7. Links to other websites

Our website may contain links to and from websites of other providers not affiliated with us (“third parties”). After clicking on the link, we no longer have any influence on the processing of any data transmitted to the third party when the link is clicked (such as the IP address or the URL on which the link is located), as the behavior of third parties is naturally beyond our control. Therefore, we cannot assume any responsibility for the processing of such data by third parties.

8. Links to social networks and messenger services

Our website may contain links for sharing content on our website with various social networks and/or messenger services. When you use our website, the links on our website do not result in any data being transferred to the providers of social networks or messenger services. Only if you click on one of the links to share content from our website will data (such as your IP address or the URL on which the link is located) be transmitted to the respective provider of the social network or messenger service. We have no influence on the subsequent processing of the data by the respective provider of the social network or messenger service.

9. Technology & Hosting

9.1 SSL/TLS-Encryption

This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transfer of confidential content, such as orders, login details or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the appearance of ‘https://’ instead of ‘http://’ in the address bar of your browser, and by the presence of a lock symbol in your browser bar.
This technology is implemented to protect the data you transmit.

9.2 The collection of data when visiting the website & hosting

When the website is used for informational purposes only, and in the case that you do not register or otherwise transmit information to us or give your consent to processing for which consent is required, we only collect data which is technically necessary for the provision of the service. This is usually data that your browser transmits to our server (in so-called server log files). It is evident that the website under this domain collects a range of general data and information each time an end user or an automated system accesses a page. This general data and information is stored in the server log files. The following data may be collected:

the types and versions of browsers you use,
the operating system used by the accessing system,
the sub-websites which are accessed via an accessing system on the website in which you are visiting,
the date and time of access to the website, and
an Internet Protocol address (IP address).

We do not use this general data and information to identify you personally. Rather, this information is required to

The provision of accurate content on the website,
The optimisation of the website’s content and advertising,
The guarantee of the continuous functionality of our IT systems and the technology of our website, and
The provision of information necessary for criminal investigation to law enforcement authorities in the event of a cyber attack.

This collected data and information is evaluated by us statistically and further with the aim of increasing data protection and data security in our company. In this way, we want to ensure an excellent level of protection for the personal data processed by us. The data in the server log files is stored separately from all personal data provided by a data subject.

The legal basis for our data processing activities is Article 6(1)(f) GDPR. Our legitimate interest is based on the purposes of data collection listed above.

10. Cookies & Consent Management Tool

10.1 General Information About Cookies

Cookies are small text files which are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. The cookie stores information relating to the specific device used. Please note, this does not mean that we immediately have information about your identity.

The use of cookies is intended to make the use of our website more convenient for you. We use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after you leave our website.

Additionally, we also use temporary cookies to optimise the user experience. These are stored on your device for a specific period of time. If you visit our website again to use our services, it will automatically recognise that you have already visited us and which entries and settings you have made, so you do not have to re-enter them.

Furthermore, we use cookies to statistically record the use of our website and evaluate our offer for you so that we can optimise it. These cookies enable us to automatically recognise that you have already visited our website when you visit it once again. The cookies stored in this way are automatically deleted after a defined period of time. You can find information on the respective storage period of the cookies in the settings of the consent tool used.

10.2 Essential Cookies

• Cookiebot (Consent Management Tool)
We use the consent management tool “Cookiebot” from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter also referred to as “Usercentrics”). This service enables us to collect and manage consent from website visitors regarding data processing.

Cookiebot uses cookies to collect data generated by end users who use our website. When an end user gives their consent, Cookiebot automatically logs the following data, among other things:

The end user’s IP address in anonymised form (with the last three numbers set to 0).
Date and time of consent.
User agent of the end user’s browser.
The URL where consent was sent from.
A random and encrypted key.
The consent ID
The consent status of the end user, which serves as documentation of consent.

The key and consent status are stored in the end user’s browser within the “CookieConsent” cookie. This allows the website to automatically read and comply with the end user’s consent for all subsequent website requests and future end user sessions for a period of up to 12 months. The key is used to verify consent and to check whether the consent status stored in the end user’s browser has remained unchanged compared to the original consent transmitted to Usercentrics. Consent data (including both consent and withdrawal of consent) is stored for a period of three years. This retention period corresponds to the regular limitation period in accordance with § 195 BGB (German Civil Code). After this time, the data is deleted immediately.

The functionality of the website cannot be guaranteed without the aforementioned processing. The user has no right to object as long as there is a legal obligation to request the user’s consent to specific data processing activities, in accordance with Art. 7(1), 6(1) sentence 1 lit. c) GDPR.

Usercentrics is the recipient of the aforementioned data and will process it on our behalf in accordance with our instructions and for specific purposes (order processing in accordance with Art. 28 GDPR).

Information from the service provider:
Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark

Website:
https://www.cookiebot.com/

Data protection declaration of the service provider:
https://www.cookiebot.com/en/privacy-policy/

• Language detection (WPML)
Our website uses the WPML cookie from OnTheGoSystems Limited to offer a multilingual version of the website. We use this cookie to detect the current language of the respective website visitor in order to display the preferred language in a user-oriented approach. Data is not transferred to the service provider.

Information from the service provider:
OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong

Website:
https://wpml.org

Explanations regarding cookies:
https://wpml.org/documentation/support/browser-cookies-stored-wpml/

Data protection declaration of the service provider:
https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

On which legal basis are necessary cookies used?
In order to be able to demonstrate whether you have consented to the use of cookies for which consent is required, we store information about the provision or non-provision of consent. This is to fulfil our legal obligation to provide evidence in accordance with Art. 6 (1) (c) and (3) (a) of the GDPR in association with Art. 7 (1) of the GDPR.

Additionally, we use cookies that are necessary for the fulfilment of legitimate interests, in accordance with Art. 6 (1) (f) GDPR.

Our legitimate interests are as outlined below:

Ensuring the security and stability of our website and the IT security of our systems;
Establishing, exercise and defence of legal claims;
Provision and maintenance of the appropriate functionality of our website.

11. Plugins & other services

• Google Maps

Our website uses Google Maps (API). Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google Maps is a web-based service which provides interactive (land) maps for the visual representation of geographical information. Customers can use this service, for example, to view our location and plan an optimal route to reach us.
As soon as you visit the subpages in which the Google Map is embedded, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there, if you have given your consent. In addition, Google Maps loads Google Web Fonts, Google Photos and Google Stats. These services are also provided by Google Ireland Limited. When a user visits a page which includes Google Maps, the browser loads the required web fonts and photos into the browser cache. Also for this purpose, the browser establishes a connection to Google’s servers. This enables Google to record that our website has been accessed via your IP address. This happens independent of the fact that Google provides a user account that you are logged in to, or that no user account exists. If you are logged in to the Google account, your data will be directly associated with your account. If you do not want the association with your Google profile, you must log out of your Google user account. Please note that Google stores your data (even for users who are not logged in) as usage profiles and analyses them.

You have the right to object to the creation of these user profiles; if you wish to exercise this right, you must contact Google. If you do not agree to the future transmission of your data to Google in connection with the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by disabling JavaScript in your browser. Please note that Google Maps, and therefore also the map display on this website, cannot be used in this case.

These processing activities are carried out only with your explicit consent in accordance with Art. 6(1)(a) GDPR.

Google LLC, the parent company, has been certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision in accordance with Art. 45 GDPR, so that personal data can be transferred without further guarantees or additional measures.

Information from the service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website:
https://cloud.google.com/maps-platform

Data protection declaration of the service provider:
https://policies.google.com/privacy

Terms of use of the service provider:
https://www.google.com/intl/de_US/help/terms_maps.html

• YouTube Videos in advanced privacy mode (Youtube-NoCookies)
We embed videos stored on YouTube directly into some subpages of our website. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). When using this integration, content from the YouTube website is displayed in parts of a browser window. When you visit a (sub)page of our website which contains YouTube videos, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

YouTube content is only integrated in ‘advanced privacy mode’. This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on your device. When you visit the relevant pages, the IP address and, if applicable, other data are transmitted, thereby communicating which of our website you have visited. However, this information cannot be associated with you unless you have logged in to YouTube or another Google service before visiting the page or are permanently logged in. As soon as you start playing an embedded video by clicking on it, YouTube only stores cookies on your device which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be blocked by adjusting your browser settings and extensions.

These processing activities are carried out only with your explicit consent in accordance with Art. 6(1)(a) GDPR.

Information from the service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website:
https://www.youtube.com/

Data protection declaration of the service provider:
https://policies.google.com/privacy

12. Content of our website

• Contact us / Contact form
On our website, we offer you the option of sending us messages or enquiries via contact forms. You also have the option of contacting us directly by e-mail, telephone or fax. When you use this option, we process the data collected via the respective form in order to handle your message or enquiry and, if necessary, to contact you. Your data will be deleted after your enquiry has been dealt with. This is the case when it can be determined from the circumstances that the matter in question has been finally clarified and there are no legal obligations to store the data.

What data do we process and for what purposes?
We process the following data:

Salutation, if applicable
Company
First name, last name
E-Mail
Phone
Content data (Your message/enquiry)

This data is stored and used solely for the purpose of answering your enquiry or contacting you and for the associated technical administration.

On what legal basis do we process your data?
Your data is processed for the purpose of performing a contract or in order for pre-contractual measures in accordance with Art. 6 (1) (b) GDPR and for the purpose of the protection of legitimate interests in accordance with Art. 6 (1) (f) GDPR.

Our legitimate interests are to ensure that your message or enquiry is answered and processed correctly and to communicate with you in a manner that is customer-friendly.

You have the right to object to the processing of your data on the basis of Art. 6 (1) lit. f GDPR at any time on grounds relating to your particular situation.

• Job application management
We process your personal data as an applicant for the purpose of handling the application process. Processing can also be performed electronically. This is particularly the case if you send us your application documents electronically, for example by email or via the contact form on our website.

What data do we process and for what purposes?
We process the following data:

Salutation, if applicable
First name, last name
Address details (street, house number, postcode, town, country), if applicable
Telephone number/mobile number
E-mail address
Content data (application e-mail/contact field)
Date of birth, if applicable
Current employment, if applicable
Vocational training, if applicable
Curriculum vitae, if applicable
Letter of application, if applicable
Gender, if applicable
Nationality, if applicable
Salary expectations (monthly/annual), if applicable
Resignation period, if applicable
(Work) references, certificates, qualification data, etc., if applicable
Information regarding dates for interviews and hiring interviews, if applicable
Any other data and documents provided by you as part of your application, if applicable

This data are processed by us solely for the following purposes:

To settle legal claims, enforce existing contracts and establish, exercise and defend legal claims
If applicable, establishing and performing an employment relationship if the application process results in an employment relationship
Carrying out an application process and pre-contractual measures

On what legal basis do we process your data?
Your data is processed on the following legal basis:

Fulfilment of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)
Protection of legitimate interests (Art. 6(1)(f) GDPR)

If the job application process results in an employment relationship, your data will be processed in accordance with data protection regulations for employees and therefore for the purpose of performing the employment relationship in accordance with Art. 6(1)(b) GDPR. We will inform you separately about this.

Our legitimate interests are economic interests and the settlement of legal disputes or the establishment, exercise and defence of legal claims.

You have the right to object to the processing of your data on the basis of Art. 6 (1) lit. f GDPR at any time on grounds relating to your particular situation.

If the job application process does not result in an employment relationship, your data will be deleted within 6 months of notification of non-selection or notification from you that you do not wish to enter into an employment relationship with us. In individual cases, the data may be stored for longer in order to establish, exercise or defend legal claims.

13. Our activities on social netwoeks

In order to communicate with you on social networks and inform you about our services, we operate our own social media pages. When you visit one of our social media pages, in accordance with Art. 26 GDPR, we are joint controllers with the provider of the respective social media platform for the processing activities triggered by your visit. We are not the primary provider of these pages, we merely use them within the scope of the options offered to us by the respective providers.

We therefore point out as a matter of precaution that your data may also be processed outside the European Union or the European Economic Area. This may therefore involve data protection risks for you, as it may be more difficult to exercise your rights, e.g. to access, erase or object to the processing of your data, and the processing on social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers, without us being able to control this. If usage profiles are created by the provider, cookies are often used or your usage behaviour is associated with your own member profile on social networks.

The processing of personal data described above is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a modern way and to inform you about our products and services. If you have to give your consent to data processing as a user to the respective providers, the legal basis is Art. 6 (1) (a) GDPR in connection with Art. 7 GDPR.

As we do not have access to the providers’ databases, we would like to point out that the best way to exercise your rights (e.g. to access, rectify, erasure, etc.) is directly with the respective provider. Further information on the processing of your data in social networks is listed below for each social network provider we use:

13.1 Facebook (objection AI training has been made)
(Joint) controller for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Meta (Facebook) reserves the right to process content from adult users in the EU, such as photos, posts or comments, for the purpose of training its own AI models. As a company, we have no control over this specific data processing by Meta. The basis for this is a legitimate interest in accordance with Art. 6(1)(f) GDPR. We have explicitly objected to Meta’s use of our content for AI training.

Data Protection Declaration (data policy):
https://www.facebook.com/about/privacy

13.2 LinkedIn
(Joint) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data Protection Declaration:
https://www.linkedin.com/legal/privacy-policy

13.3 XING /New Work SE)
(Joint) controller for data processing in Europe:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Data Protection Declaration:
https://privacy.xing.com/de/datenschutzerklaerung

13.4 YouTube
(Joint) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data Protection Declaration:
https://policies.google.com/privacy

14. Routine storage, deletion and blocking of personal data

We only process and store your personal data for the period that is necessary to fulfil the purpose of processing or as required by the legal requirements to which our company is subject.

If the purpose of storage is no longer required or if a statutory retention period expires, the personal data will be routinely blocked or deleted in accordance with the statutory requirements.

15. Aktualität und Änderung der Datenschutzerklärung

Due to the further development of our website and services or due to changes in legal or regulatory requirements, it may become necessary to amend this data protection declaration. You can access and print out the current data protection declaration at any time on our website.