Privacy Policy

General Data Protection Regulation (GDPR)

Last Edit March 2024

Name and Address of the Responsible Party
Contact Details of the Data Protection Officer
General Information on Data Processing
Rights of the Data Subject
Contact Form
Application via Email and Application Form
Company Profiles
Use of Company Profiles on Career-Oriented Networks
Hosting

Name and Address of the Controller

The Controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

HIPE AWARD
Theresienstraße 1
80333 Munich
Germany

nominierung@hipeaward.com
www.hipeaward.com

Contact Details of the Data Protection Officer

The Data Protection Officer of the Controller is:

DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany

+49 89 7400 45840
www.dataguard.de

General Information on Data Processing

1. Scope of Processing of Personal Data

We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users is generally carried out only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is required by legal regulations.

2. Legal Basis for the Processing of Personal Data

If we obtain the consent of the data subject for processing personal data, Article 6(1) sentence 1 lit. a GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1) sentence 1 lit. c GDPR serves as the legal basis.

In cases where the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1) sentence 1 lit. d GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and these interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Article 6(1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

3. Deletion and Storage Duration of Data

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if required by European or national legislation in Union regulations, laws, or other provisions to which the Controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or fulfillment of a contract.

Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights against the Controller:

1. Right of Access

You can request confirmation from the Controller as to whether personal data concerning you is being processed.

If such processing is taking place, you can request the following information from the Controller:

the purposes for which the personal data is processed;

the categories of personal data being processed;

the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed;

the intended duration of storage of your personal data or, if specific details are not possible, the criteria used to determine the storage period;

the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the Controller, or a right to object to such processing;

the existence of a right to lodge a complaint with a supervisory authority;

the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved as well as the scope and intended effects of such processing on the data subject.

You have the right to request information about whether your personal data is transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

2. Right to Rectification

You have the right to request rectification and/or completion from the Controller if the personal data being processed concerning you is inaccurate or incomplete. The Controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

You may request the restriction of the processing of your personal data under the following conditions:

if you contest the accuracy of your personal data for a period enabling the Controller to verify the accuracy of the personal data;

if the processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of its use;

if the Controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims, or

if you have objected to the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the Controller override your grounds.

If the processing of your personal data has been restricted, such data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been implemented based on the aforementioned conditions, you will be informed by the Controller before the restriction is lifted.

4. Right to Erasure

a) Obligation to Delete

You have the right to request the Controller to delete your personal data without undue delay, and the Controller is obligated to delete this data without undue delay if one of the following reasons applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

You withdraw your consent on which the processing was based pursuant to Article 6(1) sentence 1 lit. a or Article 9(2) lit. a GDPR, and there is no other legal basis for the processing.

You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

The personal data concerning you has been processed unlawfully.

The deletion of your personal data is required to comply with a legal obligation under Union law or the law of the Member States to which the Controller is subject.

The personal data concerning you was collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

b) Information to Third Parties

If the Controller has made your personal data public and is obligated to delete it pursuant to Article 17(1) GDPR, the Controller shall, taking into account the available technology and the cost of implementation, take reasonable measures, including technical measures, to inform Controllers processing the personal data that you, as the data subject, have requested the deletion of all links to this personal data, or of copies or replications of this personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary

for exercising the right to freedom of expression and information.

to comply with a legal obligation that requires processing under Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;

for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to render the achievement of the objectives of this processing impossible or seriously impair it, or

for the establishment, exercise, or defense of legal claims.

5. Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing against the Controller, the Controller is obligated to notify all recipients to whom your personal data was disclosed about this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the Controller about these recipients.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another Controller without hindrance from the Controller to whom the personal data was provided, provided that:

the processing is based on consent pursuant to Article 6(1) sentence 1 lit. a GDPR or Article 9(2) lit. a GDPR, or on a contract pursuant to Article 6(1) sentence 1 lit. b GDPR, and

the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one Controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to Object

You have the right to object, at any time and on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1) sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The Controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You also have the option to exercise your right to object by automated means using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

8. Right to Withdraw Consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

is necessary for entering into, or the performance of, a contract between you and the Controller,

is authorized by Union or Member State law to which the Controller is subject and such law contains appropriate measures to safeguard your rights, freedoms, and legitimate interests, or

is carried out with your explicit consent.

However, such decisions must not be based on special categories of personal data as referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (b) GDPR applies and appropriate measures to safeguard your rights, freedoms, and legitimate interests have been implemented.

In the cases referred to in points 1 and 3, the Controller shall implement appropriate measures to safeguard your rights, freedoms, and legitimate interests, which shall include at least the right to obtain human intervention on the part of the Controller, to express your point of view, and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Language settings

Use of website functions

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

Contact form

1. Description and scope of data processing

Email address

Last name

First name

Telephone / mobile phone number

IP address of the calling computer

Date and time of contact

Company name, founding date of the company, link to the website,

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

2. Purpose of data processing

3. Legal basis for data processing

4. Duration of storage

5. possibility of objection and removal

Application by email and application form

1. Scope of processing personal data

Our website contains an application form that can be used for electronic applications. If an applicant uses this option, the data entered in the input mask will be transmitted and stored by us. These data are:

First name

Last name

Telephone / mobile phone number

Email address

For the processing of your data, your consent is obtained as part of the submission process, and this privacy policy is referenced.

Alternatively, you can also send your application by email. In this case, we collect your email address and the data you provide in the email.

After sending your application, you will receive a confirmation of receipt of your application documents via email from us.

Your data will not be passed on to third parties. The data will only be used for processing your application.

2. Purpose of data processing

The processing of personal data from the application form is solely for the purpose of processing your application. In the case of contact via email, the legitimate interest in processing the data is also given.

The other personal data processed during the submission process is used to prevent misuse of the application form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for processing your data is the initiation of a contract at the request of the data subject, Article 6(1) sentence 1 lit. b alternative 1 GDPR and Section 26(1) sentence 1 BDSG.

4. Duration of storage

After the completion of the application process, the data will be stored for up to six months. No later than six months after the end of the process, your data will be deleted. In the case of a legal obligation, the data will be stored in accordance with the applicable regulations.

The additional personal data collected during the submission process will be deleted no later than seven days thereafter.

5. Right to object and erasure

The applicant has the right to object to the processing of personal data at any time. If the applicant contacts us by email, they can object to the storage of their personal data at any time. In such a case, the application can no longer be considered.

Electronically

All personal data stored as part of the electronic application will be deleted in this case.

Corporate appearances

Use of corporate appearances on social media platforms

Instagram:

Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

On our corporate page, we provide information and offer Instagram users the opportunity to communicate. When you perform an action on our Instagram corporate profile (e.g., comments, posts, likes, etc.), it may result in the public disclosure of personal data (e.g., full name or photo of your user profile). However, since we generally have little or no influence on the processing of your personal data by Instagram, which is jointly responsible for the HIPE AWARD corporate profile, we cannot make binding statements about the purpose and scope of the processing of your data.

Our corporate presence on social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence for:

Advertising

The publications on the corporate profile may include the following content:

Information about services

Advertising

Customer contact

It is up to each user to decide whether to publish personal data through their activities.

The legal basis for data processing is Article 6(1) sentence 1 lit. a GDPR.

The data generated through the corporate profile is not stored in our own systems.

You can object to the processing of your personal data that we collect through your use of our Instagram corporate profile at any time and exercise your rights as a data subject, as outlined in section IV of this privacy policy. To do so, please send us an informal email at nominierung@hipeaward.com.
For more information on the processing of your personal data by Instagram and the corresponding options to object, please refer to the following link:
Instagram: https://help.instagram.com/519522125107875

YouTube:

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

On our corporate page, we provide information and offer YouTube users the opportunity to communicate. When you perform an action on our YouTube corporate profile (e.g., comments, posts, likes, etc.), it may result in the public disclosure of personal data (e.g., full name or photo of your user profile). However, since we generally have little or no influence on the processing of your personal data by YouTube, which is jointly responsible for the HIPE AWARD corporate profile, we cannot make binding statements about the purpose and scope of the processing of your data.

Our corporate presence on social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence for:

Advertising

The publications on the corporate profile may include the following content:

Information about services

Advertising

Customer contact

It is up to each user to decide whether to publish personal data through their activities.

The legal basis for data processing is Article 6(1) sentence 1 lit. a GDPR.

The data generated through the corporate profile is not stored in our own systems.

You can object to the processing of your personal data that we collect through your use of our YouTube corporate profile at any time and exercise your rights as a data subject, as outlined in section IV of this privacy policy. To do so, please send us an informal email at nominierung@hipeaward.com.
For more information on the processing of your personal data by YouTube and the corresponding options to object, please refer to the following link:
YouTube: https://policies.google.com/privacy?gl=DE&hl=de

Use of corporate profiles on professional networks

1. Scope of data processing

We use the option of corporate profiles on professional networks. We maintain a corporate presence on the following professional networks:

LinkedIn:

LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

XING:

XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

On our page, we provide information and offer users the opportunity for communication.

The corporate profile is used for applications, information/PR, and active sourcing.

We do not have any information regarding the processing of your personal data by the companies jointly responsible for the corporate profile. For more information, please refer to the privacy policy of:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING:

https://privacy.xing.com/de/datenschutzerklaerung

If you perform an action on our corporate profile (e.g., comments, posts, likes, etc.), it may result in the public disclosure of personal data (e.g., full name or photo of your user profile).

2. Legal basis for data processing

The legal basis for processing your data in connection with the use of our corporate profile is Article 6(1) sentence 1 lit. f GDPR.

3. Purpose of data processing

Our corporate profile is used to inform users about our services. It is up to each user to decide whether to publish personal data through their activities.

4. Duration of storage

5. Right of objection and removal

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING:

https://privacy.xing.com/de/datenschutzerklaerung

Hosting

Browser type and browser version

Operating system used

Referrer URL

Host name of the accessing computer

Date and time of the server request

IP address

This privacy policy was created with the support of DataGuard.

Privacy Policy

General Data Protection Regulation (GDPR)

Last Edit March 2024

Table of Contents

Name and Address of the Controller

Contact Details of the Data Protection Officer

General Information on Data Processing

Rights of the Data Subject

Contact form

Application by email and application form

Corporate appearances

Use of corporate profiles on professional networks

Hosting