Die Fertigung bei HÖRMANN Automotive Saarbrücken.

Privacy Policy of HÖRMANN Intralogistics GmbH

  1. Home
  2. Privacy Policy

At HÖRMANN Intralogistics, data protection is a core concern that we pursue with responsibility and at eye level. This privacy policy informs you about the processing of personal data and your rights. It applies to our website and all business interactions. Further information on our measures in the areas of data protection, information security, quality management, and compliance can be found in our Trust Center.

 

1. Controller and Data Protection Officer

1.1 Controller

The controller for data processing pursuant to Art. 4(7) GDPR is:

Depending on which entity you are in contact with, the respective entity listed above is responsible for the processing of your data.

1.2 Data Protection Officer

We have appointed a Data Protection Officer who acts for HÖRMANN Intralogistics Solutions GmbH in accordance with Art. 37 et seq. GDPR:

Prof. Dr. Thorsten B. Behling, Attorney at Law, ISO/IEC 27001 Lead Auditor, BUSE Rechtsanwälte Steuerberater GmbH & Co. KG, T +49 (0) 211 388 000, E behling@buse.de, www.buse.de

There is no legal obligation to appoint a Data Protection Officer for the Austrian and Polish entities. For data protection inquiries regarding these entities, please contact datenschutz@hoermann-logistik.de.

 

2. Data Processing on the Website

2.1 Visiting the Website

Purpose and Legal Basis: We process your data to ensure smooth connection establishment, to ensure comfortable use, to evaluate system security and stability, and for administrative purposes. Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the technical functionality and IT security of our website as well as optimizing our online services.

2.2 Contact Form and Email Contact

Purpose and Legal Basis: We process your data to handle your inquiries and to fulfill contractual or pre-contractual measures. If your inquiry is directed toward concluding or fulfilling a contract, processing is based on Art. 6(1)(b) GDPR. For other inquiries, processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in responding to your inquiries and maintaining business relationships.

2.3 Whitepaper Download Request

Purpose and Legal Basis: We process your data to provide the whitepaper and, if applicable, to contact you regarding thematically related offers. Provision of the whitepaper is based on your consent pursuant to Art. 6(1)(a) GDPR, which you grant by submitting the download form. If further marketing contact occurs, the legal basis is also your consent pursuant to Art. 6(1)(a) GDPR.

Note: You may revoke your consent at any time.

2.4 Cookies

Purpose and Legal Basis: We use cookies to improve user experience and for statistical analysis to optimize the website.

For technically necessary cookies, processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in providing a functional website and ensuring IT security.

For analytics and marketing cookies, processing is based on your consent pursuant to Art. 6(1)(a) GDPR.

Consent Manager: When you first visit our website, you will be asked via a cookie banner for your consent to non-essential cookies. You can adjust your settings at any time via the cookie banner or revoke your consent.

2.5 Analytics and Tracking Tools

Purpose and Legal Basis: We process your data to design and optimize the website and for statistical analysis of usage. Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. You can grant consent via our consent manager and revoke it at any time.

Note: Data is transferred to the USA (see section “Data Transfer to Third Countries”).

 

3. Processing of Application Data

3.1 Purpose and Legal Basis

We process your application data for applications to specific job postings, for unsolicited applications, and for communication during the application process. The legal basis for this is Art. 6(1)(b) GDPR (pre-contractual measures) in conjunction with Section 26(1) BDSG (German Federal Data Protection Act).

Inclusion in the applicant pool and consideration for similar open positions occurs only with your consent based on Art. 6(1)(a) GDPR.

Fulfillment of legal obligations (e.g., AGG documentation) is based on Art. 6(1)© GDPR.

3.2 Data Recipients

Your application data is shared internally with the Human Resources department and the relevant specialist department, insofar as this is necessary for processing your application.

For managing the application process, we use an application portal operated by an external service provider who processes your data on our behalf (data processing pursuant to Art. 28 GDPR).

Data is only shared with headhunters or recruitment agencies if they are involved in the specific application process—for example, if you became aware of us through a recruitment agency or if we are working with an external service provider for a specific position.

3.3 Data Transfer

Currently, no transfer of your application data to a third country takes place.

 

4. Data Processing of Business Partners, Suppliers, and Service Providers

We process your personal data for various purposes within the scope of our business relationship.

Conducting the Business Relationship: The execution of contracts, orders, and services, clarification of questions, handling of complaints, settlement of invoices, and preparation of offers are based on Art. 6(1)(b) GDPR (contract fulfillment).

Communication: Recording and processing of contacts, initiating contact, and processing correspondence within existing contractual relationships are based on Art. 6(1)(b) GDPR (contract fulfillment). For general relationship maintenance without specific contractual reference, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in maintaining business relationships.

Logistics and Shipping: Shipping of packages as well as creation of spare parts invoices and service performances are based on Art. 6(1)(b) GDPR (contract fulfillment). Sending of gifts is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in maintaining business relationships.

Project Management: Recording and documentation of project-related information as well as logging of decisions and meetings are based on Art. 6(1)(b) GDPR (contract fulfillment).

Customer Service: Support with complaints, inquiries, and order confirmations is based on Art. 6(1)(b) GDPR (contract fulfillment). Conducting customer satisfaction surveys is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in quality improvement.

IT Management: Setting up VPN remote access, logging into the company network, and documentation of maintenance and deployment planning are based on Art. 6(1)(b) GDPR (contract fulfillment).

Security and Maintenance Planning: Planning of maintenance measures, emergency management, and recording of service-specific information are based on Art. 6(1)(b) GDPR (contract fulfillment).

Compliance: Implementation of the Supply Chain Due Diligence Act (LkSG), internal and external investigations, or security checks are based on Art. 6(1)© GDPR (legal obligation).

Assertion, Exercise, or Defense of Legal Claims: Insofar as these claims result from the contractual relationship, processing is based on Art. 6(1)(b) GDPR (contract fulfillment). Retention of data to fulfill statutory retention obligations (e.g., tax or commercial law obligations) is based on Art. 6(1)© GDPR (legal obligation).

 

5. Data Processing of Visitors

We process your personal data for various purposes in connection with your visit.

Administration and Organization of Your Visit: If your visit is in connection with contract initiation, registration, appointment scheduling, and contact are based on Art. 6(1)(b) GDPR (pre-contractual measures). For other visits (e.g., government representatives, tradespeople, private visitors), the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in organizing visitor management.

Fulfillment of Legal Obligations: Compliance with security regulations and access control are based on Art. 6(1)© GDPR (legal obligation).

Ensuring Company Security: Protection of employees is based on Art. 6(1)© GDPR (legal obligation under the Occupational Health and Safety Act). Protection of visitors is also based on Art. 6(1)© GDPR (duty of care obligations). Protection of trade secrets is based on Art. 6(1)© GDPR (requirements of the Trade Secrets Act).

Tracking of Incidents or Security Events: Insofar as we are legally obligated to document and report (e.g., under occupational health and safety law, DGUV regulations, or Art. 33 GDPR), processing is based on Art. 6(1)© GDPR (legal obligation).

IT and Data Security During Your Stay: Processing in connection with WLAN use is based on Art. 6(1)© GDPR (legal obligation to ensure IT security pursuant to Art. 32 GDPR).

Compliance with Health and Safety Regulations: Processing for fire protection and emergency measures is based on Art. 6(1)© GDPR (legal obligation). In emergency situations, the legal basis is additionally Art. 6(1)(d) GDPR (protection of vital interests).

 

6. Newsletter

6.1 Registration and Distribution

Purpose and Legal Basis: We process your data to send you our newsletter with information about our products, services, and company news.

New Newsletter Registrations: Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. Registration is carried out using the double opt-in procedure.

Existing Customers: If you are already our customer and have provided us with your email address in connection with a purchase or service, we may send you advertising for our own similar products. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interest: direct marketing) in conjunction with Section 7(3) UWG (German Act Against Unfair Competition). You may object to this use at any time, e.g., via the unsubscribe link in the newsletter or by email to datenschutz@hoermann-logistik.de.

Upon registration, the IP address as well as the date and time of registration are stored to prevent misuse.

The subscription can be canceled at any time. Every newsletter contains an unsubscribe link.

6.2 Newsletter Distribution and Analytics

For distributing and analyzing the newsletter, we use a service provider based in Germany. Data is stored on servers in Germany. No transfer to third countries takes place.

The newsletter contains tracking pixels to analyze whether emails are opened and which links are clicked. The legal basis for this analysis is your consent pursuant to Art. 6(1)(a) GDPR, which you grant together with the newsletter registration.

If you do not wish analytics, you can unsubscribe from the newsletter or contact us to deactivate only the analytics.

 

7. Social Media

Purpose and Legal Basis: We maintain online presences on social networks for public relations, communication with prospects and customers, and presentation of our company. Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in effective communication and external presentation.

When you visit our pages, your data is also processed by the platform operators.

Joint Controllership: For certain processing operations (particularly the creation of page statistics), we are jointly responsible with the platform operators pursuant to Art. 26 GDPR. The platform operators have committed to assuming primary responsibility for processing and fulfilling data subject rights. More information can be found in the privacy policies of the respective platforms.

Our Presences:

  • LinkedIn – Operator: LinkedIn Ireland Unlimited Company – Third-country transfer: USA (DPF, SCCs); Link to privacy policy: LinkedIn Privacy Policy
  • Facebook – Operator: Meta Platforms Ireland Limited – Third-country transfer: USA (DPF, SCCs); Link to privacy policy: Meta Privacy Policy
  • Instagram – Operator: Meta Platforms Ireland Limited – Third-country transfer: USA (DPF, SCCs); Link to privacy policy: Meta Privacy Policy
  • kununu – Operator: New Work SE, Hamburg – Third-country transfer: No (EU); Link to privacy policy: Privacy Policy at kununu
  • YouTube – Operator: Google Ireland Limited – Third-country transfer: USA (DPF, SCCs); Link to privacy policy: Privacy Policy – Google

 

8. Use of Software Tools

Purpose and Legal Basis: To fulfill our contractual obligations and optimize our business processes, we use various software tools.

Telephony and Communication: Insofar as communication takes place within the scope of a contractual relationship, the legal basis is Art. 6(1)(b) GDPR (contract fulfillment). For other business communication, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in efficient communication.

Lead Capture at Trade Fairs: If you provide us with your contact information at a trade fair and express interest in our products or services, processing is based on Art. 6(1)(b) GDPR (pre-contractual measures). If you consent to further contact for advertising purposes, the legal basis is Art. 6(1)(a) GDPR (consent).

Translation (including AI-assisted translation): Insofar as translations are necessary within the scope of a contractual relationship, the legal basis is Art. 6(1)(b) GDPR (contract fulfillment).

Marketing and Design: Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in company presentation and customer engagement.

Task and Project Management: Insofar as this processing takes place within the scope of a contractual relationship, the legal basis is Art. 6(1)(b) GDPR (contract fulfillment).

Documentation and Knowledge Management: Insofar as this processing takes place within the scope of a contractual relationship, the legal basis is Art. 6(1)(b) GDPR (contract fulfillment).

IT Service Desk: Insofar as IT support takes place within the scope of a contractual relationship, the legal basis is Art. 6(1)(b) GDPR (contract fulfillment).

Data Location: Predominantly EU. For some providers, data transfer to the USA may occur (see section “Data Transfer to Third Countries”).

Contractual Basis: Depending on the provider’s role, data processing agreements (DPA) have been concluded pursuant to Art. 28 GDPR, or the providers process data as independent controllers based on their own privacy policies.

 

9. Legal Bases for Processing – Overview

Processing of your personal data is based on the following legal bases of the GDPR:

Consent (Art. 6(1)(a) GDPR): You have given your consent to processing. This can be revoked at any time with effect for the future.

Contract Fulfillment (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or pre-contractual measures.

Legal Obligation (Art. 6(1)© GDPR): Processing is necessary for compliance with legal obligations (e.g., tax law, commercial law, retention obligations, LkSG).

Protection of Vital Interests (Art. 6(1)(d) GDPR): Processing is necessary to protect vital interests.

Legitimate Interest (Art. 6(1)(f) GDPR): Processing is necessary to protect legitimate interests, provided your interests do not override them.

Supplementary National Regulations: For certain processing operations, supplementary national provisions apply through opening clauses of the GDPR. Section 26(1) BDSG applies in addition to Art. 6(1)(b) GDPR via Art. 88 GDPR to processing for employment purposes (applications). Section 7(3) UWG applies in addition to Art. 6(1)(f) GDPR to direct marketing toward existing customers.

If your data is to be processed for further purposes, you will be informed and, if necessary, your consent will be obtained.

 

10. Automated Decision-Making

Automated decision-making including profiling pursuant to Art. 22 GDPR does not take place.

 

11. Obligation to Provide Data

You are neither legally nor contractually obliged to provide us with personal data. However, within the scope of our business relationship, you must provide the personal data that is necessary for initiating, conducting, and terminating a business relationship or application procedure, or which we are legally obliged to collect.

Without this data, we will generally not be able to conclude a contract with you, fulfill it, or process your inquiry.

Contact Form: You are not obliged to contact us via the contact form. However, if you wish to submit an inquiry, you must provide the data marked as mandatory fields, as otherwise we cannot process your inquiry.

Application: Provision is required for the application procedure. Without your data, consideration of your application is not possible.

Business Partners/Contracts: Provision is contractually and partly legally required. Without your data, concluding or fulfilling a contract is not possible.

On-Site Visit: Provision is required for security reasons. Without your data, access to our facilities is not possible.

Newsletter: Provision is voluntary. Without your data, you will not receive a newsletter.

Website (Log Data): Provision occurs automatically for technical reasons. Visiting the website is not possible without this data.

 

12. Data Recipients

Your personal data may be shared with the following recipients:

Internal Departments: Relevant departments that require this data to fulfill contractual and legal obligations or to protect our legitimate interests.

Data Processors (Art. 28 GDPR): IT service providers, logistics companies, external data centers, accounting, printing services, and other service providers who assist us in fulfilling our obligations.

Public Authorities: Government agencies or other public institutions when we are legally obliged to do so (Art. 6(1)© GDPR).

Third Parties: In existing contractual relationships, data may be shared with credit agencies, debt collection companies, attorneys, courts, or experts to enforce contractual claims (Art. 6(1)(b) GDPR – contract fulfillment).

 

13. Data Transfer to Third Countries

Transfer of your data to countries outside the EU/EEA only occurs if this is necessary for the respective processing. Not every processing operation involves a third-country transfer.

Website (Analytics and Tracking Tools): If you consent to the use of analytics and tracking tools, transfer to the USA may occur, safeguarded by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).

Business Partners, Suppliers, and Service Providers: Transfer to third countries only occurs if the respective business partner, supplier, or service provider is based in a third country or transfers data to service providers in third countries. In individual cases, this may concern the following countries:

  • Switzerland: Safeguarded by an adequacy decision of the EU Commission
  • United Kingdom: Safeguarded by an adequacy decision of the EU Commission
  • USA: Safeguarded by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs)
  • Serbia: Safeguarded by Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR

Social Media: When you visit our social media presences, transfer to the USA may occur through the platform operators, safeguarded by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).

Software Tools: When using certain software tools, transfer to the USA may occur, safeguarded by the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).

No third-country transfer occurs for: Applications (data remains in the EU), newsletter (servers in Germany), on-site visitors, and contact form/email contact.

 

14. Retention Period

We store your personal data only as long as necessary for the respective purpose or as required by statutory retention periods. Data is deleted when the purpose of processing ceases to apply or statutory retention periods have expired.

Deletion of personal data is carried out based on an internal deletion concept of the HÖRMANN Group, which defines mandatory deletion periods for all data categories.

  • Website log data is stored for 7 days.
  • Cookies are stored for a maximum of 6 months.
  • Unsuccessful applications are deleted 6 months after conclusion of the procedure.
  • Applicant pool (with consent): Your data is stored for a maximum of 1 year after submission of the last documents.
  • Visitor forms are stored for 4 weeks.
  • Business documents are retained for up to 10 years (statutory retention periods under commercial and tax law).
  • Newsletter data is stored until unsubscription.

 

15. Your Rights

You have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR): You may request information about your processed data.

Right to Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.

Right to Erasure (Art. 17 GDPR): You may request the deletion of your data, provided there are no statutory retention obligations.

Right to Restriction (Art. 18 GDPR): You may request restriction of processing.

Right to Data Portability (Art. 20 GDPR): You may receive your data in a structured, machine-readable format.

Right to Object (Art. 21 GDPR): You may object to the processing of your data if it is based on Art. 6(1)(e) or (f) GDPR.

Right to Withdraw Consent (Art. 7(3) GDPR): You may revoke consent given at any time. The lawfulness of processing carried out until revocation remains unaffected.

Right to Lodge a Complaint (Art. 77 GDPR): You may lodge a complaint with a supervisory authority.

Special Notice Regarding the Right to Object (Art. 21 GDPR)

Insofar as we process your personal data based on our legitimate interest (Art. 6(1)(f) GDPR), you have the right to object at any time on grounds relating to your particular situation.

If we process your data for the purpose of direct marketing, you may object at any time without stating reasons. Following your objection, we will no longer process your data for this purpose.

You may submit an objection informally to datenschutz@hoermann-logistik.de.

Competent Supervisory Authority:

  • Germany Location: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, T +49 (0) 981 180093-0, E poststelle@lda.bayern.de
  • Austria Location: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien, T +43 1 52 152-0, E dsb@dsb.gv.at
  • Poland Location: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, T +48 22 531 03 00, E kancelaria@uodo.gov.pl

 

16. Security Measures

We implement comprehensive technical and organizational measures (TOMs) to protect your data. Please also visit our Trust Center for more information.

 

17. Changes to This Privacy Policy

This privacy policy will be updated as necessary to comply with new legal requirements or changes to our data processing procedures.

Last updated: 05/2026