Data protection information for our websites


General information on the collection of personal data


The operator of this website ("We", "Us", "Our", "Our" and "Our") takes the protection of your personal data very seriously. This Privacy Notice describes how we process and protect the personal data collected and processed via this website or affiliated websites ("Website"). It consists of a "Summarising Notice" (see below under 1.), a "Detailed Notice" (see below under 2.).


Personal data ("personal data") is all information (such as your salutation (title), your name, your address, your e-mail address, your telephone number, your bank details, your credit card number, your IP address, etc.) that relates to an identified or identifiable natural person ("data subject"). Your personal data will only be processed by us in accordance with the provisions of Regulation (EU) 2016/679 (EU General Data Protection Regulation "GDPR") and the other provisions of the applicable national data protection laws.


Your personal data will only be processed if you have consented to the processing or if the processing is permitted by law. The contents of this privacy policy inform you about the type, scope and purpose of the processing of your personal data.


This privacy policy relates exclusively to our website and other services. In the event that you are redirected to third-party websites via links from our website, please inform yourself on these websites about the handling of your personal data.


1. Summerising Note


1.1Scope of application, data subject and controller

This privacy policy applies exclusively to the collection and processing of personal data of users of our website or affiliated websites or the companies of the group of companies. The controller for all personal data collected and processed in connection with the use of the website is the operator of the website. If another controller processes personal data about how you use this website, you will receive a separate privacy policy.


1.2How you can contact us and our data protection officer

You can contact us by post using the contact details provided in the legal notice.

You can contact our data protection officer by post at the following address HYDAC Verwaltung GmbH, Abteilung Datenschutz, Industriestraße, 66280 Sulzbach/Saar, Germany or at the following e-mail address: privacy(at)hydac.com.


1.3Categories of personal data, purposes of processing and legal bases

Appendix 1 "Personal Data" to this Privacy Policy contains detailed information about (i) the categories of personal data that We collect from you; (ii) the purposes for which We process this personal data; and (iii) the legal bases for collecting and processing your personal data. If the processing is for a different purpose, We will provide you with additional information.


1.4Recipients and categories of recipients of the personal data

We transfer your personal data to other companies within the group of companies. We use internal and external service providers to provide services and products on our behalf. Your personal data is transmitted to the service providers for this purpose. Within the company and the companies of the group of companies and when using service providers, any access to your personal data in connection with your use of the website is restricted to those persons who absolutely need this data to fulfil their professional duties. We will disclose your personal data to government authorities, courts, external advisors and similar third parties who are public bodies to the extent required or permitted by applicable law.

We only pass on personal data to recipients to the extent necessary.


1.5Data transfers outside the European Economic Area ("EEA")

Some of the recipients of your personal data are located outside the EEA or have offices there. By entering into appropriate data transfer agreements or other appropriate measures, we ensure that such recipients outside the EEA provide an adequate level of protection for personal data and that appropriate technical and organisational security measures are in place to protect the personal data. Any further transfer beyond this is subject to the corresponding legal requirements.


1.6Scope and duration of storage

Your personal data will only be processed by us and/or our service providers to the extent necessary for the fulfilment of our obligations to you or for the fulfilment of the service providers' obligations to us. Processing in accordance with the applicable data protection laws only for the period necessary to fulfil the purposes for which the personal data is processed. When the purpose for the data processing has ceased to exist, the personal data will be deleted from the systems and/or records and/or steps will be taken to properly anonymise your personal data so that you can no longer be identified from that data. This does not apply if We and/or our service providers are obliged to retain your information beyond this:

to comply with legal or regulatory obligations to which we and/or our service providers are subject, with regard to statutory time limits for legal action, or

are otherwise authorised to store personal data.


1.7Your rights

In accordance with applicable data protection laws (such as the GDPR), you have the following rights: (i) the right of access; (ii) the right to obtain a copy of your personal data undergoing processing; (iii) the right to rectification; (iv) the right to erasure ("right to be forgotten"); (v) the right to restriction of processing; (vi) the right to data portability; (vii) the right to object; and (viii) the right to lodge a complaint with the competent data protection supervisory authority. If you have given your consent to the processing of personal data, you may withdraw this consent at any time. Such withdrawal does not affect the lawfulness of the processing that took place prior to the withdrawal of consent.


1.8Use of cookies and similar technologies on the website

We use cookies and similar technologies on our website. You can find detailed information on this in our cookie policy under point 5.


1.9Personal data required for the conclusion or fulfilment of the contract

You only need to provide the personal data that is marked as mandatory in the relevant forms on Our website. Without this personal data, the desired contract cannot be concluded or an existing contract can no longer be executed and may have to be cancelled. Personal data that is not labelled as mandatory in the corresponding forms on Our Website does not have to be provided.


1.10Changes to this privacy policy

This privacy policy may be subject to change. We reserve the right to amend or supplement this privacy policy at any time. You can see the current version date of this privacy policy at the bottom of the page.


2. Detailed Instructions


2.1Categories of personal data, purposes of processing and legal bases


In Appendix 1 "Personal data" to this privacy policy, you will find detailed information about

  • the categories of personal data that you actively provide to Us (e.g. by sending Us an email) and that We collect in addition to other personal data.
  • the purposes for which We process these categories of personal data; and
  • the legal basis applicable at the time of collection and processing of your personal data.


We also use cookies and similar technologies on our website. You can find detailed information on this at:





Please note that We will only process your personal data for other purposes if:

  • We are obliged to do so due to legal requirements (e.g. transmission to courts or law enforcement authorities); if you have consented to the respective processing; or
  • if the processing is lawful under other applicable law.
  • If processing is carried out for another purpose, We will provide you with additional information.


2.2Recipients and categories of recipients

We transfer your personal data to the recipients and categories of recipients listed below for the respective purposes and to the extent necessary:


Within the companies of the group.

We share your personal data with other companies for the following purposes,


  • for the implementation of marketing measures. Such data transfers are carried out on the basis of Art. 6 para. 1 lit. a) or f) GDPR,
  • for the (pre-)contractual execution and fulfilment of your enquiry to the location responsible for you on the basis of Art. 6 para. 1 lit. f) GDPR,
  • further enquiries to specific companies of the group of companies that have been received via central communication channels

(A list of these other HYDAC Group companies can be found here: https://www.hydac.com/en/locations)


Service providers (internal and external)

We use both external and internal service providers to provide services and products on our behalf and pass on your personal data to them for this purpose.

Our service providers are contractually obliged to process this personal data on our behalf under appropriate instructions, insofar as this is necessary for the respective processing purposes and to protect your personal data appropriately.

Our service providers may not otherwise process or disclose your personal data unless this is permitted by law. We share your personal data with the service providers listed in the "Service Providers" appendix to this Privacy Policy.


Public authorities, courts, external consultants and comparable third parties

  • To the extent required or permitted by applicable law to ensure compliance with applicable laws,
  • respond to official enquiries or requests from authorities to comply with applicable legal requirements,
  • protect the rights, privacy, safety or property of our website visitors, guests, employees or the public,
  • to enable us to take possible legal remedies or to prevent or limit possible bad debts or damages that we may suffer,
  • enforce the terms of use of our websites (https://www.hydac.com/en/netiquette), and
  • to respond to an emergency. Such data transfers are based on Art. 6 para. 1 lit. a), c) or f) GDPR.
  • Within the group of companies and the service providers, access to your personal data in connection with your use of the website or other services is restricted to those persons who absolutely need this data to fulfil their professional duties.


2.3Data transfers outside the European Economic Area ("EEA")

Some of the recipients of your personal data are located outside the European Economic Area, where data protection laws may provide a different level of protection than the laws in your country. We will take necessary steps under applicable data protection law to ensure that transfers from the EEA are adequately protected.


By concluding appropriate safeguards based on the standard contractual clauses (2021/914/EU) pursuant to Art. 46 para. 2 lit. c) GDPR or by other appropriate means, which can be obtained on request from the contact information provided in section 2.7, We have ensured that all recipients located outside the EEA provide an adequate level of protection for personal data and that appropriate technical and organisational security measures are in place to protect such data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and against all other unlawful forms of processing. Any transfer (including to our affiliated companies outside the EEA) is subject to the relevant legal requirements.


Transfer of data to the U.S.: EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework (DPF)


The HYDAC companies comply with the EU-U.S. Agreement, the UK Extension to the EU-U.S. Agreement and the Swiss-U.S. Privacy Framework.

For more information, please visit the U.S. Department of Commerce's Data Privacy Framework website. https://www.dataprivacyframework.gov/s/


The personal data that HYDAC collects may be stored and processed in various countries, including the United States. As a rule, it is stored in Germany.

We transfer personal data from the European Economic Area, the United Kingdom and Switzerland to other countries. Some of these countries do not have the same data protection laws as in the European Union. In such cases, we use legal agreements to ensure that your data is protected.


The HYDAC companies based in the U.S., which are listed by us in our self-certification statement (link coming soon), also adhere to the data protection principles.

As part of the transfer of data within the HYDAC companies to the U.S., we send it to our affiliated companies (HYDAC Technology Corporation, Schroeder Industries LLC).


HYDAC complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Switzerland-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce.

HYDAC has determined that we adhere to the EU-U.S. Privacy Framework Principles with respect to the processing of personal data transferred from the European Union pursuant to the EU-U.S. Data Privacy Framework and the United Kingdom (including Gibraltar) pursuant to the UK Extension of the EU-U.S. Data Privacy Framework.


HYDAC has also certified that it adheres to the principles of the Switzerland-U.S. Data Privacy Framework with respect to the processing of personal data transferred from Switzerland pursuant to the Switzerland-U.S. Data Privacy Framework. We are controller for the processing of personal data we receive and transfer to third parties acting on our behalf under the Data Privacy Framework. Under the Data Privacy Framework, we will be liable if our agent processes your personal data in a manner inconsistent with the Data Privacy Framework, unless we can prove that we are not responsible for the damage.


If there is any conflict between the terms of this Privacy Policy and the principles of the EU-U.S. Data Privacy Framework and/or the Switzerland-U.S. Data Privacy Agreement, the principles shall govern. For more information about the Data Privacy Framework and our certification, please visit the U.S. Department of Commerce website.


If you have any questions or complaints regarding our participation in the Data Privacy Framework, you may contact us by email at privacy@hydac.com. For complaints that cannot be resolved directly by us, we will work with the appropriate data protection authorities. Disputes with UK citizens will be resolved by the UK Information Commissioner. Conflicts with Swiss citizens will be resolved in cooperation with the Federal Data Protection and Information Commissioner (FDPIC). If you require contact information for data protection authorities, please contact us. As described in the Privacy Policy, there is a binding arbitration procedure for complaints that cannot be resolved in any other way. HYDAC is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (FTC).


Further information on the DPF can be found here:

  • EU Data Protection Authorities (DPAs) https://edpb.europa.eu/about-edpb/board/members_en
  • UK Information Commissioner's Office (ICO) https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/
  • Swiss Federal Data Protection and Information Commissioner (FDPIC) https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/kontaktformular_uebrige.html


2.4Scope and duration of storage


In accordance with applicable data protection laws, your personal data will be stored by HYDAC and/or our service providers only to the extent and for the duration necessary for the fulfilment of our obligations to you or for the fulfilment of the service providers' obligations to us.


Once your personal data is no longer necessary for the purpose of your processing, it will be deleted from the systems and/or records and/or steps will be taken to properly anonymise it so that you can no longer be identified from your personal data. However, we and/or our service providers must retain your data in order to comply with any legal or regulatory obligations to which HYDAC and/or our service providers are subject. If legal proceedings are initiated, the personal data will be stored until the end of these proceedings, including possible appeal periods. We may also retain personal data if this is permitted under applicable law.


As far as a more detailed description is possible, you will find detailed information in Appendix 1 "Personal data" to this data protection notice.


2.5Your rights

If you have given your consent to the processing of personal data, you can withdraw this consent at any time with effect for the future. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In accordance with applicable data protection laws (such as the GDPR), you may exercise the following rights by contacting Us using the contact information provided in Section 7:


Right to information:

You have the right to obtain information as to whether and, if so, which of your personal data is processed by Us. The right of access includes, among other things, information about the purposes of the processing, the categories of personal data concerned and the recipients and categories of recipients of the personal data. However, this is not an unlimited right and the interests of other persons may restrict your right of access. You also have the right to receive a copy of the personal data that is the subject of the processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.


Right to rectification:

You have the right to request the rectification of inaccurate personal data concerning you. Depending on the purpose of the processing, you have the right to have incomplete personal data completed, which can be done by submitting a supplementary declaration.


Right to erasure ("right to be forgotten"):

In certain circumstances, you have the right to request the erasure of personal data concerning you and We may be obliged to erase such personal data for certain reasons.

Right to restriction of processing: Under certain circumstances, you have the right to request that We restrict the processing of your personal data. In this case, the data in question will be labelled and may only be processed by Us for certain purposes.


Right to restriction of processing:

Under certain circumstances, you have the right to request that We restrict the processing of your personal data. In this case, the data in question will be labelled and may only be processed by Us for certain purposes.


Right to data portability:

In certain circumstances, you have the right to receive the personal data concerning you, which you have provided to Us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another organisation without hindrance from Us.



Right to object:

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data by Us where such processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child, including profiling based on those provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.


If your personal data is processed for direct marketing purposes where this is permitted without your prior consent, you also have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. In this case, your personal data will no longer be processed by Us for these purposes.


Right to lodge a complaint:

In addition to the above rights, you also have the right to lodge a complaint with the competent data protection supervisory authority.


2.6Personal data required for the conclusion or fulfilment of the contract


You only need to provide the personal data that We require to enter into and conduct a business relationship with you or that We are legally obliged to collect. Such personal data is labelled as mandatory information in the respective fields on Our website. Without this personal data, We will not be able to conclude the requested contract or - if you remove it at a later date - We will no longer be able to fulfil an existing contract and may have to terminate it.

Personal data that is not marked as mandatory in the corresponding fields on Our Website does not have to be provided.

In the following cases, We can only provide Our service and/or conclude a contract if You provide Us with the relevant data records:


  • Purchase contracts: Company data (address, contact details, registration number, etc.), contact person (title, surname, first name, telephone and extension, e-mail address, position, department, location);
  • Newsletter subscriptions: e-mail address, title, surname, first name, interests (industries, trends and topics) Further information on our newsletter can be found in Appendix 1 "Newsletter" to this privacy policy.




4. Amendment of this Privacy Policy

This privacy policy may be subject to change - e.g. due to the implementation of new technologies or the introduction of new services or functions. We reserve the right to amend or supplement this privacy policy at any time. We will publish the changes on https://www.hydac.com/privacy-policy.



VersionDate
Version 2.502/2023
Version 3.008/2023
Version 3.510/2023
Version 4.001/2024
Version 4.502/2024

5. Appendix


5.1 Personal Data

We process the following personal data in connection with your use of the website, as follows:


Purpose of the processingCategories of personal dataLegal basis for the processingStorage duration

Displaying our website and ensuring stability and security

Our system automatically retrieves personal data from your computer system when you visit our website. The personal data we collect about you is stored in our system's log files. This data is not stored together with other personal data. This is necessary in order to display our website to you and to ensure stability and security.





  • Browser type, operating system, internet service provider, IP address, date and time of your visit to Our Website, information about the website from which your system is directed to Our Website and information about the website that is accessed by your system via Our Website.



Necessary for the fulfilment of a contract (Art. 6 para. 1 lit. b) GDPR) and for the protection of legitimate interests (technically necessary for the operation of the website and to display it correctly for web visitors) (Art. 6 para. 1 lit. f) GDPR).The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed.

Communication with you (e.g. via the contact form offered on the website or via the e-mail address(es) provided on the website)

  • We use your personal data to properly respond to your enquiries about orders, purchased products or products that may be of interest to you and Our services, etc.
  • Our website has a contact form that you can use to get in touch with Us electronically. If you make use of this option, the data entered in the input mask will be transmitted to us and stored.

The communication channel depends on the contact information provided (e.g. chat, e-mail, telephone, etc.)

  • First and last name, title, e-mail address, telephone number, address, company, content of the enquiry, location and sector

When a message is sent via our contact form, the following data is also processed:

  • The IP address of the user and the date and time of registration



Necessary for the protection of legitimate interests (necessary for answering your enquiries) (Art. 6 para. 1 lit. f) GDPR).The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed.

Customer analytics and/or data analysis, meaning:
  • We use personal data to improve your user experience on Our Website by analysing the personal data you provide during your visit to Our Website, e.g. via cookies and similar technologies (see also Our Cookie Policy under point 5).
  • We use personal data to better understand you as a customer and to suggest personally relevant functions to you, to offer you customised content so that you can participate in interactive functions of Our Services and to offer you customised promotions.

In particular, the following personal data is processed for this purpose:

  • Country/region, cookies, web behaviour (elements and pages clicked on, products added to the shopping cart, products remaining in the shopping cart), date and time of access, industry interest and topic interest



Safeguarding legitimate interests (to customise a person's online experience, to improve the performance, usability and effectiveness of Our Website in order to increase user-friendliness, to conduct and analyse Our marketing activities in order to offer better products and services that may be of more interest to customers) (Art. 6 para. 1 lit. f) GDPR or consent (Art. 6 para. 1 lit. a) GDPR).

With regard to the personal data processed by cookies and similar technologies, we refer you to our cookie policy.


When processing personal data on the basis of your consent, the personal data will be stored until you revoke your consent and will be deleted as soon as possible after revocation.


Otherwise, the personal data will be stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer required, unless there are statutory retention obligations or statutory limitation periods must be observed.





Processing and fulfilment of product and service orders placed via the website, e.g:
  • Receive and process orders; deliver products and services; process payments; communicate with you in connection with your orders in order to properly fulfil Our contractual obligations and confirm receipt of the order and completion of the delivery via the intended communication channel such as e-mail, etc.

In particular, the following personal data is processed for this purpose:

  • Company data (address, contact details, registration number, etc.) and contact person (title, surname, first name, telephone and extension, e-mail address, position, department, location)



Necessary for the fulfilment of a contract (Art. 6 para. 1 lit. b) GDPR).Personal data is stored for up to 10 years in order to fulfil tax law requirements.

Credit checks

In the case of a purchase on account or another payment method for which we make advance payment, we can carry out a credit check procedure (scoring). For this purpose, we transmit the data you enter to a credit agency. The probability of non-payment is determined on the basis of this data. If the risk of non-payment is too high, we may refuse the payment method in question.



  • Company, company address, bank details and registration numbers

To fulfil the contract (Art. 6 para. 1 lit. b GDPR) and to safeguard a legitimate interest (avoidance of payment defaults; Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of the consent (Art. 6 para. 1 lit. a) GDPR).The personal data is stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer required, unless there are statutory retention obligations or statutory limitation periods must be observed.

Communication about Our products and services, campaigns and events that may be of interest to you / sending newsletters.


Based on your consent, we will send you information about our products, services and campaigns, e.g. by e-mail or post in the form of newsletters (direct marketing).




In particular, the following personal data is processed for this purpose:

  • Surname, first name, title, company data, company address, personal contact information (e-mail address, telephone number), country/region, language, consent status (opt-in for marketing), interests (industries, trends and topics of interest and participants in the application/registration).


,
Consent (Art. 6 para. 1 lit. a) GDPR) in the case of advertising by post to safeguard legitimate interests (Art. 6 para. 1 lit. f) GDPR). When you register for an event (e.g. customer day, HYDAC employee party, etc.), you provide us with your data because you wish to participate. Participation is generally not mandatory. The collection of data may be necessary for reasons of tax law or security on site (Art. 6 para. 1 lit c) GDPR)The personal data will be stored until you revoke your consent (e.g. unsubscribe from the newsletter), if applicable. The personal data will also be automatically deleted after 3 years at the latest if you no longer respond to our newsletter (e.g. open the newsletter email). Otherwise, the personal data will be stored for as long as is necessary for the respective purpose. The personal data will be deleted when storage is no longer necessary, unless there are statutory retention obligations or statutory limitation periods must be observed. In the context of tax law retention for billing at events, it may be necessary to retain information about your participation for 10 years.




Data processing in connection with a reporting system

We process the personal data of the reporting persons, unless the report was submitted anonymously, as well as the personal data of the accused person(s), such as name and other communication and content data, solely for the purpose of receiving and investigating reports of criminal, illegal, morally reprehensible or unfair behaviour in a secure and confidential manner.

Information about the reporting person (if not reported anonymously) and the accused(s) such as

  • First and last name, function/title, contact details, other employment-related data where applicable, Personal information identified in the reports of the investigation team, including details of the allegations made and supporting evidence, date and time of calls (when the report is received via the telephone hotline) and Any other information identified in the investigation findings and in the follow-up procedure following the report, e.g. information on criminal behaviour or data on illegal or improper behaviour, if reported

The collection of the reporting person's personal data in the case of a non-anonymous report is based on consent to the processing through the transmission of the data (implied consent) (Art. 6 para. 1 sentence 1 lit. a GDPR).


The collection, processing and disclosure of personal data of the persons named in the report serves to safeguard the legitimate interests of the company It is in the legitimate interest of companies to detect, process, remedy and sanction violations of the law and serious breaches of duty by employees throughout the centre, effectively and with a high degree of confidentiality, and to avert the associated damage and liability risks for companies (Sections 30, 130 of the German Administrative Offences Act (OWiG)). Directive (EU) 2019/1937 ("EU Whistleblower Directive") and the Whistleblower Protection Act also require the establishment of a reporting system in order to give employees and third parties the opportunity to report legal violations in the company in a protected manner.


The disclosure of personal data in the case of non-anonymous reporting to other recipients may be necessary due to a legal obligation (Art. 6 para. 1 sentence 1 letter c GDPR).


The personal data will be stored in the respective procedure for as long as required for the clarification and final assessment, a legitimate interest of the company or a legal requirement exists. This data is then deleted in accordance with the legal requirements. The duration of storage depends in particular on the severity of the suspicion and the reported possible breach of duty.




The purpose of data processing is to manage the application process. The data is required to complete the application process.


An application portal hosted by a service provider is used to process applications. The following application portals are available:

  • https://karriere.hydac.com/de/karriere-bei-hydac.html
  • https://ausbildung.hydac.com/
  • https://recruitingapp-2620.umantis.com/Vacancies/InitiativeApplication/1
  • https://recruitingapp-2620.umantis.com/Jobs/1?lang=ger&CompanyID=1&Reset=G

Among other things, the following data is processed:

  • Salutation
  • First name and surname
  • E-mail address
  • Password
  • Telephone number
  • Mobile number
  • Address
  • Application documents and other documents
  • Data provided by you
  • Company division to which you have applied
  • Remarks
  • LinkedIn profile
  • Xing profile

Furthermore, cookies from the company Haufe-Lexware GmbH & Co. KG are also used. You can call up a list of the cookies used under the following link:https://de.onlinehelp.umantis.com/index.php/Cookies



The data processing is necessary for the decision on the establishment of an employment relationship. The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 para. 1 GDPR or Art. 88 para. 1 GDPR in conjunction with national law.


If a rejected applicant has given consent for the further storage of their data, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (in conjunction with Section 26 para. 2 BDSG).



The applicant data will be deleted 6 months after the end of a specific recruitment process, unless the applicant (f/m/d) is taken on in an employment relationship or explicitly requests the deletion of their data beforehand. If the applicant (f/m/d) is also involved in other recruitment processes at the same time, the deletion of the applicant data is based on the completion of the last completed recruitment process.


Applicant data from unsolicited applications will be deleted 6 months after notification of a lack of employment opportunities within the HYDAC group.


The inclusion and storage of applicant data (including from the trainee quiz) in the talent or applicant pool for the purpose of checking for future vacancies will only take place with the consent of the applicant (f/m/d) given specifically for this purpose and will lead to the deletion of the applicant data after 12 months from the last contact, unless the applicant (f/m/d) is taken on in an employment relationship or explicitly agrees to an update and longer storage of the applicant data.






5.2 Service Provider

Depending on the purpose of the processing for which we use the respective service provider, we share certain personal data (where necessary) with the following service providers:

  1. maxcluster GmbH, Technologiepark 8, 33100 Paderborn, E-Mail: info (at) maxcluster.de als Hosting Provider.
  2. KERN GmbH, In der Kölling 7, 66450 Bexbach as part of the dispatch of postal mailings
  3. GuestOne GmbH, Hofaue 3942103 Wuppertal for guest management at events
  4. LegalTegrity GmbH, Platz der Einheit 2, 60327 Frankfurt as the operator of the whistleblower system

5.3 Processing for video surveillance

We process the following personal data in connection with the monitoring of our work areas, properties or buildings, if marked accordingly on site


Purpose of the processingCategories of personal dataLegal basis for the processingStorage duration

Processing for the purpose of protecting the employees and property of the controller.


The monitoring of the areas serves to ensure occupational safety, to prevent hazards, to control unauthorised access, to secure the domiciliary rights and the property of the controller. This is our legitimate interest.





  • optical data, such as images or videos.



Necessary for the protection of legitimate interests (Art. 6 para. 1 lit. f) GDPR).

The personal data is stored for as long as is necessary for the respective purpose. If the video recording data is stored, it will be deleted after 72 hours.

The personal data will be deleted as soon as storage is no longer required, unless there are statutory retention obligations or limitation periods must be observed.



6. Further Information on Data Privacy as a Download


BeschreibungDownload (Link to the PDF file)
Data protection notice Intellectual-Propertyhttps://www.hydac.com/fileadmin/doc/privacy/Datenschutzhinweis_Intellectual-Property_DSGVO_GDPR.pdf



7. Cookies and other Technologies

Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.


In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.


You can see which cookies we use when you use our website in the list at the end:


Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.


If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.


Consent via a consent manager

Our website uses Onetrust's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Onetrust Technology Ltd, 82 St John Street, London, UK, EC1M 4JN (hereinafter referred to as "ConsentManager").

When you enter our website, a connection is established to the Onetrust servers in order to obtain your consent and other declarations regarding the use of cookies. Onetrust then stores a cookie in your end device in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you delete the Onetrust provider cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Onetrust is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Order processing

We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


Description/scope of data processing
Legal basis for data processing
Purposes of data processing
Duration of storage
Possibility of objection and removal
  • Information about the browser type and
  • version used the user's operating system
  • the user's internet service provider
  • the user's IP address
  • the date and time of access
  • websites from which the user's system accesses our website
  • websites which the user's system accesses via our website

If cookies or cookie-like technologies are used in the context of data processing, the storage of information in the end user's end device or access to information already stored in the end user's end device is carried out in accordance with Section 25 (1) TTDSG and further data processing in accordance with Art. 6 (1) GDPR. If the use of cookies is deemed absolutely necessary, this is done on the basis of Section 25 (2) TTDSG and further data processing in accordance with Art. 6 (1) GDPR.


The protection of legitimate interests forms the legal basis for the processing of data using technically necessary cookies. The legal basis for the processing of data using cookies for analysis purposes is consent if the user has consented to this use.


The purpose of using technically necessary cookies is to make it easier for users to use websites. Some functions on our websites cannot be offered without the use of cookies. These functions require the browser to be recognised even if the user leaves the site. You can see which cookies we use and for what purpose via the following list:

The user data collected using technically necessary cookies is not used to create user profiles. Analytics cookies are used to improve the quality of our website and our content. The analytics cookies show us how the website is used. This allows us to continuously optimise our website. These purposes constitute our legitimate interest in processing the data in accordance with our legitimate interest.


The storage period depends on the cookie used. Cookies that are processed when the website is opened:


You can see the storage period in the following list.







You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions to their full extent. If you have consented to the use of the analysis cookie and wish to withdraw your consent, you can find this setting under






Type of cookie and duration of storage






1.0TIMESTAMP