Thank you for your interest in the HÖRMANN Group.
Data privacy is a particular priority for the HÖRMANN Group.
As a matter of principle, you can use the website without disclosing any personal data. If a data subject wishes to use our services via the website, this may necessitate the processing of personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we always obtain the consent of the data subject.
Personal data (e.g. the name, address, e-mail address or telephone number of a data subject) is always processed in accordance with the GDPR and the national data privacy provisions applicable to us, particularly the German Federal Data Protection Act (BDSG).
As the processor, we have taken numerous technical and organisational measures to ensure that the personal data processed via the website is protected to the greatest possible extent.
As a matter of principle, however, data transmission via the Internet can be subject to security flaws. As such, complete protection cannot be guaranteed. Needless to say, all data subjects may transmit personal data to the company by alternative means, e.g. by telephone.
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘data subject’ means any identified or identifiable natural person whose personal data is processed by the controller.
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
- ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and contact details of the controller
HÖRMANN Holding GmbH & Co. KG and the HÖRMANN Group companies listed in the Legal Notice are the joint controller within the meaning of Art. 26 GDPR for this website.
The HÖRMANN Group companies have concluded an arrangement under which HÖRMANN Holding GmbH & Co. KG complies with the obligations under the GDPR for this website. Accordingly, your point of contact for all matters relating to data privacy is:
HÖRMANN Holding GmbH & Co. KG
T +49 8091 5630 0
F +49 8091 5630 195
Represented by the personally liable partner of HÖRMANN Holding GmbH & Co. KG:
HÖRMANN Verwaltungs GmbH
Itself represented by the management:
Dr.-Ing. Michael Radke, Johann Schmid-Davis
T +49 8091 5630 0
F +49 8091 5630 195
3. Contact details of the data protection officer
T +49 8623 98739 40
All data subjects may contact the data protection officer directly and at all times with any questions and suggestions concerning data protection.
4. Erasure and blocking of personal data
We process and store the personal data of the data subject only for the period required to achieve the purpose of storage or for the statutory storage period that the controller is obliged to observe under the applicable legislation.
If the purpose of storage no longer applies or a statutory storage period expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.
5. Collection and storage of personal data and type and purpose of its use
a) when visiting the website
As a matter of principle, you can use this website without disclosing your identity. When you access the website, the browser used on your device automatically sends information to the website server. This information is stored temporarily in a log file. The following information is recorded without any action on your part and until erased automatically:
- IP address of the accessing computer,
- date and time of the access,
- name and URL of the file retrieved,
- website from which the website was accessed (referrer URL),
- browser used and, where applicable, the operating system of your computer and the name of your access provider.
The company processes this data for the following purposes:
- to ensure the connection to the website is established smoothly,
- to ensure the website is convenient to use,
- to evaluate system security and stability, and
- for other administrative purposes.
The legal basis for data processing is Art. 6 (1) sentence 1 (f) GDPR. The legitimate interest of the company is based on the aforementioned data collection purposes. We never use the data collected to identify you. The data is erased after no more than 14 days.
b) when using the contact form or contacting us by e-mail
If you have any type of questions, we offer you the possibility of contacting the company using a contact form on the website or by e-mail. You must enter a valid e-mail address in order for us to know who sent the enquiry and be able to reply to it. All other disclosures are voluntary. It is up to you whether you submit this data using the contact form or by e-mail.
The data submitted is processed in order to handle your enquiry. The data is erased immediately after your enquiry has been handled unless it is subject to a statutory retention period.
The legal basis for data processing is Art. 6 (1) sentence 1 (b) GDPR if the enquiry is necessary for the performance of a contract or to take steps prior to entering into a contract, Art. 6 (1) sentence 1 (c) GDPR in the case of statutory retention periods, and otherwise legitimate interest in accordance with Art. 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in processing your enquiry in order to provide you with the best possible service even if it is not necessary for the performance of a contract or to take steps prior to entering into a contract.
The data is processed solely in order to reply to your enquiry and stored for the duration of the statutory retention period (6 years in accordance with section 257 (1) no. 2, (4) of the German Commercial Code (HGB)) if it constitutes commercial letters. The data is otherwise erased immediately after your enquiry is replied to.
6. Additional information on the legal basis of processing
Art. 6 (1) (a) GDPR serves as the legal basis for processing where consent is required to be obtained for a certain processing purpose. If processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis for processing is Art. 6 (1) (b) GDPR. The same applies for processing in order to take steps at the request of the data subject prior to entering into a contract, e.g. enquiries about products and services. If we are subject to a legal obligation to process personal data, the legal basis for processing is Art. 6 (1) (c) GDPR. In rare cases, processing of personal data may be necessary in order to protect the vital interests of the data subject or of another natural person. In this case, the legal basis for processing is Art. 6 (1) (d) GDPR. The legal basis for processing may also be Art. 6 (1) (f) GDPR if processing is not covered by one of the aforementioned legal bases but is necessary for the purposes of the legitimate interests perused by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In particular, such processing is permitted because it is specifically mentioned by the European legislator (see Recital 47 sentence 2 GDPR).
7. Consideration of legitimate interests
If the legal basis for processing personal data is Art. 6 (1) (f) GDPR, our legitimate interest is the performance and fulfilment of business activities to the benefit of our employees and shareholders.
Cookies are used to store information arising in connection with the specific device used. However, this does not mean that the company becomes directly aware of your identity as a result.
Cookies are used in order to make it easier for you use our website. For example, we use session cookies that recognise when you have already visited individual pages of the website. They are erased automatically when you leave the website.
We also use temporary cookies to optimise user-friendliness. These are stored on your device for a defined period. When you return to our website to use our services, the fact that you have previously visited the website, the data you entered and your settings are automatically recognised so that you do not have to enter them again.
The data processed by cookies for the aforementioned purposes is necessary for the purposes of the legitimate interests pursued by us or a third party in accordance with Art. 6 (1) sentence 1 (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser to reject the storage of cookies or to always ask for permission before creating a new cookie. Please note that disabling cookies entirely may mean you are unable to use all of the functions of the website.
9. Analysis and tracking tools
The legal basis for the tracking tools listed below and used by us is Art. 6 (1) sentence 1 (f) GDPR. The company uses tracking tools to ensure the appropriate design and continuous optimisation of the website. The company also uses tracking tools to record statistics on the use of the website and evaluate this data in order to optimise the website for you. These interests are legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories are detailed in the corresponding tracking tools.
10. Google Analytics
You can prevent data from being recorded by Google Analytics by clicking the following link. This will set an opt-out cookie that prevents your data from being collected when visiting this website in future: Deactivate Google Analytics
For more information on the conditions of use and data protection:
IP addresses and other personal data are stored only for the minimum period specified by Google Analytics, which is 14 months.
11. Social media plug-ins
We use plug-ins for social networks (e.g. Facebook, Twitter, Google+) on the website on the basis of Art. 6 (1) sentence 1 (f) GDPR in order to increase awareness of the company via these channels. The underlying commercial purpose constitutes a legitimate interest within the meaning of the GDPR. Responsibility for operation in compliance with data privacy legislation must be ensured by the respective provider. The company integrates these plug-ins using the two-click method in order to protect visitors to the website to the best possible extent.
This website uses YouTube videos in the data privacy-friendly two-click variant, i.e. personal data is processed only when you enable the plug-in by clicking on it. YouTube plug-ins are plug-ins provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
When you enable the plug-ins, information is transmitted to YouTube LLC and may be transmitted to Google Inc. in the USA. This enables YouTube and Google to see that you have visited our website. If you are logged in to your YouTube and/or Google account when you enable the plug-ins, YouTube and/or Google may be able to identify you directly.
We cannot provide any information on the storage period, as this falls solely within the area of influence and responsibility of YouTube or Google respectively.
b) Google Maps
This website has integrated a map from Google Maps in order to show you our locations. If you access our website with the Google Maps map, this establishes a connection to Google’s servers and may transmit personal data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged in to your Google account, Google may be able to identify you directly. If you wish to avoid this, log out of your Google account.
12. Job applications
If you submit a job application to us via our careers page or by e-mail, your personal data will be processed for the purposes of handling your application. The legal basis is section 26 BDSG (data processing for employment-related purposes) and Art. 6 (1) sentence 1 (f) GDPR (legitimate interest). In the case of rejection, your data will be erased six months after your application is rejected. We have a legitimate interest in retaining your data for a period of six months even after rejecting your application in order to defend ourselves against claims under the German General Equal Treatment Act (AGG).
13. Rights of the data subject
You have the right:
- to obtain information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request the rectification or erasure of personal data or restriction of processing or to object to such processing, the existence of the right to lodge a complaint, the source of your personal data where not collected by us, and the existence of automated decision-making, including profiling, and meaningful information about their details where applicable,
- to obtain without undue delay the rectification of inaccurate personal data or the completion of personal data stored by us in accordance with Art. 16 GDPR,
- the right to obtain the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims,
- the right to obtain the restriction of processing of your personal data in accordance with Art. 18 GDPR where the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of the personal data, we no longer need the data but it is required by you for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR,
- to receive the personal data you provided to us in a structured, commonly used and machine-readable format or to demand that this data be transmitted to another controller in accordance with Art. 20 GDPR,
- to withdraw the consent you previously gave to us at any time in accordance with Art. 7 (3) GDPR. This means we will no longer be permitted to process the data covered by this consent in future, and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You may typically lodge a complaint with the responsible supervisory authority for your habitual residence or place or work or the domicile of one of our companies. An overview of the supervisory authorities can be found here (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html); the supervisory authority that is typically responsible for HÖRMANN Holding GmbH & Co. KG is the
Bavarian State Office for Data Protection Supervision
Promenade 27 (Schloss)
T +49 98153 1300
F + 49 98153 5300
14. Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR on grounds relating to your particular situation or where the objection relates to direct marketing. In the latter case, you have a general right to object that we will implement without this requiring grounds relating to your particular situation.
If you wish to exercise your right to withdraw consent or your right to object, simply send an e-mail to:
15. Data security
We use the widely used Secure Socket Layer (SSL) method in conjunction with the highest level of encryption supported by your browser when you visit our website. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, the company instead uses 128-bit v3 technology. Whether an individual page of our website is transmitted in encrypted form is indicated by whether the key or lock symbol in the status bar at the bottom of your browser window is closed.
We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorised access by third parties. These security measures are continuously improved in line with the state of the art.