This website is operated by HMS Analytical Software GmbH (HMS). In the following, we inform you about the processing of personal data during the use of this website. Use is generally possible without providing any personal data. If someone wants to use services of our company via our webpage, this might, however, require a processing of personal data. The legal basis for our data processing can be found in the European General Data Protection Regulation (GDPR), its text and the associated recitals, which you can find here, for example. In the following information, we refer to the corresponding regulations as the respective legal basis for our processing.
Data Controller in the definition of the GDPR is:
HMS Analytical Software GmbH
Grüne Meile 29
69115 Heidelberg
Germany
Phone: +49 (6221) 6051 0
Email: info(at)analytical-software.de
The Data Protection Officer of the data controller responsible for the processing is:
Ms. Elisabeth Kohm
HMS Analytical Software GmbH
Grüne Meile 29
69115 Heidelberg
Germany
Email: datenschutzbeauftragter(at)analytical-software.de
Every Data Subject can contact our Data Protection Officer directly at any time for all questions and suggestions relating to data privacy.
The website collects various general data and information on each retrieval by a Data Subject or an automated system. This general data and information is stored in the logfiles of the server. The following can be gathered:
When using this general data and information, HMS does not draw any conclusions as to the identity of the Data Subject. This information is in fact needed to
This collected data and information is therefore evaluated by HMS Analytical Software GmbH both statistically and with the aim of increasing data protection and data security in our company. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The data of the server log files are processed separately from all personal data provided by a data subject.
Google Tag Manager is used on this website. Google Tag Manager is a solution of Google Inc. by means of which businesses can manage website tags via an interface. Google Tag Manager is a cookie-less domain. Google Tag Manager ensures the triggering of other tags, which on their part might gather data as the case may be. We inform of this separately. Google Tag Manager does not access this data. Insofar as a deactivation was set by the user at the domain or cookie level, this will stay in effect for all tracking tags, which are implemented with Google Tag Manager.
Furthermore, cookies, web beacons and/or pixels (or comparable functions for the transmission of event data) are stored on your computer when you use the website if this is technically necessary or if you have consented to the storage. Cookies are small text files that are stored on your hard disk and through which certain information flows to us.
To manage cookies and your consent to them, we use a solution of Usercentrics GmbH. Within the scope of commissioned data processing, we therefore transmit Personal Data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, which is the commissioned data processor. We understand consent data to mean the following data: Date and time of the visit or consent/refusal, device information. The data is processed for the purpose of compliance with legal obligations (duty to present evidence according to Art. 7(1) GDPR) and the related documentation of consents and therefore based on Art. 6(1) lit. c) GDPR. The local storage is used for the storing of data. The consent data is stored for 3 years. The data is stored in the European Union. You can find more information about the gathered data and contact options at https://usercentrics.com/privacy-policy/. Details regarding the cookies used and the possibility to consent to the use of cookies can be found in the consent Settings.
This stored information is separated from any other data that may have been given to us. In particular, the data of the cookies is not linked with your other data if such has been transmitted
If you contact us via our contact options (e.g. by e-mail), we store your name and contact details as well as your request. The data is processed to process your request and communicate with you. We use your e-mail to be able to reply to you by e-mail (legal basis Art. 6 para. 1 sentence 1 lit. b or f GDPR).
Your personal data will be stored until the stated purposes have been achieved or for as long as we have a legitimate interest in storing it. Thereafter, the data will be deleted unless other agreements have been made with you or statutory archiving obligations (e.g. due to commercial or tax law) exist. If archiving is required by law, the data will be blocked for other access. Once the statutory retention periods have expired, the data will be deleted in accordance with data protection regulations. If you have consented to your data being processed, we will process your data indefinitely until you withdraw your consent or until the purpose for which you gave your consent no longer applies. Thereafter, the consent and processing data will be archived until the statute of limitations (regularly three years) for legal defense purposes (legal basis Art. 17 para. 3 lit. e GDPR).
As Data Controller, we omit automated decision-making.
We use processors for the processing of personal data and conclude agreements with them in accordance with the requirements of Art. 28 GDPR.
As a data subject, you can assert certain rights under the law.
According to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed. In the event that we process such data, you have the right to receive information about your stored data free of charge. The information includes details about
Furthermore, the data subject has the right to information about whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer. If you have any questions about the processing of personal data, for information, or to otherwise assert your rights, simply contact us using the contact details listed above.
You have the right to have the data rectified and/or completed by the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately.
Your right of objection
You have the right to object at any time to the processing of personal data concerning you based on a balance of interests in accordance with Art. 6 (1) (f) GDPR for reasons arising from your particular situation. In the event of such an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
You have the right to request the erasure of personal data concerning you. Please note that a right to immediate erasure (Art. 17 GDPR) ("right to be forgotten") only exists if one of the following reasons applies:
If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17 Para. 1 GDPR, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested that they delete all links to these personal data or copies or replications of these personal data.
In addition to the above requirements, please note that the following exceptions may justify a rejection of your request for erasure: The right to erasure does not exist if the processing is necessary
You have the right to restriction of processing if you contest the accuracy of the personal data for a period that enables us to verify the accuracy of the personal data or if, in the event of unlawful processing, you refuse erasure and instead request that the processing of personal data be restricted. You also have this right if we no longer need the data or if you need this personal data to assert, exercise or defend legal claims. Finally, you can assert this right if you have objected to the processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons. If processing has been restricted, this data may only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. The possibility of continued storage remains unaffected. If the restriction of processing has been restricted in accordance with the above-mentioned requirements, we will inform you before the restriction is lifted.
You also have the right to data portability of the data you have provided to us, which we have processed on the basis of an effective consent or whose processing was necessary to enter into or fulfill an effective contract, in a "structured, common and machine-readable format". You also have the right to request direct transmission to another controller, insofar as this is technically feasible. This right only exists to the extent that the rights and freedoms of other persons are not adversely affected.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
We process the information made available to us of persons, who apply for jobs at our company, to the extent this is required to determine their qualification for job openings (legal basis is Article 6(1)(b) of the GDPR). This applies to applications for concrete job postings as well as to speculative applications, and the following data or data categories, among others, can be concerned:
If you provide us with special categories of personal data, they will only be processed if the processing is necessary for us to exercise the rights and fulfill the obligations arising from labor law and social security law, pursuant to Article 9(2)(b) of the GDPR.
If you provide us with special categories of personal data, these will only be processed if the processing is necessary for us to exercise the rights and fulfill the obligations arising from labor law and social security and social protection law, Art. 9 para. 2 lit. b GDPR.
We store your data for the duration of the application process and thereafter for a maximum of six months from notification of a binding decision regarding your application, unless an employment contract is concluded. Otherwise, data will only be stored for a longer period with your express consent (legal basis Art. 6 Para. 1 lit. a GDPR), if we have to comply with a legal requirement (legal basis Art. 6 Para. 1 lit. c GDPR) or if there are legitimate reasons, e.g. if claims are raised against the non-consideration of your application (legal basis here too Art. 6 Para. 1 Sentence 1 lit b GDPR).
After this time has elapsed, your data will be deleted or only stored in archive systems with no direct access options, as required by law, for commercial and tax archiving purposes. Should you withdraw your application, the application documents will be deleted immediately. We only store your name and the information that you have withdrawn your application; the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
For applications that lead to the establishment of a training or employment relationship, the data from the applicant data system is transferred to our personnel information system and stored until the end of the employment relationship, unless other regulations prescribe longer retention periods. Applicants are then obliged to add data to establish an employment relationship, e.g. by providing social security data.
Data is then transferred to social security providers and the tax office. The legal basis for data collection is Art. 6 Para. 1 lit. b GDPR and other legal requirements that result in storage obligations in the case of the establishment of employment relationships, e.g. Section 147 AO, Section 257 HGB.
You have the option of consenting to be included in the talent pool during the application process. If you give this consent, we will add you to our talent pool. If you do not give your consent to be included in the talent pool, this will otherwise have no effect on your specific application. The legal basis for being included in the talent pool and sending information by email is your consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR.
If you have given this consent, you can revoke it at any time with effect for the future. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until the revocation. Please send the revocation of your consent directly to: bewerbung@analytical-software.de so that the deletion can be carried out. We use the specialized software provider rexx systems GmbH, Süderstraße 75-79, 20097 Hamburg for the application process. rexx systems GmbH acts as a service provider for us and may also receive knowledge of your personal data in connection with the maintenance and care of the systems. We have concluded a data processing agreement with this provider which ensures that data processing is carried out in a permissible manner.
Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications will then be forwarded to the department heads for the respective vacant position. The further process will then be coordinated. In principle, only those people who need access to your data for the proper execution of our application process have access to it. The data is processed exclusively in data centers in the Federal Republic of Germany.
Art. 6 (1) lit. a) GDPR serves as the legal basis for our company to implement processing actions for which we obtain consent for a certain purpose of processing. If the processing of Personal Data is necessary for the performance of a contract to which the Data Subject is a party, as this is the case, for example, in processing that is required for the delivery of our performance, the processing is based on Art. 6 (1) lit. b) GDPR. The same applies to such processing actions that are required to conduct pre-contractual measures, for example, in cases of queries about our services.
If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third parties. In that case, the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override them. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this respect, he was of the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).
If the data processing is based on Art. 6(1) lit. f) GDPR, our justified interest is conducting our business operations for the benefit of all our employees and our company.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.
We use subcontractors for the processing of personal data and conclude a contract with these processors in accordance with the requirements of Art. 28 GDPR. Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland, is used as a subcontractor to host the website. We use Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany, as a processor for the management of consent data.
The data protection supervisory authority responsible for us is: Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.