Last update: 28.09.2023
We process your personal data in the course of our business activities; for example, in the course of an application procedure, when using our website or when using our other services, as well as in our role as a contractor. The protection and security of personal data is important to us and goes without saying. We treat your data with strict confidentiality and handle it responsibly. Their processing is carried out exclusively in compliance with the provisions of the General Data Protection Regulation (DSGVO) and in accordance with the requirements of German data protection law, in particular the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
In the following paragraphs, we will inform you about what data is collected, for what purpose, for what reason and for how long it is collected and what rights you have in this regard.
We ask you to consider that in the context of data transmission on the Internet, more or less serious security gaps may exist. According to the current state of science and technology, it is not possible to provide complete protection against access by unauthorized persons.
Note: For better readability, this data protection notice refrains from using both the masculine and other forms in the absence of gender-neutral wording. The generic masculine form chosen below therefore also applies without restriction to other gender identities.
I) Name and address of the person responsible in terms of data protection regulations
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is
HILL International Germany
CORS Human Potential GmbH
represented by the managing director Ms. Carola Scheffel
D-65205 Wiesbaden, Germany
Phone: 0049 611 89043668
Fax: 0049 611 89043663
Place of jurisdiction: Wiesbaden, HRB 29858
VAT ID No.: DE 313 697 907
In the following, the responsible person is referred to as "We" and "Us".
II) Name and address of the State Data Protection Commissioner
State Data Protection Commissioner
The State Commissioner for Data Protection and Freedom of Information
Prof. Dr. Alexander Roßnagel
Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
Postal address: P.O. Box 3163, 65021 Wiesbaden, Germany
Phone: 0049 611 1408-0, Fax: 0049 611 1408-611
III) General information on data processing
In the following, we will first inform you in general about the type and scope of the processing of personal data, the existing legal basis for this, as well as the duration of the storage of this data and its deletion.
1) Scope of the processing of personal data
In principle, you can visit this website without registering for it. We process personal data of our users only to the extent necessary to provide a functional website and our content and services.
a) Term of personal data
The term personal data covers all information relating to an identified or identifiable natural person (hereinafter: data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Term processing
The term processing covers any operation or series of operations performed with or without the aid of automated processes in connection with personal data (for example, collecting, structuring, storing data). The term processing is to be understood very broadly and covers practically every handling of data.
c) Authorization to process personal data
The processing of personal data of the data subject shall only take place on the basis of an appropriate authorization. As a rule, personal data is only processed with the prior consent of the respective data subject. An exception applies in those cases in which the processing of the data is permitted by legal regulations or even prior consent is not possible for purely factual reasons.
d) Categories of affected persons
Visitors and users of our online offer; hereinafter these persons are referred to either as "you" or "you", "data subjects" ("data subjects"), "visitors" or "users".
2) Legal bases for the processing of personal data
a) Contract fulfillment
In the case of processing of personal data that is necessary for the fulfillment of a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b) DS-GVO is the legal basis for this. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Art. 6 (1) sentence 1 lit. b) DS-GVO is the legal basis if you wish to conclude or have concluded a contract with us.
b) Fulfillment of a legal obligation by us
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, the legal basis is Article 6 (1) sentence 1 lit. c) DS-GVO.
c) Existence of legitimate interests
If the processing of personal data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interests, Art. 6 (1) p. 1 lit. f) DS-GVO is the legal basis for this.
d) Necessity of granting consent
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) sentence 1 lit. a) DS-GVO constitutes the legal basis for this. This is possible if you voluntarily provide us with your personal data, e.g. in the context of an inquiry in the contact form or when submitting an application by mail or via our job platform or registration for our candidate portal.
e) Applicability of several legal bases
According to the currently prevailing view, the validity of one legal basis for the processing of personal data does not exclude the validity of other legal bases. Therefore, several of the aforementioned legal bases may also apply to the processing of your personal data.
3) Storage duration and data deletion
In accordance with the principle of purpose limitation, your personal data will only be processed, stored and forwarded to an external server of our external service provider for the purpose of processing your request. Your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany.
A storage of the personal data of the data subject can take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which we are subject.
A blocking or deletion of the personal data of the data subject will also take place if a storage period prescribed by the aforementioned regulations expires, unless there is a necessity for the further storage of the personal data of the data subject for a contract conclusion or for the purpose of contract performance.
4) Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request to the contact details given under I. above.
5) Cooperation with processors
If personal data from you is passed on by us to companies for which we are looking for suitable applicants or is passed on to us by these companies (for example, for the purpose of filling a vacancy), this is done on the basis of existing order processing relationships in accordance with Art. 28 DS-GVO.
IV) Data processing - The specific processing operations
In order to improve the comprehensibility of the specific data processing operations carried out by us, for clarity and to comply with the transparency requirement of the GDPR, we show you below the individual processing operations that take place at our company. For each processing operation, you will find below the essential information about the data we process (data categories) as well as the purpose and legal basis for their processing and information about the storage period of the data we process.
1) Visiting our website
When you visit our website, the following data processing operations take place for the purpose described below on the aforementioned legal basis.
a) Description and scope of data processing
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer, which is automatically transmitted to us by the browser you are using. This data is required to send you the requested content. The following data is collected in this process:
- Information about the browser type and version used;
- the operating system you use;
- the Internet provider you use;
- the IP address (Internet Protocol address) you use;
- Date and time of access;
- websites from which or via which the system you are using has accessed our website; and
- Web pages that are accessed by the system you are using via our Internet site.
Some of this data is also stored in the log files (log files) of our system. A combination of this data with other data is not made. Likewise, this data is not stored together with other personal data from you.
b) Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the delivery of our website to the computer you are using. For this purpose, the IP address used by you must remain stored on our website for the duration of the call.
The storage in the log files is done to ensure the functionality of our website. In addition, we use the data to optimize our website and to ensure the security of our information technology systems. An evaluation of this data for marketing purposes or for other purposes is not carried out in this context.
c) Legal basis for data processing
The legal basis for the temporary storage of the data mentioned under 1) and the log files is Art. 6 para. 1 lit. f) DS-GVO for the purposes mentioned under 2). These justify at the same time our legitimate interest in a correct presentation of the internet presence as well as the guarantee of a secure operation of our website in terms of Art. 6 para. 1 lit. f) DS-GVO when you visit our website.
d) Duration of data storage
The data will be deleted as soon as they are no longer required to achieve the aforementioned purposes of their collection. In the case of the collection of data for the provision of our website, this is the case when the call to our website and thus the respective session is ended by you. In the case of storage of data in log files (log files), this is the case after seven days at the latest. Storage beyond this period is possible; in this case, however, the IP addresses used by you are deleted or alienated, so that it is no longer possible to assign the calling client (a client is a computer program that is executed on the terminal device of a network and communicates with the respective server [central computer]).
e) Possibility of objection
Since the collection of data for the provision of our website and the storage of the data in log files (log files) is absolutely necessary for the operation of our website, there is no right or possibility for you to object.
2) Contact via job offers (job portal) or the contact form - Application management
Our core activity is professional recruitment, i.e. the placement and filling of open positions on behalf of our customers. In order to present our customers with the most suitable candidate for each position and to be able to offer you an optimal employment opportunity, we process the data relevant for filling the position that you disclose to us as part of your application or that we obtain from third parties (reference providers) or from public sources (social media platforms). This applies accordingly if you write to us by e-mail for the purpose of taking advantage of our career and coaching advice and transmit data in the process, or if we collect this data from you as part of the career and coaching advice.
a) Applicant data
We process the following personal data insofar as it is relevant to the application process:
- Master data: Name, date of birth (age), place of birth, gender, academic title(s), marital status;
- Contact data: Address, telephone number, e-mail address;
- Citizenship, immigration status (work permit);
- Information on educational background, professional history, other qualifications or skills, and your (professional) aptitude, including references and resume;
- Information on your interests and aspirations with regard to future employment, as well as your personal development;
- Salary information and expectations;
- date of entry or availability;
- additional information about you provided either by yourself, your references or our customers, if it may be relevant to the application
b) Processing purpose
The processing of your applicant data takes place exclusively for the following purposes:
- Carrying out the application process, in particular to match the job profile with your (professional) suitability, qualifications and interests;
- Carrying out career counseling and coaching;
- Establishing contact and handling correspondence;
- Exercising our rights and obligations towards our customers; and
- If you consent to this: storage in our database with the aim of being able to assign your applicant profile to vacant and suitable job advertisements in the future (record keeping); the same applies in the event of a Hill competence analysis being carried out.
c) Legal basis
Legal bases for the processing of your applicant data are
- Fulfillment of the contract (Art. 6 para. 1 lit. b) DS-GVO): By submitting your application, you instruct us to evaluate it and to match your applicant profile with the requirements profile of the respective job posting. For this purpose, the processing of your applicant data is mandatory.
- Legitimate interests (Art. 6 para. 1 lit. f) DS-GVO): In recruiting, our primary interest is to be able to fill each open position with the ideal candidate. In order to assert, exercise or defend our legal claims - for example, arising from agreements made with our customers or in possible proceedings under the General Equal Treatment Act (AGG) - we consider ourselves entitled to store your applicant data for a certain period of time even beyond the duration of a specific application procedure. Finally, the storage of your applicant data despite the end of an application procedure is necessary in order to be able to fulfill our obligations, in particular contractual obligations of proof or subsequent performance, towards our customers. We are also convinced that storing your applicant data in our systems can also be beneficial for your professional development without you having to fear any disadvantages as a result. We are thus able to match your data with the requirement profiles of future job postings and offer you interesting career prospects.
- Consent (Art. 6 para. 1 lit. a) DS-GVO): Your applicant data will only be kept on record for a period exceeding 12 (twelve) months from the end of the application process (see above lit. b), last point) with your express consent - obtained by means of the so-called double opt-in procedure (keeping on record).
d) Storage period and deletion
As a matter of principle, we only store your applicant data for as long as is necessary to achieve the purpose of the processing. Your applicant data will be deleted or anonymized by us after 12 (twelve) months from the end of the application process. An exception to this is storage for the purpose of keeping records, in which case deletion or anonymization will take place within a maximum of 2 (two) years from the date of your express consent. Furthermore, we will delete or anonymize your applicant data immediately after your first request in this regard, unless this conflicts with legal obligations - for example, in the form of retention obligations under tax and company law.
3) Customer management and order processing
For the initiation of a business relationship, for the processing of a specific order with the personnel search, for the implementation of career counseling and coaching or when using our other services, the processing of your personal data is mandatory. This applies regardless of whether you order our services from our employees or via our website. We also store your personal data beyond the duration of a specific order, for example, to facilitate future cooperation, to comply with our statutory retention obligations and also for quality and evidence preservation purposes.
a) Customer data
The following personal data is processed by us insofar as it is relevant for customer management and order processing:
- Master data: Name, date of birth (age), gender, academic title(s), company VAT number;
- Contact data: Address, telephone number and e-mail address (company or private);
- Assignment or appointment information;
- Position in the company;
- Bank details; and
- additional information that you provide to us in the course of initiating and processing your order, insofar as this is relevant to our business relationship.
b) Processing purpose
The processing of your customer data takes place exclusively for the following purposes:
- Order processing, customer management, exercising (post-contractual) rights and obligations;
- Contacting and correspondence processing; and
- Storage in our database with the aim of having your customer data available in the event of future cooperation (record keeping).
c) Legal basis
Rechtsgrundlagen für die Verarbeitung Ihrer Kundendaten sind:
- Contract fulfillment (Art. 6 para. 1 lit. b) DS-GVO): In order to be able to process your order and ensure targeted communication and proper fulfillment of the contract, the processing of your customer data is mandatory.
- Legitimate interests (Art. 6 para. 1 lit. f) DS-GVO): As a rule, we maintain long-term business relationships with our customers. We therefore take the liberty of keeping a record of your customer data beyond a specific order in order to be able to act quickly and efficiently in your interest in the event of a new order. We are also interested in quality assurance and in avoiding evidentiary difficulties in the event of legal disputes.
- Legal obligation (Art. 6 para. 1 lit. c) DS-GVO): We are obliged to store certain customer data in order to fulfill our legal obligations to retain data - for example in accordance with the German Fiscal Code (AO), the German Value Added Tax Act (UStG) or the German Commercial Code (HGB).
d) Storage period and deletion
As a matter of principle, we store your customer data only for as long as is necessary to achieve the purpose of processing. For quality assurance purposes and to avoid possible evidentiary difficulties in connection with our service provision, we generally delete your customer data after 2 (two) years from the completion of a specific order. Finally, we are required by law to retain documents and records relevant to accounting and commercial transactions (e.g. invoices, receipts, etc.) for a period of 10 years. Furthermore, we delete your customer data immediately after your first request in this regard, unless this conflicts with legal obligations - for example, in the form of tax and company law retention obligations - or, in individual cases, our legitimate interests - for example, in the assertion, exercise or defense of legal claims.
4) HILL Competence Analysis© (HCA)
If you commission us - as an applicant in an application procedure, in the context of a career coaching, as an employee of a customer or as a private person - to carry out the HILL Competence Analysis© (HCA), the processing of your data is necessary for this. The HCA is a standardized, scientifically based, psychological analysis procedure in which your personality, skills, competencies and interests are queried in order to be able to better assign you to a specific professional requirement profile or to find a job that is tailored to you. We would like to emphasize at this point that there are no per se positive or negative characteristics in the HCA. Your characteristics are only evaluated by comparing them with the respective job profile.
a) HCA data
The following personal data will be processed by us, provided that they are relevant for the implementation of HCA:
- Master data: Name, date of birth (age), gender, academic title(s);
- Contact details: E-mail address;
- Education, management experience and sales experience (in years); and
- Information about your personality, characteristics, skills and interests, primarily with regard to your (future) professional environment.
b) Processing purpose
The processing of your HCA data takes place exclusively for the following purposes:
- Establishing contact and handling correspondence;
- carrying out the analysis procedure; and
- if the HCA is completed as part of a job application process, to match the analysis result with the respective job requirement profile in order to fill the open position with the most suitable applicant.
c) Legal basis
Data processing within the framework of HCA qualifies as "profiling" within the meaning of Art. 4 No. 4 DS-GVO; however, it does not represent an application case of "exclusively automated decision-making" according to Art. 22 DSGVO. Insofar as the HCA is completed as part of an application process, we would like to point out that you will not be subjected to a decision based exclusively on your analysis result. Rather, the potential employer decides personally in each individual case, in the sense of human influence and taking into account a wide variety of other factors, to what extent you are eligible for the open position and the application process is continued with you. If you have personally commissioned us to carry out the HCA, we will merely provide you with its results without any concrete decision being linked to it.
The legal bases for data processing are in detail:
- Contract fulfillment (Art. 6 para. 1 lit. b) DS-GVO): With your participation in the HCA - as an applicant in an application process, as an employee of our customer or as a private individual - you entrust us with the evaluation and processing of your data for the purposes stated above. The implementation of the HCA without a corresponding data processing is not possible.
- Legitimate interests (Art. 6 para. 1 lit. f) DS-GVO): When recruiting, our interest is to be able to fill each open position with the ideal applicant. We are convinced that you, as an applicant, also benefit significantly from HCA in an application process because it helps to find the right job for you. If you have commissioned us to carry out HCA as an employee of a client or as a private individual, we will act in your express interest anyway. Finally, we have an interest in the ongoing improvement and further development of HCA, which is why we store your PCA data in our systems in anonymized form - i.e., detached from your identity.
d) Storage period and deletion
As a matter of principle, we only store your HCA data for as long as is necessary to achieve the purpose of the processing. The storage of your HCA data in the context of an application process or career coaching takes place in accordance with point 3) d).
5) Newsletter and promotional activities
We will occasionally send you notifications that we believe may be of interest to you (direct marketing); for example, by sending you our newsletter with information about our products, services, and promotions, as well as general developments in the labor market, or about customized job offers using the email delivery service providers Sendinblue and SparkPost. In case of your registration, we also communicate with you via HubSpot (CRM platform). In order to be able to inform you accordingly, the processing of your personal data is necessary.
a) Advertising data
The following personal data will be processed by us insofar as they are relevant for the implementation of the advertising measures:
- Master data: Name, date of birth (age), gender, academic title(s);
- Contact data: Address, telephone number and e-mail address (in the company or private);
- Position in the company; and
- Desired activity, region.
b) Processing purpose
The processing of your promotional data will only take place for the following purposes:
- Sending you information for promotional and customer retention purposes; and
- Sending job offers for the optimal filling of vacancies.
c) Legal basis
Legal bases for the processing of your advertising data are:
- Consent (§ 7 UWG in conjunction with Art. 6 para. 1 lit. a) DS-GVO): For the processing of your advertising data for the above-mentioned purposes, we will obtain your express consent - by means of the so-called double opt-in procedure.
- Legitimate interests (Art. 6 para. 1 lit. f) DS-GVO): Our interest in implementing advertising measures is to promote our products, services and offers and to increase our market presence. Furthermore, we hope to be able to place the most suitable applicant for each open position by actively transmitting job offers.
d) Storage period and deletion
As a matter of principle, we only store your advertising data for as long as is necessary to achieve the purpose of the processing. Furthermore, we delete your advertising data immediately after your first request to do so, unless this conflicts with legal obligations - for example, in the form of tax and company law retention obligations - or, in individual cases, our legitimate interests - for example, in the assertion, exercise or defense of legal claims.
6) Cookies and Local Storage
Cookies are small data packets that are exchanged between your browser and our web server when you visit our website. Some cookies remain stored on your terminal device. These do not cause any damage and only serve to recognize the website visitor. Cookies can only store information supplied by your browser, i.e. information that you yourself have entered into the browser or that is present on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you visit our website with the same end device, the information stored in cookies may subsequently be sent back either to us ("first-party cookie") or to a third-party web application to which the cookie belongs ("third-party cookie"). Through the stored and returned information, the respective web application recognizes that you have already called up and visited the website with the browser of your end device.
Under Cookie Settings or under V) you will find an overview of all cookies used on our website. You can give your consent for each cookie and view the more detailed information (especially about their purpose and storage period) for each cookie. In addition, you can prevent cookies from being stored by setting your browser accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website.
On our website, we also use so-called local storage functions (also called "local storage"). In this case, data is stored locally in the cache of your browser, which continues to exist and can be read even after closing the browser - as long as they do not delete the cache or it is the session storage. Third parties cannot access the data stored in the Local Storage. Insofar as special plugins or tools use the Local Storage functions, this is described with the respective plugin or tool. If you do not want plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may also lead to possible functional restrictions.
a) Cookie date
The following cookies, among others, are processed by us - depending on the setting you have chosen in the course of your visit to our website:
- IP address;
- Date, time and frequency of your access;
- technical settings of your browser;
- as well as other information about your usage behavior (see in particular also under V).
b) Processing purpose
The processing of your cookie data takes place - depending on the setting you have chosen - exclusively for the following purposes:
Technically necessary cookies: These cookies are necessary to ensure the technical operation and basic functions of our website. For example, this type of cookie is used to maintain your settings while you navigate the website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart).
Statistics cookies: These cookies help us understand how visitors interact with our website by collecting and analyzing information anonymously only. As a result, we gain valuable insights to optimize both the website and our products and services.
Marketing cookies: We use these cookies to analyze your usage behavior on our website. This information is used to display personalized content, offers and advertisements tailored to your interests.
c) Legal basis
Legal bases for the processing of your cookie data are:
- Consent (Art. 6 para. 1 lit. a) DS-GVO): For the processing of your cookie data for the above-mentioned purposes, we will obtain your express consent when you access our website for the first time. The only exceptions to this are those cookies that are absolutely necessary for the use of our website and the services offered there.
d) Storage period and deletion
Depending on how long they are stored, we divide cookies into session and persistent cookies. Session cookies store information used during your current browser session. These cookies are automatically deleted when you close the browser. This does not leave any information on your terminal device. Permanent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will respond accordingly. The lifetime of a permanent cookie is determined by the provider of the cookie. For more information on the storage period, please refer to our cookie banner.
You can also set your Internet browser to generally prevent cookies from being stored on your end device or to ask you each time whether you agree to cookies being set. Once cookies have been set, you can delete them at any time. You can find out how all this works in detail in the help function of your browser. As mentioned, please note that a general deactivation of cookies may lead to functional restrictions on our website.
V) Technologies used and implemented on our website
We use different technologies on our website for different purposes. We explain these to you in the following.
1) Google Analytics
On our website, we use the functions of the web analytics service Google Analytics to analyze user behavior and to optimize our website. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland ("Google").
Google Ireland Ltd. is a subsidiary of Google LLC based in the USA. In detail, processing by Google LLC in the USA is not excluded. Google LLC is certified according to the standards of the Data Protection Framework, which certifies its compliance as a company with data protection standards comparable to the GDPR. The certification of Google LLC is available at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.
Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.
On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other data from Google.
We use Google Analytics only with IP anonymization enabled by adding the code "anonymizeIP" to this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases, the full IP address is transmitted to a Google server and shortened there.
During the website visit, the following data is collected, among others:
- The pages you visit, your "click path".
- achievement of "website goals" (conversions, e.g. newsletter sign-ups, downloads, purchases)
- Your user behavior (for example, clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website / which advertising medium you came to our website)
The data about the use of our website will be deleted immediately after the end of the retention period set by us in each case. Google Analytics gives us the following options for the retention period: 14 months, 26 months, 38 months, 50 months, do not delete automatically. You can ask us at any time for the retention period currently set by us.
The processing of your data using Google Analytics is based on your express consent within the meaning of Art 6 (1) a) DS-GVO. You can revoke your consent at any time with effect for the future.
In addition, you can prevent the collection of data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/.
On our website, we use the service HubSpot to carry out marketing activities. HubSpot is a software company based in the USA with a branch office HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin, Ireland ("HubSpot").
Hubspot Ireland Ltd. is a subsidiary of Hubspot LLC based in the USA. In detail, processing by Hubspot LLC in the USA is not excluded. Hubspot LLC is certified according to the standards of the Data Protection Framework, which certifies its compliance as a company with data protection standards comparable to the GDPR. The certification of Hubspot LLC is available at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active.
We use HubSpot for our own marketing, lead generation and customer service purposes.
The processing of your data with the help of Google Analytics is based on your express consent within the meaning of Art. 6 (1) a) DS-GVO. You can revoke your consent at any time with effect for the future.
Our website uses LinkedIn Conversion Tracking, a web analytics service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA.
Within the scope of this service, data is transferred to the USA or such data transfer cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, an appropriate level of data protection is not currently guaranteed for data transfer to the USA without corresponding certification, and that there are therefore various risks (such as possible access by US intelligence services).
Die durch den LinkedIn Insight-Tag erfassten Informationen über Ihre Benutzung unserer Website are encrypted.
Your data is processed on the basis of your consent pursuant to Art. 6 (1) a) DS-GVO. This consent can be revoked at any time for the future.
LinkedIn members also have the option of opting out of LinkedIn conversion tracking and blocking and deleting cookies or deactivating demographic characteristics at https://www.linkedin.com/psettings/advertising/ . There is no separate opt-out option in LinkedIn's settings for third-party impressions or click tracking for campaigns running on LinkedIn, as all underlying campaigns respect LinkedIn members' settings.
We use LinkedIn conversion tracking to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user.
More information from the third party provider:
4) Appropriate technical and organizational measures
We use appropriate technical and organizational security measures in accordance with Art. 32 DS-GVO to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.
Our security measures are continuously improved according to the technological development and kept at the state of the art.
5) Server log files
For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.
The access data we process includes:
- name of the website accessed
- type of browser used incl. version
- the operating system used by the visitor
- the previously visited page of the visitor (referrer URL)
- time of the server request
- amount of data transferred
- host name of the accessing computer (IP address used)
This data is not assigned to any natural persons and is only used for statistical evaluations and for the operation and improvement of our website as well as for the security and optimization of our Internet offer. This data is only transmitted to our website hoster. This data is not linked or merged with other data sources. If there is any suspicion of illegal use of our website, we reserve the right to check this data retrospectively. The data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) DS-GVO in the technically error-free presentation and optimization of our website.
The access data is deleted shortly after the purpose has been fulfilled, usually after a few days, unless further storage is required for evidence purposes. Otherwise, the data is retained until final clarification of an incident.
On our website, we use the service Hotjar to perform marketing activities. HubSpot is a software company from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St. Julian's STJ 3141, Malta. Hotjar itself claims to store all data obtained on servers in Ireland.
- the IP address of the terminal device,
- the terminal device type,
- the size of the terminal device screen,
- the geographical location,
- the language used on the website
- the referring domain and
- the date and time of the website visit.
This data is stored anonymously, is not assigned to any natural persons and is only used for statistical evaluations and for the operation and improvement of our website as well as for the security and optimization of our internet offer.
The processing of your data with the help of Hotjar is based on your express consent within the meaning of Art. 6 (1) a) DS-GVO. You can revoke your consent at any time with effect for the future.
On our website, the Facebook Pixel service of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used for the analysis, optimization and economic operation of our online offer.
Meta Platforms Ireland Ltd. is a subsidiary of Meta Platforms Inc. based in the USA. In detail, processing by Meta Platforms Inc. in the USA is not excluded. Meta Platforms Inc. is certified according to the standards of the Data Protection Framework, which certifies its compliance as a company with data protection standards comparable to the GDPR. The certification of Meta Platforms Inc. is available at https://www. https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active.
With the help of Facebook pixels, it is possible for Facebook, on the one hand, to determine the visitors to our website as a target group for the display of ads (so-called "Facebook ads"). Accordingly, we use Facebook pixels to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not have a harassing effect. With the help of Facebook Pixel, we can, on the other hand, track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Your actions are stored in one or more cookies. These cookies enable Facebook to match your user data (such as IP address, user ID) with the data of your Facebook account. The collected data is anonymous and not visible to us and can only be used in the context of advertisements. You can prevent the link with your Facebook account by logging out before you take any action.
The processing of your data is thereby based on your consent within the meaning of Art 6 (1) a) DS-GVO. You can revoke this consent at any time with effect for the future.
For more information about how Facebook processes personal data, including the legal bases on which Facebook relies and how data subjects can exercise their rights against Facebook, please see Facebook's Data Policy at https://de-de.facebook.com/policy.php.
To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions there regarding the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads
The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
General notes on the display of Facebook ads can be found at: https://de-de.facebook.com/policy.php
For specific information and details about Facebook Pixel and how it works, visit Facebook's help section: https://de-de.facebook.com/business/help/651294705016616.
8) Use of LinkedIn, Facebook and Google Maps plugins
We use LinkedIn, Facebook and Google Maps plugins on our website.
By using these social plugins, cookies are set in your browser as described under IV). You can give your consent for each cookie and view the more detailed information (especially about their purpose and storage period) about each cookie. In addition, you can prevent cookies from being stored by setting your browser accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website.
The following data is collected:
- Information about the type of browser and version used;
- the operating system you are using;
- the Internet provider you are using;
- the IP address (Internet Protocol address) you are using;
- Date and time of access;
- websites from which or via which the system you are using has accessed our website; and
- Web pages that are called up by the system you are using via our Internet site.
Within the scope of the LinkedIn service, data is transferred to the USA or such transfer cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, an appropriate level of data protection is not currently guaranteed in the case of data transfer to the USA without the corresponding certification, and that there are therefore various risks (such as possible access by US secret services).
The processing of your data is based on your consent within the meaning of Art. 6 (1) a) DS-GVO. You can revoke this consent at any time with effect for the future.
VI) Data transfer to third countries
1) Information transmitted
To the extent that the recipients of the transfer of your personal data are recipients in third countries, the following information will also be provided:
- SparkPost: Emails that we send through our system are processed by SparkPost. For execution, data of outgoing emails (email address, subject, content) flows to SparkPost. When email statistics are enabled, SparkPost tracks the open rate, click-through rate, and error messages related to the emails sent. As part of this processing, the aforementioned data may be transferred to the US and processed by US authorities (see below for more information). If you do not want the aforementioned data to be collected and processed via SparkPost, you can refuse your consent or revoke it at any time with effect for the future.
2) Data transfer to the U.S. / Discontinuation of the Privacy Shield / New EU-U.S. Data Privacy Framework
We expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called "Privacy Shield", an adequacy decision of the EU Commission pursuant to Art. 45 GDPR, which confirmed an adequate level of data protection for the USA under certain circumstances, is no longer valid with immediate effect.
In response, the European Commission and the U.S. government agreed on the new "EU-U.S. Data Privacy Framework" in March 2022. After further interim steps, the EU Commission finally published a new final adequacy decision on the EU-U.S. Privacy Framework in the Official Journal on July 10, 2023. This means that data transfers to the major US providers are once again possible in large parts with legal certainty. The new EU-US Data Privacy Framework regulates, among other things, a two-tier legal protection mechanism in which citizens can sue against violations of the law in the case of surveillance by US intelligence services. A quasi-judicial "Data Protection Review Court" decides on the lawsuit. The Data Protection Review Court is not part of the judiciary. Nevertheless, it is to be guaranteed the greatest possible independence within the executive branch.
The EU Commission now considers this improvement in the regulations regarding legal protection against surveillance by U.S. intelligence agencies to be decisive in order to consider the U.S. level of data protection to be equivalent to that of the EU if U.S. companies have self-certified in accordance with the EU-US Data Privacy Framework. It has therefore issued an adequacy decision (Art. 45 GDPR) under which personal data can be transferred to self-certified U.S. companies without further ado. The EU-US Data Privacy Framework contains certain principles for this self-certification of US companies, which are based on the standards of European data protection law. Self-certification takes place through registration of the U.S. company on a website of the U.S. Department of Commerce for a registration fee.
The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46(2)(c) GDPR, are still valid, but a level of protection for personal data equivalent to that in the European Union must be ensured. Thus, not only the contractual relationships with our service providers are relevant here, but also the possibility of access to the data by authorities in the USA and the legal system there (legislation and case law, administrative practice of authorities). The standard contractual clauses cannot bind authorities in the U.S. and therefore do not yet provide adequate protection in cases where the authorities are authorized under U.S. law to interfere with the rights of data subjects without additional measures.
Where US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and that access by US authorities is not possible. Furthermore, we carefully examine European alternatives to US tools used. However, this is a process that does not happen overnight, as it also involves technical and economic consequences for us. Only if for technical and / or economic reasons the use of European tools and / or the immediate shutdown of the US tools is impossible for us, US service providers will continue to be used at present.
VII) Your rights as data subject
1) Confirmation, completion, correction and deletion
a) Right of confirmation and right of information, Art. 15 DS-GVO
You have the right to request confirmation from us at any time regarding all of the processes listed under III. to VI. that are relevant under data protection law as to whether and to what extent personal data relating to you is being processed by us, as well as the right to information about this data and to further information and a copy of the data in accordance with 15 DS-GVO.
b) Right of completion and right to rectification, Art. 16 DS-GVO
In accordance with 16 DS-GVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
c) Right to erasure and right to restriction of processing, Art. 17 DS-GVO and Art. 18 DS-GVO
In accordance with 17 DS-GVO, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DS-GVO, to demand restriction of the processing of the data.
2) Right of retention, transfer and complaint
You have the right to demand from us at any time to receive the data concerning you that you have provided to us in accordance with Art. 20 DS-GVO, as well as to demand its transfer to other data controllers. You also have the right, in accordance with Art. 77 DS-GVO, to lodge a complaint with the competent supervisory authority mentioned under II, the State Data Protection Commissioner for the State of Hessen.
3) Right of withdrawal and right of objection
You have the right to revoke any consent given to us to process your personal data at any time in accordance with Art. 7 (3) DS-GVO with effect for the future. You may object to the future processing of data relating to you in accordance with Art. 21 DS-GVO at any time. The objection may be made in particular against processing for direct marketing purposes. For the assertion of all rights mentioned under 1) to 3), you can contact the responsible person of our company mentioned under I. at any time.
VIII) Cooperation with processors and third parties
If, in the course of our processing, we disclose personal data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to this data, this will only be done on the basis of legal permission. This is the case, for example, if a transfer of this data to third parties, such as to our external service provider pursuant to Art. 6 para. 1 lit. b) DS-GVO is necessary for the performance of the contract, or if you have consented to the corresponding processing of your personal data pursuant to Art. 6 para. 1 lit. a) DS-GVO, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.) pursuant to Art. 6 para. 1 lit. f) DS-GVO.
If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 DSGVO.
IX) Data security
Within the website visit, we use the widespread TLS procedure (Transport Layer Security) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
HILL International Deutschland/ CORS Human Potential GmbH has no influence or ability to influence third party websites and makes no recommendations or representations whatsoever about any of these websites or their privacy practices.
We therefore strongly encourage you to carefully read and review the privacy policies and data protection notices of all websites with which you may interact before you allow them to collect, process and make further use of your personal data.