In the following, we provide information about the processing of personal data when using
Personal data is all data that can be related to a specific natural person, e.g. their name or IP address.
The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
heidi International GmbH
Lindleystraße 12
60314 Frankfurt am Main
Frankfurt am Main, Germany
Email: info@heidi-hire.com
Website: www.heidi-hire.com & www.heidi-handwerk.de
We are legally represented by Florian Christian Lethen and Bijan Sadighi.
The scope of data processing, processing purposes and legal bases are explained in detail below. The following legal bases for data processing can generally be considered:
If personal data is transferred to countries outside the European Economic Area (EEA), this will only be done in accordance with the provisions of Art. 44 ff. GDPR.
If an adequacy decision by the European Commission pursuant to Art. 45 GDPR exists for a third country (e.g., within the framework of the EU-U.S. Data Privacy Framework), the transfer will be made on this basis.
In other cases, the transfer will be made on the basis of appropriate safeguards pursuant to Art. 46 GDPR, in particular using the standard contractual clauses issued by the European Commission.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons.
Data subjects have the following rights vis-à-vis us with regard to their personal data:
If you believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with a competent data protection supervisory authority.
In particular, you can contact the supervisory authority of the member state of your habitual residence, your place of work or the place of the alleged infringement.
The competent supervisory authority for us is
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Wiesbaden, Germany
Telephone: 0611-1408 0
E-mail: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de
This right is without prejudice to any other administrative or judicial remedy.
In the context of a business relationship or other relationship, customers, interested parties or third parties must only provide us with the personal data that is necessary for the establishment, execution and termination of the business relationship or for the other relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service or will no longer be able to fulfil an existing contract or other relationship.
Mandatory information is labelled as such.
We do not use fully automated decision-making, as defined in Article 22 of the GDPR, to establish or manage business or other relationships or for the application process. While some data may undergo automated processing, all binding decisions are made by the data controller. To this end, data may be shared with our partners, but only when operationally necessary and with safeguards in place to protect sensitive information. If automated decision-making procedures are applied in specific cases, you will be notified separately in accordance with legal requirements.
When you contact us, e.g. by email or telephone, the data you provide us with (e.g. names and email addresses) will be stored by us in order to answer your questions. The legal basis for the processing is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR) in answering enquiries addressed to us. We delete the data collected in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.
Our marketing website is hosted by Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. A data processing agreement has been concluded with Webflow in accordance with Art. 28 GDPR. Insofar as personal data is transferred to the USA, the transfer is based on the EU-U.S. Data Privacy Framework (DPF), for which Webflow is certified. Further information can be found at https://webflow.com/legal/privacy.
When using the website, server log data (e.g., IP address and access time) is processed for technical provision and security purposes. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the secure and functional provision of our website.
Our application pages and the storage and management of applicant data are operated via Firebase, a Google Cloud service. Applications are recorded, stored, and processed as part of our placement activities via this platform.
The provider is Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. Data processing takes place on servers in Germany (Frankfurt am Main).
A data processing agreement has been concluded with Google in accordance with Art. 28 GDPR.
The transfer of personal data within the group to third countries cannot be ruled out. In such cases, the transfer is based on appropriate safeguards in accordance with Art. 46 GDPR.
The legal basis for processing is Art. 6 (1) (b) GDPR (application process) and Art. 6 (1) (f) GDPR (technical operation and security of the platform).
When you contact us via the contact form on our marketing website, we process the data you enter (e.g., name, email address, message) in order to process your request. Processing is carried out via the servers of our hosting provider Webflow (see section 2.1).
The legal basis for processing is Art. 6 (1) (b) GDPR, if your request is aimed at concluding a contract or pre-contractual measures, and Art. 6 (1) (f) GDPR in all other cases. Our legitimate interest lies in responding appropriately to inquiries addressed to us.
The data will be deleted as soon as it is no longer required for processing the request and there are no legal retention obligations to the contrary.
If you contact us by e-mail, telephone or fax, we will store and process your enquiry including all personal data (name, enquiry) for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 (1) lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested; consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Google Web Fonts
This site uses so-called web fonts provided by Google for the standardised display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. As a result, Google becomes aware that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
Meta Pixel (Facebook Pixel)
We use the Meta Pixel on our website, provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Pixel allows us to track user behavior on our website, such as page visits or form submissions. This helps us measure reach, build target audiences (retargeting), and evaluate the effectiveness of our advertising campaigns.
The legal basis for using the Pixel is your consent pursuant to Section 25 (1) of the German TTDSG and Article 6 (1) (a) of the GDPR. You can withdraw your consent at any time via our cookie banner. Meta also offers opt-out options in your account settings.
The recipient of the data is Meta Platforms Ireland Limited. If we use the Meta Conversions API, data may also be transferred to Meta Platforms, Inc. in the USA. Such transfers are based on the EU-U.S. Data Privacy Framework (DPF), for which Meta is certified. For the collection and transmission of data via Meta Business Tools, we share joint responsibility with Meta under the applicable Controller Addendum.
Data is only processed for as long as necessary to fulfill the stated purposes.
IPinfo
We use IPinfo to process applicant data. The provider is IDB, LLC 300 Lenora Street #516, Seattle, WA 98136, USA.
IPinfo is used to filter out unwanted and abusive applications. As a result, IPinfo becomes aware that this website has been accessed via your IP address. The use of IPinfo is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in flagging abusive applications on its website.
Brevo
We use the Brevo service to manage and send emails and to send automated WhatsApp messages as part of the application process. The provider is Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France. We use Brevo as a processor in accordance with Art. 28 GDPR and it processes personal data exclusively in accordance with our instructions.
The following data in particular may be processed in the course of use:
• Email addresses
• Mobile phone numbers
• First name and, if applicable, other application-related information (e.g., job title)
• Contents of email and WhatsApp messages
• Technical communication data (e.g., timestamp, delivery status)
Processing takes place:
• in the case of application-related communication on the basis of Art. 6 (1) (b) GDPR (implementation of pre-contractual measures within the framework of the application process),
• insofar as separate consent has been given, on the basis of Art. 6 (1) (a) GDPR.
Transfer to third countries cannot be ruled out in connection with the WhatsApp Business Platform. In such cases, data transfer is based on appropriate safeguards in accordance with Art. 46 GDPR (e.g., standard contractual clauses).
Further information on data processing by Brevo can be found at:
https://www.brevo.com/de/legal/privacypolicy/
WhatsApp Business Platform (Meta)
We use the WhatsApp Business Platform, a service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to send and deliver WhatsApp messages.
When using this service, personal data (in particular mobile phone numbers, message content, communication and usage data) may be processed by Meta.
Please note that Meta also processes personal data on its own responsibility. We have no complete control over this.
It cannot be ruled out that data may be transferred to third countries (in particular the USA). The transfer is based on appropriate safeguards in accordance with Art. 46 GDPR.
Further information can be found in WhatsApp's privacy policy:
https://www.whatsapp.com/legal/privacy-policy-eea
We also use WhatsApp to communicate directly with applicants, in particular to arrange appointments, ask questions, and make voice or video calls as part of the application process.
In this context, we process the following data in particular:
• Mobile phone number,
• Message content,
• Transmitted documents or voice messages,
• Communication and usage data (e.g., times of messages or calls).
The legal basis for processing is Art. 6 (1) (b) GDPR, insofar as the communication serves the purpose of the application process.
WhatsApp is a service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Please note that WhatsApp also processes personal data (in particular metadata such as IP address, device information, and communication data) independently. We have no complete control over this.
It cannot be ruled out that data may be transferred to third countries (in particular the USA). The transfer is based on appropriate safeguards in accordance with Art. 46 GDPR.
Further information can be found in WhatsApp's privacy policy:
https://www.whatsapp.com/legal/privacy-policy-eea
We act as a recruitment agency. Candidates can apply for job vacancies at our client companies via our application pages.
Applicant data is processed via our cloud-based platform (see section 2.2).
As part of the application process, we process the following personal data in particular: Master data (e.g., name, contact details), information on qualifications and professional experience, application documents (e.g., resume), language skills, information on residence status, and technical usage data (e.g., IP address).
The processing is carried out exclusively for the purpose of conducting the application process and placing candidates with our client companies.
The legal basis for processing is Art. 6 (1) (b) GDPR (implementation of pre-contractual measures as part of the application process).
Applicant data is only transferred to client companies with the prior individual consent of the candidate, which is obtained as part of the application process (e.g., during communication).
We ask candidates not to provide any special categories of personal data within the meaning of Art. 9 GDPR (e.g., information on political opinions or religious beliefs). If such information is provided voluntarily, it will be processed exclusively within the framework of the application process.
We do not use automated decision-making within the meaning of Art. 22 GDPR.
Applicant data will be deleted as soon as it is no longer required for the application process. In the event of rejection, we will store the data for a further six months to protect our legitimate interests (e.g., for evidence and defense purposes) and then delete it, provided that there are no legal retention obligations to the contrary.
If candidates have consented to longer storage, the data will be stored until consent is revoked or until the purpose of storage no longer applies. The legality of the processing carried out until revocation remains unaffected.
We reserve the right to amend this privacy policy with effect for the future. A current version is always available here.
If you have any questions or comments regarding this privacy policy, please do not hesitate to contact us using the contact details provided above.
