Data protection

This data protection declaration applies to the websites https://www.hans-hermann-voss-stiftung.de, https://portal.hhvoss-stiftung.de/, https://jobs.talente.guru/hhvs and their respective sub-pages. The general information relates to all three websites. The specific information will always indicate which website the information relates to.

A. General information

Name and contact details of the data protection officer

The data protection officer of the Hans Hermann Voss Foundation, Dr. Christian Lenz, can be contacted at the address dhpg IT-Service GbmH, Bunsenstraße 10a, 51647 Gummersbach, Germany, or by e-mail: datenschutz@dhpg.de and by phone: +49 (0) 2261 81950.

Data security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser when you visit our website. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Rights of data subjects

You have the right:

to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about the details of such data;
in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us;
in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful but you refuse to allow its deletion and we no longer require the data, but you require it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
In accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller; In accordance with Art. 7 (3) GDPR, to withdraw your consent at any time. This has the consequence that we are no longer allowed to continue the data processing based on this consent in the future and
complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.

Right to object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for doing so that arise from your particular situation or if the objection is to direct advertising. In the latter case, you have a general right of objection, which we will implement without you having to specify a particular situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to datenschutz@hhvoss-stiftung.de.

Automatic data processing when accessing our websites

When you access our websites, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL), Browser used and, if applicable, your computer’s operating system and the name of your access provider.

We process the aforementioned data for the following purposes:

Ensuring a smooth connection to the website,
Ensuring a comfortable use of our website,
Evaluation of system security and stability, and
for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the operation of our website and the associated presentation of our company.

Your data will be deleted as soon as it is no longer required for the stated purposes, but no later than after six months.

Up-to-dateness

This data protection declaration is currently valid and is dated November 2024. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website https://www.hans-hermann-voss-stiftung.de/datenschutz.

Disclaimer

The contents of our website are for your information only and do not constitute an offer, so that no contractual relationship can arise on the basis of the website.

Insofar as links to third-party websites are contained on our website, the Hans Hermann Voss Foundation is not liable for their contents and does not accept any responsibility for damages arising from their use.

The Hans Hermann Voss Foundation does not accept any liability for damages of any kind arising from your visit to the website.

B. Special information for individual processing

When visiting our business premises or our factory premises

For visitors who visit the Hans Hermann Voss Foundation and thus also enter the premises of the VOSS company, only their name and institution or employer are stored. The processing of your data is based on a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in documenting visitors to our premises for security reasons in order to prevent access by unauthorized persons. Your data will be stored for 48 hours.

For visitors to the foundation who also enter the VOSS Factory premises as part of a company tour or an event at the Hermann Voss Forum, the visitor’s name, institution or employer and, if applicable, e-mail address are stored. You will be notified automatically by e-mail. In this case, the processing of your data is based on your expressly granted consent in accordance with Art. 6 para. 1 lit. a GDPR. In addition, the processing can also be based on a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. This consists of our interest in preventing unauthorized access and being able to prove that you have visited us and that you have received a safety training. Your data and the confirmation of the safety training are stored for 2 years.

For our visitor management, we use the SharePoint system from Microsoft Ireland Operations Ltd., South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland (hereinafter: Microsoft). Our employees register visitors using the system. We use SharePoint for efficient implementation of visitor management to prevent unauthorized access to our information by third parties. The information is also transferred to Microsoft. We have concluded an agreement with our service provider for order processing. When using the tool, a transfer of the data to the USA cannot be excluded. However, Microsoft is certified under the EU-US Data Privacy Framework and is therefore considered a secure recipient of personal data.

You are not legally or contractually obliged to provide your personal data for this purpose. However, the provision of this data is necessary in order to allow you to visit our foundation office or the VOSS premises. Unfortunately, if you object to the use of your data for this purpose, we will not be able to grant you access.

When using our application and funding portal

When registering for our application and funding portal https://portal.hhvoss-stiftung.de/ you must provide a valid e-mail address. We need this to be able to assign you a unique user account and to contact you regarding decisions on any applications submitted or in similar cases. In addition, the following categories of data are processed when using the application and funding portal:

content of communication processes,
payment data,
creditor master data,
project-related information/documents.

The legal basis for the data processing is Art. 6 para. 1 lit.b GDPR, insofar as the processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures taken at your request. Otherwise, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing, since we have a legitimate interest in processing applications from interested parties in order to decide on funding programs.

We use the software solution xFound from ace Neue Informationstechnologien GmbH, Stella-Klein-Löw-Weg 15, A-1020 Vienna, Austria, to provide our application and funding portal. The provider works in accordance with the legal requirements of Art. 28 GDPR. The strictest confidentiality of your data is thus maintained at all times. When you submit a request to us, a direct connection between your browser and the provider’s server is established when you access the request page. This provides the provider with the information that you have visited our site with your IP address. The IP address is anonymized and deleted after 7 days. In addition, the provider can access the e-mail address stored during your registration. When you send a request using the integrated form, the personal data you entered to make the request will be transmitted to the provider and stored on their servers, as well as sent to us by e-mail.

For more information, please refer to the provider’s privacy policy https://www.xfound.eu/datenschutz.

Your data will be deleted as soon as it is no longer required. The data will be deleted at the latest when you delete your user account.

When using our applicant portal

When using our applicant portal https://jobs.talente.guru/hhvs, you can apply for vacancies at our foundation. To do so, you must provide us with your name, telephone number and a valid e-mail address. We need this data in order to process your application and to be able to contact you.

Furthermore, when using our applicant portal, you must provide us with information about your studies, professional experience, qualifications and skills, as well as your job preferences. We need this information in order to consider your application and assess whether you are suitable for specific positions.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the implementation of pre-contractual measures, and § 26 para. 1 lit. 1 BDSG (German Federal Data Protection Act), insofar as the processing is necessary for the decision on the establishment of an employment relationship with you. In addition, we have a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in examining and processing incoming applications.

We use the software solution from the provider Mehlis Consulting GmbH, Etapler Platz 14, 42499 Hückeswagen, Germany, to process applications received via the applicant portal https://jobs.talente.guru/hhvs. The provider works in accordance with the legal requirements of Art. 28 GDPR. The strictest confidentiality of your data is thus maintained at all times. When you submit an enquiry to us, a direct connection is established between your browser and the provider’s server when you access the enquiry page. This provides the provider with the information that you have visited our site using your IP address. The IP address is anonymized and deleted after 7 days.

Further information on data protection at Mehlis can be found https://www.mehlis.io/datenschutz.

Your data will be deleted as soon as it is no longer needed. If your application results in us entering into an employment relationship with you, the data will be further processed for the purposes of implementing the employment relationship (§ 26 para. 1 lit. 1 BDSG).

Cookies on our websites (applies to all three websites)

We use cookies on our websites. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit one of our pages. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our websites. These are automatically deleted after you leave our pages.

On our pages, cookies that are technically absolutely necessary are initially used. We use our essential cookies to provide the services of the websites and to make the use of our offer more convenient for you. We process your personal data collected by these cookies based on our legitimate interest in presenting our foundation and the services offered via the website you have accessed, as well as to promote user-friendliness. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Most browsers automatically accept these cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before such a cookie is created. However, completely disabling cookies may result in the websites not being displayed correctly or you not being able to use all the functions of our websites.

Technically not essential cookies and third-party services on https://jobs.talente.guru/hhvs

In addition, we use temporary cookies exclusively on our website https://jobs.talente.guru/hhvs to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit the site again to use our services, it will automatically recognize that you have visited us before and what inputs and settings you have made so that you do not have to re-enter them. On the other hand, we use cookies on the site to statistically record the use of our websites and to optimize our offer. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time. The cookies that are not technically necessary are only set with your consent. The legal basis for the data processed by these cookies and the other third-party services listed below is your consent in accordance with Art. 6 para.1 1 lit. a GDPR.

Meta Pixel (formerly Facebook Pixel)

Our website https://jobs.talente.guru/hhvs uses the visitor action pixel from Meta to measure conversion. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the data collected is also transferred to the USA and other third-party countries. This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Meta ad. This allows the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising efforts to be optimized.

The data collected is anonymous to us as the operator of this website, and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile on Facebook or Instagram is possible and Meta can use the data for its own advertising purposes, in accordance with the Meta Data Usage Policy (https://de-de.facebook.com/about/privacy/). This allows Meta to enable the placement of ads on Facebook or Instagram pages and other advertising channels. We, as the site operator, have no influence on the use of the data. This service is used on the basis of your consent in accordance with Art. 6 para.1 lit. a GDPR and Art. 25 (1) TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tools described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing by Meta that takes place after the transfer is not part of the joint responsibility. The obligations incumbent on us have been set out in a joint processing agreement. The wording of the agreement can be found: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for implementing the tool on our website in a manner that is secure under data protection law. Meta is responsible for the data security of its products. You can assert data subject rights (e.g. requests for information) regarding data processed on Facebook or Instagram directly with Meta. If you assert data subject rights with us, we are obliged to forward them to Meta.

According to the joint controllership agreement, we are obliged to inform you that you can find further information on how Meta processes personal data, including the legal basis on which Meta relies and the options for exercising the rights of data subjects vis-à-vis Meta, in Meta’s data protection policy, which also contains the information required under Art. 13 para. 1 lit. a and b GDPR: https://de-de.facebook.com/about/privacy/.

You can also disable the remarketing function “Custom Audiences” in the ad settings section https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook. If you do not have a Facebook or Instagram account, you can disable usage-based advertising from Meta on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Meta Conversion API

We have integrated the Meta Conversion API on the website https://jobs.talente.guru/hhvs. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, the data collected is also transferred to the USA and other third countries, according to Meta. The Meta Conversion API allows us to track the website visitor’s interactions with our website and share it with Meta to improve advertising performance on Facebook and Instagram. In particular, the time of access, the website accessed, your IP address and user agent, as well as any other specific data (e.g. purchased products, value of the shopping cart and currency) are recorded for this purpose. A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

This service is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 (1) TDDDG. This consent may be withdrawn at any time. Insofar as personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing by Meta that takes place after the transfer is not part of the joint responsibility. The obligations incumbent on us have been set out in a joint processing agreement. The wording of the agreement can be found: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for implementing the tool on our website in a manner that is secure under data protection law. Meta is responsible for the data security of its products. You can assert data subject rights (e.g. requests for information) regarding data processed on Facebook or Instagram directly with Meta. If you assert data subject rights with us, we are obliged to forward them to Meta.

You can also disable the remarketing function “Custom Audiences” in the Advertising Settings section https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook. If you do not have a Facebook or Instagram account, you can disable usage-based advertising from Meta on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company agrees to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Meta Custom Audiences

Furthermore, we use Meta Custom Audiences on the website https://jobs.talente.guru/hhvs. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. When you visit or use our websites and apps, take advantage of our free or paid offers, submit data to us or interact with our company’s Facebook or Instagram content, we collect your personal data. If you give us permission to use Meta Custom Audiences, we will transfer this data to Meta, which Meta can use to display suitable advertising to you. Furthermore, your data can be used to define target groups (lookalike audiences).

This service is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and Art. 25 (1) TDDDG. Consent can be revoked at any time. Insofar as personal data is collected on our website with the help of the tools described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing by Meta that takes place after the transfer is not part of the joint responsibility. The obligations incumbent on us have been set out in a joint processing agreement. The wording of the agreement can be found: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for implementing the tool on our website in a manner that is secure under data protection law. Meta is responsible for the data security of its products. You can assert data subject rights (e.g. requests for information) regarding data processed on Facebook or Instagram directly with Meta. If you assert data subject rights with us, we are obliged to forward them to Meta.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company agrees to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Enquiries using MEETOVO

We use the software solution from MEETOVO Software GmbH, Robert-Koch-Straße 8, 21423 Winsen (Luhe), Germany, to process enquiries on the website https://jobs.talente.guru/hhvs. The provider works in accordance with the legal requirements of Art. 28 GDPR. The strictest confidentiality of your data is thus guaranteed at all times. When you submit an enquiry to us, a direct connection is established between your browser and the provider’s server when you access the enquiry page. This provides the provider with the information that you have visited our site with your IP address. The IP address is anonymized and deleted after 7 days. If you submit a request using the integrated form, the personal data you have entered (e-mail address, first and last name, mobile phone number or telephone number) will be transmitted to the provider and stored on their servers and sent to us by e-mail. All other form entries are already transmitted during their entry for analysis purposes, if you agree to this. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The collection of this data is necessary to carry out the request. Without this processing, you cannot make any requests. This processing is carried out in accordance with Art. 6 (1) point b. GDPR, insofar as it is necessary for the fulfillment of our contractual obligations and services or for the implementation of pre-contractual measures that take place at your request, otherwise on the basis of our legitimate interests in the implementation of a quick and effective request within the meaning of Art. 6 para. 1 lit f. GDPR.

The provider deletes your data if it is no longer required. The provider checks the necessity every two years. However, the deletion takes place no later than five years after the last request. Further information can be found in the provider’s privacy policy at: https://meetovo.de/datenschutz.