Privacy Policy of HÖRMANN Intralogistics GmbH
At HÖRMANN Intralogistics, information security, data protection and compliance are central concerns that we pursue with responsibility and at eye level. This privacy policy informs you about the processing of personal data and your rights. It applies to our website and all business interactions. Further information on our measures in the areas of information security and compliance can be found in our Trust Center.
1. Controller and Data Protection Officer
1.1 Controller
The controller for data processing pursuant to Art. 4 (7) GDPR is:
HÖRMANN Intralogistics Solutions GmbH Mr Rainer Baumgartner and Mr Benito Vigo Nieves Gneisenaustraße 15 80992 Munich, Germany T +49 89 149898-0 E datenschutz@hoermann-logistik.de
HÖRMANN Intralogistics Solutions Ges.m.b.H. Mr Hannes Reiter Grazer Str. 10 8130 Frohnleiten, Austria T +43 31622 8611-510 E datenschutz@hoermann-logistik.de
HÖRMANN Intralogistics Solutions Sp.Z.O.O. Mr Oleg Solovey Azymutalna 9 80-299 Gdańsk, Poland T +48 577 400 145 E datenschutz@hoermann-logistik.de
1.2 Data Protection Officer
We have appointed a Data Protection Officer who acts for HÖRMANN Intralogistics Solutions GmbH pursuant to Art. 37 ff GDPR:
Prof. Dr. Thorsten B. Behling Lawyer · ISO/IEC 27001 Lead Auditor BUSE Rechtsanwälte Steuerberater GmbH & Co. KG T +49 (0) 211 388 000 E behling@buse.de www.buse.de
2. Data Processing on the Website
2.1 Visiting the Website
Purpose: Ensuring smooth connection establishment, guaranteeing comfortable use, evaluating system security and stability, and administrative purposes.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest)
2.2 Contact Form and Email Contact
Purpose: Processing your enquiries and fulfilling contractual or pre-contractual measures.
Legal basis: Art. 6 (1) lit. b, c, f GDPR
2.3 Whitepaper Download Request
Purpose: Contacting you after the download.
Legal basis: Art. 6 (1) lit. b, c, f GDPR
2.4 Cookies
Purpose: Improving user experience and statistical collection for website optimisation.
Legal basis:
- Technically necessary cookies: Art. 6 (1) lit. f GDPR (legitimate interest)
- Analysis/marketing cookies: Art. 6 (1) lit. a GDPR (consent)
Consent Manager: When you first visit our website, you will be asked for your consent to non-necessary cookies via a cookie banner. You can adjust your settings at any time via the cookie banner or withdraw your consent.
2.5 Analysis and Tracking Tools
Purpose: Design and optimisation of the website and statistical recording of usage.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest)
Note: Data is transferred to the USA (see section “Data Transfer to Third Countries”).
3. Data Processing of Applications
Purpose of Processing
- Application for a specific job posting
- Unsolicited application
- Inclusion in the applicant pool
- Communication during the application process
- Consideration for similar open positions
Legal basis: Art. 6 (1) lit. a, b, c, f GDPR
Special Data Recipients
- Human Resources department and specialist department
- Application portal (external service provider)
- Headhunters and recruitment consultants in an advisory capacity
Data Transfer
Currently, your application data is not transferred to a third country.
4. Data Processing of Business Partners, Suppliers and Service Providers
Purpose of Processing
- Conducting business relationships: Processing of contracts, orders and services, clarification of questions, handling of complaints, payment of invoices and preparation of offers.
- Communication: Recording and processing of contacts, contacting and processing of correspondence.
- Logistics and shipping: Shipping of packages and gifts, preparation of spare parts invoices and services.
- Project management: Recording and documentation of project-related information, recording of decisions and meetings.
- Customer service: Support with complaints, enquiries and order confirmations, conducting customer satisfaction surveys.
- IT management: Setting up VPN remote access, registration in the company network, documentation of maintenance and deployment planning.
- Security and maintenance planning: Planning of maintenance measures, emergency management, recording of service-specific information.
- Compliance: Implementation of the Supply Chain Due Diligence Act (LkSG), internal and external investigations or security checks.
Legal basis: Art. 6 (1) lit. a, b, c, f GDPR
5. Data Processing of Visitors
Purpose of Processing
- Administration and organisation of your visit (registration, scheduling, contacting)
- Fulfilment of legal obligations (security regulations, access control)
- Ensuring company security
- Tracking of incidents or security events
- IT and data security during your stay (e.g. WiFi use)
- Compliance with health and safety regulations (fire protection, emergency measures)
Legal basis: Art. 6 (1) lit. a, c, d, f GDPR
Note: Automated decision-making including profiling does not take place.
You are generally not obliged to provide us with your data. However, if you do not provide this data, this may result in us being unable to receive you as a visitor.
6. Newsletter
Registration for our newsletter is via a double opt-in procedure. Upon registration, the IP address as well as the date and time of registration are stored to prevent misuse.
The subscription can be cancelled at any time. Each newsletter contains an unsubscribe link.
Legal basis: Art. 6 (1) lit. a GDPR (consent) or Section 7 (3) UWG (German Unfair Competition Act)
Newsletter Dispatch and Analysis
We use a service provider based in Germany to send and analyse the newsletter. The data is stored on servers in Germany. No transfer to third countries takes place.
The newsletter contains tracking pixels to analyse whether emails have been opened and which links have been clicked. If you do not want analysis, you can unsubscribe from the newsletter.
7. Social Media
We maintain online presences on social networks. When you visit our pages, your data is also processed by the platform operators.
| Platform | Operator | Third Country Transfer |
|---|---|---|
| LinkedIn Ireland Unlimited Company | USA (DPF, SCCs) | |
| Meta Platforms Ireland Limited | USA (DPF, SCCs) | |
| Meta Platforms Ireland Limited | USA (DPF, SCCs) | |
| kununu | New Work SE, Hamburg | No (EU) |
| YouTube | Google Ireland Limited | USA (DPF, SCCs) |
8. Use of Software Tools
We use various software tools to fulfil our contractual obligations and to optimise our business processes.
Purposes of Processing
- Telephony and communication
- Lead capture at trade fairs
- Translation (including AI-supported translation)
- Marketing and design
- Task and project management
- Documentation and knowledge management
- IT service desk
Legal basis: Art. 6 (1) lit. a, b, f GDPR
Data location: Predominantly EU. Some providers may transfer data to the USA (see section “Data Transfer to Third Countries”).
Contractual basis: Depending on the role of the provider, data processing agreements (DPA) pursuant to Art. 28 GDPR have been concluded or the providers process data as independent controllers on the basis of their own privacy policies.
9. Legal Bases for Processing
The processing of your personal data is based on the following legal bases:
- Consent (Art. 6 (1) lit. a GDPR): You have given your consent to the processing. This can be withdrawn at any time with effect for the future.
- Contract fulfilment (Art. 6 (1) lit. b GDPR): Processing is necessary for the performance of a contract or pre-contractual measures.
- Legal obligation (Art. 6 (1) lit. c GDPR): Processing is necessary to comply with legal obligations (e.g. tax law, commercial law, archiving obligations).
- Protection of vital interests (Art. 6 (1) lit. d GDPR): Processing is necessary to protect vital interests.
- Legitimate interest (Art. 6 (1) lit. f GDPR): Processing is necessary to safeguard legitimate interests, provided your interests do not override.
If your data is to be processed for other purposes, you will be informed and, if necessary, your consent will be obtained.
10. Data Recipients
Your personal data may be disclosed to the following recipients:
- Internal departments: Responsible departments that require this data to fulfil contractual and legal obligations or to safeguard our legitimate interests.
- Processors (Art. 28 GDPR): IT service providers, logistics companies, external data centres, accounting, print services and other service providers that support us in fulfilling our obligations.
- Public bodies: Authorities or other public institutions if legal obligations exist.
- Third parties: In the context of legitimate interests, data may be disclosed to authorities, credit agencies, debt collection agencies, lawyers, courts or experts.
11. Data Transfer to Third Countries
Your data will only be transferred to countries outside the EU/EEA in certain cases. The following overview shows which processing operations involve a third country transfer:
| Processing | Third Country | Safeguard |
|---|---|---|
| Website (analysis and tracking tools) | USA | EU-US Data Privacy Framework (DPF), SCCs |
| Business partners | Switzerland | Adequacy decision of the EU Commission |
| Suppliers/service providers (customers) | United Kingdom | Adequacy decision of the EU Commission |
| Suppliers/service providers (customers) | USA | EU-US Data Privacy Framework (DPF), SCCs |
| Suppliers/service providers (customers) | Serbia | EU Standard Contractual Clauses (SCCs) |
| Social Media | USA | EU-US Data Privacy Framework (DPF), SCCs |
| Software tools (partially) | USA | EU-US Data Privacy Framework (DPF), SCCs |
No third country transfer occurs for:
- Applications (data remains in the EU)
- Newsletter (servers in Germany)
- Visitors on site (no transfer)
- Contact form/email contact (no transfer)
12. Retention Period
We only store your personal data for as long as is necessary for the respective purpose or as required by statutory retention periods. Data will be deleted when the purpose of processing no longer applies or statutory retention periods have expired.
Specific retention periods:
| Category | Retention Period |
|---|---|
| Website log data | 14 days |
| Cookies | max. 6 months |
| Unsuccessful applications | 4 months after completion |
| Applicant pool (with consent) | 2 years |
| Visitor forms | 3 months |
| Business documents | up to 10 years (statutory retention periods) |
| Newsletter data | until unsubscription |
13. Your Rights
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR): You can request information about your processed data.
- Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
- Right to erasure (Art. 17 GDPR): You can request the deletion of your data, provided no statutory retention obligations exist.
- Right to restriction (Art. 18 GDPR): You can request the restriction of processing.
- Right to data portability (Art. 20 GDPR): You can receive your data in a structured, machine-readable format.
- Right to object (Art. 21 GDPR): You can object to the processing of your data if it is based on Art. 6 (1) lit. e or f GDPR.
- Right to withdraw consent (Art. 7 (3) GDPR): You can withdraw consent at any time. The lawfulness of processing carried out until withdrawal remains unaffected.
- Right to lodge a complaint (Art. 77 GDPR): You can lodge a complaint with a supervisory authority.
Competent supervisory authority: Bavarian State Office for Data Protection Supervision Promenade 18 91522 Ansbach, Germany T +49 (0) 981 180093-0 E poststelle@lda.bayern.de
14. Security Measures
We implement comprehensive technical and organisational measures (TOMs) to protect your data.
15. Changes to this Privacy Policy
This privacy policy will be updated as necessary to meet new legal requirements or changes to our data processing procedures.
Last updated: 05/2026