GDPR Privacy Policy

1. General Information

The protection of your personal data is important to us. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

2. Notice to the Responsible Person

Responsible for data processing on this website is:

FleishmanHillard Germany GmbH
Hanauer Landstrasse 182A, 60314 Frankfurt am Main, Germany

Telephone: +49-69-405702-0
E-mail: [email protected]

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, e-mail addresses or similar).

3. Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Name and address of the requested content
  • browser type and browser version
  • operating system used
  • amount of data transferred
  • access status (content transferred, content not found)
  • referrer URL, which indicates the page from which you came to ours
  • host name of the accessing computer
  • Date and time of the server request
  • IP address of the requesting computer

The aforementioned log data is only stored anonymously. This data is not merged with other data sources.

The basis for the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure the functionality of our website, e.g., for the purpose of accessibility and prevention of abusive access.

4. Contact Form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the contact form is voluntary, but the message as such as well as the e-mail address and your name are required so that we can respond to you (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). If the data is necessary for the establishment of an employment relationship, especially if you send it to us via https://fleishmanhillard.de/kontakt/karrierechancen/, § 26 para. 1 p. 1 BDSG is the legal basis. In the case of customer concerns, the legal basis for processing is Art. 6 para. 1 lit. b GDPR (fulfillment of the contract or implementation of pre-contractual measures that take place at the request of the data subject). You are not obliged to provide the personal data unless this is necessary for the initiation or performance of the contract. Failure to provide it would not have any negative consequences.

Your data will be deleted after completion of the request. Mandatory legal provisions — in particular retention periods — remain unaffected.

5. Fonts

Whitney Fonts

To ensure a consistent presentation, we do not use Google Web Fonts. Our font is provided by Hoefler & Co, which is technically hosted on our server, but accessed via a web service through https://www.typography.com, which is owned by Hoefler & Co, so they can ensure that we have purchased the font. When you access a website that contains our web font tracking script or similar technology, we do not transmit the requesting IP address, only the anonymous IP 0.0.0.0 to our third-party service provider. Thus, no personal data of the website user is collected or processed. However, the IP addresses are transmitted to Akamai, which only happens through the integration of the fonts. Visitors’ IP addresses are logged by our CDN, Akamai, in order to deliver the web pages, but this data is never transmitted to Hoefler&Co. In 2021, Hoefler&Co. was acquired by Monotype, and accordingly, Monotype’s policies apply. https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie

6. Online Applications

We process your personal data in accordance with the applicable data protection regulations on the basis of Section 26 (1) sentence 1 BDSG. We process the data that you disclose to us as part of your online application solely for the purpose of selecting applicants. Data processing for other purposes does not take place.

You yourself determine the scope of the data that you wish to transmit to us as part of your online application. Online applications are transmitted electronically to our personnel department, where they are processed as quickly as possible. The transmission is encrypted. As a rule, applications are then forwarded to the heads of the relevant departments in our company. Your data will not be passed on beyond this.

Only the persons responsible for the application process in Germany have access to your personnel documents. Only in the case of filling a management position may your data be transferred to the responsible personnel managers in the UK or the USA, as our company is part of an international agency network in which personnel responsibilities cross departmental, company and national borders. In accordance with Section 26 (1) Sentence 1 of the German Federal Data Protection Act (BDSG), this data processing is necessary for the decision on the establishment of an employment relationship. If the data is processed outside the EU or EEA, please note that there is a risk that authorities may access the data for security and monitoring purposes, possibly without you being informed or being able to appeal. If we use providers in insecure third countries and you consent, the transfer to a third country is based on your consent granted with the application pursuant to Art. 49 (1) lit. a GDPR. So-called EU standard contractual clauses exist with the parent company in the USA.

If necessary, we use service providers who are strictly bound by instructions, who support us e.g. in the areas of EDP or the archiving and destruction of documents and with whom separate contracts for order processing have been concluded.

Your details will be treated confidentially within our company. If your application is unsuccessful, your documents will be deleted after 3 months. In the event that we may also consider your application for other or future job postings, we ask that you make a note to this effect on your application. We will then process your data on the basis of Art. 6 Para. 1 lit. a) GDPR. You can revoke this consent at any time. Until the consent is revoked, this data processing is permitted on the basis of this very consent.

7. Social Media Channels

We operate official social media channels at the following addresses:

Xing: https://www.xing.com/companies/fleishmanhillardgermanygmbh
Twitter: https://twitter.com/fleishmanDE
Instagram: https://instagram.com/fleishmanhillard_de
LinkedIn: https://www.linkedin.com/company/fleishmande/
YouTube: https://www.youtube.com/channel/UC9HwAMmooAJVJzNy8Iq_Tww

If you visit our social media channels, it may be necessary for data concerning you to be processed.

However, for data protection reasons, we only link to our social media channels. When you call up our web pages, no data is therefore transmitted to social media services.

When you click on the link, the social media service receives in particular your IP address and, among other things, knowledge about your visit to our web pages. This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.

Overall, we have no influence on whether and to what extent the respective social media service processes personal data. However, it is likely that the social media service will create usage profiles from your data and use them for the purpose of personalized advertising. In addition, your data may be used to inform other users of the social media service about your activities on our websites.

The data processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, provided that you have given your consent by clicking on the preview image of the social network. Please note that the page view of websites of social media channels may result in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers that process data in unsafe third countries and you consent, the transfer to an unsafe third country will be based on your consent pursuant to Art. 49 (1) lit. a GDPR.

If you no longer wish your personal data to be processed by the social media providers, you can declare your revocation of consent to the social media services.

Responsibility

We are responsible for data processing on our social media channels under data protection law, together with the operator of the social media platform (joint responsibility pursuant to Art. 26 GDPR).

Insofar as we can influence the data processing by the social media channel operator and parameterize the data processing, we work within the scope of the possibilities available to us to ensure that the operator of the social media platform handles the data in accordance with data protection law. In this context, please also refer to the data protection declarations of the respective social media platform.

Data processing by us

The data you enter on our social media pages, such as user names, comments, videos, images, likes, public messages, etc., are published by the social media platform and processed by us only for interaction. We only reserve the right to delete content if this should be necessary. If necessary, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform.

If you submit a request to us on the social media platform, depending on the content, we may also refer you to other communication channels that guarantee confidentiality. For example, you have the option at any time to send us your requests to the addresses listed in the “Contact” section at https://fleishmanhillard.de/contact/. The choice of the appropriate communication channel is your own responsibility in this regard.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR. The data processing is carried out in the legitimate interest of conducting public relations for our company and being able to communicate with you. The operator of the social media platform can view your data, but otherwise we do not pass on your data to other parties unless this is permitted by law or with your consent. The use of our social media sites is voluntary (provision of personal data through voluntary interaction).

Some social media platforms create statistics based on usage data and contain information about your interaction with our social media site. We cannot influence or prevent the performance and provision of these statistics. Statistics that are requested do not contain any inference to persons.

We process this information in accordance with Art. 6 (1) p. 1 lit. f GDPR in the legitimate interest of validating the use of our social media pages and improving our content in a target group-oriented manner.

We also occasionally use the described social media platforms to play out targeted advertising. For this purpose, we use target group definitions provided to us by the social media provider. We only use anonymous target group definitions, i.e., we define characteristics based on, for example, general demographic information, behavior, interests, and connections. The operator of the social media platform uses these to play out advertisements to its users accordingly. The legal basis for this is the consent that the operator of the social media platform has obtained from its users. If you wish to revoke this consent, please use the revocation options provided by the provider of the social media platform.

You usually consent to personalized advertising in the terms of use of the social networks (consent pursuant to Art. 6 (1) p. 1 lit. a GDPR). This data processing can be prevented in the settings of the social networks (consent revocation; this revocation is possible at any time. The data processing that takes place until the consent is revoked is justified on the basis of the consent). If you have indicated in the settings that no personalized advertising should take place, your data will not be used for personalized advertising.

We do not currently use target group definition based on location data. If target group definitions based on location data were to be made in the future, the location query would only be limited to one region. The query would not be person-specific because it would be too large to capture the exact location. This information would be passed on to the operator of the social media platform as part of the target group definition. Personal data in the context of Custom Audiences is only collected and passed on with consent.

If you would like to object to certain data processing over which we have control or revoke your consent for this purpose, please contact us using the contact details provided in the imprint.

Storage period

We delete your personal data when they are no longer required for the aforementioned processing purposes and no legal retention obligations prevent deletion.

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. In this context, web tracking can also take place regardless of whether you are logged in or registered with the social media platform.

We would therefore like to point out that it cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example, to evaluate your habits, personal relationships, preferences, etc. In this respect, we have no influence on the processing of your data by the provider of the social media platform, so that the use of the social media platform is at your own responsibility.

It is possible that the operator of the social media platform processes your personal data outside the EU or the EEA, as the parent companies are located in the USA and a transfer of data from the European to the US companies cannot be ruled out. Therefore, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. When using the social media platform via our appearances, the transfer of personal data to a third country is based on the consent of Art. 49 (1) a) GDPR. If you no longer visit our site, data transmission will no longer take place. This revocation is possible at any time. The data processing that takes place until the consent is revoked is justified on the basis of the consent.

For more information on data processing by the provider of the social media platform and further objection options, please refer to the provider’s privacy policy and your profile setting.

8. Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter. If you have given us separate consent to inform you by e-mail about brand-related topics, including PR, communication, public affairs and marketing, the corresponding processing is based on Art. 6 (1) sentence 1 lit. a GDPR. With your consent, you assure that the personal data you provide to us is correct and complete and that you are an authorized user of the e-mail address. Subsequently, you will receive a confirmation e-mail in which you can complete the newsletter registration (double opt-in). This is necessary so that we can verify that you are the owner of the specified e-mail address.

With your registration for the newsletter, you also give your consent to an evaluation of the newsletter according to opening time and clicked content with the help of the Mailchimp system of our order processor The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (data processing in the USA). With the help of this system, we, FleishmanHillard Germany GmbH, can better adapt our newsletter to the interests of our newsletter subscribers. We have concluded a contract with our processor for commissioned processing in accordance with Art. 28 GDPR and EU standard data protection clauses. Our processor has taken additional measures beyond the EU standard data protection clauses to ensure an adequate level of data protection. For more information, please visit https://mailchimp.com/legal/data-processing-addendum/, https://mailchimp.com/about/security/ and https://mailchimp.com/legal/privacy/.

You may withdraw your consent at any time without affecting the lawfulness of the processing carried out so far. You can revoke your consent at any time and free of charge by clicking on the link in the footer of our newsletters or by sending us an email to [email protected]. If you revoke your consent, you will not receive any further newsletters. The data will be stored according to Art. 6 para. 1 lit. f GDPR for the purpose of accountability and possible defense against claims for damages according to Art. 5 para. 2 GDPR for three years after unsubscribing from the newsletter. Afterwards, your personal data will be deleted, unless there are legal retention obligations. If you do not activate the confirmation button in our confirmation email, we will delete your personal data of the newsletter registration after two weeks, unless there are legal retention periods.

The provision of your personal data is voluntary and neither legally nor contractually required or obligatory. Failure to provide your personal data would result in you not being able to receive our newsletter. There is no automated decision-making or profiling pursuant to Article 22(1) and (4) GDPR.

9. Whitepaper

You have the option to obtain a whitepaper. For the download, the entry of the e-mail address is required so that we can provide you with the whitepaper via it (legitimate interest according to Art. 6 para. 1 lit. f GDPR to inform you). Of course, we guarantee the security of your data in accordance with data protection regulations and will only process it by the marketing department and will not forward it to third parties outside FleishmanHillard Germany GmbH. Your data will not be processed in a third country under data protection law.

If you agree pursuant to Art. 6 para. 1 lit. a GDPR that we may use your data to contact you further by e-mail or via social media, e.g. LinkedIn, you may revoke this consent at any time. Until you revoke your consent, this data processing is lawful. After revocation, we will no longer contact you based on the collected data. The data will then be retained pursuant to Art. 6 (1) lit. f GDPR for three years after revocation only for the purpose of accountability and possible defense against claims for damages pursuant to Art. 5 (2) GDPR, unless there are statutory retention periods.

If you do not agree to us using your data to contact you further, your details will be deleted after the download link for the whitepaper has been sent, unless there are legal retention periods.

The provision of your personal data is voluntary and neither legally nor contractually required or necessary for the conclusion of a contract. Failure to provide it would not have any negative consequences. There is no automated decision-making or profiling according to Art. 22 (1) and (4) GDPR.

10. Whistleblower system

Our internal whistleblowing system gives employees, suppliers and business partners the opportunity to point out grievances without having to come forward themselves. This concerns in particular the following issues within the company:

  • Crimes or misconduct.
  • Serious and flagrant violations of applicable law and/or international agreements.
  • Serious threats or endangerments to the public interest of which the whistleblowers have personal knowledge.
  • Breach of any code of conduct or policy of the Company.
  • Dangers to the health of employees.

You do not have to provide any personal data about yourself. However, depending on the content of your contribution, your report may contain personal data of third parties. Data that is irrelevant or immaterial to the report will not be processed in the subsequent investigation of the incident. You can remain anonymous if you do not disclose any personal data about yourself.

Legal basis for the processing

The processing of the data serves the fulfilment of a legal obligation, Art. 6 (1) sentence 1 lit. c DSGVO, which follows from the so-called Whistleblower Directive (Directive (EU) 2019/1937 on the protection of persons who report infringements of Union law) and national laws of the EU Member States based on this. The data processing is also carried out in the legitimate interest of the company to be informed about unlawful and reportable events and to be able to clarify them internally, Art. 6 para. 1 p. 1 lit. f DSGVO.
The reports are checked and answered within the legally specified deadlines. The deletion of the data takes place no later than 3 years after the conclusion of the proceedings, provided that there are no retention obligations as a result of any subsequent legal proceedings.

Data recipient

The data collected is forwarded to persons in the company responsible for processing reports and may also be made available to other third parties (lawyers, experts and auditors) for analysis and investigation purposes. If necessary, authorities and courts may also be involved.

The management receives an annual summary report on the number and type of reports for inclusion in the report pursuant to the Supply Chain Due Diligence Act. CONFDNT ensures that the protection of the person making the report is guaranteed.

In addition, your data is transferred to the service company CONFDNT, which supports the operation of the website and the associated processes, within the scope of order processing pursuant to Art. 28 DSGVO. The service company works strictly according to instructions and has been contractually obligated accordingly.

Transfer of data to countries outside the European Union

The data collected may be made available to recipients outside the European Union on a case-by-case basis to the extent that this is strictly necessary to process the notifications received, in particular to determine the materiality of the infringements. Prior to the transfer of personal data, all measures necessary to ensure that the level of protection of natural persons guaranteed by the GDPR is not undermined shall be taken.

11. Your Data Protection Rights

When processing your personal data, the GDPR grants you as a website user certain rights:

(a) Right of access (Art. 15 GDPR).

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

b) Right to rectification and erasure (Art. 16 and 17 GDPR).

You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data.

You also have the right to request that personal data concerning you be deleted without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

c) Right to restriction of processing (Art. 18 DSGVO).

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of any review.

d) Right to data portability (Art. 20 GDPR).

In certain cases, which are detailed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

e) Right of objection (Art. 21 GDPR).

If data is collected on the basis of Art. 6 (1) (f) (data processing for the protection of legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

f) Right to lodge a complaint with a supervisory authority.

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection provisions. The right of complaint can be asserted in particular before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement.

12. Data Protection Officer

We have appointed a data protection officer for our company. The contact details are:

datenschutz nord GmbH
Konsul-Smidt-Strasse 88
28217 Bremen

Phone: +49-421-696632-0
E-mail: [email protected]