Data protection information in accordance with Art. 13 GDPR

We would like to explain how we process your data on our website www.hosti.de as transparently and as clearly as possible.

Responsible for data processing in accordance with Art. 4 para. 7 GDPR

The party responsible for processing personal data on this website is:

HOSTI GmbH
Emil-Stickel-Straße 6
74629 Pfedelbach
Tel: +49 7941 6092-0
info@hosti.de

Data protection officer

In accordance with Art. 37 GDPR and Art. 38 BDSG, we have appointed a data protection officer, whose contact details are as follows:

Sirus Beratungsgesellschaft mbH Sirus Paidar
Goppeltstr. 4
74613 Öhringen
Tel: +49 7941 64 81 360
datenschutz@sirus.de

For what purpose is the data processed in accordance with Art. 5 para.1 (b) GDPR?

The offers available on our website are mainly used for marketing and sales purposes, which is in our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR. You can also contact us if you are interested in or have questions about our products and services, in accordance with Art. 6 para 1 (b) GDPR.

Categories of personal data

So we are be able to operate the website, particular data must be processed for server requests in order to ensure the functionality of the website. This is the following data that is collected. However, we do not evaluate any of this data and it only serves the function of the site.

• IP address
• Date and time
• Requested page
• Get and post requests
• Browser used and version
• Operating system
• Language
• Time zone

Contact form for interested parties and customers

We process the following data: first name, last name, position, company and your message (free text). This data is provided both on a voluntary and mandatory basis. The processing of this data is carried out in accordance with Art. 6 para.1 (b) and (f) GDPR.

If business is initiated after the collection, we transfer the data directly to our product management system. Communication with you (e.g. by email) also stores data in our systems. However, as soon as this no longer serves a purpose and there is no legal basis, we delete the data immediately.

Applications by e-mail

If you, as an applicant, send us your application by e-mail, we will process your data as follows.

Your email address, first name and last name, as well as other data from the application documents provided by you (Art. 6 Para.1 (b) GDPR). Please avoid providing particularly sensitive data such as religious affiliation or health data (Art. 9 GDPR) in your application documents, since we do not require such information for the application process.
When your applicant data is sent by email it is transport encrypted, but not end-to-end encrypted. This means that the data can also be “read” on the receiving server.

Otherwise, the applicant emails, if sent to the email address provided, will be received centrally by our HR department. The emails are then stored there centrally and made accessible to the respective departments. The data will be deleted at the end of the application process (see below).

Deletion deadlines of personal data

Personal data collected in the context of initiating business or processing of a contract will be stored for the duration of the business relationship and in accordance with the statutory storage periods, which are specified, for example, in the German Commercial Code (HGB) or the German Fiscal Code (AO) or the GoBD.

The application data that you send us will usually be stored for up to six months from the end of the application process. If you have given your consent, we will also store it until you object to the processing, but for a maximum of two years.

Recipients or categories of recipients of personal data

The following recipients or categories of recipients may have access to your data:

• Responsible employees of HOSTI GmbH
• Hosters and IT service providers (access only to server log data)
• Specialist departments (only in the case of applicant data or special requests)

Use of cookies

What are cookies?

Cookies are small text files that are stored on your device. They help us know when and how you interact with the website.

Why do we use cookies?

• To provide certain features on our website
• For security measures
• To improve the user experience
• To provide visitor statistics

How long are cookies stored?

• Temporary cookies: These cookies are deleted as soon as you leave our website and close your browser.
• Permanent cookies: These are stored even after you close your browser, e.g. to recognise you when you next visit.

Do we need your consent?

Yes, in most cases we ask for your consent (Art. 7 in conjunction with Art. 6 para. 1 lit a and §26 TTDSG). However, there are cookies that are necessary for proper functionality of our website (functional cookies). We set these without special consent, but this does not take place on our current website. Cookies that are not technically necessary and that are stored beyond the actual browser session always require your consent.

Objection & withdrawal

You can withdraw your consent at any time. You can also object to the use of cookies by deactivating them in your browser. Please note, however, that our website may not then function correctly.

Other important information:

• Information we collect using cookies may include: websites visited, IP addresses, entries in forms and more.
• We use a system called “Compliance” to manage your cookie settings. For more information, visit the website https://complianz.io.

Using reCaptcha

reCaptcha is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use the service to prevent misuse of the contact form by so-called bots. We do this on the legal basis of Art. 6 (1) (f) GDPR in order to protect our website and IT systems. When Google uses reCaptcha, cookies are stored on the end devices that are used for tracking purposes. Therefore, reCaptcha is only used with consent in accordance with Art. 7 GDPR in conjunction with Art. 6 para. 1 (a) and §26 TTDSG.

Google reCAPTCHA collects and processes various types of user data during the verification process. This includes: the page that embeds reCAPTCHA, referrer URL, user IP address, settings of the end device (language, browser, location), dwell time, mouse movements and keystrokes, screen and window resolution, time zone, and installation of browser plugins. Google reCAPTCHA also checks whether a cookie has already been created in the user browser and, if necessary, sets a cookie to track users across sites.

Using OpenStreetMap

On our website, we use the OpenStreetMap (OSM) feature to visually display geographical information and to offer interactive maps. When using OpenStreetMap, data about your use of this website may be transmitted to OpenStreetMap and stored there.

Data processing

When you visit our website and use the interactive maps, we collect and process the following data, which may also be transmitted to OpenStreetMap:

• IP address
• Date and time of visit
• Geographical location
• Technical data such as browser type, operating system and similar information

This data is required to provide you with the functionality of the interactive maps and to ensure the stability and security of our website.

Purpose of data processing

Your data is processed to provide you with interactive maps and to improve the user-friendliness of our website.

Legal basis

The legal basis for processing your data in connection with the use of OpenStreetMap is Art. 6 para. 1 (f) GDPR (legitimate interest, based on our interest in providing you with an attractive, user-friendly website).

Storage period

Your data will only be stored as long as is necessary to provide the functionality.

Possibility to make an objection

You have the right to object to the processing of your data by OpenStreetMap at any time. To do this, you can correspondingly adjust the settings of your browser, e.g. by deactivating JavaScript functions, which may affect the functionality of our website and interactive maps.


Social media

LinkedIn

The provider for Europe is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and is a social network in the business environment.

Data processing by us

If you contact us or interact with us via LinkedIn, we may store your messages and related data in order to respond to your request or communicate with you. We do not share this information with third parties without your consent.

Data processing by LinkedIn

LinkedIn collects, stores and processes information about each visitor to this site. This includes data you provided when creating your profile, as well as information generated by your use of LinkedIn, such as interactions with posts or use of features on the platform. This also happens if you are not logged in to LinkedIn or are not a member of the network.

LinkedIn uses cookies and similar technologies to collect and analyse data. For more information on how LinkedIn uses your data, please refer to LinkedIn’s data protection declaration: https://www.linkedin.com/legal/privacy-policy.

Instagram

The provider for Europe is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and is a social network whose core is the presentation and interaction through photos and videos (Reels).

Data processing by us

We provide product photos and videos and use the platform to present our company and our employees as part of testimonials (with prior consent).

Data processing by Instagram

You can find out more about data processing under https://instagram.com/about/legal/privacy.

Purpose of data processing

We use Instagram for marketing measures and employee recruitment.

Legal basis

Legitimate interests are the legal basis for marketing and employee recruitment (Art. 6 para. 1 sentence 1 lit. f) GDPR). Although Hosti GmbH provides the content for the channel, it has no influence on the extent to which the data is processed by Instagram or by third parties to whom the data is transmitted. It is also about data that is provided and processed through interactions with our channel.

Rights of affected parties

You have the following rights vis-à-vis a responsible person with regard to your personal data:

• Right of information
• Right to amendment or deletion
• Right to restriction of processing,
• Right to object to processing,
• Right to data portability

Please make an enquiry to the responsible person as indicated above or to the data protection officer at datenschutz@sirus.de who will then forward the request.

Right to lodge a complaint

According to Art. 77, you have the right to complain about us to a supervisory authority if you believe that our conduct is not in accordance with data protection regulations. Our responsible supervisory authority is “The State Commissioner for Data Protection and Freedom of Information” (https://www.baden-wuerttemberg.datenschutz.de/impressum/). If you would like to exercise your rights as an affected party (e.g. deletion, rectification, objection), you can send your request to datenschutz@hosti.de.