Data Protection Notice
We are delighted at your interest and your visit to our website. Protection of your personal data is especially important to us in every phase of the collaboration. We would therefore like to explain to you what information we collect and how this information is used.
1. Handling of usage data on our homepage www.cotac-group.com
1.1 Server log data
The page provider automatically collects and stores information in what are called server log files, which your browser automatically transfers. These data are mainly:
- Browser type and browser version
- Operating system used
- Referrer URL (origin address)
- Date and time of day of the server request
- IP address
These data are stored separately from other data that you may transfer to us, and are not merged with data from other sources.
The basis for data processing is Article 6, Para. 1, Letter f of the GDPR (General Data Protection Regulation), which allows data processing based on legitimate interests. In this case, there is legitimate interest in the secure, trouble-free operation of the web server. To ensure this, the administration must be able to recognize and understand attacks on the system, and its malfunctions, via server log files. Accesses to the server must be stored to enable recognition of attack patterns. These data are deleted as soon as they are no longer needed. As a rule, this happens after seven (7) days. For technical reasons, data are available to the hosting service provider, but the latter is bound by our instructions and contractually obliged to us.
1.2 Contact form
When you send enquiries to us via a contact form, we store and process your information from the form in order to process the enquiry and in the event of follow-up questions.
Mandatory fields are identified accordingly. Completing mandatory fields is necessary to enable us to reply to and process your enquiries. Moreover, all information is voluntary.
Data entered into the contact form are processed exclusively based on your consent (Article 6, Para. 1, Letter a of the GDPR). You can revoke this consent at any time. Revocation applies only for the future.
We do not give your data to third parties without your consent or without another permissible legal basis. The fact that our technical service providers can gain insight cannot be excluded, but they are, however, obliged to maintain secrecy.
The data you enter into the contact form remain with us until you ask us to delete it, or you revoke your consent to storage, or the purpose of the data storage no longer applies (e.g. after processing of your enquiry is complete). Mandatory statutory provisions – especially retention periods – remain unaffected.
1.3 Cookies
We can use cookies for technical reasons, to optimize our Internet pages and to determine page views.
The cookies that are involved can be seen here, where you can also revoke consents that may possibly have been granted.
We use a service of Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany, to manage consents granted for cookies and similar technologies. Detailed information about this can be accessed here.
1.4 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Information about your use of the website is collected, including content accessed, referrer URL (previously visited page), approximate geographical location, browser type and version, operating system used, IP address, and date/time of the request. In addition, pseudonymous information about visitors may be processed, such as interests or demographic information (e.g., age and gender). This information helps us identify which parts of our websites are frequently used, which ones invite reuse, and which ones can be optimized.
For this purpose, your information is summarized in a profile and assigned to your browser. Cookies may also be used for this purpose, which are stored on your computer. Your IP address is only processed in abbreviated form, i.e., pseudonymized.
According to its own statements, Google processes the data within the EU. However, it cannot be ruled out that Google may nevertheless transfer data to the US. In this case, Google has submitted to the Transatlantic Data Privacy Framework and signed EU standard contractual clauses.
Your data will be automatically deleted after 2 months.
The legal basis for the use of Google Analytics is your consent. You can prevent the collection of data on these websites and the processing of this data by Google by not giving your consent or by revoking it here.
Further information on data protection at Google can be found here: https://policies.google.com/privacy?hl=en.
1.5 Google Tag Manager
This website uses Google Tag Manager. This allows us to centrally integrate and manage website tags, for example to track and evaluate your behavior as a visitor using tracking tools. Google Tag Manager ensures the central execution of other services that can also collect data. We will explain the other services in the following sections of this document.
The legal basis for its use is your consent. You can give or withdraw your consent at any time here.
Data processing is carried out by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. According to Google, the data collected is also transferred to the USA, which has a lower level of data protection than the EU. This means that US authorities may have simplified access to personal data, with only limited rights to defend against such measures. Data transfer is based on the Transatlantic Data Privacy Framework and the EU Commission's standard contractual clauses.
Information about Google Tag Manager can be found at https://support.google.com/tagmanager?hl=en&sjid=4420486649268990668-EU#topic=15191151; information about data protection at Google can be found here: https://policies.google.com/privacy?hl=en.
1.6 YouTube
We use plugins from the Google-operated website YouTube on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using privacy-friendly default settings, YouTube claims that it does not store any information about users of this website as long as they do not watch a video. However, the transfer of data to YouTube partners is not necessarily excluded. YouTube establishes a connection to the Google DoubleClick network even if no video is viewed.
As soon as you access a YouTube video on our website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you are visiting. If you are logged in to YouTube at the same time, YouTube assigns the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
YouTube may use recognition technologies (e.g., device fingerprinting) when a video is played. This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.
After a YouTube video has been started, further data processing operations may be triggered over which we have no control.
The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If consent has been requested, processing will be based solely on your consent. You can revoke this consent at any time by opening the consent settings and changing them here.
The data collected may also be transferred to the USA by the service provider. According to the current legal situation, there is no adequate level of protection there. The data transfer is based on the standard contractual clauses of the EU Commission.
Further information about the collection and use of data, as well as your rights and protection options in this regard, is available in Google's privacy policy at https://policies.google.com/privacy?hl=en.
2. Handling job applicant’s data
2.1 Collecting and processing personal data
As a rule, we only process personal data about you that you have provided to us yourself, especially in the application application documents and in the job interview. The processing serves the purpose of reviewing and processing your application. If you have given your consent we will also include you in our applicant pool in order to contact you in future regarding to be able to contact you about other vacancies that match your profile.
We process your personal data in order to check whether we can conclude an employment contract with you (contract initiation, Art. 6 para. 1 lit. b GDPR) or on the basis of your consent for the storage of the data in our applicant pool (Art. 6 para. 1 lit. a GDPR). You have the right to withdraw your consent to the processing of the data at any time with revoke it in whole or in part with effect for the future. The revocation can be sent in writing to jobs@hoyer-group.com or by post to the following address:
cotac europe GmbH
Corporate Human Resources
Wendenstrasse 414 – 424
20537 Hamburg, Germany
2.2 WhatsApp
You can also submit your application to us via WhatsApp. We would like to point out that WhatsApp also processes user data outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. When you click on the corresponding link, a connection to the selected network is established and data about you is transmitted there. In order to use this feature, you must already have an account with WhatsApp, so the legal basis for this processing is your consent (Art. 6 (1) a DSGVO). The data processing by us is based on your consent (Art. 6 (1) a DSGVO).
For more information, please click here: WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Data protection information can be found at https://www.whatsapp.com/legal/privacy-policy-eea?lang=en
In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the provider. Only the provider has access to the user's data and can take appropriate measures and provide information directly
2.3 Duration of storage
Your application documents will be stored for as long as they are required for the above-mentioned purposes and for as long as statutory retention periods require. If we are unable to conclude an employment contract with you, we will delete the data 6 months after the vacant position has been filled. If you have agreed to be included in our applicant pool, we will store your data for 1 year from receipt of your application.
3. Rights of data subjects
As a data subject, you are entitled to the following rights, insofar as the statutory conditions for them are fulfilled:
- Right to information, Article 15 of the GDPR
- Right to correction, Article 16 of the GDPR
- Right to deletion, Article 17 of the GDPR
- Right to restriction of processing, Article 18 of the GDPR
- Right to data portability, Article 20 of the GDPR
- Right to object, Article 21 of the GDPR
You have the right, with effect for the future, to revoke at any time the consent to data processing that you granted.
You have the right to complain to the Data Protection Supervisory Authority about data processing.
4. YouTube
Furthermore, we maintain an online presence on YouTube (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), in order to communicate with users who are active there and to offer information about ourselves.
We draw attention to the fact that this may involve processing users’ data outside of the European Union. This may entail risks for users, e.g. because enforcing their rights could become more difficult.
As a rule, users’ data are also processed for market research and advertising purposes. Thus, for example, user profiles can be created from the usage behavior and the users’ interests arising therefrom. The usage profiles can in turn be used, for example, to insert advertising inside and outside of the platform and corresponding to users’ presumed interests. As a rule, for these purposes, cookies are set on users’ computers, through which users’ usage behavior and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in to the latter).
Processing users’ personal data is based on our legitimate interests in effective information about/for users, and communication with users, pursuant toArticle 6, Para. 1, Letter f of the GDPR. If the respective providers ask users for consent to data processing (i.e. to declare their agreement by, for example, ticking a checkbox or confirming a button), the legal basis of the processing is Article 6, Para. 1, Letter a of the GDPR.
For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to Google’s statements: Data Protection Declaration:https://policies.google.com/privacy?hl=en; opportunity to object (Opt-Out): https://adssettings.google.com/authenticated.
In the event of requests for information and the assertion of users’ rights, we draw attention to the fact that these can be most effectively asserted with the provider, Google. Only the provider has access to the users’ data in each case, and can directly take corresponding measures and give information.
5. Contact details of the Data Protection Officer
If you have any more questions on the subject of data protection and the handling of your personal data in the HOYER Group, please contact our Data Protection Officer:
fox-on Datenschutz GmbH
Pollerhofstrasse 33 a
51789 Lindlar/Cologne, Germany
www.fox-on.com
E-mail: dsb@fox-on.com
Tel.: +49 2266/90 15 920
6. Responsible body
The body responsible for data processing on this website is:
cotac europe GmbH
Wendenstrasse 414–424
20537 Hamburg, Germany
Tel.: +49 40 21044 0
Fax: +49 40 21044 246
E-mail: info@cotac-group.com