Data protection information
In the context of the use of this website, personal data of you will be processed by us as the controller for data processing and stored for the time necessary to fulfil the defined purposes and legal obligations. In the following, we will inform you about what data is involved, how it is processed and what rights you are entitled to in this respect.
According to Art. 4 No. 1 of the General Data Protection Regulation (hereinafter referred to as “GDPR“), personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject or user“).
1. Name and contact details of the controller
This data protection information applies to the data processing on the website www.hella-aglaia.com by the responsible controller:
HELLA Aglaia Mobile Vision GmbH
12109 Berlin, Germany
(hereinafter “HELLA Aglaia“)
Phone: +49 (30) 2000 429-0
You can contact the data protection officer of HELLA Aglaia via the address mentioned above, for the attention of the data protection officer, or by e-mail to email@example.com.
2. Processing of personal data and purposes of processing
a) Web hosting
For the provision of this website we use the web hosting service of the domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany (hereinafter referred to as “domainfactory”).
In order to offer a website, the commissioning of a web hosting service is required. The use of domainfactory is made in accordance with Art. 6 para. 1 s. 1 lit. f GDPR due to our legitimate economic interest in making our services available on this website. In connection with the hosting, domainfactory processes personal data on our behalf that is generated when the website is used.
We have concluded a data processing agreement with domainfactory. Through this contract, the service provider assures that he processes the data in accordance with the GDPR and guarantees the protection of the rights of the data subject.
b) When visiting the website
You can access the website www.hella-aglaia.com without revealing your identity. The browser you use on your end device automatically sends information to the server of our website (e.g. date and time of access, name and URL of the file accessed, browser type and version, website from which access is made (referrer URL)). This also includes the IP address of your enquiring end device. This information will not be stored by us or our web hosting provider.
c) When applying for a job offer
On our website you will find all current vacancies for which you can apply. An applicant management tool from Cornerstone OnDemand, Inc, Cloverfield Blvd, Suite 600 South, Santa Monica, CA, 90404, USA (hereinafter “Cornerstone”) is used throughout the HELLA group to manage applications.
The parent company of HELLA Aglaia, HELLA GmbH & Co. KGaA, Rixbecker Straße 75, 59552 Lippstadt (hereinafter referred to as “HELLA”), has concluded a data processing agreement with Cornerstone. Through this contract, the service provider assures that he processes the data in accordance with the GDPR and guarantees the protection of the rights of the data subjects. The transfer of your application data within the HELLA group takes place on the basis of your explicit consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR and for internal administrative purposes on the basis of our legitimate interests in accordance with Art. 6 para. 1 s. 1 lit. f GDPR.
In order to apply for a job offer, you must provide the following personal information:
- form of address,
- title (optional),
- first and last name,
- e-mail address,
- salary expectations,
- telephone / mobile phone (both optional),
- professional qualifications, school education, further trainings,
- upload cover letter, tabular curriculum vitae, (work) certificates.
Your aforementioned personal data will be processed exclusively for the purpose of processing your application, for the initiation or carrying out an employment relationship and, if applicable, for matching your application data with new vacancies that may be of interest to you. The processing of your application data is According to Art. 88 GDPR in conjunction with § 26 para. 1 BDSG as well as according to Art. 6 para. 1 s. 1 lit. b GDPR lawful.
If you have given your explicit consent to be included in the Talent Pool in accordance with Art. 6 para. 1 s. 1 lit. a GDPR, your personal data will be stored for up to 24 months after completion of the application process. Otherwise, we will delete your personal data 6 months after the application process is completed. Your name and first name will be stored for another 6 months.
If you have given your consent in the applicant portal (for the transfer of data to subsidiaries of HELLA or for inclusion in the Talent Pool), you can revoke this consent at any time in writing by e-mail to firstname.lastname@example.org.
d) When sending your unsolicited application
You also have the possibility to send us a unsolicited application by e-mail. The application documents you send us will be processed solely for the purpose of processing your application, initiating or carrying out an employment relationship and, if necessary, comparing them with new vacancies that may be of interest to you.
We process your personal data in accordance with Art. 88 GDPR in conjunction with § 26 para. 1 BDSG as well as according to Art. 6 para. 1 s. 1 lit. b GDPR for the initiation or execution of an employment relationship.
If we do not find suitable vacancies for you, we will delete your personal data 6 months after sending it to us. Your name and first name will be stored for another 6 months.
3. Transfer of data
In addition, we only pass on your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR;
- in the event that there is a legal obligation for disclosure under Art. 6 para. 1 s. 1 lit. c GDPR.
The cookie stores information which arises in conjunction with the specifically used end device. This does not mean, however, that this gives us direct knowledge of your identity.
In addition, we also use temporary cookies, which are stored on your end device for a certain fixed period of time, to optimize user-friendliness. If you visit our site again to use our services, we will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is required for the purposes mentioned above in order to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 s. 1 lit. f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your device or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you will not be able to use all the functions of our website.
IP addresses are completely anonymized before the data collected can be reviewed by us. It is not possible to reverse the anonymization of IP addresses and to assign IP addresses to collected data.
The data processing by Piwik is carried out on the basis of Art. 6 para. 1 s. 1 lit. f GDPR, our legitimate interests, whereby our interest lies in the evaluation of visitor behaviour, the creation of reports as well as in the continuous optimization and design of our website to meet your needs. Piwik will not share this information with third parties or use it for any marketing or promotional purposes whatsoever.
We implement components (videos) on our website from the platform of Vimeo, LLC 555 West 18th Street New York, NY 10011, USA (hereinafter referred to as “Vimeo”). The implementation is based on Art. 6 para. 1 s. 1 lit. f GDPR, whereby our interest lies in the smooth integration of videos and the resulting attractive design of our website.
By implementing videos, data of your browser, device-specific information including the IP address are transferred (for technical reasons) to the Vimeo server in the USA. Vimeo is responsible for the further processing of your data. For more information on data protection in connection with Vimeo, please refer to the privacy statement of Vimeo.
If you are also logged in to Vimeo, this information is associated with your Vimeo member account. You can prevent this by logging out of your member account before visiting our website.
In order to ensure an adequate level of data protection when transferring data to the USA, we have concluded the EU standard contractual clauses with Vimeo in the so-called “controller to controller” variant. As further protective measures, videos are integrated by us exclusively in the “Do Not Track” variant, so that the transmission of personal data is reduced to the necessary minimum. In addition, the provider of Vimeo has further committed to continue to comply with the self-imposed obligations from the former so-called Privacy Shield Agreement.
7. Emergency contact
We also receive your personal data indirectly, i.e. from third parties, provided that one of our employees gives us your contact details (name and telephone number) as an emergency contact or names you as a direct contact person, which should be contacted by us in the event of a (medical or private) emergency.
The data processing takes place for the aforementioned purposes in accordance with Art. 6 para. 1 s. 1 lit. f GDPR, based on our and the legitimate interests of our employee who gave us your contact details as an emergency contact.
We regularly update the emergency contacts to ensure that the contact details are correct and up-to-date. If the employee who provided your contact details leaves our company, your contact details will be deleted immediately.
If it is not disproportionate, we will contact you to inform you that we are processing your personal data.
8. Data subjects‘ rights
You have the right:
- pursuant to Art. 15 GDPR to request information from us about the personal data stored about you;
- pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
- pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us;
- pursuant to Art. 18 GDPR to demand restriction of processing of your personal data;
- pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
- pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. You can contact the supervisory authority of our registered offices (https://www.datenschutz-berlin.de/).
9. Right to object pursuant to Art. 21 GDPR
Pursuant to Art. 21 GDPR you have the right to object to the processing of your data at any time. In the event of an objection, we will no longer process your data. An exception exists if there are compelling reasons worthy of protection which outweigh your interests.
If you want to exercise your right to object, simply send an email to email@example.com.
10. Technical data security
All data that you personally transmit is encrypted using the common and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection by the attached s at http (i.e. https://..) in the address bar of your browser or by the lock symbol in the lower area of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
11. Actuality of and changes to this Data Protection Policy