Four white HOYER trucks with gas container on a bridge
Four white HOYER trucks with gas container on a bridge

Handling of personal data

Data privacy at HOYER

We are delighted at your interest and your visit to our website. Protection of your personal data is especially important to us in every phase of the collaboration. We would therefore like to explain to you what information we collect and how this information is used.

1. Handling of usage data on our homepage www.hoyer-group.com

1.1 Server log data

The page provider automatically collects and stores information in what are called server log files, which your browser automatically transfers. These data are mainly:

  • Browser type and browser version
  • Operating system used
  • Referrer URL (origin address)
  • Date and time of day of the server request
  • IP address

These data are stored separately from other data that you may transfer to us, and are not merged with data from other sources.

The basis for data processing is Article 6, Para. 1, Letter f of the GDPR (General Data Protection Regulation), which allows data processing based on legitimate interests. In this case, there is legitimate interest in the secure, trouble-free operation of the web server. To ensure this, the administration must be able to recognise and understand attacks on the system, and its malfunctions, via server log files. Accesses to the server must be stored to enable recognition of attack patterns. These data are deleted as soon as they are no longer needed. As a rule, this happens after seven (7) days. For technical reasons, data are available to the hosting service provider, but the latter is bound by our instructions and contractually obliged to us.

1.2 Contact form

When you send enquiries to us via a contact form, we store and process your information from the form in order to process the enquiry and in the event of follow-up questions.

Mandatory fields are identified accordingly. Completing mandatory fields is necessary to enable us to reply to and process your enquiries. Moreover, all information is voluntary.

Data entered into the contact form are processed exclusively based on your consent (Article 6, Para. 1, Letter a of the GDPR). You can revoke this consent at any time. Revocation applies only for the future.

We do not give your data to third parties without your consent or without another permissible legal basis. The fact that our technical service providers can gain insight cannot be excluded, but they are, however, obliged to maintain secrecy.

The data you enter into the contact form remain with us until you ask us to delete it, or you revoke your consent to storage, or the purpose of the data storage no longer applies (e.g. after processing of your enquiry is complete). Mandatory statutory provisions – especially retention periods – remain unaffected.

1.3 Cookies

We can use cookies for technical reasons, to optimise our Internet pages and to determine page views.

The cookies that are involved can be seen here, where you can also revoke consents that may possibly have been granted.

1.4 Consent management in cookies and other data storage

We use a service of Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany, to manage consents granted for cookies and similar technologies. Detailed information about this can be accessed here.

1.5 Google Analytics

With your consent, Google’s web analysis service is used. Detailed information about this can be accessed here, where you can also revoke consents that may possibly have been granted.

1.6 YouTube

With your consent, YouTube videos are loaded and displayed on our pages. Detailed information about it can be accessed here, where you can also revoke consents that may possibly have been granted.

2. HOYER Connect customer portal (including web analysis)

To be able to use the HOYER Connect customer portal, you must be registered with HOYER and log on with your user name and password.

The following personal data are processed for this purpose: names, E-mail address, employer, telephone number.

These data originate from yourself or were communicated to us by your employer/client and/or by your colleagues.

Data processing takes place based on the legitimate interests of HOYER (Article 6, Para. 1, Letter f of the GDPR). The legitimate interests consist of providing information und in fulfilling the contract with your employer or client. Insofar as corresponding consent was requested, processing takes place exclusively based on Article 6, Para. 1, Letter a of the GDPR; you can revoke consent at any time.

Our IT service providers can access users’ personal data. They also include Microsoft in the USA. We draw attention to the fact that according to the present legal situation, no adequate level of protection exists in the USA. Microsoft bases its data transmission on the EU Commission’s standard contractual clauses, which you can see here.

Personal data are stored for as long as they are required for the purposes mentioned above, or until you request deletion, or for as long as this is required by legal retention periods.

When using the HOYER Connect customer portal, and if you voluntarily consent before the respective use, Microsoft’s “Azure Application Insights” web analysis service will also be used. You can access more information about this here, where you can also revoke any consent that may possibly have been granted.

You can find more information about Microsoft’s handling of your data in the Microsoft Data Protection Provisions at Microsoft Privacy Statement – Microsoft privacy

3. Handling job applicant’s data

3.1 Collecting and processing personal data

Personal data, e.g. your name, your address and your telephone number or E-mail address, are transmitted to us, with your consent, through your job application. In compliance with the Data Protection Regulation, and safeguarding your protection-worthy interests, we process these data only in the context of the job recruitment process for the advertised position, or for a similar vacancy for which we are considering you. If you do not agree to the processing of your personal data for another vacancy, please inform us of this after your job application has been received, in writing, either to jobs@hoyer-group.com or by post to the following address:

HOYER GmbH Internationale Fachspedition
Corporate Human Resources
Wendenstrasse 414 – 424
20537 Hamburg, Germany

The legal bases for processing personal data are described in detail in Article 6, Para. 1, Letter b of the General Data Protection Regulation (GDPR).

3.2 WhatsApp

You can also submit your application to us via WhatsApp. We would like to point out that WhatsApp also processes user data outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. When you click on the corresponding link, a connection to the selected network is established and data about you is transmitted there. In order to use this feature, you must already have an account with WhatsApp, so the legal basis for this processing is your consent (Art. 6 (1) a DSGVO). The data processing by us is based on your consent (Art. 6 (1) a DSGVO).

For more information, please click here: WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Data protection information can be found at https://www.whatsapp.com/legal/#privacy-policy.

In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the provider. Only the provider has access to the user's data and can take appropriate measures and provide information directly.

3.3 Duration of storage

Your job application documents will be stored for as long as necessary for the purposes mentioned above, and for as long as required by statutory retention periods. We delete your data after the expiry of six (6) months after the vacant position has been filled, unless we have your consent to store the data for longer.

4. Handling data of our business partners

We collect personal data about business partners and the contact persons.

We process your data for the following purposes:

  • making professional contact
  • Maintaining business relationships

The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO: Our legitimate interests are the performance of the contract and the maintenance of the business relationship. Insofar as we process personal data in addition, this is based on your consent (Art. 6 para. 1 letter a DSGVO).

For this purpose, we process the following categories of data:

  • Your name
  • Your professional contact details
  • Your employer and your professional position
  • Details of previous communication

We only process other personal data if you provide it to us voluntarily.

We only share your data with other recipients if there is a legal basis for doing so or if you give your consent in individual cases. Our technical service providers, some of whose sub-service providers are based in the USA, may also gain insight. The legal basis for the transfer to this third country are EU standard contractual clauses.

The storage period depends on the above-mentioned purposes and, if applicable, on the statutory retention periods.

5. Facebook

We maintain an online presence on Facebook, and in this context we process the data of users who are active there, in order to communicate with them and offer them information about ourselves. We draw attention to the fact that this may involve processing users’ data outside of the European Union. This may entail risks for users, e.g. because enforcing their rights may become more difficult.

We are jointly responsible with the operator of Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for the collection (but not for the further processing) of data from visitors to our Facebook page (so-called "fan page"). These data includes information about the types of contents that users view or with which they interact, or the actions they take (see under “actions taken and things provided by you and others” in Facebook’s Data Guideline: https://www.facebook.com/policy), and also information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings and cookie data; see under “device information” in Facebook’s Data Guideline). As explained in the Facebook Data Guideline, Facebook also collects and uses information to provide analysis services for page operators. We have concluded a special agreement with Facebook for this purpose. You can see the essential aspects of this agreement here: https://www.facebook.com/legal/controller_addendum

As a rule, users’ data are processed for market research and advertising purposes. User profiles can be created from the usage behaviour and the interests arising therefrom. These profiles can be used, for example, to insert advertising inside and outside of Facebook and corresponding to users’ presumed interests. As a rule, for this purpose, cookies are set on users’ computers, through which users’ usage behaviour and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are Facebook members and are logged in there).

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to Facebook’s Data Protection Declarations and statements. Requests for information and the assertion of users’ rights can also be asserted most effectively there.

Processing users’ personal data is based on our legitimate interests in effective information about/for users, and communication with users, pursuant to Article 6, Para. 1, Letter f of the GDPR. If the respective providers ask users for consent to data processing (i.e. to declare their agreement by, for example, ticking a checkbox or confirming a button), the legal basis of the processing is Article 6, Para. 1, Letter a of the GDPR.

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to Facebook’s General Data Protection Declaration at: https://www.facebook.com/policy

6. LinkedIn

Moreover, we maintain an online presence on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland), in order to communicate with users who are active there and to offer information about ourselves.

We draw attention to the fact that this may involve processing users’ data outside of the European Union. This may entail risks for users, e.g. because enforcing their rights could become more difficult.

As a rule, users’ data are also processed for market research and advertising purposes. Thus, for example, usage profiles can be created from the usage behaviour and users’ interests arising therefrom. The usage profiles can in turn be used, for example, to insert advertising inside and outside of the platforms and corresponding to users’ presumed interestsAs a rule, for these purposes, cookies are set on users’ computers, through which users’ usage behaviour and interests are storedFurthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in to the latter).

Processing users’ personal data is based on our legitimate interests in effective information about/for users, and communication with users, pursuant to Article 6, Para. 1, Letter f of the GDPR. If the respective providers ask users for consent to data processing (i.e. to declare their agreement by, for example, ticking a checkbox or confirming a button), the legal basis of the processing is Article 6, Para. 1, Letter a of the GDPR.

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to LinkedIn’s statements: Data Protection Declarationhttps://de.linkedin.com/legal/privacy-policy, opportunity to object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

In the event of requests for information and the assertion of users’ rights, we draw attention to the fact that these can be most effectively asserted with the provider, LinkedIn. Only the provider has access to the users’ data in each case, and can directly take corresponding measures and give information.

7. YouTube

Furthermore, we maintain an online presence on YouTube (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), in order to communicate with users who are active there and to offer information about ourselves.

We draw attention to the fact that this may involve processing users’ data outside of the European Union. This may entail risks for users, e.g. because enforcing their rights could become more difficult.

As a rule, users’ data are also processed for market research and advertising purposes. Thus, for example, user profiles can be created from the usage behaviour and the users’ interests arising therefrom. The usage profiles can in turn be used, for example, to insert advertising inside and outside of the platforms and corresponding to users’ presumed interestsAs a rule, for these purposes, cookies are set on users’ computers, through which users’ usage behaviour and interests are storedFurthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in to the latter).

Processing users’ personal data is based on our legitimate interests in effective information about/for users, and communication with users, pursuant toArticle 6, Para. 1, Letter f of the GDPR. If the respective providers ask users for consent to data processing (i.e. to declare their agreement by, for example, ticking a checkbox or confirming a button), the legal basis of the processing is Article 6, Para. 1, Letter a of the GDPR.

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to Google’s statements: Data Protection Declaration: https://policies.google.com/privacy; opportunity to object (Opt-Out): https://adssettings.google.com/authenticated.

In the event of requests for information and the assertion of users’ rights, we draw attention to the fact that these can be most effectively asserted with the provider, Google. Only the provider has access to the users’ data in each case, and can directly take corresponding measures and give information.

8. Xing

We maintain an online presence on Xing (operated by New Work SE, Am Strandkai 1 20457 Hamburg, Germany), in order to communicate with users who are active there and to inform them there about our offers.

Users’ data can also be processed for market research and advertising purposes. Thus, for example, usage profiles can be created from the usage behaviour and the users’ interests arising therefrom. The usage profiles can in turn be used, for example, to insert advertising inside and outside of the platforms and corresponding to users’ presumed interests. As a rule, for these purposes, cookies are set on users’ computers, through which users’ usage behaviour and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in to the latter).

Processing users’ personal data is based on our legitimate interests in effective information about/for users, and communication with users, pursuant to Article 6, Para. 1, Letter f of the GDPR. If the respective providers ask users for consent to data processing (i.e. to declare their agreement by, for example, ticking a checkbox or confirming a button), the legal basis of the processing is Article 6, Para. 1, Letter a of the GDPR.

For a detailed presentation of the respective processing, we refer to Xing’s statements: Data Protection Declaration: https://privacy.xing.com/de/datenschutzerklaerung. You can find a description of the Opt-Out on this page: https://privacy.xing.com/de/datenschutzerklaerung/informationen-die-wir-auf-grund-ihrer-nutzung-von-xing-automatisch-erhalten/tracking-in-eingebundenen-fremdinhalten.

In the event of requests for information and the assertion of users’ rights, we draw attention to the fact that these can be most effectively asserted with the provider, LinkedIn. Only the provider has respective access to the users’ data in each case, and can directly take corresponding measures and give information.

9. Compliance Hotline

As part of our compliance management system, we have set up a compliance hotline. You have the opportunity to use this hotline to submit information on matters of which we have a legitimate interest in becoming aware.

9.1 Reporting office

We have commissioned the law firm Heuking Kühn Lüer Wojtek as an outsourced internal whistleblower reporting office (hereinafter: "Whistleblower Reporting Office") to receive and review such information. Reports to the Whistleblower Reporting Office can be submitted by telephone, e-mail, fax, post, in person or electronically via a web form or via the website https://whistlefox.heuking.de/report/hoyer/en Reports to the Whistleblower Reporting Office can be made anonymously. The use of the whistleblower hotline is voluntary. Further details can be found in the Whistleblower Policy.

When you make a report, the Whistleblower Reporting Centre collects the information you provide. This includes your personal data, if you disclose your identity, and usually the names and other personal data of the persons you name in your report. For more details on how the Whistleblower Reporting Office handles your personal data, please see the Whistleblower Reporting Office's Privacy Policy at https://whistlefox.heuking.de/UserContent/Legal/Datenschutzinformation_en.pdf .

9.2 Categories of personal data we process

We receive a report from the whistleblower reporting office once they have reviewed the report, which may include the following personal data:

  • Names and other personal data of the whistleblower only if the whistleblower does not wish to remain anonymous and agrees to share it with us;
  • Names and other personal data resulting from the report of the persons named in the report.

In the course of further clarification of the reported facts and further processing, further personal data may be collected and processed by us.

9.3 Purposes of data processing, legal basis

The purpose of processing the data provided to us by the whistleblower reporting office is to process and manage reports of compliance violations, violations of statutory provisions and violations in connection with our business operations by employees, customers, suppliers and other third parties.

The legal basis for the processing of your personal data as a whistleblower is, if you disclose your identity and consent to the disclosure of your name to us by the whistleblower reporting office, your consent (Art. 6 para. 1 sentence 1 lit. a DSGVO).

The legal basis for the processing of the personal data of the persons affected by the report is our legitimate interest in detecting and preventing breaches of the law and misconduct (Art. 6 para. 1 p. 1 lit. f DSGVO). A legitimate interest in the detection and prevention of legal violations and misconduct exists insofar as we are legally obliged to do so in certain areas. Moreover, such violations can not only cause considerable economic damage, but also lead to a significant loss of reputation.

If the data subject is one of our employees, the legal basis for processing in the course of processing or further investigation of the reported facts is Section 26 (1) sentence 1 BDSG (processing for purposes of the employment relationship) or Section 26 (1) sentence 2 BDSG (processing for the detection of criminal offences) and, if applicable, our legitimate interest described above (Art. 6 (1) sentence 1 lit. f DSGVO).

9.4 Disclosure to third parties

If the report concerns another company of the HOYER Group, we will pass on the contents of the report and the results of the further clarification of the facts to this company of the HOYER Group.

We may also pass on the contents of the report and the results of the further clarification of the reported facts to courts, authorities and other public bodies. This may be the case if we are legally obliged to disclose the data or if this is necessary for the assertion, exercise or defence of legal claims.

In the course of the clarification measures and in the assertion, exercise or defence of legal claims, we also make use of the support of law firms or auditing companies if necessary.

In addition, we may involve (technical) service providers in the clarification and processing of the reported facts, who act for us as processors within the meaning of Article 28 of the GDPR and are bound by instructions on the basis of corresponding agreements.

9.5 Duration of data storage

Personal data will be stored for as long as is necessary to clarify the notification and any subsequent measures, or for as long as there is a legitimate interest on our part, or for as long as is required by law. Afterwards, the data will be deleted in accordance with the legal requirements.

9.6 Transfer of data to third countries

As a general rule, no personal data from notifications will be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) unless the notification concerns a HOYER Group company located in a country outside the EU or the EEA. Countries outside the European Union or the European Economic Area may have different rules on the protection of personal data. When sharing information in this way, we will comply with the relevant data protection regulations.

10. Rights of data subjects

As a data subject, you are entitled to the following rights, insofar as the statutory conditions for them are fulfilled:

  • Right to information, Article 15 of the GDPR
  • Right to correction, Article 16 of the GDPR
  • Right to deletion, Article 17 of the GDPR
  • Right to restriction of processing, Article 18 of the GDPR
  • Right to data portability, Article 20 of the GDPR
  • Right to object, Article 21 of the GDPR

You have the right, with effect for the future, to revoke at any time the consent to data processing that you granted.

You have the right to complain to the Data Protection Supervisory Authority about data processing.

11. Contact details of the Data Protection Officer

If you have any more questions on the subject of data protection and the handling of your personal data in the HOYER Group, please contact our Data Protection Officer:

fox-on Datenschutz GmbH
Pollerhofstrasse 33 a
51789 Lindlar/Cologne, Germany
www.fox-on.com
E-mail: dsb@fox-on.com
Tel.: +49 2266/90 15 920

12. Responsible body

The body responsible for data processing on this web site is:

HOYER GmbH Internationale Fachspedition
Wendenstrasse 414–424
20537 Hamburg, Germany

Tel.: +49 40 21044 0
Fax: +49 40 21044 246
E-mail: hoyer@hoyer-group.com