This website is offered jointly by subsidiaries of the HAPEKO Group. The controllers are:
HAPEKO Hanseatisches Personalkontor Deutschland GmbH
Großer Burstah 1 · 20457 Hamburg
Tel. +49 (0) 40 822 99 11 80
E-Mail: info@hapeko.de
Managing Directors: Tania Venema · Arne Kaiser
Commercial Register: HRB 157129 · Hamburg Local Court
HAPEKO Executive Partner GmbH
Großer Burstah 3 · 20457 Hamburg
E-Mail: info@hapeko-executive.de
Managing Directors: Dr. Jochen Becker, Anke Franz, Ansgar Heunemann, Dr. Ralf Neier, Tania Venema
Commercial Register: HRB 178385 · Hamburg Local Court
HAPEKO International Lizenzgesellschaft mbH & Co. KG
Großer Burstah 1 · 20457 Hamburg
Tel. +49 (0) 40 822 99 11 80
E-Mail: info@hapeko.de
HAPEKO Österreich GmbH
Max-Ott-Platz 6 · 5020 Salzburg · Austria
E-Mail: salzburg@hapeko.at
Austrian Company Register: FN 460368m
VAT ID: ATU71566003
Managing Director: Christoph A. Nehring
These companies are independent companies that combined under the name HAPEKO.
Under data protection law, the companies are jointly responsible for the websites www. hapeko.de and www.hapeko.at (hereinafter: the website) and make necessary decisions together. The companies commissioned a processor to operate the website. The duty to provide information under Article 13 of the GDPR concerning the collection of personal data related to use of the website and application documents submitted via the website is fulfilled by HAPEKO Hanseatisches Personalkontor Deutschland GmbH, who may be contacted at the above-stated contact details or through the contact person specified below for data protection matters.
If you use this website to apply for an advertised vacancy, your application and personal data will be stored in a database. This database is used jointly by the controllers for the pursuit of their joint aims. Applications submitted for vacancies may be accessed by the controllers’ employees who are involved in processing the vacancy or require this information to further process the applications. To determine whether a controller may consider an application for a client’s vacancy, unsolicited applications submitted via the website are accessible to all employees involved in processing these applications.
For personal data not collected via the website, the duties to provide information under Articles 13 and 14 of the GDPR will be fulfilled by the controller responsible for collecting this data.
To exercise your rights under Article 15 et seq. of the GDPR (see end of this document), the main contact person is HAPEKO Hanseatisches Personalkontor Deutschland GmbH. Please contact this company by mail for the attention of management or by email at datenschutz@hapeko.de. Irrespective thereof, you may exercise your rights under the GDPR through and against each controller.
Contact details of the data protection officer
You may contact our data protection officer as follows:
Mauß Datenschutz GmbH
Neuer Wall 10
20354 Hamburg
Germany
Tel.: +49 (0) 40 / 999 99 52-0
Email: datenschutz@datenschutzbeauftragter-hamburg.de
When we process personal data
We process personal data you actively transmit to us through your submissions. We also automatically process personal data on the basis of use of our website. Personal data may therefore especially be processed in the following cases:
• Visiting our website
• Creating a profile
• Applying for a vacancy
• Subscribing to an email newsletter
• Contacting us
• Analyzing why which visitors visit and how they use our website
• Defending against attacks on our technical infrastructure
For further details, please see the following.
Visiting our website
When you open our website, the company we commissioned to operate the website will, in particular, process and store technical data about your device (operating system, screen resolution and other non-personal data) and browser (version, language setting), the time and date of access and the public IP address of the computer you use to visit our website. An IP address is a unique numerical label under which your device sends data to and receives data from the Internet. The identity of the user of an IP address is not normally known to us or our service provider, unless you disclose data to us when using our website that enables us to identify you.
Our service provider uses processed data anonymously for statistical purposes to allow us to determine which devices are used with which settings when visiting our website. This enables us to optimize our website for them. These statistics do not include personal data. The legal basis for preparing such statistics is Article 6 para. 1 f of the GDPR.
Furthermore, an IP address is used so you can access and use our website and for us to detect and defend against attacks on our service provider or website. Unfortunately, there are often attacks to harm website operators and users (e.g., by preventing access, stealing data, spreading malware (such as viruses) or for other illegal purposes). Such attacks may impair the intended function of our service provider’s data center, the use and functionality of our website and the security of our website’s users. IP addresses and the time and date of access are processed to defend against such attacks. Through such processing performed by our service provider, we pursue a legitimate interest in ensuring the functionality of our website and defending against unlawful attacks against us and visitors of our website. The legal basis for this processing is Article 6 para. 1 ) of the GDPR.
This information is stored by us in log files for security purposes and automatically erased after 14 days. The data in these log files is stored separately from your other data. Log files will only be stored for longer periods when necessary (e.g., in case of indications of misuse or fraud or attacks on our web server). In such cases, the log files will be stored until the matter is resolved and the resulting measures have concluded.
To provide our website and its services to you, we commissioned a service provider (web host) to process your data on our behalf and only in compliance with our instructions:
Fork Unstable Media GmbH, Juliusstraße 25, 22769 Hamburg, Germany
Corpex Internet GmbH c/o Mindspace, Rödingsmarkt 9, 20459 Hamburg, Germany
The legal basis for processing your data is Article 6 para. 1 f of the GDPR. We have a legitimate interest in processing your data to provide our website and its services to you in a technically flawless and secure manner optimized for your needs. Furthermore, we also have a legitimate interest in detecting and defending against fraud and attacks on our website.
Applying for a vacancy and being added to our database
We publish vacancies on behalf of the company that wishes to fill the position concerned and perform this part of the application for the company. The services we perform include, e.g., reading application documents, conducting job interviews, administering aptitude tests and selecting applicants we deem suitable to be recommended to the client. We submit the application documents, sometimes including a statement, of applicants deemed suitable by us to the client. We will inform you in advance to which companies your application will be submitted to allow you to object. These companies will use your data for the rest of application process. The legal bases for processing this data are Article 26 of the German Federal Data Protection Act [Bundesdatenschutzgesetz (BDSG)] and the Austrian Labor Constitution Act [Arbeitsverfassungsgesetz (ArbVG)] pursuant to Article 11 of the Austrian Data Protection Act [Datenschutzgesetz (DSG)] and Article 6 para. 1 f of the GDPR. Our legitimate interest in processing your data on the basis of Article 6 para. 1 f of the GDPR is established by you requesting such processing of your data when submitting an application. Submitted applications may be withdrawn at any time. In this case, your personal data will be erased within the period required by law in Hamburg, Germany, unless further storage is in our or our client’s legitimate interest in providing evidence of compliance with the legal obligations for recruitment, e.g., under the German Act on Equal Treatment [Allgemeines Gleichbehandlungsgesetz (AGG)] or the Austrian Equal Treatment Act [Gleichbehandlungsgesetz (GlBG)]. In this case, your data will be erased when these obligations have been fulfilled. The legal bases for such processing are Article 26 of the German Federal Data Protection Act and the Austrian Labor Constitution Act pursuant to Article 11 of the Austrian Data Protection Act and Article 6 para. 1 f of the GDPR.
For applications for executive or similarly significant positions (head of distribution, management board, supervisory board, etc.), HAPEKO reserves the right to perform a credit check on the applicant using the services of Creditreform Hamburg von der Decken & Wall KG.
When you submit an application, we will add your job search to our database and notify you about vacant positions that may interest you based on your provided information. The legal basis for this processing is Article 6 para. 1 a of the GDPR. You may object to this use of your data at any time by requesting the deletion of your profile. In this case, we will erase your data within the period required by law in Hamburg, Germany, unless further storage is permitted due to your application for a specific vacancy as stated above. Should this apply, your data will be erased as specified above.
Creating a candidate profile
If you create a profile, we will process the data you have provided to create and manage your profile and enable you to use the services that require you to create a profile. The legal basis for processing this data is Article 6 para. 1 a of the GDPR. If you create a candidate profile to conclude a contract with us, Article 6 para. 1 b of the GDPR will serve as an additional basis for processing your data.
This data will be stored until your profile is deleted. If longer storage is required or permitted by law, this data will be erased when this storage obligation or legal permission expires.
HAPEKO will delete if you don’t! We will delete…
Your candidate profile in the login area of our website
• Immediately when the delete function on the applicant login is activated (unless further storage is permitted due to your application for a specific vacancy as stated above. Should this apply, your data will be erased as specified above.)
• Automatically after 3 months of inactivity
Your candidate profile from our database
• Immediately when the delete function on the applicant login is activated (unless further storage is permitted due to your application for a specific vacancy as stated above. Should this apply, your data will be erased as specified above.)
• Immediately as required by law when you inform us of the withdrawal of your application (unless further storage is permitted due to your application for a specific vacancy as stated above. Should this apply, your data will be erased as specified above.)
• Automatically if we have no contact with you for more than 3 years
Contacting us
If you contact us through one of the contact options offered, we will use the data you have provided to respond to your inquiry. This will be done to request that you call us, create an offer, and submit an unsolicited application. By transmitting your data, you consent to having us process this data. We will process your data to process your inquiries where necessary for a reply or requested measures.
Processed data includes your:
• Form of address
• Title
• First name*
• Last name*
• Date of birth*
• Email address*
• Telephone number*
• ZIP code*
• City*
• Country*
• Current/last position (job)
• Expected salary
• Notice period
• Geographic availability
• Resumé (upload)*
• Application letter (upload)
• Picture (upload)
• Reports (upload)
• Comments (optional)
The legal basis for processing your data when you contact us is Article 6 para. 1 a of the GDPR, i.e., your consent. If you apply to us, the legal basis is Article 26 of the German Federal Data Protection Act to establish an employment relationship.
This only does not apply if the content of your message to us concerns the conclusion or performance of a contract with us. In such cases, your data will be processed on the basis of Article 6 para. 1 b of the GDPR.
Your data will be erased when it is no longer needed or subject to legal storage obligations or if you withdraw your consent.
Newsletter
If you subscribe to our email newsletter, the data you have provided will be processed to create and send the newsletter and as evidence of your subscription until you withdraw your consent. The legal basis for this processing is Article 6 para. 1 a of the GDPR. Our newsletter uses the platform of an external service provider to whom we will transfer your necessary data as a processor.
Mailjet GmbH
Alt-Moabit 2, 10557 Berlin, Germany
To receive our newsletter, you must click on the confirmation link in the verification email we will send you to confirm your consent to the subscription. When you click on this link, we will process the public IP address of the computer from which the link is activated and the time and date of the activation. We will process this data as evidence of your confirmation of your subscription to our email newsletter.
The legal basis for this processing is Article 6 para. 1 f of the GDPR. Our legitimate interest consists of fulfilling our documentation obligations for your subscription.
You may withdraw your consent at any time by unsubscribing from our newsletter. A link for this is provided at end of each newsletter.
When you unsubscribe from our newsletter, we will erase your data. The data we require as evidence of your consent to our newsletter will be erased when the limitation period for our documentation obligations expires.
GoogleMaps
To provide a visual representation of our location, we use a map from GoogleMaps, a service of Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, subject to Google’s Privacy Policy available at https://www.google.com/policie.... Our legitimate interest in using GoogleMaps consists of helping visitors to our website find us to make us easier to reach. The legal basis for this processing is Article 6 para. 1 f of the GDPR.
Use of an externally hosted tool for obtaining and managing consent
Our website uses various tools and technologies, including cookies, for which we require your consent.
To obtain and manage your consent, we use a so-called consent manager, specifically Usercentrics (Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, https://usercentrics.com/priva...).
This consent manager uses technically necessary cookies to save your consent. The storage periods of these cookies are specified in the information provided by the consent manager.
All consent to tools and technology used by us may be granted and withdrawn on our consent manager. This consent manager will be displayed to you automatically when you first visit our website. You may also open the consent manager at any time by clicking here. All necessary information about the cookies used and tools and technology requiring consent is provided on the consent manager.
The legal basis for our use of the consent manager is our legal obligation to provide evidence of your consent (Article 6 para. 1 c of the GDPR). Our decision to use an external provider is based on our legitimate interest (Article 6 para. 1 f of the GDPR) in providing a modern, secure and cost-efficient solution.
Use of cookies and similar technologies
Our website uses cookies to ensure technical functionality and understand how our website is used by our visitors. Cookies are small text files placed on your device by your browser when you visit our website. When you return to our website, we can read these cookies. Cookies are stored for different periods. Which cookies you accept may be configured on your browser. However, this may prevent our website from being fully functional. Furthermore, you may delete cookies at any time. If you do not delete cookies, we can specify how long a cookie will be saved when it is placed on your computer. A distinction must be made between so-called session and permanent cookies. Session cookies will be deleted by your browser when you leave our website or close your browser. Permanent cookies will be stored for as long as specified by us when they are placed.
We use cookies for the following purposes:
• Technically necessary cookies required for using functions of our website (e.g., recognizing whether you logged in). Certain functions cannot be provided without these cookies.
• Functional cookies used to technically perform certain functions you want to use.
• Analysis cookies used to analyze your user behavior. For further details, please see the information on reach measurement and Google Analytics.
• Cookies of third-party providers: for further details, please see the information on “advertising.”
• The apps we offer use technology similar to cookies.
Which cookies are used on our website depends on your consent management settings (“cookie banner”). You may change your decision and grant or withdraw your consent at any time by opening your settings here . The legal basis for processing personal data by using cookies is Article 6 para. 1 a of the GDPR.
Most browsers used by our users allow you to configure which cookies to accept and to delete (certain) cookies. If you limit acceptance of cookies to certain websites or do not accept cookies from third parties, you may be unable to fully use every function of our website. How to adjust your cookie settings on the most commonly used browsers is explained here:
• Google Chrome (https://support.google.com/chr...)
• Internet Explorer (https://support.microsoft.com/...)
• Firefox (https://support.mozilla.org/en...)
• Safari (https://support.apple.com/de-d... - https://support.apple.com/guid...)
Server log files
Whenever the funnels are accessed, general log data, so-called server log files, will be automatically collected. This data is anonymized and does not allow individuals to be identified. Without this data, it may not be technically possible to provide and display the content of the software. In addition, this data must be processed for security reasons, especially for access, input, transfer and storage control. Furthermore, this anonymous information may be used for statistical purposes and to optimize our offer and technology. In case of indications of unlawful use of our software, log files may also be checked and assessed. The legal basis for this is Article 15 para. 1 of the German Telemedia Act [Telemediengesetz (TMG)] and Article 6 para. 1 f of the GDPR. General data, such as the domain name of our website, the browser and version, the operating system and the timestamp of when the software is accessed, will be collected. The user’s IP address will not be stored. However, the user will be assigned a so-called session ID. The extent of this logging does not exceed the customary extent of any other website on the Internet. These server log files may be stored for up to 7 days. There is no right to object.
General data, such as the domain name of our website, the browser and version, the operating system, session ID of the user and the timestamp of when the software is accessed, will be collected. Any data the user enters when using the funnels (e.g., entries on forms, use of interactive components) will be assigned to the user through a session ID and provided to the website operator. The website operator is responsible for the erasure, storage, and further processing of this personal data in compliance with applicable law.
a. Google Analytics
Using your anonymized IP address as part of a processing agreement, we use Google Analytics, a service of Google Ireland Limited, https://www.google.de/contact/... . Your IP address will be anonymized by Google within the EEA. According to Google, your full IP address will only be transmitted to and shortened by a Google server in the US in exceptions. Furthermore, Google states that the IP address transmitted by your browser will not be merged with other data.
We use Google Analytics to process the following data on the use of our website:
• Approximate location at regional level
• Anonymized IP address
• Technical information on the browser and device used (e.g., language settings, screen resolution)
• User’s internet provider
• The website/advertisement from which a user accessed our website
• The pages opened by the user
• Whether users perform certain actions on our website, so-called conversions, such as purchasing products, newsletter subscriptions, downloads, purchases
• User behavior (e.g., which links are activated, how long users visit our website, from which page they leave our website)
We disabled Google Analytics functions that enable Google or another third party to use data as controllers.
There is no personal profiling. Corresponding statistics only include summarized data that does not allow personal identification.
Google Analytics’ assessments allow us to understand how our website is used and the success of advertisement. This enables us to optimize our website (especially its structure, content, and functions) and advertisement and, thereby, our business success. The legal basis for this processing is your consent under Article 6 para. 1 a of the GDPR.
We configured Google Analytics to store personal data for 14 months. Data that has been stored for this long will be automatically erased each month. To opt out of Google Analytics on all websites, Google only offers a so-called browser plugin. Information about this browser plugin is provided here.
Under our processing agreement, Google may commission subprocessors. A list of these subprocessors is provided at https://privacy.google.com/bus....
As part Google Ireland Limited’s activities, data may be exported to a third country within the meaning of Article 44 of the GDPR. Under Article 46 para. 2 c of the GDPR, the legal basis for this consists of so-called standard contractual clauses which we concluded with Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
You may withdraw your consent with future effect at any time here . Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
I recommend deleting and including this in the consent manager. Otherwise, this will result in twice the workload which will be difficult to manage.
Right of access
Under Article 15 of the GDPR, you have the right to obtain from us confirmation as to whether personal data concerning you is processed. Where this is the case, you have the right to access this personal data and to the information listed in Article 15 of the GDPR.
Right to rectification
Under Article 16 of the GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay. Taking into account the purposes of the processing, you further have the right to have incomplete personal data completed, including by providing a supplementary statement.
Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay. We have the obligation to erase personal data without undue delay if the grounds of Article 17 of the GDPR apply. For further information, please see Article 17 of the GDPR.
Right to restriction of processing
Under Article 18 of the GDPR, you have the right to obtain from us restriction of processing under certain circumstances.
Right to data portability
Under Article 20 of the GDPR, you have the right to receive in a structured, commonly-used and machine-readable format the personal data you provided to us and you have the right to transmit this data to another controller without hindrance from us if processing is based on consent under Article 6 para. 1 a of the GDPR or Article 9 para. 2 a of the GDPR or on a contract under Article 6 para. 1 b of the GDPR and the processing is carried out by automated means.
Right to object
Under Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6 para. 1 e or f of the GDPR, including profiling based on these provisions.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing or for profiling to the extent that it is related to such direct marketing.
To exercise these rights, please contact us as the controller at the above-stated contact details or use another form of communication offered by us. Please contact us if you have any questions.
Right to lodge a complaint with a supervisory authority
Under Article 77 of the GDPR, without prejudice to any other administrative or non-judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work or place of the alleged infringement, if you consider the processing of personal data related to you infringes the GDPR.