Privacy Policy of Hirschen Group GmbH
Quick Links
Datenschutzinformationen für Auftraggebende und Dienstleistende
Datenschutzinformationen für Bewerber:innen
The basis of effective data protection is comprehensive information about the collection, processing, and use of your data (“data processing”). Therefore, we would like to inform you:
- when or in connection with which actions we process data
- which data we process and for what reasons
- who receives the data
- what rights you have in relation to the data processing carried out by us
This Privacy Policy applies solely to the use of personal data on our website https://hirschen-group.com, including its subpages, as well as on our podcast platforms. If you leave our website via a link or visit our presence on a social media platform, you will also leave the scope of this Privacy Policy.
You may access, print, or download this Privacy Policy at any time and on a permanent basis at the following address: …
Contact Information
The controller responsible for data processing in connection with this website within the meaning of the General Data Protection Regulation (GDPR) is:
Hirschen Group Hub GmbH
Ludwigstr. 4
20357 Hamburg
Germany
Telefon: +49 40 28 4 55 – 0
E-Mail: hello@hirschen-group.com
We have also appointed a Data Protection Officer. You may contact them at:
HK2 comtection GmbH
Karsten Uwe Bartel
Hausvogteiplatz 11a
10117 Berlin
bartels@comtection.de
I. General Information on Data Processing
- Scope of the Processing of Personal Data
The provision of the website requires the processing of various types of information. In addition, the scope of data processing depends on your use of the website’s functionalities, for example if you communicate with us via the contact form or consent to the processing of data.
You are not obliged to provide us with personal data. However, to the extent that the provision of such data is technically mandatory in connection with your access to our website, refusal to provide it will mean that you cannot access or use our website.
As a visitor to our websites, you are not subject to automated decision-making within the meaning of Article 22 of the GDPR.
2. Legal Basis for the Processing of Personal Data
The legal bases for the processing of personal data are set out below.
|
Purpose of Processing |
Legal Basis under the GDPR |
Explanation |
|
Performance of a contract or implementation of pre-contractual measures |
Art. 6 Abs. 1 b) |
Processing takes place only to the extent necessary for the exercise and fulfillment of rights and obligations arising from the contract. Unless expressly stated otherwise, we process data only to this extent. |
|
Legitimate interest |
Art. 6 Abs. 1 f) |
Processing takes place where we have a legitimate interest and no overriding interests of the data subject that would prevail are apparent. The specific interest is explained in this Privacy Policy in the relevant description of the processing activity. |
|
Consent |
Art. 6 Abs. 1 a) |
Processing takes place to the extent that you have expressly consented to the nature and scope of the data processing. You may withdraw your consent at any time with effect for the future. Such withdrawal shall not affect processing carried out up to that point. |
|
Legal obligation |
Art. 6 Abs. 1 c) |
Processing takes place to the extent necessary to comply with German or European legal obligations. |
3. Deletion of Data and Storage Period
We delete your personal data as soon as the legal basis for its processing no longer applies. In some cases, however, legal bases may coexist, or a new legal basis may apply once another ceases to exist, such as an obligation to store certain data for the purpose of complying with statutory retention requirements.
4. Data Processing for the Provision of the Website
In order for us to display the website to you, it is necessary to process certain information. This already occurs when you access our website. In addition, we offer various functionalities on our website that require further data processing.
5. Log Files
When you access our website, your browser sends various pieces of information, so-called server log files (“log files”), to our server. We require these to establish and maintain the connection. The data also includes your IP address, which we treat as personal data. In addition, the following data are collected:
- date and time of access
- source/referrer from which you reached the page
- destination page
- browser used / version
- operating system used / version
This data is not merged with other data about you. The processing of log files, including your IP address, is carried out on the basis of our legitimate interest in providing our website and preventing its abusive use. Stored log files are deleted no later than after 7 days, unless longer storage is required, for example to defend against or investigate an attack on our website.
II. Cookies und Plug-Ins
- Technical necessary Cookies
To establish and maintain the connection, we use cookies. A cookie is a small text file containing information that is transmitted by your browser and stored on your device. These cookies do not contain any personal data. You can also control the use of cookies in your browser and delete cookies yourself at any time. Cookies may be necessary for establishing the connection and/or improving the usability of the website.
You may prevent the storage of cookies by adjusting the settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
The use of technically necessary cookies and the associated data processing is based on our legitimate interest in providing a technically flawless and convenient website. Technically necessary cookies are usually deleted automatically when you close your browser (session cookies); in other cases, they are deleted only after a certain period of time (persistent cookies). The storage period of persistent cookies is determined by the provider and can be viewed by you, for example, in your browser.
|
Cookie |
Storage Period |
Purpose |
|
_pk_testcookie_domain |
1 day |
This cookie determines whether the browser accepts cookies. |
|
CookieConsent |
1 year |
Stores the user’s consent status for cookies on the current domain. |
|
elementor |
Persistent |
Used in connection with the WordPress theme of the website. This cookie enables the website owner to implement or modify the website content in real time. |
|
wpEmojiSettingsSupports |
Session |
This cookie is associated with a bundle of cookies used for the purpose of delivering and displaying content. The cookies maintain the correct state of fonts, blog/image sliders, color themes, and other website settings. |
2. Preference Cookies
Preference cookies enable our website to remember information that affects the behavior or appearance of the website. In this category, we store information about your consent to the use of cookies.
|
Cookie |
Storage Period |
Purpose |
|
locale |
Session |
This cookie determines the visitor’s preferred language and country setting. This allows the website to display content that is most relevant to that region and language. |
|
pll_language |
1 year |
This cookie is used to determine the visitor’s preferred language and, where possible, to set the language accordingly on the website. |
3. Usage Analysis und Tracking Cookies
We would like to further improve the usability of this website and the attractiveness of our services. For this reason, when you visit our website, we also collect data regarding user behavior, which we evaluate for this purpose. Accordingly, in addition to the cookies described above, the following tracking and analysis cookies are used on our website
Matomo
We use the web analytics service Matomo, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”), to improve our online presence. Matomo uses cookies. The usage information generated by the cookie is transmitted to our server and stored for the purpose of usage analysis. The information generated by the cookie about your use of this website is not disclosed to third parties.
|
Cookie |
Storage Periode |
Purpose |
|
_pk_id# |
1 year |
Collects statistics about the user’s visits to the website, such as the number of visits, average time spent on the website, and which pages were viewed. |
|
_pk_ses# |
1 day |
Used by the Piwik Analytics Platform to track page views made by the visitor during the session. |
4. Word-Press Plugins
In order to improve and simplify the usability and handling of the website, we use various WordPress plugins. Below you will find the plugins that process personal data and are used on our website.
|
Plugin |
Purpose |
|
Imunify Security |
Enhancement of website security |
|
WPForms |
contact form functionality |
|
Yoast SEO |
search engine optimization and technical analysis |
III. Social Media Presence
We maintain our own profiles on various social media networks in order to draw attention to our company and our services and to offer you an additional means of communication, which also constitutes our legitimate interests. In general, the use of social media services is always associated with the processing of personal data, as the social media networks themselves collect and process such data about their users. As the operator of the pages, we receive aggregated data (“insight data”) from the networks, which enables us to analyze the reach of our corporate presence. This allows us, for example, to see from which regions or age ranges (e.g. 20–40 years) our visitors come. We have no influence over which data the networks collect or how they process it. We only have access to the information about data that is also set out in the respective privacy policies.
The processing of this reach data is, in part, carried out within the framework of joint controllership. Below we have set out some information to provide you with further details regarding data processing by the respective networks.
Please note that when using social media services, data may also be processed outside the European Union or the European Economic Area, where the level of data protection may not always be equivalent to that of the EU. In addition, social media providers generally process users’/members’ data for market research and advertising purposes and combine it with data from other sources in order to create user profiles. Whether and to what extent any transfer takes place is beyond our knowledge. Our knowledge corresponds to the information published in the providers’ privacy policies. The networks themselves may assign your visit to our pages to your user profile if you are logged in at the time of your visit. If you wish to avoid this, please log out beforehand.
Details of our current social media presences are set out below.
LinkedIn is a service provided by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. In Europe, the responsible entity is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn and we are jointly responsible with regard to the collection of personal data, regarding the essential terms of which LinkedIn provides information in th „Pages-Joint-Controller-Addendum“.
Data processing is generally carried out on the basis of our legitimate interests or on the basis of consent, for example in connection with participation in a prize draw or survey conducted by us.
|
Information LinkedIn |
|
|
Privacy Policy |
|
|
Joint Responsibility |
|
|
Contact for Data Subject Requests |
|
|
Contact for Data Protection Inquiries |
|
XING is a service provided by New Work SE, Baumwall 7, 20459 Hamburg, Germany. New Work and we are jointly responsible with regard to the collection of personal data, regarding the essential terms of which New Work provides information in the „Agrement on Joint Data Protection Contollership“.
Data processing is generally carried out on the basis of our legitimate interests or on the basis of consent, for example in connection with participation in a prize draw or survey conducted by us.
|
Information Xing |
|
|
Privacy Policy |
|
|
Joint Responsibility |
|
|
Contact for Data Subject Requests |
|
|
Contact for Data Protection Inquiries |
|
IV. Links
On our website, you will find links to various web offerings. We have no influence over the data processing activities on these websites.
On our website, you will find links to our company profile and the profiles of our contacts. LinkedIn is a professional network operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The relevant tile is identifiable by the LinkedIn logo or the abbreviation “IN.” LinkedIn processes your data and may be able to assign your visit to its website to your LinkedIn profile if you are logged in. If you do not wish this to happen, you should log out before visiting our website.
Further information about data processing by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy
Affiliated Companies
On our website, you will find links to companies affiliated with us. Details regarding their data processing can be found in the respective privacy policy.
- Datenschutzerklärung Zum goldenen Hirschen
- Datenschutzerklärung RYSM CENTRAL GmbH
- Datenschutzerklärung Freunde des Hauses
- Datenschutzerklärung 365 Sherpas
- Datenschutzerklärung Health Angels
Whistleblower System
On our website, you will find a link to our whistleblower system (WBS). The WBS serves to provide our employees and external individuals with the opportunity to report unlawful behavior in a secure and confidential manner. The technical implementation is carried out by our service provider EQS Group AG based on a commissioned processing agreement (in accordance with Art. 28 GDPR).
Further information about data processing regarding the WBS can be found at: https://hirschen-group.integrityline.app/app-page;appPageName=Privacy policy
V. Elektronic Mail / Contact Form
If you send us electronic mail to the email addresses provided on these internet pages or use our contact form, the data contained in your message will be processed depending on the purpose of the message.
We use this data (first and last name, email address, telephone number, title, company, content of the inquiry) exclusively for answering your inquiry and the associated communication. The legal basis for this processing of your data depends on the content of your inquiry. In principle, our legitimate interest in providing the contact functionality and answering your inquiry submitted via it applies here. If your inquiry is aimed at concluding a contract with us, the processing takes place within the scope of this pre-contractual relationship.
Your data will be deleted as soon as your inquiry has been finally processed. In the event of a contract conclusion, we may continue to process the data for contract fulfillment.
VI. Online Application
You can apply at any time via the career portal to Hirschen Group GmbH, to us, and to other subsidiaries.
An overview of the companies with addresses and contact details can be found hier.
The career portal is operated by Hirschen Group Hub GmbH and is also made available to us as well as the other Hirschen companies for applicant management. In this regard, there is a joint responsibility according to Art. 26 EU-GDPR.
You can assert your data subject rights listed under Section IX. against us using the contact details provided in Section I. You are also entitled to assert your rights against Hirschen Group Hub GmbH and the aforementioned subsidiaries.
For the purpose of applicant management, we require your contact details (name, first name, telephone or mobile number, email address), your availability, salary expectations, and your resume. Additional data, such as reference letters, websites, information on professional networks, or other information you provide to us, are voluntary.
We process this data insofar as it is necessary for the implementation of the application process according to Art. 26 Federal Data Protection Act (BDSG) or Art. 88 GDPR, or if you have given us your consent according to Art. 6 (1) lit. a) EU-GDPR. Furthermore, we may be obliged to process the data on the basis of legal provisions, Art. 6 (1) lit. c) EU-GDPR.
The data transmitted as part of your application will be transmitted via TLS encryption and stored in a database. The database is operated by our service provider Personio GmbH, Rundfunkplatz 4, 80335 Munich. We have concluded a data processing agreement with Personio GmbH in accordance with Art. 28 EU-GDPR. Further information about Personio GmbH can be found hier.
Your data will generally be processed by the company to which you are applying. When submitting your application, we ask for your permission to pass on your application within our group companies, if necessary, to check whether you might be suitable for another position within our group of companies.
If your application is not successful, the storage period for your data is generally 6 months.
Only authorized persons have access to the stored data to the extent necessary for the implementation of applicant management or for fulfilling legal obligations.
Revocation of Your Consent
You have the option at any time to revoke your consent to the processing of your data for the future, without stating reasons, to the responsible entity to which you applied, either in writing or in text form. You can find the respective contact detailse hier.
- Right to Object and Erasure
Insofar as data processing is based on your consent or our legitimate interest, you have the right to object to the processing or to revoke your given consent at any time. Your objection or revocation will only take effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You can contact bartels@comtection.de or datenschutz@hirschen-group.com at any time to exercise your right to object or revoke consent. If you object to processing based on our legitimate interest, we may still continue the processing if we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms.
2. Data Subject Rights
If personal data relating to you is processed, you are a data subject within the meaning of Art. 4 Para. 1 GDPR. As a data subject, you have the following rights regarding your personal data. To exercise these rights, you can contact us using the contact details provided abov
3. Right of Access according to Art. 15 GDPR
You have a right to information about your personal data processed by us. This includes the mandatory information presented in Art. 15 GDPR.
4. Right to Erasure according to Art. 17 GDPR
You have the right to demand the immediate rectification of inaccurate personal data and the completion of incomplete personal data.
5. Right to Erasure according to Art. 17 GDPR
You have the right to demand the erasure of your personal data if one of the reasons stated in Art. 17 GDPR applies, especially if there is no longer a legal basis for the processing
6. Right to Restriction of Processing according to Art. 18 GDPR
You have the right to demand the restriction of the processing of your personal data if one of the reasons stated in Art. 18 GDPR applies, in particular at your request instead of data erasure.
7. Right to Data Portability according to Art. 20 GDPR
You have the right to receive all personal data stored by us about you in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.
8. Right to Lodge a Complaint with the Competent Supervisory Authority, Art. 77 GDPR
According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you.
VII. Recipients of Data
The processing of your personal data within the scope of the website is also partly carried out by affiliated companies of the Hirschen Group and by processors. These are exclusively involved on the basis of a data processing agreement in accordance with Art. 28 Para. 3 GDPR.
- Data Transfer to Third Countries
The personal data that we collect from you within the scope of the website will not be transferred to third countries outside the European Economic Area.
Status: Februar 2026