data privacy

The following information in this privacy policy explains the basic nature, scope, purpose of use and handling/processing of personal data within the online services of Horn & Company Group GmbH, Kaistraße 20, 40221 Düsseldorf (hereinafter also referred to as "we"). This includes our web presences (e.g. websites, newsletters, etc.), as well as our online presences (e.g. social media profiles on platforms). Unless otherwise explained, definitions and references refer to the General Data Protection Regulation (GDPR in its current version).

Controller under data protection law for the collection and processing of your personal data when you visit and use our website is

Horn & Company Group GmbH

Kaistraße 20

40221 Düsseldorf

Phone: +49 (0)211 30 27 26-0

Fax: +49 (0)211 30 27 26-25

e-mail: info@horn-company.de

 

The data protection officer is Dr. Oliver Laitenberger, Kaistraße 20, 40221 Düsseldorf, Mobile +49 162 2726 009, Phone: +49 211 302726 0 Mail: Oliver.Laitenberger@horn-company.de

If you have any questions, concerns or suggestions regarding data protection on our website, you can contact us at any time using the contact details above. In particular, you can use the email address above to assert your rights as a data subject. You can find more information on this in the "Data subject rights" section of this privacy policy.

 

Collection and storage of personal data when accessing the website

When you visit our website horn-company.com, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored for 7 days until it is automatically deleted:

- IP address of the requesting computer, 
- date and time of access, 
- name and URL of the file accessed, 
- website from which access is made (referrer URL), 
- browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the aforementioned data for the following purposes:

- to ensure a smooth connection to the website, 
- to ensure convenient use of our website, 
- to evaluate system security and stability and 
- for other administrative purposes.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We also use cookies and analysis services when you visit our website ig you consent. You can find more detailed explanations on this in sections 4 and 5 of this privacy policy.

When using our contact form

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e-mail address so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent by contacting us. The legal basis for this data processing may also be the implementation of pre-contractual measures within the meaning of Art. 6 para. 1 lit. b GDPR if you contact us to enter into a contractual relationship with us.

The personal data collected by us for the use of the contact form will be deleted after your request has been dealt with.

Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

We use cookies that are required for certain functions of the website on the basis of our legitimate interest in the provision and optimization of our offer (Art. 6 para. 1 sentence 1 lit. f GDPR). By law, we only use cookies and tools for marketing or web analysis purposes or media offers from social networks with your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

To manage your consents, we have integrated the "Cookiebot" service of the provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark into our website. "Cookiebot" enables you to give your consent to certain data processing procedures and to withdraw your consent. Cookiebot also helps us to provide proof of your declarations. Log data relating to your declarations are processed for this purpose. This data processing is necessary in order to be able to prove consent given and is carried out on the basis of Art. 6 para. 1 lit. c GDPR. You can give your consent for all cookies by clicking the "Allow all cookies" button when you first visit our website. By clicking on the "Allow selection" button, you have the option of obtaining further information about the cookies used and restricting your consent to individual categories of cookies.

You can view information on the cookies and comparable technologies used on our website and on the consent you have given at any time in the Cookiebot Consent Management Platform (Cookiebot CMP). Here you can edit the consents you have given at any time and revoke them in whole or in part with effect for the future in accordance with Art. 7 para. 3 GDPR.

Newsletter registration

If you subscribe to our newsletter, the data in the respective input mask (first name, surname and the e-mail address provided) will be transmitted to us. Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registering you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties with the exception of our service provider rapidmail (see below for details). An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter.

To send our newsletter, we use the "rapidmail" service of the provider rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. rapidmail G,mbH acts for us as a processor within the meaning of Art. 28 GDPR. rapidmail is used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links with which your clicks can be counted. For more information, please refer to rapidmail's data security information at: https://www.rapidmail.de/datensicherheit. For more information on the analysis functions of rapidmail, please see the following link: https://www.rapidmail.de/wissen-und-hilfe.

The legal basis for receiving the newsletter and the described processing of your data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can cancel your subscription to the newsletter at any time. You can also withdraw your consent to the storage of your personal data at any time. There is a corresponding link for this purpose in every newsletter. Alternatively, you can also send your unsubscribe request at any time to info@horn-company.de by email. If you do not wish to be analyzed by rapidmail, you must unsubscribe from the newsletter altogether.

The data stored by us as part of your consent to receive the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Analysis tools / tracking tools

The tracking measures listed below and used by us are only carried out on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Google

We use the following applications of Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google") or the US parent company Google, LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is registered under the EU-U.S. Data Pricavy Framework, for which an adequacy decision of the European Commission exists.

Google Analytics

For the purposes of measuring reach and analyzing your usage behavior as well as evaluating and improving the website, the web analysis service Google Analytics of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") is used on the website. Google is contractually obliged to strictly comply with this privacy policy, the applicable statutory data protection regulations and our instructions (so-called processor pursuant to Art. 28 GDPR). Google Analytics is only activated if you have given your consent to the corresponding cookies in the "Statistics" category under "Cookiebot". The data processing within the framework of Google Analytics is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

The service uses cookies that enable an analysis of your usage behavior. The following information may be collected during your visit to our website: Start of the session, first visit to the website, page views, interaction with the website ("click and scroll path"), internal search queries, clicks on external links, video views, file downloads, ads viewed and clicked on, language setting. Google Analytics also collects the technical communication data mentioned in the section "Collection and storage of personal data when accessing the website", including your IP address.

The information generated about your use of the website is generally transmitted to a Google server in the USA, where it is stored and processed. However, by activating IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will process this information on our behalf for the purpose of evaluating your use of the website, compiling reports on your website activity and providing us with other services relating to website activity and internet usage. Pseudonymous user profiles can be created from the processed data. This data processing and, in particular, the associated data transfers to Google in the USA are also carried out on the legal basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time by deactivating the "Statistics" category in the cookie declaration. You can also prevent data processing by Google Analytics using one of the following options:

You can prevent the storage of cookies by Google by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Further information on the Google Analytics user conditions can be found here https://marketingplatform.google.com/about/analytics/terms/de/,weitere Information on data protection here https://policies.google.com/technologies/partner-sites?hl=de and in Google's privacy policy here https://policies.google.com/privacy.

Google Tag Manager

We use Google Tag Manager, a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager is a solution that allows marketers to manage website tags via an interface.

The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. In this case, we obtain your prior consent within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR. The Google Tag Manager itself does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Google Adwords Conversion Tracking

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you: This is a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The service is activated if you have given your consent to the corresponding cookies. The data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

Google Adwords places a cookie (see section "Cookies" above) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.  Horn & Company has concluded an order processing agreement with Google within the meaning of Art. 28 GDPR.  Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". You can find Google's privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).

Google Captcha

We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer IP address of the end device used, the website that you visit on our site and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks in which you have to identify images. The legal basis for the data processing described is Art. 6 para. 1 sentence 1 lit. f GDPR. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks), which is not overridden by the interests or fundamental rights and freedoms of the users of our website that require the protection of personal data.

Social media plug-ins

We use social plug-ins from the social networks WhatsApp, YouTube, XING, LinkedIn, kununu on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The social plug-ins are only integrated into the page as HTML links. This ensures that no connection is established with the servers of the provider of the respective social network when you visit our website. If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider, where you can (if necessary after entering your login data) e.g. press the Like or Share button.

The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as your rights in this regard and setting options to protect your privacy can be found in the providers' data protection notices:

WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE

YouTube: Privacy Policy - Privacy Policy & Terms of Use - Google

Xing and kununu: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn: https://de.linkedin.com/legal/privacy-policy

Social media presence

We maintain online presences within social networks and platforms (LinkedIn, Xing and Kununu) in order to communicate with the interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our privacy policy, we process users' data when they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages. The legal basis for this processing is the consent of the user associated with the establishment of contact or the writing of a post in accordance with Art. 6 para. 1 lit. a GDPR and, if it is a contract initiation, Art. 6 para. 1 lit. b GDPR.

Online application

The scope of the following details includes job advertisements for German and Austrian branches of Horn & Company as well as Swiss branches of Horn & Company Switzerland and ConMoto Strategie und Realisierungs GmbH:

Data is collected during the application process solely for the purpose of selecting suitable applicants to fill vacancies. Data is not collected for any other purposes. The applicant independently determines the scope of the data provided as part of the online application. The data from online applications is transferred electronically to our HR department and processed there. The transmission is encrypted. As a rule, applications are forwarded to the responsible recruiters in our company and used to prepare for interviews. It goes without saying that the applicant's details are treated in strict confidence and the data is not passed on beyond the application.

When processing applicant data, we use the HRworks software from the provider HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, with whom we have concluded an order processing agreement in accordance with Art. 28 GDPR.

Applicants' personal data will be stored until the advertised position is filled, for a maximum period of 6 months after completion of the application process. If the applicant prefers a longer storage period during the application process, we ask for a corresponding consent. Longer storage periods may also result from the fact that the data is necessary for the assertion, exercise or defense of legal claims or statutory retention obligations exist. In this case, the data will be stored for as long as is necessary to fulfill these purposes.

In order to be able to contact the applicant at a later date, we store the profile electronically if the applicant consents. The applicant can informally revoke their consent to data storage at any time with effect for the future. The applicant also has the right to information about the stored personal data at any time, as well as the right to rectification, erasure or restriction of data processing. To assert these rights or obtain additional information about them, please send an e-mail to marketing (at) horn-company.de for vacancies at German or Austrian and Swiss branches.

Forwarding of data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is in our legitimate interest (e.g. because it is necessary for the assertion, exercise or defense of legal claims) and there is no reason to assume that your interests or fundamental rights and freedoms, which require the protection of personal data, prevail, in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or if the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR is necessary for the processing of contractual relationships with you.

The personal data collected by us when you visit and use our website and the personal data collected by us when you use certain functions and offers on our website will not be passed on to third parties or transmitted in any other way, unless this is expressly stated in this privacy policy. Exceptions to this are mandatory transfers of personal data to state institutions and authorities as well as private rights holders on the basis of legal regulations or judicial or official decisions as well as the necessary transfer to state institutions and authorities in the event of attacks on our legal interests for the purposes of legal or criminal prosecution.

When operating our website and providing and processing individual functions and offers, we sometimes use external technical and other service providers who support us in the provision of our services and have been carefully selected by us. Where necessary, these service providers engaged by us process your personal data within the scope of their respective assignment in accordance with our instructions for the purposes stated in this privacy policy. They are contractually obliged to comply with this privacy policy, the applicable statutory data protection provisions and our instructions (so-called data processors pursuant to Art. 28 GDPR).

Processing of personal data in "third countries"

We generally process the personal data collected on the website within the member states of the European Union. A transfer of personal data to so-called "third countries", i.e. countries outside the European Union and the European Economic Area, only takes place as stated in this privacy policy.

Some of the processing described above involves the transfer of data to the servers of third-party providers in the USA. Insofar as you have consented to this processing by activating the categories "Statistics" and/or "Marketing" and/or "External media cookies" in the consent management tool "Cookiebot", the data processing thus enabled is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 49 para. 1 lit. a GDPR. For the USA, there is currently an adequacy decision with the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified organizations in the USA.

Rights of data subjects

You have the right:

in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller

in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future and

to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

You can assert the above rights and claims by sending an email to marketing (at) horn-company.de or by sending a message to the contact address listed above.

Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, simply send an email to marketing (at) horn-company.de

Data security

When you visit our website, we use the common TSL (Transport Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.we also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and is dated November 2024.

It may become necessary to amend this privacy policy as a result of the further development of our website and offers on it or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website www.horn-company.com/datenschutz.