In the following, we provide information about the processing of personal data when using our website
Personal data is all data that can be related to a specific natural person, e.g. their name or IP address.
The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
heidi International GmbH
Laubestraße 32
60594 Frankfurt am Main
Frankfurt am Main, Germany
Email: info@heidi-hire.com
Website: www.heidi-hire.com.
We are legally represented by Florian Christian Lethen and Bijan Sadighi.
The scope of data processing, processing purposes and legal bases are explained in detail below. The following legal bases for data processing can generally be considered:
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during transfer is guaranteed by adequacy decisions of the EU Commission (Art. 45 (3) GDPR), insofar as these exist (e.g. for the UK, Canada and Israel).
If no adequacy decision exists (e.g. for the USA), the legal basis for data transfer is usually standard contractual clauses, i.e. unless we indicate otherwise. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Art. 46 (2) lit. b GDPR, they guarantee the security of data transfer. Many of the providers have issued contractual guarantees that go beyond the standard contractual clauses and protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding the obligation of the third party to inform the data subject if law enforcement agencies wish to access data.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons.
Data subjects have the following rights vis-à-vis us with regard to their personal data:
If you believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with a competent data protection supervisory authority.
In particular, you can contact the supervisory authority of the member state of your habitual residence, your place of work or the place of the alleged infringement.
The competent supervisory authority for us is
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Wiesbaden, Germany
Telephone: 0611-1408 0
E-mail: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de
This right is without prejudice to any other administrative or judicial remedy.
In the context of a business relationship or other relationship, customers, interested parties or third parties must only provide us with the personal data that is necessary for the establishment, execution and termination of the business relationship or for the other relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service or will no longer be able to fulfil an existing contract or other relationship.
Mandatory information is labelled as such.
In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and implement a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you separately if this is required by law.
When you contact us, e.g. by email or telephone, the data you provide us with (e.g. names and email addresses) will be stored by us in order to answer your questions. The legal basis for the processing is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR) in answering enquiries addressed to us. We delete the data collected in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.
Our website is hosted by Webflow, Inc, 398 11th St., Floor 2, San Francisco, CA 94103, USA. Further information can be found in the provider's privacy policy at https://webflow.com/legal/privacy.
It is our legitimate interest to provide a website, so the legal basis for the data processing described is Art. 6 (1) sentence 1 lit. f GDPR.
When you contact us via the contact form on our website, we store the data requested there and the content of the message on Webflow, Inc. servers (see above).
The legal basis for the processing is our legitimate interest in responding to enquiries addressed to us. The legal basis for the processing is therefore Art. 6 (1) sentence 1 lit. f GDPR.
We delete the data collected in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.
With Webflow, Inc. we use tools from companies based in the USA, among others. When you contact us via our website, your personal data may be transferred to the USA and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in the USA. For example, US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, analyse and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
If you contact us by e-mail, telephone or fax, we will store and process your enquiry including all personal data (name, enquiry) for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 (1) lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested; consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Google Web Fonts
This site uses so-called web fonts provided by Google for the standardised display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. As a result, Google becomes aware that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
We act as a recruitment agency. Candidates can apply for possible job offers with our clients on our website. The application data is stored and processed on Google Cloud servers in Frankfurt am Main. Further information can be found in the provider's privacy policy at https://cloud.google.com/terms/cloud-privacy-notice.
The data provided in the context of applications is processed in order to carry out the application process. We have labelled the data required to carry out the application process accordingly or refer to it. If applicants do not provide this data, we will not be able to process the application.
In order to provide our services, we process your surname, first name, e-mail address, telephone number, country of residence, country of origin (optional), information on educational qualifications, professional experience, information on languages, information on possession of a driving licence, other information in the uploaded CV and your IP address. We pass on your data to companies in Germany in order to place you as a potential employee with the respective company.
We ask applicants to refrain from providing information on political opinions, religious beliefs and similar sensitive data in their CV and cover letter. They are not required for an application. If applicants nevertheless provide such information, we cannot prevent their processing as part of the processing of the CV or cover letter. Their processing is then also based on the consent of the applicants (Art. 9 (2) lit. a GDPR).
The legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR. The processing is necessary for the performance of the contract concluded with customers.
The legal basis for the transfer of data to the respective company is Art. 6 (1) sentence 1 lit. a GDPR.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected, i.e. we have sent you a corresponding rejection. In this case, we store the applicant data for a further six months before deleting it. We will also delete your data if you inform us of your request for deletion using the contact details above. Otherwise, we will only store your personal data if statutory retention obligations require longer data storage.
Consent can be revoked informally at any time, e.g. by post to the above address. The legality of the publication until the revocation remains unaffected.
IPinfo
We use IPinfo to process applicant data. The provider is IDB, LLC 300 Lenora Street #516, Seattle, WA 98136, USA.
IPinfo is used to filter out unwanted and abusive applications. As a result, IPinfo becomes aware that this website has been accessed via your IP address. The use of IPinfo is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in flagging abusive applications on its website.
Brevo
We use Brevo for email marketing and email management. The provider is Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France. The provider processes contact data (e.g. email addresses).
The legal basis for the processing is Art. 6 (1) sentence 1 lit. a GDPR. Processing takes place on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
We reserve the right to amend this privacy policy with effect for the future. A current version is always available here.
If you have any questions or comments regarding this privacy policy, please do not hesitate to contact us using the contact details provided above.