Die Fertigung bei HÖRMANN Automotive Saarbrücken.

Privacy Policy of HÖRMANN Intralogistics GmbH

  1. Home
  2. Privacy Policy

At HÖRMANN Intralogistics, data protection is a central concern that we pursue with responsibility and on equal footing. This privacy policy informs you about the processing of personal data and your rights. It applies to our website and all business interactions. Further information on our measures in the areas of data protection, information security, quality management and compliance can be found in our Trust Center.

 

1. Controller and Data Protection Officer

1.1 Controller

The controller for data processing in accordance with Art. 4 para. 7 GDPR is:

HÖRMANN Intralogistics Solutions GmbH
Mr. Rainer Baumgartner and Mr. Benito Vigo Nieves
Gneisenaustraße 15
80992 Munich, Germany
T +49 89 149898-0
E datenschutz@hoermann-logistik.de 

HÖRMANN Intralogistics Solutions Ges.m.b.H.
Mr. Hannes Reiter
Grazer Str. 10
8130 Frohnleiten, Austria
T +43 31622 8611-510
E datenschutz@hoermann-logistik.de 

HÖRMANN Intralogistics Solutions Sp.Z.O.O.
Mr. Oleg Solovey
Azymutalna 9
80-299 Gdańsk, Poland
T +48 577 400 145
E datenschutz@hoermann-logistik.de 

Depending on which company you are in contact with, the respective company mentioned above is responsible for processing your data.

1.2 Data Protection Officer

We have appointed a data protection officer who acts for HÖRMANN Intralogistics Solutions GmbH in accordance with Art. 37 et seq. GDPR:

Prof. Dr. Thorsten B. Behling
Attorney at Law · ISO/IEC 27001 Lead Auditor
BUSE Rechtsanwälte Steuerberater GmbH & Co. KG
T +49 (0) 211 388 000
E behling@buse.de 
www.buse.de 

There is no legal obligation to appoint a data protection officer for the Austrian and Polish companies. For data protection questions regarding these companies, you can contact datenschutz@hoermann-logistik.de.

 

2. Data Processing on the Website

2.1 Visiting the Website

Purpose and Legal Basis: We process your data to ensure smooth connection establishment, to guarantee comfortable use, to evaluate system security and stability, and for administrative purposes. The processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring the technical functionality and IT security of our website and optimizing our online offering.

2.2 Contact Form and Email Contact

Purpose and Legal Basis: We process your data to handle your inquiries and to fulfill contractual or pre-contractual measures. If your inquiry is aimed at concluding or fulfilling a contract, the processing is based on Art. 6 para. 1 lit. b GDPR. For other inquiries, the processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in responding to your inquiries and maintaining business relationships.

2.3 Whitepaper Download Request

Purpose and Legal Basis: We process your data to provide the whitepaper and, if applicable, to contact you regarding thematically related offers. The provision of the whitepaper is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you grant by submitting the download form. If further advertising contact is made, the legal basis is also your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Note: You can withdraw your consent at any time.

2.4 Cookies

Purpose and Legal Basis: We use cookies to improve the user experience and for statistical recording to optimize the website.

For technically necessary cookies, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in providing a functional website and ensuring IT security.

For analysis and marketing cookies, processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Consent Manager: When you first visit our website, you will be asked via a cookie banner for your consent for non-necessary cookies. You can adjust your settings at any time via the cookie banner or withdraw your consent.

2.5 Analysis and Tracking Tools

Purpose and Legal Basis: We process your data for the design and optimization of the website and for statistical recording of usage. The processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can grant consent via our consent manager and withdraw it at any time.

Note: Data is transferred to the USA (see section “Data Transfer to Third Countries”).

 

3. Data Processing of Applications

3.1 Purpose and Legal Basis

We process your application data for applications to specific job postings, for unsolicited applications, and for communication during the application process. The legal basis for this is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) in conjunction with § 26 para. 1 BDSG.

Inclusion in the applicant pool and consideration for similar open positions is only done with your consent based on Art. 6 para. 1 lit. a GDPR.

The fulfillment of legal obligations (e.g., AGG documentation) is based on Art. 6 para. 1 lit. c GDPR.

3.2 Data Recipients

Your application data is passed on internally to the HR department and the relevant specialist department, insofar as this is necessary for processing your application.

For the management of the application process, we use an application portal from an external service provider who processes your data on our behalf (data processing in accordance with Art. 28 GDPR).

Data is only passed on to headhunters or staffing agencies if they are involved in the specific application process – for example, if you became aware of us through a staffing agency or if we are working with an external service provider for a specific position.

3.3 Data Transfer

Currently, no transfer of your application data to a third country takes place.

 

4. Data Processing of Business Partners, Suppliers and Service Providers

We process your personal data for various purposes within the scope of our business relationship.

Conducting the Business Relationship: The processing of contracts, orders and services, clarification of questions, handling of complaints, settlement of invoices, and preparation of offers is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Communication: The recording and processing of contacts, establishing contact, and processing of correspondence within the framework of existing contractual relationships is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment). For general relationship maintenance without specific contract reference, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in maintaining business relationships.

Logistics and Shipping: The shipment of packages as well as the creation of spare parts invoices and service performances is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment). The shipment of gifts is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in maintaining business relationships.

Project Management: The recording and documentation of project-related information as well as the logging of decisions and meetings is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Customer Service: Support with complaints, inquiries and order confirmations is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment). Conducting customer satisfaction surveys is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in quality improvement.

IT Management: The setup of VPN remote access, login to the company network, and documentation of maintenance and deployment planning is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Security and Maintenance Planning: The planning of maintenance measures, emergency management, and recording of service-specific information is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Compliance: The implementation of the Supply Chain Due Diligence Act (LkSG), internal and external investigations, or security reviews is based on Art. 6 para. 1 lit. c GDPR (legal obligation).

Assertion, Exercise or Defense of Legal Claims: Insofar as these claims result from the contractual relationship, processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment). The retention of data to fulfill legal retention obligations (e.g., tax or commercial law obligations) is based on Art. 6 para. 1 lit. c GDPR (legal obligation).

 

5. Data Processing of Visitors

We process your personal data for various purposes in connection with your visit.

Administration and Organization of Your Visit: If your visit is related to contract initiation, registration, appointment scheduling, and contact is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures). For other visits (e.g., government representatives, craftsmen, private visitors), the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in organizing visitor management.

Fulfillment of Legal Obligations: Compliance with security regulations and access control is based on Art. 6 para. 1 lit. c GDPR (legal obligation).

Ensuring Company Security: The protection of employees is based on Art. 6 para. 1 lit. c GDPR (legal obligation under the Occupational Health and Safety Act). The protection of visitors is also based on Art. 6 para. 1 lit. c GDPR (traffic safety obligations). The protection of trade secrets is based on Art. 6 para. 1 lit. c GDPR (requirements of the Trade Secrets Act).

Tracking Incidents or Security Events: Insofar as we are legally obligated to document and report (e.g., under occupational safety law, DGUV regulations, or Art. 33 GDPR), processing is based on Art. 6 para. 1 lit. c GDPR (legal obligation).

IT and Data Security During Your Stay: Processing in connection with Wi-Fi use is based on Art. 6 para. 1 lit. c GDPR (legal obligation to ensure IT security under Art. 32 GDPR).

Compliance with Health and Safety Regulations: Processing for fire protection and emergency measures is based on Art. 6 para. 1 lit. c GDPR (legal obligation). In emergency situations, the legal basis is additionally Art. 6 para. 1 lit. d GDPR (protection of vital interests).

 

6. Newsletter

6.1 Registration and Dispatch

Purpose and Legal Basis: We process your data to send you our newsletter with information about our products, services, and company news.

New Newsletter Registrations: Processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. Registration is done via the double opt-in procedure.

Existing Customers: If you are already a customer with us and have provided us with your email address in connection with a purchase or service, we may send you advertising for our own similar products. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interest: direct marketing) in conjunction with § 7 para. 3 UWG. You can object to this use at any time, e.g., via the unsubscribe link in the newsletter or by email to datenschutz@hoermann-logistik.de.

During registration, the IP address as well as the date and time of registration are stored to prevent misuse.

The subscription can be canceled at any time. You will find an unsubscribe link in every newsletter.

6.2 Newsletter Dispatch and Analysis

For the dispatch and analysis of the newsletter, we use a service provider based in Germany. The data is stored on servers in Germany. No transfer to third countries takes place.

The newsletter contains tracking pixels to analyze whether emails have been opened and which links have been clicked. The legal basis for this analysis is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you grant together with the newsletter registration.

If you do not want analysis, you can unsubscribe from the newsletter or contact us to deactivate only the analysis.

 

7. Social Media

Purpose and Legal Basis: We maintain online presences on social networks for public relations, to communicate with interested parties and customers, and to present our company. The processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in effective communication and external presentation.

When you visit our pages, your data is also processed by the platform operators.

Joint Responsibility: For certain processing operations (especially the creation of page statistics), we are jointly responsible with the platform operators in accordance with Art. 26 GDPR. The platform operators have committed to assuming primary responsibility for processing and fulfilling data subject rights. For more information, see the privacy policies of the respective platform.

Our Presences:

LinkedIn – Operator: LinkedIn Ireland Unlimited Company – Third country transfer: USA (DPF, SCCs); Link to privacy policy: LinkedIn Privacy Policy

Facebook – Operator: Meta Platforms Ireland Limited – Third country transfer: USA (DPF, SCCs); Link to privacy policy: Meta Privacy Policy

Instagram – Operator: Meta Platforms Ireland Limited – Third country transfer: USA (DPF, SCCs); Link to privacy policy: Meta Privacy Policy

kununu – Operator: New Work SE, Hamburg – Third country transfer: No (EU); Link to privacy policy: Privacy at kununu

YouTube – Operator: Google Ireland Limited – Third country transfer: USA (DPF, SCCs); Link to privacy policy: Privacy Policy – Google

 

8. Use of Software Tools

Purpose and Legal Basis: To fulfill our contractual obligations and optimize our business processes, we use various software tools.

Telephony and Communication: Insofar as communication takes place within the framework of a contractual relationship, the legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment). For other business communication, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in efficient communication.

Lead Capture at Trade Fairs: If you provide us with your contact details at a trade fair and express interest in our products or services, processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures). If you consent to further contact for advertising purposes, the legal basis is Art. 6 para. 1 lit. a GDPR (consent).

Translation (incl. AI-supported translation): Insofar as translations are required within the framework of a contractual relationship, the legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Marketing and Design: Processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in company presentation and customer approach.

Task and Project Management: Insofar as this processing takes place within the framework of a contractual relationship, the legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Documentation and Knowledge Management: Insofar as this processing takes place within the framework of a contractual relationship, the legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment).

IT Service Desk: Insofar as IT support takes place within the framework of a contractual relationship, the legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Data Location: Predominantly EU. With some providers, data transfer to the USA may occur (see section “Data Transfer to Third Countries”).

Contractual Basis: Depending on the role of the provider, data processing agreements (DPA) have been concluded in accordance with Art. 28 GDPR, or the providers process data as independent controllers based on their own privacy policies.

 

9. Legal Basis of Processing – Overview

The processing of your personal data is based on the following legal bases of the GDPR:

Consent (Art. 6 para. 1 lit. a GDPR): You have given your consent to the processing. This can be withdrawn at any time with effect for the future.

Contract Fulfillment (Art. 6 para. 1 lit. b GDPR): The processing is necessary for the performance of a contract or pre-contractual measures.

Legal Obligation (Art. 6 para. 1 lit. c GDPR): The processing is necessary to fulfill legal obligations (e.g., tax, commercial law, archiving obligations, LkSG).

Protection of Vital Interests (Art. 6 para. 1 lit. d GDPR): The processing is necessary to protect vital interests.

Legitimate Interest (Art. 6 para. 1 lit. f GDPR): The processing is necessary to safeguard legitimate interests, provided your interests do not outweigh them.

Supplementary National Regulations: For certain processing operations, supplementary national provisions apply through opening clauses of the GDPR. § 26 para. 1 BDSG applies in addition to Art. 6 para. 1 lit. b GDPR via Art. 88 GDPR to processing for employment relationship purposes (applications). § 7 para. 3 UWG applies in addition to Art. 6 para. 1 lit. f GDPR to direct marketing to existing customers.

If your data is to be processed for additional purposes, you will be informed and, if necessary, your consent will be obtained.

 

10. Automated Decision-Making

Automated decision-making including profiling in accordance with Art. 22 GDPR does not take place.

 

11. Obligation to Provide Data

You are neither legally nor contractually obligated to provide us with personal data. However, within the scope of our business relationship, you must provide the personal data that is necessary for the establishment, implementation, and termination of a business relationship or an application process, or which we are legally obligated to collect.

Without this data, we will generally not be able to conclude a contract with you, fulfill it, or process your inquiry.

Contact Form: You are not obligated to contact us via the contact form. However, if you wish to make an inquiry, you must provide the data marked as mandatory fields, as we otherwise cannot process your inquiry.

Application: The provision is necessary for the application process. Without your data, consideration of your application is not possible.

Business Partners/Contracts: The provision is contractually and partially legally required. Without your data, concluding or fulfilling a contract is not possible.

On-Site Visit: The provision is required for security reasons. Without your data, access to our facilities is not possible.

Newsletter: The provision is voluntary. Without your data, you will not receive the newsletter.

Website (Log Data): The provision occurs automatically for technical reasons. Visiting the website is not possible without this data.

 

12. Data Recipients

Your personal data may be disclosed to the following recipients:

Internal Departments: Responsible departments that need this data to fulfill contractual and legal obligations or to safeguard our legitimate interests.

Data Processors (Art. 28 GDPR): IT service providers, logistics companies, external data centers, accounting, printing services, and other service providers who assist us in fulfilling our obligations.

Public Authorities: Authorities or other public institutions when we are legally obligated to do so (Art. 6 para. 1 lit. c GDPR).

Third Parties: In the case of existing contractual relationships, data may be disclosed to credit agencies, collection agencies, lawyers, courts, or experts to enforce contractual claims (Art. 6 para. 1 lit. b GDPR – contract fulfillment).

 

13. Data Transfer to Third Countries

Transfer of your data to countries outside the EU/EEA only occurs when this is necessary for the respective processing. Not every processing involves a third country transfer.

Website (Analysis and Tracking Tools): If you consent to the use of analysis and tracking tools, transfer to the USA may occur, secured by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).

Business Partners, Suppliers and Service Providers: Transfer to third countries only occurs when the respective business partner, supplier, or service provider is based in a third country or passes data on to service providers in third countries. This may affect the following countries on a case-by-case basis:

  • Switzerland: Secured by an adequacy decision of the EU Commission
  • United Kingdom: Secured by an adequacy decision of the EU Commission
  • USA: Secured by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs)
  • Serbia: Secured by an adequacy decision of the EU Commission (since January 2024)

Social Media: When you visit our social media presences, transfer to the USA may occur by the platform operators, secured by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).

Software Tools: When using certain software tools, transfer to the USA may occur, secured by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).

No third country transfer occurs for: Applications (data remains in the EU), newsletter (servers in Germany), on-site visitors, and contact form/email contact.

 

14. Retention Period

We store your personal data only as long as necessary for the respective purpose or as required by legal retention periods. Data is deleted when the purpose of processing ceases or legal retention periods have expired.

The deletion of personal data is based on an internal deletion concept of the HÖRMANN Group, which defines binding deletion periods for all data categories.

  • Website log data is stored for 7 days.
  • Cookies are stored for a maximum of 6 months.
  • Unsuccessful applications are deleted 6 months after completion of the process.
  • Applicant pool (with consent): Your data is stored for a maximum of 1 year after submission of the last documents.
  • Visitor forms are stored for 4 weeks.
  • Business documents are retained for up to 10 years (legal retention periods under commercial and tax law).
  • Newsletter data is stored until unsubscription.

 

15. Your Rights

You have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR): You can request information about your processed data.

Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate data.

Right to Erasure (Art. 17 GDPR): You can request deletion of your data, provided there are no legal retention obligations.

Right to Restriction (Art. 18 GDPR): You can request restriction of processing.

Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, machine-readable format.

Right to Object (Art. 21 GDPR): You can object to the processing of your data if it is based on Art. 6 para. 1 lit. e or f GDPR.

Right to Withdraw Consent (Art. 7 para. 3 GDPR): You can withdraw consent you have given at any time. The lawfulness of processing carried out until withdrawal remains unaffected.

Right to Lodge a Complaint (Art. 77 GDPR): You can file a complaint with a supervisory authority.

Special Notice Regarding the Right to Object (Art. 21 GDPR)

If we process your personal data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR), you have the right to object at any time for reasons arising from your particular situation.

If we process your data for the purpose of direct marketing, you can object at any time without giving reasons. After your objection, we will no longer process your data for this purpose.

You can submit your objection informally to datenschutz@hoermann-logistik.de.

Competent Supervisory Authority:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
T +49 (0) 981 180093-0
E poststelle@lda.bayern.de 

16. Security Measures

We implement extensive technical and organizational measures (TOMs) to protect your data. Please also visit our Trust Center for more information.

17. Changes to This Privacy Policy

This privacy policy will be updated as necessary to comply with new legal requirements or changes to our data processing procedures.

Last updated: 05/2026