data privacy

The following information in this privacy policy explains the basic nature, scope, purpose of use and handling/processing of personal data within the online services of Horn & Company Group GmbH, Kaistraße 20, 40221 Düsseldorf (hereinafter also referred to as "we"). This includes our web presences (e.g. websites, newsletters, etc.), as well as our online presences (e.g. social media profiles on platforms). Unless otherwise explained, definitions and references refer to the General Data Protection Regulation (GDPR in its current version).

Controller under data protection law for the collection and processing of your personal data when you visit and use our website is

Horn & Company Group GmbH

Kaistraße 20

40221 Düsseldorf

Phone: +49 (0)211 30 27 26-0

Fax: +49 (0)211 30 27 26-25

e-mail: info@horn-company.de

 

The data protection officer is Dr. Oliver Laitenberger, Kaistraße 20, 40221 Düsseldorf, Mobile +49 162 2726 009, Phone: +49 211 302726 0 Mail: Oliver.Laitenberger@horn-company.de

If you have any questions, concerns or suggestions regarding data protection on our website, you can contact us at any time using the contact details above. In particular, you can use the email address above to assert your rights as a data subject. You can find more information on this in the "Data subject rights" section of this privacy policy.

 

Collection and storage of personal data when accessing the website

When you visit our website horn-company.com, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored for 7 days until it is automatically deleted:

- IP address of the requesting computer, 
- date and time of access, 
- name and URL of the file accessed, 
- website from which access is made (referrer URL), 
- browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the aforementioned data for the following purposes:

- to ensure a smooth connection to the website, 
- to ensure convenient use of our website, 
- to evaluate system security and stability and 
- for other administrative purposes.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We also use cookies and analysis services when you visit our website ig you consent. You can find more detailed explanations on this in sections 4 and 5 of this privacy policy.

When using our contact form

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e-mail address so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent by contacting us. The legal basis for this data processing may also be the implementation of pre-contractual measures within the meaning of Art. 6 para. 1 lit. b GDPR if you contact us to enter into a contractual relationship with us.

The personal data collected by us for the use of the contact form will be deleted after your request has been dealt with.

Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our website more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

We use cookies that are required for certain functions of the website on the basis of our legitimate interest in the provision and optimization of our offer (Art. 6 para. 1 sentence 1 lit. f GDPR). By law, we only use cookies and tools for marketing or web analysis purposes or media offers from social networks with your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

To manage your consents, we have integrated the "Cookiebot" service of the provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark into our website. "Cookiebot" enables you to give your consent to certain data processing procedures and to withdraw your consent. Cookiebot also helps us to provide proof of your declarations. Log data relating to your declarations are processed for this purpose. This data processing is necessary in order to be able to prove consent given and is carried out on the basis of Art. 6 para. 1 lit. c GDPR. You can give your consent for all cookies by clicking the "Allow all cookies" button when you first visit our website. By clicking on the "Allow selection" button, you have the option of obtaining further information about the cookies used and restricting your consent to individual categories of cookies.

You can view information on the cookies and comparable technologies used on our website and on the consent you have given at any time in the Cookiebot Consent Management Platform (Cookiebot CMP). Here you can edit the consents you have given at any time and revoke them in whole or in part with effect for the future in accordance with Art. 7 para. 3 GDPR.

Newsletter registration

If you subscribe to our newsletter, the data in the respective input mask (first name, surname and the e-mail address provided) will be transmitted to us. Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registering you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties with the exception of our service provider rapidmail (see below for details). An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter.

To send our newsletter, we use the "rapidmail" service of the provider rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. rapidmail G,mbH acts for us as a processor within the meaning of Art. 28 GDPR. rapidmail is used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links with which your clicks can be counted. For more information, please refer to rapidmail's data security information at: https://www.rapidmail.de/datensicherheit. For more information on the analysis functions of rapidmail, please see the following link: https://www.rapidmail.de/wissen-und-hilfe.

The legal basis for receiving the newsletter and the described processing of your data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can cancel your subscription to the newsletter at any time. You can also withdraw your consent to the storage of your personal data at any time. There is a corresponding link for this purpose in every newsletter. Alternatively, you can also send your unsubscribe request at any time to info@horn-company.de by email. If you do not wish to be analyzed by rapidmail, you must unsubscribe from the newsletter altogether.

The data stored by us as part of your consent to receive the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Analysis tools / tracking tools

The tracking measures listed below and used by us are only carried out on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Google

We use the following applications of Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google") or the US parent company Google, LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is registered under the EU-U.S. Data Pricavy Framework, for which an adequacy decision of the European Commission exists.

Google Analytics

For the purposes of measuring reach and analyzing your usage behavior as well as evaluating and improving the website, the web analysis service Google Analytics of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") is used on the website. Google is contractually obliged to strictly comply with this privacy policy, the applicable statutory data protection regulations and our instructions (so-called processor pursuant to Art. 28 GDPR). Google Analytics is only activated if you have given your consent to the corresponding cookies in the "Statistics" category under "Cookiebot". The data processing within the framework of Google Analytics is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

The service uses cookies that enable an analysis of your usage behavior. The following information may be collected during your visit to our website: Start of the session, first visit to the website, page views, interaction with the website ("click and scroll path"), internal search queries, clicks on external links, video views, file downloads, ads viewed and clicked on, language setting. Google Analytics also collects the technical communication data mentioned in the section "Collection and storage of personal data when accessing the website", including your IP address.

The information generated about your use of the website is generally transmitted to a Google server in the USA, where it is stored and processed. However, by activating IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will process this information on our behalf for the purpose of evaluating your use of the website, compiling reports on your website activity and providing us with other services relating to website activity and internet usage. Pseudonymous user profiles can be created from the processed data. This data processing and, in particular, the associated data transfers to Google in the USA are also carried out on the legal basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time by deactivating the "Statistics" category in the cookie declaration. You can also prevent data processing by Google Analytics using one of the following options:

You can prevent the storage of cookies by Google by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Further information on the Google Analytics user conditions can be found here https://marketingplatform.google.com/about/analytics/terms/de/,weitere Information on data protection here https://policies.google.com/technologies/partner-sites?hl=de and in Google's privacy policy here https://policies.google.com/privacy.

Google Tag Manager

We use Google Tag Manager, a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager is a solution that allows marketers to manage website tags via an interface.

The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. In this case, we obtain your prior consent within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR. The Google Tag Manager itself does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Google Adwords Conversion Tracking

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you: This is a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The service is activated if you have given your consent to the corresponding cookies. The data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

Google Adwords places a cookie (see section "Cookies" above) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.  Horn & Company has concluded an order processing agreement with Google within the meaning of Art. 28 GDPR.  Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". You can find Google's privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).

Google Captcha

We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer IP address of the end device used, the website that you visit on our site and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks in which you have to identify images. The legal basis for the data processing described is Art. 6 para. 1 sentence 1 lit. f GDPR. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks), which is not overridden by the interests or fundamental rights and freedoms of the users of our website that require the protection of personal data.

Social media plug-ins

We use social plug-ins from the social networks WhatsApp, YouTube, XING, LinkedIn, kununu on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The social plug-ins are only integrated into the page as HTML links. This ensures that no connection is established with the servers of the provider of the respective social network when you visit our website. If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider, where you can (if necessary after entering your login data) e.g. press the Like or Share button.

The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as your rights in this regard and setting options to protect your privacy can be found in the providers' data protection notices:

WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE

YouTube: Privacy Policy - Privacy Policy & Terms of Use - Google

Xing and kununu: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn: https://de.linkedin.com/legal/privacy-policy

Social media presence

We maintain online presences within social networks and platforms (LinkedIn, Xing and Kununu) in order to communicate with the interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our privacy policy, we process users' data when they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages. The legal basis for this processing is the consent of the user associated with the establishment of contact or the writing of a post in accordance with Art. 6 para. 1 lit. a GDPR and, if it is a contract initiation, Art. 6 para. 1 lit. b GDPR.

Webmetic

This website uses Webmetic for marketing, market research and optimization purposes. In accordance with Art. 6 para. 1 lit. f GDPR, company-related data is collected and pseudonymized. For this purpose, a special code is implemented that securely collects relevant data. The data is encrypted from the administration stage onwards to ensure its integrity.

The data collected is processed exclusively in pseudonymized form and is not used to personally identify individual visitors to this website, which is neither permitted nor part of our processes. The data is deleted as soon as the purpose of the processing has been fulfilled and there are no longer any statutory retention obligations.

You can object to the collection and storage of data at any time with effect for the future by opening this link https://t.webmetic.de/opt-out/. You can activate an opt-out there.

Online application

Privacy Notice for Applicants of Horn & Company Group GmbH (Articles 13, 14, and 21 GDPR; Article 19 Swiss FADP)

With the following information, we provide an overview of how we process your personal data (Article 4 no.2 GDPR; Article 5(d) Swiss Federal Act on Data Protection (FADP)) in connection with our recruiting and your application.

Horn & Company Group GmbH, Kaistraße 20, 40221 Düsseldorf, Germany, is responsible for recruiting and applicant management for all companies within the Horn & Company Group. This notice therefore applies to the processing of personal data of candidates and applicants for positions at the German, Austrian, Swiss, and U.S. companies of the Horn & Company corporate group. Where we transfer data to any of these affiliated companies, the additional information provided under Sections B through D of this notice also applies.

A. Processing of Your Data in the Context of Recruiting and Applicant Management

1. Controller, Data Protection Officer, and Contact Details

1.1 Collection and Processing of Your Data

The controller responsible for the initial collection and processing of your personal data during your application is Horn & Company Group GmbH, Kaistraße 20, 40221 Düsseldorf, Germany, marketing@horn-company.de (also “we” or “us”). Our Data Protection Officer can be reached at: Oliver.Laitenberger@horn-company.de.

1.2 Joint Control

If you apply for a position with one of the companies listed below within the Horn & Company corporate group, or if we transfer your data to one of the following companies within the Horn & corporate group with your consent, those companies act as joint controllers with us within the meaning of Article 26 GDPR for the processing of your personal data in connection with your application:

1.3 Agreement on Joint Control

To ensure your rights and in accordance with the provisions of the GDPR, we have concluded a joint controller agreement under Article 26 GDPR with the above companies that governs the processing of your personal data. Under this agreement, we jointly determine the purpose of data processing, the categories of personal data, the safeguarding of data subject rights, the documentation of technical and organizational measures (TOMs), the risk assessment and performance of any required data protection impact assessments, the engagement of processors, the provision and documentation of records of processing activities, and the assessment and communication of data breaches.

In addition:

 

2. Categories of Data Processed

In the context of your application, we process the following personal data or categories of personal data that you provide to us:

We may also receive data in the above categories from third parties searching for candidates on our behalf (headhunters), or through our own research in professional online networks.

 

3. Purposes and Legal Bases of Processing

We process your personal data in accordance with applicable data protection laws, in particular the GDPR and the German Federal Data Protection Act (BDSG), for recruiting purposes, i.e., to fill open positions at all controllers through coordinated applicant management. We also align our data protection practices with applicable legal requirements in other countries (e.g., the Swiss FADP, the Austrian Data Protection Act (öDSG), and the Austrian Telecommunications Act 2021 (TKG 2021)), to the extent applicable.

The following legal bases may apply:

Specific purposes and legal bases include: 

 

Processing Purpose/Legitimate Interest Data or Data Category Legal Basis
Applicant-Search Basic and contact data; data on professional activities Article 6(1)(f) GDPR. Our legitimate interest lies in identifying suitable candidates. Data subject interests do not override this interest, as we collect information from professional networks and limit it to information relevant to candidate search, which the data subject has made available for the purpose of professional networking
     
Application processing/contract initiation, including communication with the data subject Basic and contact data; qualification data; data on professional activities; extracurricular interests; target position; photograph; performance and assessment data; other data you provide during the application process, including any special categories of personal data (e.g., health data or information about religious affiliation); communication data Article 6(1)(b) GDPR; Section 26(1) sentence 1 BDSG; Article 9(2)(a), (b) GDPR; Article 6(1)(f) GDPR—our legitimate interest lies in properly filling a position and ensuring an efficient application process.
     
Transfer of application documents and personal data to the personnel file in case of hiring Basic and contact data; qualification data; data on professional activities; target position; photograph; performance and assessment data; other data you provide during the application process, including any special categories of personal data (e.g., health data or information about religious affiliation) Article 6(1)(b) GDPR; Section 26(1) sentence 1 BDSG; Article 6(1)(f) GDPR—our legitimate interest lies in efficient organization and administration of the employment relationship; Article 9(2)(b) GDPR.
     
Retention of data for contact regarding future job offers Basic and contact data; qualification data; data on professional activities; extracurricular interests; target position; photograph; performance and assessment data; other data you provide during the application process, including any special categories of personal data (e.g., health data or information about religious affiliation); communication data Article 6(1)(a) GDPR; Article 9(2)(a) GDPR
     
Establishment, exercise, or defense of legal claims Basic and contact data; any other data or categories relevant to the claim Article 6(1)(f) GDPR.
     
Consent management (administration of consent and withdrawal declarations) Basic data; privacy statements Article 6(1)(c) GDPR
     
Processing of data protection claims asserted by the data subject (assertion of claims by the data subject for information, correction, deletion, restriction of data processing, and data portability) Basic and contact data; declarations of the data subject; all data or data categories that are subject to the specific request Article 6(1)(c) GDPR
     
Proof of placement in case of data submitted by a headhunter 

(1) Basic and contact data; qualification data; data on professional activities; extracurricular interests; target position; photograph; performance and assessment data; other data you provide during the application process, including any special categories of personal data (e.g., health data or information about religious affiliation); communication data.

(2) First and last name, email address, salary expectations

 

(1) Article 6(1)(a) GDPR;

(2) Article 6(1)(f) GDPR

     

 

4. Data Retention

We are subject to various, potentially country-specific statutory retention obligations and periods. As a rule, we store your data only as long as necessary for the processing purpose. Personal data of applicants is stored until the vacant position is filled. For the potential establishment, exercise, or defense of legal claims, we store your data for a maximum of six months after the conclusion of the application process, unless applicable national law provides for different retention periods. Specifically:

Longer retention periods may result if you have given consent, if data is necessary for the establishment, exercise, or defense of legal claims, or if statutory retention obligations apply. In such cases, data will be stored as long as necessary to fulfill these purposes.

If we receive your application from a headhunter and you have given consent to this, we will store your data for 18 months after conclusion of the application process. Otherwise, the retention periods stated above apply after conclusion of the application process or after you receive our rejection. Solely the following basic data—your first and last name, email address, and salary expectations—will be stored for an additional period up to a total of 18 months after the conclusion of the application process so that we can comply with our obligations under the placement agreement with the headhunter. The legal basis is our legitimate interest as outlined above under Article 6(1)(f) GDPR.

If you consent to continued storage in our applicant pool, we will store the application documents and personal data you have provided in electronic form in order to contact you at a later date. Data processed on the basis of your consent is stored until you withdraw your consent, and absent withdrawal for a maximum of three years.

 

5. Recipients or Categories of Recipients

Processing personal data during the application process serves exclusively to fill open positions at the companies listed in Section 1 of the Horn & Company Group. We do not collect data for other purposes. Personal data is shared, in connection with application processing, with the following recipients or categories of recipients:

5.1 Processors

For further processing of data from surveys on the recruiting process, we jointly use a private cloud provided and operated by Horn & Company GmbH, Kaistraße 20, 40221 Düsseldorf, Germany.

5.2 Controllers 

If you apply for a position at one of our affiliated companies listed in Section 1, or if you have consented to our sharing your data with these companies for the purpose of evaluating a job opportunity, we may share your data with these companies:

Apart from this, we share personal data with the following third parties who process the data as controllers (Article 4(7) GDPR):

 

6. International Data Transfers

Your personal data is transferred to third countries in the following situations:

 

7. Obligation to Provide Data

There is no statutory or contractual obligation to provide us with your personal data. However, to process your application we require personal data concerning your qualifications for the position to which you are applying. If you do not provide this data, or if you object to the processing of your personal data, we must decline your application.

 

8. Automated Decision-Making and Profiling; Artificial Intelligence (AI)

We do not use your personal data for automated decision-making, including profiling. We do not use AI tools to analyze your data.

 

9. Data Security

We are committed to the security of your data. We have implemented appropriate technical and organizational measures within the meaning of Article 32 GDPR to ensure the confidentiality and security of your personal data, including protection against unauthorized access, disclosure, alteration, or destruction.

 

10. Your Rights as a Data Subject

10.1 Access, Rectification, Deletion, Restriction of Processing, Data Portability 

Each data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to deletion under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, and the right to data portability under Article 20 GDPR. To exercise these rights, you may contact the entities listed under Section 1 (Controller and contact details).

10.2 Right to Object 

Under Article 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) GDPR (processing based on legitimate interests); this also applies to any profiling based on that provision within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where we process your personal data for direct marketing purposes, you have the right to object at any time to such processing. ]If you object to processing for direct marketing, we will no longer process your personal data for such purposes. You may submit your objection in any form to the contact listed in Section 1 (Controller and contact details). You will incur no costs other than transmission costs at base rates.

10.3 Withdrawal of Consent 

If you have given consent to the processing of your personal data, you may withdraw your consent at any time. The lawfulness of processing carried out prior to withdrawal remains unaffected.

10.4 Point of Contact for Rights/Withdrawal 

Under the joint controller arrangement, Horn & Company Group GmbH is the primary point of contact for exercising the rights listed in this Section 10 and can be reached via the contact details under Section 1. Notwithstanding the foregoing, under Article 26(3) GDPR you may generally exercise your rights vis-à-vis any of the controllers listed in Section 1. The controllers will promptly inform one another of any claims asserted by data subjects and will provide each other with the information necessary to process such claims.

 

11. Right to Lodge a Complaint with a Supervisory Authority

Under Article 77(1) GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful, in particular if it violates the GDPR. The supervisory authority responsible for Horn & Company Group GmbH is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen 

Kavalleriestr. 2–4, 

40213 Düsseldorf, Germany 

Phone: +49 211 38424-0 

Fax: +49 211 38424-999

Email: poststelle@ldi.nrw.de

Supervisory authorities responsible for each affiliated company are listed in Sections B through D below.

 

B. Data Processing by Horn & Company Schweiz GmbH (Switzerland)

If you apply for a position at Horn & Company Schweiz GmbH, or if you have consented to the transfer of your personal data to Horn & Company Schweiz GmbH to evaluate a job opportunity, Horn & Company Schweiz GmbH processes your personal data—alongside Horn & Company Group GmbH—for the purpose of handling your application. In addition to Section A, the following information applies:

1. Controller

Horn & Company Schweiz GmbH

Stadthausquai 1

8001 Zurich

Switzerland

www.horn-company.com/ch.

The contact person for data protection matters is Mr. Peter Grossenbacher. For questions about the processing of your personal data or to exercise your rights, please contact our data protection team at dataprotectionoffice@horn-company.ch.

2. Your Rights

2.1 Access, Rectification, Deletion, Data Portability

Each data subject has the right of access under Article 25 FADP, the right to rectification under Article 32(1) FADP, the right to deletion under Article 32(2)(c) FADP, and the right to data portability under Article 28 FADP.

To exercise these rights, contact the entity listed under Number 1 of this Section B.

2.2 Right to Object

Data subjects may object at any time to the processing of their personal data. Further processing of the personal data constitutes an unlawful infringement of personality rights unless we can assert a justification for further processing, e.g., an overriding interest or a legal obligation to process (Article 30(2)(b) FADP in conjunction with Article 31 FADP). 

3. Supervisory Authority

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)

Feldeggweg 1,

CH-3003 Bern

Phone: +41 58 462 43 95

Email: info@edoeb.admin.ch

 

C. Data Processing by Horn & Company CEE GmbH (Austria)

If you apply for a position at Horn & Company CEE GmbH, or if you have consented to the transfer of your personal data to Horn & Company CEE GmbH to evaluate a job opportunity, Horn & Company CEE GmbH processes your personal data—alongside Horn & Company Group GmbH—for the purpose of handling your application. In addition to Section A, the following information applies:

1. Controller

Horn & Company CEE GmbH

Bösendorferstraße 5

1010 Vienna

Austria

www.horn-company.com/

oliver.laitenberger@horn-company.de

2. Contact for Data Protection Matters

The contact person for data protection matters is Oliver Laitenberger. For questions about the processing of your personal data or to exercise your rights, please contact Oliver Laitenberger at oliver.laitenberger@horn-company.de.

3. Supervisory Authority

Österreichische Datenschutzbehörde

Barichgasse 40–42

1030 Vienna

Austria

Email: dsb@dsb.gv.at

 

D. Data Processing by ConMoto Consulting Group, Inc. (United States)

If you apply for a position at ConMoto Consulting Group, Inc., or if you have consented to the transfer of your personal data to ConMoto Consulting Group, Inc. to evaluate a job opportunity, ConMoto Consulting Group, Inc., 7930 West Kenton Circle, Suite 130, Huntersville, NC 28078, USA, processes your personal data for the purpose of handling your application. In addition to Section A, the following information applies:

1. Controller

ConMoto Consulting Group, Inc.

7930 West Kenton Circle, Suite 130

Huntersville, NC 28078

USA

business@conmoto-consulting.com

www.conmoto-consulting.com.

2. Contact for Data Protection Matters

The contact person for data protection matters is Dr. Oliver Laitenberger. For questions about the processing of your personal data or to exercise your rights, please contact Dr. Oliver Laitenberger at oliver.laitenberger@horn-company.de

3. Your Data Protection Rights

Your personal data will be transferred to Horn & Company Group GmbH, Kaistraße 20, 40221 Düsseldorf, Germany, and its processors for the purposes of evaluating your application and matching your profile with job openings. With your informed consent, your personal data may also be transferred for application purposes to the following Horn & Company Group companies:

To ensure a high level of data protection within the Horn & Company Group, we voluntarily grant you, within the framework of applicable U.S. laws, the rights afforded to data subjects under the EU General Data Protection Regulation (GDPR). Specifically, these are your rights to access, rectification, deletion, restriction of processing, data portability, and withdrawal (see Section A.10 of this privacy notice). To exercise these rights or if you have questions, please contact the data protection contact listed in Number 2 of this Section.

 

4. Additional Specific Provisions for ConMoto Consulting Group, Inc.

(1) We will process your health data (e.g., voluntary information about disability or maternity protection) only in exceptional cases in accordance with applicable laws if you voluntarily provide this data to us and have given your explicit prior consent to processing.

(2) We currently do not use AI tools to analyze your data.

 

Forwarding of data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is in our legitimate interest (e.g. because it is necessary for the assertion, exercise or defense of legal claims) and there is no reason to assume that your interests or fundamental rights and freedoms, which require the protection of personal data, prevail, in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or if the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR is necessary for the processing of contractual relationships with you.

The personal data collected by us when you visit and use our website and the personal data collected by us when you use certain functions and offers on our website will not be passed on to third parties or transmitted in any other way, unless this is expressly stated in this privacy policy. Exceptions to this are mandatory transfers of personal data to state institutions and authorities as well as private rights holders on the basis of legal regulations or judicial or official decisions as well as the necessary transfer to state institutions and authorities in the event of attacks on our legal interests for the purposes of legal or criminal prosecution.

When operating our website and providing and processing individual functions and offers, we sometimes use external technical and other service providers who support us in the provision of our services and have been carefully selected by us. Where necessary, these service providers engaged by us process your personal data within the scope of their respective assignment in accordance with our instructions for the purposes stated in this privacy policy. They are contractually obliged to comply with this privacy policy, the applicable statutory data protection provisions and our instructions (so-called data processors pursuant to Art. 28 GDPR).

Processing of personal data in "third countries"

We generally process the personal data collected on the website within the member states of the European Union. A transfer of personal data to so-called "third countries", i.e. countries outside the European Union and the European Economic Area, only takes place as stated in this privacy policy.

Some of the processing described above involves the transfer of data to the servers of third-party providers in the USA. Insofar as you have consented to this processing by activating the categories "Statistics" and/or "Marketing" and/or "External media cookies" in the consent management tool "Cookiebot", the data processing thus enabled is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 49 para. 1 lit. a GDPR. For the USA, there is currently an adequacy decision with the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified organizations in the USA.

Rights of data subjects

You have the right:

in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller

in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future and

to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

You can assert the above rights and claims by sending an email to marketing (at) horn-company.de or by sending a message to the contact address listed above.

Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, simply send an email to marketing (at) horn-company.de

Data security

When you visit our website, we use the common TSL (Transport Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.we also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and is dated November 2024.

It may become necessary to amend this privacy policy as a result of the further development of our website and offers on it or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website www.horn-company.com/datenschutz.