Privacy policy

The following privacy policy applies

(i) to the use of the website (hereinafter ‘website’);

(ii) and to the processing of data as part of a business relationship between HANSA-HEEMANN AG and an entrepreneur within the meaning of Section 14 of the German Civil Code (Bundesgesetzbuch, BGB).

We place great importance on data protection. Your personal data is collected and processed in compliance with applicable regulations under data protection law, with particular reference to the EU General Data Protection Regulation (‘GDPR’). We collect and process your personal data to be able to provide you with the above-mentioned website. This policy describes how your data is collected and used for what purposes, and what options you have with respect to your personal data.

By using this website, you agree to your data being collected, used and sent in accordance with this privacy policy.

1. Name and contact details for the controller responsible for processing, and for the operating data protection officer

The party responsible for collecting, processing and using personal data within the meaning of the GDPR is

HANSA-HEEMANN AG, represented by Mr. German Reichert, Mr. Thomas Reise and Mr. Volker Büttel, Halstenbeker Weg 98, 25462 Rellingen, Germany (hereinafter: ‘us’ or ‘we’)

Telephone: +49 (0) 4101 5050
Fax: +49 (0)4101 505 212

The operating data protection officer can be contacted at the above-mentioned address, FAO Mr. Jan Schoch, or at .

2. Collecting and storing personal data, as well as the type and purpose of data use

a) When visiting the website

When you visit our website, information is automatically sent to our website’s server via the web browser used on your end device. This information is temporarily stored in a ‘log file’. The following information is collected without any action on your part and stored until it is automatically deleted:

  • IP address of the accessing machine;
  • date and time of access;
  • name and URL of the file requested;
  • website that access has come from (referrer URL); and
  • browser used and the machine’s operating system if applicable, as well as the name of your access provider.

This data is collected to:

  • ensure a smooth connection is established with our website;
  • guarantee the convenient use of our website; and
  • to evaluate the security and stability of our system.

The legal basis for this data processing is sentence 1 of point (f) of Article 6(1) of the GDPR. Our legitimate interests in processing are based on the above-mentioned purposes for data processing. We never use the data collected to draw conclusions about you personally.

We also use cookies and analysis services on this website. You can find more information about the use of cookies and analysis services in points 4 and 5 of this privacy policy.

b) When using our contact form or contacting us by e-mail or phone

You can contact us via our contact form, which is available on the website. When using our contact form, the data fields ‘name’, ‘e-mail’ and ‘message’ are mandatory and must be completed. You can also provide more information on a voluntary basis in the data fields shown as not mandatory, or in the body of your message. When contacting us by e-mail or by phone, we store the data you share with us.

Your data is collected, used and stored for the purposes of contacting you and to process your request.

Data processing for the purposes of you contacting us takes place on the basis of sentence 1 of point (f) of Article 6(1) of the GDPR. Our legitimate interests are based on the purposes for collecting data outlined in the previous paragraph.

We erase data collected as part of you getting in touch as soon as storage is no longer required, or we restrict processing if there are legal retention obligations. In particular, storage is no longer required if your request has been clarified and responded to, or if it has been otherwise taken care of, and we cannot derive any rights from continuing to storing the data.

c) When using our application portal

When submitting an online application, the following listed personal application data is marked as being a mandatory field for online applications, and is collected and processed:

  • Name
  • First name
  • Address
  • Telephone number
  • E-mail
  • Application documents (application letter, CV, references, certificates, etc.)

We also collect and process data provided by you on a voluntary basis in the online application form.

Personal data provided by you as part of a specific application process is exclusively used for the purposes of carrying out the application process and is treated confidentially.

Responsible HANSA-HEEMANN AG employees who are involved in the HR selection process receive access to your data. Your applicant data is not used or shared beyond this extent.

You data is sent encrypted using the latest technology and we store it using our software-based application management.

The legal basis for data processing is your consent, provided on a voluntary basis, in accordance with point (a) of Article 6(1) of the GDPR for processing your personal data for the above-mentioned purposes. If you are not of legal age, you must submit your parent or legal guardian’s written consent to the processing of your data as an application document.

If the application process does not lead to any further activities, and does not result in employment, we will erase your data after a period of six months.

If you want to withdraw consent to the collection, processing and use of your personal data, given as part of the application process, please send us an e-mail to: .

If we are unable to offer you any vacancies at present but your profile suggests that your application might be interesting for other positions, we store your application data in our applicant pool for a maximum of 12 months so that we are able to contact you again at a later point in time.

If we decide to include your data in our applicant pool, we will inform you of this in a separate e-mail. You can object to storage at any time by sending an e-mail to our HR department. We will inform you of the e-mail address when notifying you of your inclusion in the applicant pool. Your personal data will be automatically erased from the applicant pool after a maximum period of 12 months.

We also use cookies and analysis services on this website. You can find more information about the use of cookies and analysis services in points 4 and 5 of this privacy policy.

3. Sharing data

Your personal data is not shared with third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  • you have explicitly consented to this under sentence 1 of point (a) of Article 6(1) of the GDPR;
  • data must be shared pursuant to sentence 1 of point (f) of Article 6(1) of the GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being shared with third parties;
    • if there is a legal obligation to share it pursuant to sentence 1 of point (c) of Article 6(1) of the GDPR; and
    • if it is legally permissible and necessary in order to process contractual relationships pursuant to sentence 1 of point (b) of Article 6(1) of the GDPR.

    4. Cookies

    We use cookies on our website. These are small files that your browser automatically creates and saves on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies are not harmful to your end device and do not contain viruses, trojans or other malware.

    Information is stored in the cookie that results from the specific end device used. However, this does not mean that we directly receive knowledge of your identity.

    One reason we use cookies is to make the use of our website more pleasant for you. As an example, we use ‘session cookies’ to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

    We also use temporary cookies to optimise user-friendliness. These are saved on your end device for a set period of time. If you visit our site again to use our services, it is automatically recognised that you have visited us before, and your input and settings are also recognised so that you don’t have to renter these.

    Another reason we use cookies is to statistically record the use of our website and to evaluate this to optimise our website for you (see point 5). These cookies allow us to automatically recognise that you have previously visited our site when you visit again. These cookies are automatically deleted after a set period of time.

    Data processed by cookies is required for the specified purposes to safeguard our legitimate interests, as well as those of third parties, pursuant to sentence 1 of point (f) of Article 6(1) of the GDPR.

    Most browsers automatically accept cookies. However, you can change your browser settings so that no cookies are saved on your computer or so that a notice appears before cookies are saved. However, if you fully disable cookies, it may mean that you cannot use all of the features on our website.

    5. Analysis tools

    a) Tracking tools

    We use the following list of tracking tools to guarantee the needs-based design and the ongoing optimisation of our website. We also use tracking tools to statistically record the use of our website and to evaluate this to optimise our website for you. These interests are legitimate interests within the meaning of sentence 1 of point (f) of Article 6(1) of the GDPR.

    The respective data processing purposes are given in each tracking tool section.

    (i) Google Analytics

    We use Google Analytics, a web analysis service from Google LLC.( for the purposes of needs-based design and the ongoing optimisation of our site (1600 Amphitheatre Parkway Mountain View, CA 94043. USA; hereinafter ‘Google’). Pseudonymised user profiles are created and cookies are used for to do so (see under point 4). Information collected by cookies about your use of this website, such as

    • browser type/version;
    • operating system used;
    • referrer URL (website previously visited);
    • host name for the accessing computer (IP address); and
    • time of the server request

    are sent to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports about website activities and to provide other services to us that relate to website and internet use for the purposes of market research and the needs-based design of this website. This information is also sent to third parties if this is legally permissible or if third parties process this data by order of Google. Your IP address is never merged with other Google data. The IP address is anonymised so that no links can be made (‘IP masking’).

    You can prevent cookies from being saved by changing your browser settings; please note that in this case, you may not be able to use all of this website’s functions properly.

    You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being captured and processed by Google by downloading and installing a browser add-on(

    Instead of a browser add-on, with particular reference to browsers on mobile devices, you can also prevent collection by Google Analytics by clicking on this link. This will place an opt-out cookie on your machine that will prevent your data from being collected when you visit this website in future. The opt-out cookie only works for this browser for our website, and is saved on your device. If you delete the cookies saved by this browser, you will have to install the opt-out cookie again.

    You can find more information about data protection and Google Analytics in Google Analytics Help (

    6. Social media plug-ins

    We do not use any social plug-ins from the social networks Facebook, Twitter or Instagram on our website.

    7. Data subject rights

    You have the right:

    • to withdraw the consent you have previously given at any time pursuant to Article 7 Paragraph 3 of the GDPR. This results in us no longer being able to process data on which this consent is based in the future;
    • to request information about your personal data that is processed by us, pursuant to Article 15 of the GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom the data has been or is being disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was collected by us, and the existence of automated decision-making including profiling and meaningful information relating to the details of this, where applicable;
    • to request that incorrect or incomplete personal data stored by us is immediately rectified pursuant to Article 16 of the GDPR;
    • to request that your personal data stored by us is erased pursuant to Article 17 of the GDPR, provided that processing is not required to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons in the public interest or to assert, exercise or defend legal claims;
    • to request that the processing of your personal data is restricted pursuant to Article 18 of the GDPR, if the accuracy of the data is disputed by you or processing is unlawful, and you have objected to such data being erased and we no longer require the data, but you require it to assert, exercise or defend legal claims, or you have objected to processing pursuant to Article 21 of the GDPR;
    • to request that you receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format, or that it is transmitted to another controller, pursuant to Article 20 of the GDPR; and
    • to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR. Generally, you may contact a supervisory authority in your usual place of residence, place of work or where our head office is located.

    8. Right to object

    If your personal data is processed on the basis of legitimate interests pursuant to sentence 1 of point (f) of Article 6(1) of the GDPR, you have the right to object against your personal data being processed pursuant to Article 21 of the GDPR, provided that there are reasons that relate to your particular situation or provided that the objection is against direct marketing. If the latter applies, you have the general right to object, which is processed by us without having received details concerning a particular situation.

    If you would like to assert your right of withdrawal or your right to object, you can simply send an e-mail to

    9. Data security

    As part of your website visit, we use the commonly-used SSL process (Secure Socket Layer) together with the respective highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether individual pages of our website are being transmitted in an encrypted way if a key or padlock symbol is shown in your browser’s lower status bar.

    We also take appropriate technical and organisational security measures to protect your data from any accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continually improved in line with technological developments.

    10. Automated decision-making including profiling

    No automated decision-making, including profiling, takes place based on the personal data collected.

    11. Updating and changing this privacy policy

    This privacy policy currently applies as at May 2020.

    If we further develop our website and offerings, or if there is to a change in legal or official guidelines, it may be necessary to change this privacy policy. You can access and print out the current privacy policy from our website at any time.