HWA Cars GmbH appreciates you visiting our website and
your interest in our company.
This privacy policy statement is to inform you on
which of personal data we process when visiting our website and on your rights. Therefore, we kindly ask you
to read the following carefully.
Personal data means any information
relating to an identified or identifiable natural person. This includes, for example, your name, address and
communication data or your e-mail address.
Processing means any any operation or
set of operations which is performed on personal data, whether by automated means, such as collection,
recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction.
Data Subject is any identified or
identifiable natural person whose personal data are processed by the controller.
Controller means the natural or legal
person, public authority, agency, or other body which alone or jointly with others determines the purposes
and means of the processing of personal data.
User includes all data subject categories.
This includes our business partners and other visitors of our website.
We also refer to the definitions in Article 4 of the
General Data Protection Regulation (GDPR) for the terms used. All terms used, such as "user", are to be
understood as gender neutral.
1. Controller's Name and Address
HWA
Cars GmbH
Benzstraße 8
DE-71563 Affalterbach, Germany
Phone +49 (0) 71 44/87
17-0
E-mail This email address is being protected from spambots. You need JavaScript enabled to view it.
The controller's representative is Martin Marx and
Gordian von Schöning.
2. Data Protection Officer
We have appointed a data protection officer for our
company.
You can contact our data protection officer by e-mail
at This email address is being protected from spambots. You need JavaScript enabled to view it. or via our postal address with the reference " data protection
officer".
3. Processing of Personal Data
Visiting
our website
Extend of data processing
When visiting our website, your browser also
transmits certain data to our web server for technical reasons. These are the following data (so-called
server log files):
• IP-Address
• Date and time of request
• Time zone difference to Greenwich Mean
Time (GMT)
• Content of the request (specific page)
• Operating system and its access status /
HTTP-Status code
• Quantity of transmitted data
• Source website of the request („Referrer-URL “)
•
Browser, language, and browser software version
Purpose of Data Processing
It is
necessary to store this data in log files to ensure the website functionality. They help us to optimise the
website and to make sure that our information technology systems are secure.
Legal basis of processing
We collect
this data based on our legitimate interest within the meaning of Article 6 Paragraph 1 Letter f) GDPR to
display our website and to ensure its security.
Storage Duration
Log file information
is stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of seven days and
thereafter deleted. Data which must be retained for evidence purposes are exempt from deletion until the
respective incident has been finally clarified.
Possibility of Option and Removal
Due
to technical reasons, the collection of data is essential for the provision of the website and its storage
in log files. Consequently, there is no possibility for a user to object.
4. Contractual
Implementation
Name, address, bank details, E-Mail-address, telephone- or fax number,
Client-IP-address at the time of placing a customer order are collected, stored and processed solely for the
purpose of establishing or executing the contract, which includes in particular billing and processing the
contract.
Personal data will only be passed on to third parties if
this is essential for executing the contract, for example commissioning a shipping company or using a
payment service company.
Storage Duration
The data will be
deleted as soon as the purpose for which it was collected or otherwise processed is no longer met. The
deadlines are six years for personal data subject to clause 147 of the German Tax Code (AO) and ten years
for personal data subject to clause 257 of the German Commercial Code (HGB), beginning with the end of the
calendar year in which it was collected.
Legal Basis
The data is stored on the
legal basis of Article 6 Paragraph 1 Letter b and Letter c, General Data Protection Regulation
(GDPR).
Possibility of Objection and
Removal
The possibility to object is not given due to the fact, that legally standardised
retention periods for storing and processing personal data while executing a contract are in place.
5. Contact Form and E-Mail Contact
Extend
of data processing
You can contact us via our contact form. We process the following data
company, first name, last name, street and house number, postal code, and city, email, telephone number,
message. Alternatively, you can send us a message via email. In this case we’ll process the personal data
provided by the sender.
Data Recipients
Any data transmitted
will be processed by the internal departments responsible for the business process in question.
Data Processing Purpose
Data
collected from the input mask is processed for the purpose of handling your request. Any other personal data
processed during submission (e.g., IP address, date, time) is used to prevent misuse of the contact form and
to ensure the security of our information technology systems.
Legal Basis of Processing
When
contacting us via contact form or e-mail, the user's details are processed for the purpose of handling the
contact request and its processing in accordance with Article 6 Paragraph 1 Letter b) GDPR.
Storage Duration
We delete any
personal data when the purpose for which it was collected is no longer met. Regarding the personal data
collected via the contact form or via e-mail, we delete the data when the respective conversation with the
user has ended. The conversation is considered to have ended when it is unmistakably clear that the matter
in question or the request for information has been clarified.
Possibility of objection and
removal
You have the right to revoke your consent to the processing of your personal data at
any time.
If you contact us via e-mail, you can object to the
storage of your personal data at any time. In this case, our conversation will obviously no longer be able
to continue. Please send such a revocation to This email address is being protected from spambots. You need JavaScript enabled to view it.. All personal data stored in the course of contacting us will
then be deleted.
6. Applications
Extend of Data
Processing
If you are interested in working for our company, you can apply to us online.
Under the menu item "Career" you will find jobs that we have advertised. You can also send us an unsolicited
application.
We collect the following data in our applicant form. The
fields marked with * are mandatory.
Personal data: Form of address*, Title, First name*,
Last name*, Street*, Postcode*, Town*, Country*, Date of birth*, Phone*, E-mail*;
Framework data: How you
found us*, Notice period
School, job training, profession: School degree, Professional experience, Job
training
Others: Earliest possible date to join the company*, Desired salary
General skills: Other
skills, MS Office
Attachments: Here you can either attach an entire
application document or individual documents, such as a photo, cover letter, CV, job references, school
reports, university reports or other attachments.
Data Recipients
The personal data you
provide may be accessed by the HR department as well as the specialist department responsible for filling
the vacancy.
Within the boundries of a commissioned data processing
according to Article 28 GDPR, we use the application system *. prescreenapp.io and *. jobbase.io by
Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna. The processing of data takes place in the
Federal Republic of Germany.
Data Processing Purpose
We process
personal data to decide whether to establish an employment relationship, particularly for the selection
process of suitable candidates and the administrative management of the application
process.
Legal Basis of Processing
Legal
Ground is clause 26 Paragraph 1 BDSG-neu.
Storage Duration
If the application
leads to an employment, we will process this data for the purpose of carrying said employment. These are
then entered into our personnel management system.
If the application does not lead to an employment, this
data will be deleted 3 months after the application procedure has ended, taking into account the time limit
for action under the General Equal Treatment Act (AGG), unless the applicant has given consent in accordance
with Article 6 Paragraph 1 Letter a) GDPR and Article 7 GDPR for the longer-term storage of his/her personal
data in order to be considered for new job offers.
Possibility of Objection and
Removal
Upon request, you can have the information you provided to us renewed or deleted at
any time. To do so, please send us an email to This email address is being protected from spambots. You need JavaScript enabled to view it.. This does not apply if you have
applied for a specific position with us in an ongoing application process. In this case, we will store the
information you have provided for this position until the expiry of the deadlines for legal action (in
particular clause 15 AGG).
7. Newsletter
Processing's Nature and Purpose
Your
data is used solely to send you the newsletter you have subscribed to by e-mail. Your name is provided to be
able to address you personally in the newsletter and, if necessary, to identify you if you wish to claim
your rights as a data subject.
To receive the newsletter, it is sufficient to provide
your e-mail address. When registering to receive our newsletter, the data you provide will be used solely
for this purpose. Subscribers may also be informed by e-mail about circumstances relevant to the service or
registration (e.g., changes to the newsletter services or technical circumstances).
To register effectively, a valid e-mail address is
required. In order to verify that a registration is actually made by the e-mail address holder, we use the
"double-opt-in" procedure. For this purpose, we log the newsletter subscription, the sending of a
confirmation email and the receipt of the response requested herewith. No further data is collected. The
data is used solely for sending the newsletter and is not passed on to third parties.
Legal Basis
We regularly send you our
newsletter or comparable information by e-mail to the e-mail address you have provided on the basis of your
explicit consent (Article 6 Paragraph 1 Letter a GDPR).
You can revoke your consent to the storing of your
personal data and its use for sending future newsletters at any time. Each newsletter contains a specific
link for this purpose. You can also unsubscribe directly on this website at any time or inform us of your
revocation using the designated contact option.
Recipient
Possible data recipients
are data processors.
Storage Duration
The data will only
be processed if the corresponding consent has been given. Afterwards it is deleted.
Prescribed or Required Provision
The
provision of your personal data is voluntary, based solely on your consent. Unfortunately, without your
consent, we cannot send you, our newsletter.
8. Cookies
Extend of Data
Processing
The provision of your personal data is voluntary. Our website uses cookies.
Cookies are small text files that are stored on your computer when you access our website. Cookies do not
cause any damage to your computer and do not contain any malware, such as viruses. Cookies contain a
characteristic string of characters that enables the browser to be uniquely identified when the website is
called up again. Some elements of our website require that the accessing browser can be identified even
after a page change.
This is not done by identifying you personally, but by
assigning an identification number to the cookie ("cookie ID"). The cookie ID is not associated with your
name, your IP address or similar data that would enable the cookie to be associated with you.
This website uses transient and persistent
cookies.
a) Transient cookies are automatically deleted when you
close your browser. Among these are so-called session cookies. These store a so-called session ID, with
which various requests from your browser can be allocated to the joint session. When you return to our
website, your computer can be recognised. The session cookies are deleted when you log out or close the
browser.
b) Persistent cookies are automatically deleted
after a predefined duration, which may differ depending on the cookie. You can delete the cookies at any
time in the browser's security settings.
Cookies we use:
Domain
Name
Duration
www.hwalegacy.com
Processing Purpose
We use cookies to
enhance the attractiveness and user-friendliness as well as to improve our website and speed up
enquiries.
Some of our website elements, such as our application
management system, require that the accessing browser can be identified even after switching pages. For
these, it is necessary that the browser is also recognised after switching pages.
Legal Basis of Processing
The legal
basis for the processing of personal data using technically necessary cookies is Article 6 Paragraph 1
Letter f, GDPR.
Storage Duration
Session cookies are
deleted as soon as the browser is closed.
Persistent cookies are automatically deleted after a predefined
period.
Prescribed or Required Provison
As a
user, you have full control over the use of cookies. By changing your internet browser settings, you can
specify that cookies are not stored at all or are automatically deleted upon ending your internet session.
To do so, select "do not accept cookies" in your browser settings. In Microsoft Internet Explorer, select
"Tools > Internet Options > Privacy > Setting"; in Firefox, select "Tools > Settings >
Privacy > Cookies"). If you are using a different Internet browser, please refer to the browser's help
function for instructions on preventing and deleting cookies.
However, please be aware that in this case you may not be
able fully to use all of our website's functions.
9. Data Security
We implement
technical, contractual, and organisational measures to ensure the security of data processing in accordance
with the state of the art. By doing so, we ensure that the provisions laid down in the data protection laws,
the GDPR, are complied with and that the data processed by us is protected against destruction, loss,
modification, and unauthorised access. These security measures also include the encrypted transmission of
data between your browser and our servers. Please note that SSL encryption is only activated for
transmissions carried out via the Internet if the key symbol appears in the bottom menu bar of your browsers
window and the address begins with https://. SSL (Secure Socket Layer) encryption technology protects data
transmission from illegal access by third parties. If this option is not available, you can also choose not
to send certain data via the Internet.
All information that you submit to us is stored and
processed on our servers in the Federal Republic of Germany.
10. Data Transmission to Third Parties and
Third-Party Providers
Data is only passed on to third parties within the boundaries of legal
requirements. We only pass on user data to third parties if this is necessary, e.g., based on Article 6
Paragraph 1 Letter b) GDPR for contractual purposes or based on legitimate interests pursuant to Article 6
Paragraph 1 Letter f. GDPR in the economic and effective operation of our business operations.
Within the scope of a commissioned processing pursuant to
Article 28 GDPR, we use subcontractors for the provision of our services, particularly for operating,
maintaining, and hosting the website. We have taken appropriate legal precautions as well as corresponding
technical and organisational measures to ensure the protection of personal data in accordance with the
relevant legal regulations. Data processing takes place in Germany.
Disclosure to Recipients Outside the
EEA
In order to cover the wide range of services worldwide, HWA has wholly owned
subsidiaries in Wilmington, Delaware, USA and in Mornington, Victoria, Australia.
Your data will only be transferred to countries outside
the European Economic Area - EEA (third countries) if this is necessary to carry out your enquiries or
orders or is required by law or you have given your consent.
In this case, we ensure that the recipient's country
has an adequate level of data protection before transferring the data. In this context, we take the
following measures, insofar as this is required by law:
We only share your personal data with subsidiaries and
external subcontractors (e.g. suppliers) in countries if they have entered into EU standard contractual
clauses with us.
EU-Standard Contractual Clauses
The EU standard
contractual clauses used can be viewed via the following
link:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32021D0914&qid=1624875860199
11. External Services and Content on our
Website
External services or content are integrated into our website. This is done on the
basis of our legitimate interests in the analysis, optimisation and economic operation of our online
services within the meaning of Article 6 Paragraph 1 Letter f GDPR.
When using such a service or displaying third-party
content, communication data such as the date, time and IP address are exchanged between you and the
respective provider for technical reasons. This is your IP address, which is required for your browser to
display content.
It is possible that the provider of the respective
services or content processes your data for further, for their own purposes. However, since we have no
influence on the data collected by third parties and their processing, we cannot make any binding statements
on the purpose and scope of the processing of your data.
Use of script libraries (Google
Webfonts)
Processing Nature and Purpose
In order to display our content correctly and in
a graphically appealing manner throughout browsers, we use "Google Web Fonts" by Google LLC (1600
Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") on this website to display
fonts.
The library operator Google's privacy policy can be found
here: https://www.google.com/policies/privacy/
Legal Basis
The legal basis for
integrating Google Webfonts and the associated data transfer to Google is your consent (Article 6 Paragraph
1 Letter a GDPR).
Recipient
Script libraries or font
libraries that are opened automatically trigger a connection to the library operator. It is theoretically
possible - although it is currently unclear whether and for which purposes - that the operator collects
Google data in this case.
Storage Duration
We do not collect
any personal data by integrating Google Web Fonts.
Further information on Google Web Fonts can be found
at https://developers.google.com/fonts/faq and in Google’s data privacy
statement: https://www.google.com/policies/privacy/.
Third-Country Transfer
Google
processes your data in the USA and is subject to the EU_US Privacy
Shield https://www.privacyshield.gov/EU-US-Framework.
Prescribed or Required Provision
The
provision of personal data is neither legally nor contractually required. However, it is not possible to
display the contents of standard fonts correctly.
Withdraw of Concent
The programming
language JavaScript is regularly used to display the content. You can therefore object to data processing by
deactivating the execution of JavaScript in your browser or installing a JavaScript blocker. Please be aware
that this may result in functional restrictions of the website.
Please refer to the respective providers of the services
or content we integrate for further information on the purpose and scope of the collection and processing of
your data.
Google Maps
Maps for route planning are provided by the third-party
provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy
policy: https://www.google.com/policies/privacy/
Opt-out: https://www.google.com/settings/ads/.
Usercentrics
Processing’s Nature and
Purpose
We have integrated Usercentrics within our website. Usercentrics isa consent
managing tool hosted by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which consent to the
storage of cookies can be obtained and documented. Usercentrics uses cookies or other web technologies to
recognise users and to store consent given or withdrawn.
Purpose and legal Basis
The use of
this service is based on obtaining the legally required consent for the use of cookies in accordance with
Article 6 Paragraph 1 Letter c. GDPR.
Storage Duration
The precise storage
period of the processed data cannot be influenced by us, but is determined by Usercentrics GmbH. For further
information, please refer to Usercentrics data privacy
statement: https://usercentrics.com/privacy-policy/.
Prescreen
Processing’s Nature and
Purpose
We have integrated components of Prescreen on our website. Prescreen is a service of
Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria, which offers applicant and
personnel management software.
Prescreen is used in connection with application
procedures in order to optimize applicant management, for example through an automated analysis of job
references. Furthermore, Prescreen enables us to create and evaluate job advertisements.
Purpose and legal basis
The service
is used on the basis of our legitimate interests, i.e. interest in optimizing our application procedures
pursuant to Art. 6 para. 1 lit. f. DSGVO. The legal basis for the data processing is § 26 BDSG.
Storage Duration
The specific storage
period of the processed data cannot be influenced by us, but is determined by Prescreen International GmbH.
Further information can be found in the privacy policy for
Prescreen: https://prescreen.io/de/privacy-policy-website/.
Social Media
HWA Cars GmbH website links to the corporate websites of
HWA AG on the following social networks. The applicable criteria are those set out in the EU General Data
Protection Regulation, which can be accessed via the respective link:
Facebook
Provider: Facebook Ireland Ltd, 4 Grand Canal Square,
Grand Canal Harbour, Dublin 2, Ireland
The data processing is based on an agreement on the joint
processing of personal data in accordance with Art. 26 GDPR.
Privacy
policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads
YouTube
Provider: Google Ireland Limited, Gordon House, Barrow
Street, Dublin 4, Ireland
Privacy
policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
Instagram
Provider: Instagram Inc., 1601 Willow Road, Menlo Park,
CA, 94025, USA
Privacy
policy: https://instagram.com/about/legal/privacy
Opt-Out: http://instagram.com/about/legal/privacy
Twitter
Provider: Twitter Inc., 1355 Market Street, Suite 900,
San Francisco, CA 94103, USA
Privacy
policy: https://twitter.com/de/privacy
Opt-out: https://twitter.com/personalization
LinkedIn
Provider: LinkedIn Ireland Unlimited Company Wilton
Place, Dublin 2, Ireland
Privacy
policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Xing
Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg,
Germany)
Privacy policy: https://privacy.xing.com/en
Opt-Out: https://privacy.xing.com/en
12. Your rights
When we process your
personal data, you are a data subject within the meaning of the General Data Protection Regulation (GDPR)
and you are entitled to claim the following rights in respect of your personal data:
Right of Access (Article 15 GDPR)
Right to Rectification (Article 16 GDPR)
Right top Erasure (Article 17 GDPR)
Right to Restriction of Processing (Article 18
GDPR),
Right to Data Portability (Article 20 GDPR)
Right to Object (Article 21 GDPR)
Regarding the right to information and the right of
deletion, the restrictions according to clauses 34 and 35 of the German Data Protection Act (BDSG)
apply.
Right to Lodge a Complaint with a Supervisory
Authority
Furthermore, there is a right of appeal to a data protection supervisory authority (Article 77
GDPR in conjunction with clause 19 BDSG).
Our competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz und die
Informationsfreiheit in Baden-Württemberg
Postfach 10 29 32
70025 Stuttgart
Tel.:
0711/615541-0
Fax: 0711/615541-15
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
13. Changes to Data Privacy
Statement
We reserve our right to change this data privacy statement to adapt it to amended
legal situations or in the event of changes to the service as well as data processing. However, this only
applies to declarations on data processing. Insofar as user consent is required or components of this data
privacy statement contain provisions of the contractual relationship with the users, the changes will only
be made with the users' consent.
Please stay informed on the contents of the privacy
statement regularly.
As of: May 2024