Data privacy

Four white HOYER trucks with gas container on a bridge

Handling of personal data

Data privacy at HOYER

We are delighted at your interest and your visit to our website. Protection of your personal data is especially important to us in every phase of the collaboration. We would therefore like to explain to you what information we collect and how this information is used.

1. Handling of usage data on our homepage www.hoyer-group.com

1.1 Server log data

The page provider automatically collects and stores information in what are called server log files, which your browser automatically transfers. These data are mainly:

Browser type and browser version
Operating system used
Referrer URL (origin address)
Date and time of day of the server request
IP address

These data are stored separately from other data that you may transfer to us, and are not merged with data from other sources.

The basis for data processing is Article 6, Para. 1, Letter f of the GDPR (General Data Protection Regulation), which allows data processing based on legitimate interests. In this case, there is legitimate interest in the secure, trouble-free operation of the web server. To ensure this, the administration must be able to recognise and understand attacks on the system, and its malfunctions, via server log files. Accesses to the server must be stored to enable recognition of attack patterns. These data are deleted as soon as they are no longer needed. As a rule, this happens after seven (7) days. For technical reasons, data are available to the hosting service provider, but the latter is bound by our instructions and contractually obliged to us.

1.2 Contact form

When you send enquiries to us via a contact form, we store and process your information from the form in order to process the enquiry and in the event of follow-up questions.

Mandatory fields are identified accordingly. Completing mandatory fields is necessary to enable us to reply to and process your enquiries. Moreover, all information is voluntary.

Data entered into the contact form are processed exclusively based on your consent (Article 6, Para. 1, Letter a of the GDPR). You can revoke this consent at any time. Revocation applies only for the future.

We do not give your data to third parties without your consent or without another permissible legal basis. The fact that our technical service providers can gain insight cannot be excluded, but they are, however, obliged to maintain secrecy.

The data you enter into the contact form remain with us until you ask us to delete it, or you revoke your consent to storage, or the purpose of the data storage no longer applies (e.g. after processing of your enquiry is complete). Mandatory statutory provisions – especially retention periods – remain unaffected.

1.3 Cookies

We can use cookies for technical reasons, to optimize our Internet pages and to determine page views.

The cookies that are involved can be seen here, where you can also revoke consents that may possibly have been granted.

1.4 Consent management in cookies and other data storage

We use a service of Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany, to manage consents granted for cookies and similar technologies. Detailed information about this can be accessed here.

1.5 Google Analytics

With your consent, Google’s web analysis service is used. Detailed information about this can be accessed here, where you can also revoke consents that may possibly have been granted.

1.6 Google Tag Manager

The Google Tag Manager is used on this website. This allows us to centrally integrate and manage website tags, for example, to record and evaluate the behavior of you as a visitor, using tracking tools. The Google Tag Manager ensures the central execution of these other services, which in turn can collect data. We explain the other services in the other sections of this document.

The legal basis for the use is your consent. You can give or revoke your consent at any time here.

The data is processed by Google Ireland Limited in Ireland. According to Google, the data collected is also transferred to the US, which has a lower level of data protection than the EU. Thus, US authorities may have access to personal data in a simplified manner, with only limited rights against the defence of such measures. The data is transferred on the basis of the Transatlantic Data Privacy Framework and the Standard Contractual Clauses of the EU Commission.

Information on the Google Tag Manager can be found at https://support.google.com/tagmanager. Further information on data protection at Google can be found here: https://policies.google.com/privacy.

1.7 Google Ads

We use the offer of Google Ads, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). With the help of advertising material (so-called Google Ads), we can draw attention to our offers on external websites. In relation to the advertising campaign data, we can determine how successful our individual advertising measures are. In this way, we pursue our interest in showing you advertising that is of interest to you in order to make our website more interesting for you and to achieve a fair calculation of advertising costs.

The advertising material is delivered by Google via so-called ad servers. We use ad server cookies to measure the success of our advertising (such as the display of ads or user clicks on ads). If you access our website via a Google ad, Google Ads cookies will be stored on your PC.

Ads cookies enable Google to recognize your internet browser. If you visit the website of an Ads advertiser and the Ads cookie stored on your computer has not yet expired, Google and the advertiser can recognize that you have clicked on the ad and have therefore been redirected to the page.

We only receive a statistical evaluation from Google. Based on these evaluations, we can recognize which of our advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify you as a user on the basis of this information.

Detailed information about this can be accessed here, where you can also revoke consents that may possibly have been granted.

Further information on data protection at Google can be found here: https://policies.google.com/privacy?hl=en

1.8 YouTube

With your consent, YouTube videos are loaded and displayed on our pages. Detailed information about it can be accessed here, where you can also revoke consents that may possibly have been granted.

2. HOYER Connect customer portal (including web analysis)

To be able to use the HOYER Connect customer portal, you must be registered with HOYER and log on with your user name and password.

The following personal data are processed for this purpose: names, E-mail address, employer, telephone number.

These data originate from yourself or were communicated to us by your employer/client and/or by your colleagues.

Data processing takes place based on the legitimate interests of HOYER (Article 6, Para. 1, Letter f of the GDPR). The legitimate interests consist of providing information und in fulfilling the contract with your employer or client. Insofar as corresponding consent was requested, processing takes place exclusively based on Article 6, Para. 1, Letter a of the GDPR; you can revoke consent at any time.

Our IT service providers can access users’ personal data. They also include Microsoft in the USA. We draw attention to the fact that according to the present legal situation, no adequate level of protection exists in the USA. Microsoft bases its data transmission on the EU Commission’s standard contractual clauses, which you can see here.

Personal data are stored for as long as they are required for the purposes mentioned above, or until you request deletion, or for as long as this is required by legal retention periods.

When using the HOYER Connect customer portal, and if you voluntarily consent before the respective use, Microsoft’s “Azure Application Insights” web analysis service will also be used. You can access more information about this here, where you can also revoke any consent that may possibly have been granted.

You can find more information about Microsoft’s handling of your data in the Microsoft Data Protection Provisions at Microsoft Privacy Statement – Microsoft privacy

3. Handling job applicant’s data

3.1 Collecting and processing personal data

As a rule, we only process personal data about you that you have provided to us yourself, especially in the application application documents and in the job interview. The processing serves the purpose of reviewing and processing your application. If you have given your consent we will also include you in our applicant pool in order to contact you in future regarding to be able to contact you about other vacancies that match your proﬁle.

We process your personal data in order to check whether we can conclude an employment contract with you (contract initiation, Art. 6 para. 1 lit. b GDPR) or on the basis of your consent for the storage of the data in our applicant pool (Art. 6 para. 1 lit. a GDPR). You have the right to withdraw your consent to the processing of the data at any time with revoke it in whole or in part with effect for the future. The revocation can be sent in writing to jobs@hoyer-group.com or by post to the following address:

HOYER GmbH Internationale Fachspedition
Corporate Human Resources
Wendenstrasse 414 – 424
20537 Hamburg, Germany

3.2 WhatsApp

You can also submit your application to us via WhatsApp. We would like to point out that WhatsApp also processes user data outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. When you click on the corresponding link, a connection to the selected network is established and data about you is transmitted there. In order to use this feature, you must already have an account with WhatsApp, so the legal basis for this processing is your consent (Art. 6 (1) a DSGVO). The data processing by us is based on your consent (Art. 6 (1) a DSGVO).

For more information, please click here: WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Data protection information can be found at https://www.whatsapp.com/legal/#privacy-policy.

In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the provider. Only the provider has access to the user's data and can take appropriate measures and provide information directly.

3.3 Duration of storage

Your application documents will be stored for as long as they are required for the above-mentioned purposes and for as long as statutory retention periods require. If we are unable to conclude an employment contract with you, we will delete the data 6 months after the vacant position has been filled. If you have agreed to be included in our applicant pool, we will store your data for 1 year from receipt of your application.

4. Handling data of our business partners

We collect personal data about business partners and the contact persons.

We process your data for the following purposes:

making professional contact
Maintaining business relationships

The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO: Our legitimate interests are the performance of the contract and the maintenance of the business relationship. Insofar as we process personal data in addition, this is based on your consent (Art. 6 para. 1 letter a DSGVO).

For this purpose, we process the following categories of data:

Your name
Your professional contact details
Your employer and your professional position
Details of previous communication

We only process other personal data if you provide it to us voluntarily.

We only share your data with other recipients if there is a legal basis for doing so or if you give your consent in individual cases. Our technical service providers, some of whose sub-service providers are based in the USA, may also gain insight. The legal basis for the transfer to this third country are EU standard contractual clauses.

The storage period depends on the above-mentioned purposes and, if applicable, on the statutory retention periods.

5. Facebook

We maintain an online presence on Facebook, and in this context we process the data of users who are active there, in order to communicate with them and offer them information about ourselves. We draw attention to the fact that this may involve processing users’ data outside of the European Union. This may entail risks for users, e.g. because enforcing their rights may become more difficult.

We are jointly responsible with the operator of Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for the collection (but not for the further processing) of data from visitors to our Facebook page (so-called "fan page"). These data includes information about the types of contents that users view or with which they interact, or the actions they take (see under “actions taken and things provided by you and others” in Facebook’s Data Guideline: https://www.facebook.com/policy), and also information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings and cookie data; see under “device information” in Facebook’s Data Guideline). As explained in the Facebook Data Guideline, Facebook also collects and uses information to provide analysis services for page operators. We have concluded a special agreement with Facebook for this purpose. You can see the essential aspects of this agreement here: https://www.facebook.com/legal/controller_addendum

As a rule, users’ data are processed for market research and advertising purposes. User profiles can be created from the usage behaviour and the interests arising therefrom. These profiles can be used, for example, to insert advertising inside and outside of Facebook and corresponding to users’ presumed interests. As a rule, for this purpose, cookies are set on users’ computers, through which users’ usage behaviour and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are Facebook members and are logged in there).

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to Facebook’s Data Protection Declarations and statements. Requests for information and the assertion of users’ rights can also be asserted most effectively there.

Processing users’ personal data is based on our legitimate interests in effective information about/for users, and communication with users, pursuant to Article 6, Para. 1, Letter f of the GDPR. If the respective providers ask users for consent to data processing (i.e. to declare their agreement by, for example, ticking a checkbox or confirming a button), the legal basis of the processing is Article 6, Para. 1, Letter a of the GDPR.

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to Facebook’s General Data Protection Declaration at: https://www.facebook.com/policy

6. LinkedIn

Moreover, we maintain an online presence on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland), in order to communicate with users who are active there and to offer information about ourselves.

We draw attention to the fact that this may involve processing users’ data outside of the European Union. This may entail risks for users, e.g. because enforcing their rights could become more difficult.

As a rule, users’ data are also processed for market research and advertising purposes. Thus, for example, usage profiles can be created from the usage behaviour and users’ interests arising therefrom. The usage profiles can in turn be used, for example, to insert advertising inside and outside of the platforms and corresponding to users’ presumed interests. As a rule, for these purposes, cookies are set on users’ computers, through which users’ usage behaviour and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in to the latter).

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to LinkedIn’s statements: Data Protection Declaration: https://de.linkedin.com/legal/privacy-policy, opportunity to object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

In the event of requests for information and the assertion of users’ rights, we draw attention to the fact that these can be most effectively asserted with the provider, LinkedIn. Only the provider has access to the users’ data in each case, and can directly take corresponding measures and give information.

7. YouTube

Furthermore, we maintain an online presence on YouTube (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), in order to communicate with users who are active there and to offer information about ourselves.

As a rule, users’ data are also processed for market research and advertising purposes. Thus, for example, user profiles can be created from the usage behaviour and the users’ interests arising therefrom. The usage profiles can in turn be used, for example, to insert advertising inside and outside of the platforms and corresponding to users’ presumed interests. As a rule, for these purposes, cookies are set on users’ computers, through which users’ usage behaviour and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in to the latter).

Processing users’ personal data is based on our legitimate interests in effective information about/for users, and communication with users, pursuant toArticle 6, Para. 1, Letter f of the GDPR. If the respective providers ask users for consent to data processing (i.e. to declare their agreement by, for example, ticking a checkbox or confirming a button), the legal basis of the processing is Article 6, Para. 1, Letter a of the GDPR.

For a detailed presentation of the respective processing, and the opportunities to object (Opt-Out), we refer to Google’s statements: Data Protection Declaration: https://policies.google.com/privacy; opportunity to object (Opt-Out): https://adssettings.google.com/authenticated.

In the event of requests for information and the assertion of users’ rights, we draw attention to the fact that these can be most effectively asserted with the provider, Google. Only the provider has access to the users’ data in each case, and can directly take corresponding measures and give information.

8. Xing

We maintain an online presence on Xing (operated by New Work SE, Am Strandkai 1 20457 Hamburg, Germany), in order to communicate with users who are active there and to inform them there about our offers.

Users’ data can also be processed for market research and advertising purposes. Thus, for example, usage profiles can be created from the usage behaviour and the users’ interests arising therefrom. The usage profiles can in turn be used, for example, to insert advertising inside and outside of the platforms and corresponding to users’ presumed interests. As a rule, for these purposes, cookies are set on users’ computers, through which users’ usage behaviour and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in to the latter).

For a detailed presentation of the respective processing, we refer to Xing’s statements: Data Protection Declaration: https://privacy.xing.com/de/datenschutzerklaerung. You can find a description of the Opt-Out on this page: https://privacy.xing.com/de/datenschutzerklaerung/informationen-die-wir-auf-grund-ihrer-nutzung-von-xing-automatisch-erhalten/tracking-in-eingebundenen-fremdinhalten.

In the event of requests for information and the assertion of users’ rights, we draw attention to the fact that these can be most effectively asserted with the provider, LinkedIn. Only the provider has respective access to the users’ data in each case, and can directly take corresponding measures and give information.

9. Compliance Hotline

As part of our compliance management system, we have set up a compliance hotline. You have the opportunity to use this hotline to submit information on matters of which we have a legitimate interest in becoming aware.

9.1 Reporting office

The HOYER Group has set up a whistleblower system that enables all employees worldwide, as well as external persons, to report a violation of statutory provisions or of other regulations of the HOYER Code of Conduct or the Suppliers’ Code of Conduct.

Reporting observed or suspected violations can be done via a digital reporting form or by phone, even anonymously if desired, in almost any language. A global list of Compliance Hotline telephone numbers can be downloaded below.

Each report is received, reviewed and assessed, on behalf of HOYER Group’s Chief Compliance Officer, by HOYER Group’s General Counsel. If such is warranted, the Group General Counsel shall initiate a further investigation into the concern raised in the report.

All information is treated as strictly confidential. The whistleblower need not fear any disadvantages, even if the report turns out to be unjustified.

Further details about the Compliance Hotline are governed in the HOYER Group’s Compliance Hotline Policy.

To the reporting form (internally for employees)
To the reporting form (external partners and third parties)

For more details on how the Whistleblower Reporting Office handles your personal data, please see the Whistleblower Reporting Office's Privacy Policy at https://www.speakup.com/legal/privacy-statement.

9.2 Categories of personal data we process

We receive a report from the whistleblower reporting office once they have reviewed the report, which may include the following personal data:

Names and other personal data of the whistleblower only if the whistleblower does not wish to remain anonymous and agrees to share it with us;
Names and other personal data resulting from the report of the persons named in the report.

In the course of further clarification of the reported facts and further processing, further personal data may be collected and processed by us.

9.3 Purposes of data processing, legal basis

The purpose of processing the data provided to us by the whistleblower reporting office is to process and manage reports of compliance violations, violations of statutory provisions and violations in connection with our business operations by employees, customers, suppliers and other third parties.

The legal basis for the processing of your personal data as a whistleblower is, if you disclose your identity and consent to the disclosure of your name to us by the whistleblower reporting office, your consent (Art. 6 para. 1 sentence 1 lit. a DSGVO).

The legal basis for the processing of the personal data of the persons affected by the report is our legitimate interest in detecting and preventing breaches of the law and misconduct (Art. 6 para. 1 p. 1 lit. f DSGVO). A legitimate interest in the detection and prevention of legal violations and misconduct exists insofar as we are legally obliged to do so in certain areas. Moreover, such violations can not only cause considerable economic damage, but also lead to a significant loss of reputation.

If the data subject is one of our employees, the legal basis for processing in the course of processing or further investigation of the reported facts is Section 26 (1) sentence 1 BDSG (processing for purposes of the employment relationship) or Section 26 (1) sentence 2 BDSG (processing for the detection of criminal offences) and, if applicable, our legitimate interest described above (Art. 6 (1) sentence 1 lit. f DSGVO).

9.4 Disclosure to third parties

If the report concerns another company of the HOYER Group, we will pass on the contents of the report and the results of the further clarification of the facts to this company of the HOYER Group.

We may also pass on the contents of the report and the results of the further clarification of the reported facts to courts, authorities and other public bodies. This may be the case if we are legally obliged to disclose the data or if this is necessary for the assertion, exercise or defence of legal claims.

In the course of the clarification measures and in the assertion, exercise or defence of legal claims, we also make use of the support of law firms or auditing companies if necessary.

In addition, we may involve (technical) service providers in the clarification and processing of the reported facts, who act for us as processors within the meaning of Article 28 of the GDPR and are bound by instructions on the basis of corresponding agreements.

9.5 Duration of data storage

Personal data will be stored for as long as is necessary to clarify the notification and any subsequent measures, or for as long as there is a legitimate interest on our part, or for as long as is required by law. Afterwards, the data will be deleted in accordance with the legal requirements.

9.6 Transfer of data to third countries

As a general rule, no personal data from notifications will be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) unless the notification concerns a HOYER Group company located in a country outside the EU or the EEA. Countries outside the European Union or the European Economic Area may have different rules on the protection of personal data. When sharing information in this way, we will comply with the relevant data protection regulations.

10. Rights of data subjects

As a data subject, you are entitled to the following rights, insofar as the statutory conditions for them are fulfilled:

Right to information, Article 15 of the GDPR
Right to correction, Article 16 of the GDPR
Right to deletion, Article 17 of the GDPR
Right to restriction of processing, Article 18 of the GDPR
Right to data portability, Article 20 of the GDPR
Right to object, Article 21 of the GDPR

You have the right, with effect for the future, to revoke at any time the consent to data processing that you granted.

You have the right to complain to the Data Protection Supervisory Authority about data processing.

11. Contact details of the Data Protection Officer

If you have any more questions on the subject of data protection and the handling of your personal data in the HOYER Group, please contact our Data Protection Officer:

fox-on Datenschutz GmbH
Pollerhofstrasse 33 a
51789 Lindlar/Cologne, Germany
www.fox-on.com
E-mail: dsb@fox-on.com
Tel.: +49 2266/90 15 920

12. Responsible body

The body responsible for data processing on this web site is:

HOYER GmbH Internationale Fachspedition
Wendenstrasse 414–424
20537 Hamburg, Germany

Tel.: +49 40 21044 0
Fax: +49 40 21044 246
E-mail: hoyer@hoyer-group.com