Legal provisions

PRIVACY STATEMENT

The controller for the processing of your personal data, including but not limited to job application processes, client management and order processing, within HILL Croatia is HILL International  - Zagreb d.o.o., Draškovićeva 40, 10 000 Zagreb, Hrvatska). The details of HILL Croatia can be found in the imprint. The controller for the processing of your personal data on this website is HILL International GmbH, Schwarzenbergplatz 7, AT-1030 Vienna.

Basic information concerning data processing and legal principles

At HILL International, we take the protection of your privacy and personal data very seriously. We treat your personal data strictly confidentially and in accordance with the statutory data protection regulations and the provisions of this data protection declaration.

This data privacy statement informs you of the type, scope and purpose of the processing of personal data within our online content and the web pages, functions and content associated with it (hereinafter jointly referred to as referred to as an "online content" or "website"). The data privacy statement shall apply regardless of the domains, systems, platforms, and devices used (e.g. desktop or mobile), on which the online content is displayed.

For the terminology used, such as "personal data" or the " processing" thereof, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

The personal data of the user processed within the scope of this online content include inventory data, contractual data, and usage data.

The term "user" includes all categories of processing the data of data subjects. These include our business partners, customers, potential buyers and other visitors to our online content. The terms used, such as "user" are gender-neutral.

We only process personal data only in accordance with relevant data protection provisions. This means that the user's data are processed only if there is legal permit to do so. That means, in particular, if data processing is required to provide our contractual services (e.g. processing orders), as well as online services or if it is required by law, user consent exists, as well as due to our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and safety of our online content in accordance with Art. 6 (1) letter f of the GDPR, in particular, in the case of reach measurement, the creation of profiles for advertising and marketing purposes, as well as collecting access data and the use of third-party services.

We would like to point out that the legal principle of consent is article is Art. 6 (1) letter a. and Art. 7 of the GDPR; the legal principle for processing to perform our services and carry out contractual measures is Art. 6 (1) letter b of the GDPR, the legal principle for the processing to fulfil our legal obligations is Art. 6 (1) letter c of the GDPR; and the legal principle for processing to protect our legitimate interests is Art. 6 (1) letter f of the GDPR.

Security measures

We take state-of-the-art organisational, contractual and technical security measures in order to ensure compliance with the regulations of data protection laws and in order to protect the data processed by us against any incidental or intentional manipulation, loss, destruction or against the access of unauthorised persons.

These security measures include, in particular, the encrypted transmission of data between your browser and our server.

Disclosure of data to third parties and third-party providers

Disclosure of data to third parties only takes place within the scope of legal requirements. We only disclose user data to third parties if this, for example, based on Art. 6 (1) letter b) of the GDPR, is required for contractual purposes or based on legitimate interests in accordance with Art. 6 (1) letter f of the GDPR for the economic and effective operation of our business.

Provided that we use subcontractors to provide our services, we take appropriate legal precautions, as well as corresponding technical and organisational measures to provide for the protection of personal data in accordance with relevant legal requirements.

Provided that content, tools or other means of other providers (jointly referred to in the following as "third-party provider") are used within the scope of this data privacy statement and their registered office is located in a third country, it can be assumed that data transfer takes place in the third-party provider’s country of domicile. As third countries, countries are understood, in which the GDPR is not a directly applicable law, i.e. in principle, countries outside the EU or the European Economic Area. The transfer of data to third countries is carried out either if there is an adequate level of data protection, user consent exists or otherwise, if a legal permit therefor has been obtained.

Provision of contractual services

We process inventory data and contractual data for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) letter b of the GDPR.

Within the scope of using our online services, we save the IP address and the user agent string and the time of the respective user action.  Saving takes place based on our legitimate interests as well as those of the user in protecting against abuse and other unauthorised use. A disclosure of these data to third parties principally does not occur unless these data are required to pursue our claims or a legal obligation in accordance with Art. 6 (1) letter c of the GDPR exists.

We process usage data (e.g., the visited web pages of our online content, interest in our products) and content data (e.g., entries in the contact form or user profile) for promotional purposes in a user profile in order to show users  product information for example, based on the services that they have taken advantage of so far.

Contact

When you contact us (via the contact form or by e-mail), the information of the user to process the contact request and its execution are processed in accordance with Art. 6 (1) letter b) of the GDPR
The user data can be stored in our management system or in a similar request organisation system.
We use the online software "Starhunter" by the provider Starhunter GmbH, located in Erika-Mann-Strasse 23, 80636 Munich, Germany, the European Union.

Collection of access data and log files

Based on our legitimate interest in accordance with Art. 6 (1) letter f of the GDPR, we collect data on every access to the server, on which this service is located (so-called server log files). The access data include the name of the accessed website, file, date and time it was accessed, the amount transferred data, notification on a successful access, browser type in addition to the version, the user’s operation system, referrer URL (the previously visited page), IP address and the requesting provider.

Log-file information is stored for security reasons (e.g. for the elucidation of abusive or fraudulent actions). Data, the further storage of which is required for evidentiary purposes, are exempt from deletion until the final clarification of the respective incident at hand.

Cookies & range measurement

Cookies include information that will be transmitted to the web browser of the users by our web server or the web servers of third parties, and saved there for later access. Cookies can be small files or any other kinds of information storage.

We use "session cookies" that are only stored for the duration of the current visit to our website. A randomly generated unique identification number is stored in a session cookie, a so-called session ID. A cookie also contains information about its origin and the retention period. These cookies cannot store any other data. Session cookies are deleted when you have stopped the use of our online content and, for example, you log off or close the browser.

The users are informed within the scope of this data privacy statement on the use of cookies as part of pseudonymous reach measurement.

If users do not want cookies to be stored on their computer, they are requested to deactivate the related option in the systems setting of their browser. Cookies that have already been saved can be deleted in the system settings of the browser at any time. The exclusion of cookies can lead to functional limitations of this online content.

You may object to the used of cookies, which are used for reach measurement and promotional purposes, via which the deactivation page of the network promotional initiative (http://optout.networkadvertising.org/) and additionally, the American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operations our online content in accordance with Art. 6 (1) letter f of the GDPR), we use Google Analytics, a website analysis service belonging to Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about use of the online content by the user are generally transmitted to a server of Google in the USA and stored there.

Google is certified under the privacy shield agreement and this provides a guarantee to comply with European data protection law.

Google will use this information on our behalf to evaluate the use of our online content by users in order to compile reports about the activities within this website and in order to render other services to us, which are associated with the use of this website and the use of the Internet. This pseudonymous user profiles of users can be created from the processed data.

We use Google Analytics to display the advertisements placed within the scope of promotional services provided by Google and its partners only to users, who have shown an interest in our online content or certain characteristics, (e.g. interests in certain topics or products, which are determined on the basis of the visited web pages) that we transfer to Google (so-called "remarketing", or "Google-Analytics-Audiences"). With the help of the remarketing audiences we would also like to make sure that our ads match the potential interest of the users and do not perceived as being irritating.

We use Google Analytics only with activated IP anonymisation. This means that the IP address of the users is abbreviated by Google within member states of the European Union or in other contracting states of the agreement regarding the European Economic Area. The full IP address is only transmitted to a server of Google in the USA and abbreviated there in exceptional cases.

The IP address provided by the user's browser is not merged with other Google data. The users can prevent the storage of cookies by appropriately configuring their browser software; the users can furthermore prevent the capture of the data generated by the cookie and referring to the use of the online content to Google, as well as prevent the processing of data by Google by downloading the browser plug-in available from the following link Download and installing it: tools.google.com/dlpage/gaoptout.

Learn more information about the use of data by Google, settings and objection options on the Google web pages: www.google.com/intl/de/policies/privacy/partners ("Data use by Google for your use of the sites or apps of our partners"), www.google.com/policies/technologies/ads ("Data usage for advertising purposes"), www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).

Google Re-/Marketing Services

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operations our online content in accordance with Art. 6 (1) letter f of the GDPR), we use marketing and remarketing services (in short "Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

Google is certified under the privacy shield agreement and this provides a guarantee to comply with European data protection law.

The Google Marketing Services allow us to show targeted promotional advertisements for and on our website in a more targeted manner in order to only show users ads that potentially match their interests. If ads for products, for example, are shown to a user, for which he had been interested in on other websites, this is called “remarketing”. For these purposes, a code is directly run by Google when accessing our and other websites, on which Google Marketing Services and so-called (re-)marketing tags (invisible graphics or code, also referred to as "Web Beacons") embedded into the website. With their help, an individual cookie is stored on the device of the user, i.e. a small file saved (instead of cookies, comparable technologies can also be used). The cookies can be used by different domains, from google.com, DoubleClick.NET, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com, among others. In this file, it is noted which websites the user visits, what content he is interested and which offers he clicked on and furthermore, technical information on the browser and the operating system, linking websites, visiting time, as well as other information on the use of the online content. The IP address of the user is detected, wherein, within the scope of Google Analytics, we inform that the IP address within the member states of the European Union or in another contracting state of the agreement on the European Economic Area has been abbreviated and only sent in exceptional cases in their entirety to a server belonging to Google in the USA and abbreviated there. The IP address is not merged with user data within other offers from Google. The above-mentioned information can also be associated with such information from other sources by Google. If the user subsequently visits other websites, the advertisements that have been matched to him according to his interests can be shown.

The user data are processed pseudonymously within the scope of Google Marketing Services. That means that Google does not save a process the names or e-mail addresses of the users, but processes the relevant data in a cookie-related manner with the pseudonymous user profile. That means, from Google’s perspective, the ads are not managed and shown for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without the use of pseudonyms. The information collected by Google Marketing Services about users are transmitted to Google and stored on Google's servers in the USA.

The Google Marketing Services used by us include the online advertising programme "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Thus, cookies cannot be tracked using the website of an AdWords customer. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords customers who have opted for conversion tracking. AdWords customers can find out the total number of users who have clicked on their ad and have been redirected to the page with a conversion tracking tag. However, advertisers do not obtain any information that can be used to personally identify users.

We can integrate third-party "DoubleClick" advertisements on the basis of the Google Marketing Services. DoubleClick uses cookies, by means of which it is made possible Google and its partner website to place advertisements based on the visits of users to this website and other websites.

We can integrate third-party "AdSense" advertisements on the basis of the Google Marketing Services. AdSense uses cookies, by means of which it is made possible Google and its partner website to place advertisements based on the visits of users to this website and other websites.

We can also use the service "Google Optimizer". Google Optimizer allows us, in the context of so-called "A/B testing" to understand how different changes of a site have an impact (e.g. changes in the fields of design, etc.). Cookies are stored on the devices of the users for the purposes of this test. Thereby, only pseudonymous user data are processed.

Furthermore, we can use the "Google Day Manager" to manage and integrate the Google analysis and marketing services into our website.

Further information on the use of data by Google for marketing purposes can be found on our overview page: www.google.com/policies/technologies/ads, the data privacy statement can be found at www.google.com/policies/privacy

If you would like to object to the interest-related advertisement by Google Marketing Services, you can use the settings and opt-out options provided by Google: www.google.com/ads/preferences.

Newsletter

With the following information, we would like to explain the content of our newsletter, as well as the registration, sending and statistical evaluation method to you, as well as your rights to object thereto. By subscribing to our newsletter, you agree to the receipt thereof and the method described.

Newsletter content: We only send newsletters, e-mails and other electronic notifications with promotional information (hereinafter to in the following as "newsletters") subject to the consent of the recipient or a legal permit to do so. Provided that the newsletter content has been specifically outlined within the scope of newsletter registration, this content is crucial to the consent of the user. Apart from that, our newsletters contain information on our products, offers, promotions and our company.

Double opt-in and record keeping: Registering for our newsletter occurs within the scope of a so-called double opt-in procedure. That means, following registration, you receive an e-mail requesting you to confirm your registration. The confirmation is required so that no one with third-party e-mail addresses can register. Records of newsletter registrations are kept in order to be able to provide proof of the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation as well, as the IP address used during this process. Any changes of data registered with e-mail service provider will also be recorded.

E-mail service provider: Sending newsletters is carried out via “MailChimp”, a newsletter sending platform of the U.S. provider, Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the e-mail service provider can be viewed here. The Rocket Science Group LLC d/b/a MailChimp is certified under the privacy shield agreement and this provides a guarantee to comply with European data protection level.

Furthermore, the e-mail service provider can use these data in a pseudonymous form, meaning without any assignment to a user, in order optimise its own services, for example, for the technical optimisation of sending and displaying the newsletter or for statistical purposes in order to determine what countries recipients are from. However, the service does not use the recipient data of our newsletter to approach recipients directly nor do they pass the information on to third parties.

Registration data: To sign up for the newsletter, it is sufficient, to provide your e-mail address. As an option, we  request you to indicate your name in order to address you personally in the newsletter.

Statistical surveying and analysis - the newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved from the e-mail marketing server when opening the newsletter. During the download, technical information such as your browser and operating system, as well as your IP address and the time of the download are collected. This information is used for technical improvement of the service, as technical data or target group data can be analysed according to its reading behaviour, its download locations (identifiable through IP addresses) or download times. Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked upon. Although, this information technically allows the information to be assigned to individual newsletter recipients. However, it is not our aim, nor that of our e-mail service provider, to observe individual users. The analyses are used to recognise patterns in the reading behaviour of our users and adapt our content to them accordingly or send different content according to the interests of our users.

The use of the e-mail service provider, carrying out statistical surveys and analyses as well as keeping record of the registration process occurs based on our legitimate interests in accordance with Art. 6 (1) letter f of the GDPR. Our interest focuses on the use of a user-friendly and secure newsletter system, which serve both our business interests and also corresponds to the expectations of users.

Termination/cancellation - you can cancel the receipt of our newsletter at any time, i.e. withdrawing your consent. Thereby, simultaneously, your consent for the e-mail service provided to send you e-mails and statistical analyses are also terminated. Unfortunately, a separate cancellation of e-mail sending by the e-mail service provider or the statistical evaluation is not possible. A link to cancel the newsletter can be found at the end of every newsletter. If users have signed up only to the newsletter and cancelled this registration, their personal data shall be deleted.

Integration of services and content from third parties

On our website, based on our legitimate interests (i.e. interest in analysis, optimisation and economic operations our online content in accordance with Art. 6 (1) letter f of the GDPR), we use content or service offers of third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter cumulatively referred to as "content"), This always presupposes that the third-party providers of this content can see the IP address of users, since without the IP address they would not be able to send the content to the users' browsers. The IP address is therefore necessary in order to display this content. We strive only to use content from providers who use the IP address to deliver content, and for nothing else. Third-party providers may also use "pixel tags" (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" enable the analysis of information such as the traffic of visitors on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online contenting. It may also be linked to such information from other sources.

The following presentation offers an overview of third-party providers and their content in addition to links to their data privacy statements which contain further references to the processing of data and, already mentioned here in part, possibilities to object (so-called opt-out):

External fonts from Google, LLC., www.google.com/fonts ("Google Fonts"). The integration of the Google Fonts takes place via a server access with Google (generally in the USA). Data privacy statement: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.

Maps provided by the service “Google Maps” of the third-party provider, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.

Videos on the platform "YouTube" of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: www.google.com/policies/privacy/, opt-out: www.google.com/settings/ads/.

Our online content uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn "Recommend" button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn. Data privacy statement: www.linkedin.com/legal/privacy-policy, opt-out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Functions of the service or the Twitter platform can be integrated within our online content. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Through the use of Twitter and the "retweet" function, the web pages you visit will be linked to your Twitter account and made known to other users. In the process, data will also be transferred to Twitter. We would like to point out that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For Twitter's data privacy statement, please go to twitter.com/privacy. Your privacy preferences with Twitter can be modified in your account settings at twitter.com/account/settings.

We use functions provided by the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behaviour evaluated. Data privacy statement: www.xing.com/app/share.
Plugins are integrated on this site for the social network, Facebook, Provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook plugins can be recognised by the Facebook logo or the "Like button" on our site. An overview of Facebook plugins can be found here: developers.facebook.com/docs/plugins/.
When you visit our site, a direct connection between your browser and the Facebook server is established via the plug-in. This enables Facebook to receive information that you have visited our site with your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the provider of these web pages, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information on this, please take a look at Facebook's data privacy statement at de-de.facebook.com/policy.php
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

External code of the "jQuery" JavaScript framework, provided by the third-party provider, the jQuery Foundation, jquery.org.

User rights

Users have the right to obtain information from us about the personal data stored about them, free of charge.

In addition, users have the right to the rectify incorrect data, to restrict processing and to delete their personal data, and, where applicable, to assert their data portability rights and, in the case of assuming improper data processing is being performed to submit a complaint to the competent supervisory authority.

As well, users can principally revoke consent with effect for the future.

Deletion of data

The data stored we store are deleted as soon as they are no longer required for its intended purpose and no statutory retention obligations preclude deletion. If the user data is not deleted because it is necessary for other and legally permissible purposes, the processing of the data will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.

According to legal requirements, storage shall be for a period of six years in accordance with Section 257 (1) of the Commercial Code [HGB] (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records etc.) as well as for ten years in accordance with Section 147 (1) of the Fiscal Code [AO] (books, records, reports, accounting records, commercial and business letters, tax-related documents, etc.).

Right of objection

Users may object to the future processing of their personal data at any time in accordance with the legal requirements. The objection may be lodged in particular against processing for direct marketing purposes.

Data privacy statement changes

We reserve the right to change the data privacy statement in order to adapt it to changes in the law or to changes in the service and data processing. However, this shall only apply with regard to explanations of the data processing. Unless user consent is required or component of the data privacy statement contain provisions regarding the of the contractual relationship with the users, the changes shall only be made subject to the user’s consent.

Users are requested to regularly review the contents of the data privacy statement.