Data protection information for applicants as of October 13, 2023

We are pleased that you would like to apply for a job with us. With this document, we inform you as a data subject, based on your application, about the processing of your personal data by Heidelberger Druckmaschinen AG and its affiliated companies (hereinafter "HEIDELBERG"). In addition, we hereby inform you about the data protection claims and rights to which you are entitled.

General

Data controller for data processing

The respective HEIDELBERG company to which you are applying for a job acts as the data controller for the processing of your personal data in the context of your application procedure. The respective company to which you are applying can be found in the respective job advertisement.


Data protection officer

If you would like to contact the data protection officer of HEIDELBERGER Druckmaschinen AG, you can do so as follows:

Datenschutzbeauftragter
Heidelberger Druckmaschinen AG
Gutenbergring
69168 Wiesloch
datenschutzbeauftragter@heidelberg.com


Data processing as part of the application process

As part of our application management, we process your personal data in accordance with the GDPR and the German Federal Data Protection Act (BDSG), insofar as this is necessary and legally permissible for the implementation of the application process.


Registration and use of Workday Recruiting

In order to apply for a job with us and to submit and manage application documents, you can register in our recruiting system “Workday Recruiting“. For this purpose, you set up a user account. If you use this system, you will also be able to view the application process or receive further job offers from HEIDELBERG companies.

The data you provide when registering and setting up your user account will only be processed as part of the application process.

In certain cases, we conduct an assessment center as part of the application process. The processing of your personal data included in this takes place in order to fill the open position.


Application by e-mail or post

We encourage you to use the Workday Recruiting System to apply to our companies. However, you still have the option of applying to us by e-mail or post. Upon receipt of your application materials, the appropriate HEIDELBERG Human Resources (HR) department will transfer the data into the Workday Recruiting System.

If your application is successful, you will be required to register in our Workday Recruiting System and create a user account in order to continue the hiring process.


From which sources your personal data originates

We generally collect your personal data directly from you.


Is there an obligation to provide the personal data?

You are not obligated to provide us with the personal data, but the data collected is necessary for the application process. Failure to provide it will result in an application procedure not being able to take place. If you provide us with data that we have not requested from you for the application process, this is done freely.


For applicants applying in the EU:

The legal basis for processing your personal data as part of the application process is Art. 6 para. 1 lit. b GDPR for the initiation of a contractual relationship as well as the fulfillment of our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to make the application process and the search for a suitable candidate simple and efficient.

You are entitled to object to the processing of your personal data based on the legitimate interest. For this purpose, you can contact the respective HEIDELBERG company to which you are applying. If you object to the processing, we may no longer be able to continue the application process.


Other processing operations within the scope of legitimate interest

For other processing within the scope of legitimate interest, personal data may be disclosed to the judiciary, authorities, legal representation, insurance companies and necessary companies, e.g., internet providers, cloud service providers or security service providers.

Recipients or categories of recipients of personal data

Internal:

Recipients of the personal data contained in the application documents are

  • The respective responsible HR managers,
  • the decision-makers in the respective departments as well as
  • the personnel representatives of our company

External:

We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases for data processing set out under "Purposes, categories of data and legal bases for data processing" or you have given us your consent to do so in accordance with Art. 6 para 1 lit. a GDPR.

You have the option to revoke this consent at any time. To do so, you can contact the HEIDELBERG company to which you have applied.

If commissioned service providers have access to personal data and this constitutes data processing on behalf, a data processing agreement has been concluded with the service providers, which also considers regulations for possible subcontractors.


Transfer to third countries

There are no plans to transfer data to third countries (countries outside the European Economic Area - EEA).


Duration or criteria for the duration of storage

We store your personal data for as long as necessary to pursue the respective processing purpose or as we have a legitimate interest in continuing to store it. We always delete personal data, considering legal retention obligations, as soon as there is no longer any obligation to continue storing it.

Personal data that we process based on consent will be processed by us for as long as the wording of the consent permits or until the consent of the data subject is revoked. Unless otherwise stated in the consent, we keep proof of consent and opt-out for 3 years after the end of processing in order to demonstrate compliance with data protection regulations.

In addition, we store personal data relevant to the defense or assertion of legal claims until the expiration of the applicable statute of limitations for three years from the end of the year in which the claim arose, pursuant to Art. 6 para. 1 lit. f GDPR.


No creditworthiness information and automated decisions, incl. profiling.

We do not perform any check or assessment of your creditworthiness. Nor do we pass on any such data to third parties (e.g., credit agencies). We also do not make any automated decisions in individual cases.

Use of cookies

Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“).


Scope of processing

Google Analytics uses cookies to help analyse how you use our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.

We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalised ads (interests and demographics) and to deliver ads to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behaviour is recorded in the form of „events“.

Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your „click path“, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • file downloads
  • ads seen / clicked on
  • language settings

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)


Purposes of processing

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.


Recipients

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.


Transfer to third countries (outside the EU and EEA):

Google receives personal data while analyzing user behavior based on your consent and processes this data if necessary for the provision of services worldwide:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

Tel: +353 1 543 1000
Fax: +353 1 686 5660
E-mail: support-deutschland@google.com


Google Privacy Policy

We store the data on pseudonymized profiles, which cannot be assigned to an individual person, for a period of 26 months in order to optimize our websites. At the end of the 26 months, this data is automatically deleted.

Data subject rights

Access, rectification, erasure or restriction, data portability, objection, processing, revocation, consent, right to lodge a complaint with a supervisory authority.

The EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) provide various rights for data subjects, which we inform about below.

We do not perform profiling or automated decision-making in the normal course of business. We expressly point out exceptions under the respective headings below.

In accordance with Art. 15 of the GDPR, you have the right to obtain access to the processing of your personal data. Pursuant to Art. 16 GDPR, you have the right to request immediate rectification of any inaccurate personal data concerning you. In addition, you can request a restriction of processing in accordance with the conditions of Art. 18 GDPR, a data portability of your personal data in accordance with Art. 20 GDPR, as well as erasure in accordance with the conditions of Art. 17 GDPR. In addition, you can object to the processing of your personal data in accordance with the conditions of Art. 21 GDPR. Pursuant to Art. 7 of the GDPR, you may revoke your consent at any time with effect for the future.


Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 lit. f GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Right to object to processing of personal data for the purpose of direct marketing

Pursuant to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing. If you object to the processing of your personal data for the purpose of direct marketing, we will no longer process your personal data for these purposes.

Please contact us regarding your data subject rights and questions at: datenschutz@heidelberg.com.


Right to lodge a complaint with the supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority. The supervisory authority responsible for HEIDELBERGER Druckmaschinen AG is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg.

Lautenschlagerstraße 20
70173 Stuttgart

Tel.: 0711/615541-0
Fax: 0711/615541-15
E-mail: poststelle@lfdi.bwl.de
Web: https://www.baden-wuerttemberg.datenschutz.de

How can we help you?

We look forward to your message. In order to be able to react quickly to your request, we need some information. *These fields are required.