Privacy Policy

The following information provides a simple overview of how we handle your personal data and your rights under the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).

1. General Information

Who is responsible for data collection on this website?

The responsible party for data processing is:

hylane GmbH
Gustav-Heinemann-Ufer 56
50968 Cologne

Email: info@hylane.de

On what legal basis do we process your data?

The term 'personal data' refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, particularly the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (§ 25 para. 1 TTDSG or Art. 6 para. 1 lit. a GDPR), to fulfill a contract to which you are a party or to carry out pre-contractual measures at your request (Art. 6 para. 1 lit. b GDPR), to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR), or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms, which require the protection of personal data, do not override (Art. 6 para. 1 lit. f GDPR).

How long will your data be stored?

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us only until the purpose for its processing no longer applies. If you assert a legitimate request for deletion or revoke your consent for data processing, your data will be deleted unless legal obligations require otherwise. In such cases, we will retain your data only for the duration required by law (e.g., tax or commercial law retention periods), after which it will be deleted.

To whom do we transfer the data?

We engage data processors to handle certain aspects of data processing. These processing activities include, for example, hosting, email dispatch, IT system operation and support, customer and order management, accounting and billing, and marketing activities. A data processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the controller. Processors do not use your data for their own purposes; instead, they process it exclusively under our instructions and are contractually obligated to implement appropriate technical and organizational measures to ensure data protection. Additionally, we may transfer your personal data to other entities, such as postal and delivery services, financial institutions, tax consulting/auditing firms, or tax authorities. Further recipients may be identified based on the specific circumstances outlined below.

Are data transferred to third countries?

Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. If no such adequacy decision by the European Commission exists, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.

If no adequacy decision is in place and nothing else is specified below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option to obtain or view a copy of these EU standard data protection clauses. Please contact the address provided under Contact for this purpose.

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art. 49 para. 1 lit. a GDPR.

What rights do you have regarding your data?

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information about whether and to what extent we process personal data concerning you.
You have the right to request the correction of your data in accordance with Art. 16 GDPR.
You have the right to request the deletion of your personal data in accordance with Art. 17 GDPR and § 35 BDSG.
You have the right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another controller in accordance with Art. 20 GDPR.
If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
In accordance with Art. 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.
If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

How can you reach our data protection officer?

You can reach the data protection officer of hylane GmbH at the following contact details:

Email: datenschutzbeauftragter@hylane.de

Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

2. Data Collection on this Website

Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose, the server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact information you provided there, will be stored by us to process your request/inquiry and handle any follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to fulfilling a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in efficiently handling inquiries (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; you may revoke your consent at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal retention periods remain unaffected or Mandatory legal provisions - especially legal retention periods - remain unaffected.

Inquiry by Email or Phone

If you contact us by email or phone, your inquiry, including all resulting personal data (e.g., name and inquiry details), will be stored and processed by us to handle your request. We do not pass on this data without your consent.

The data you send to us via email or phone inquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal retention periods remain unaffected or Mandatory legal provisions - especially legal retention periods - remain unaffected.

Cookies

Our websites use so-called 'cookies'. Cookies are small text files and do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted once you leave our website, while permanent cookies remain on your device until you delete them manually or your web browser removes them automatically.

Sometimes, cookies from third-party providers may also be stored on your device when you visit our website (third-party cookies). These enable us or allow you to access certain third-party services (e.g., cookies used for payment processing).

Cookies serve various functions. Some cookies are technically essential because certain website features would not work without them (e.g., shopping cart functionality or video playback). Other cookies help us analyze user behavior or display personalized advertising.

The use of cookies is partly necessary for the operation of our website and therefore does not require user consent. Additionally, we may use cookies to enable special features, analyze user behavior, or support marketing activities. These may include third-party cookies (i.e., cookies set by external providers). Such non-essential cookies are only used with your consent, in accordance with § 25 para. 1 TTDSG and, if applicable, Art. 6 para. 1 lit. a GDPR.

You can configure your browser to notify you about cookie settings, allow cookies only in specific cases, block cookies for certain functions or websites, or disable them entirely. You can also set your browser to automatically delete cookies upon closing. However, disabling cookies may restrict the functionality of our website. Your consent is requested when you first visit the website. You may change your decision at any time by clicking on Cookie Settings at the bottom of the page and adjusting your preferences.

Google Analytics

We use the Google Analytics service provided by Google Ireland Limited (Ireland, EU) on our website. Google Analytics is a web analytics tool that allows us to gather and analyze data on user behavior across our website. It enables us to track user interactions across different devices and sessions, allowing us to establish connections between individual user actions and analyze long-term trends.

Google Analytics relies on cookies to analyze website usage. Additionally, personal data—such as IP addresses, device identifiers, and interaction about interactions with our website are processed. Some of this data is stored on your device, while additional information is collected and stored via cookies.

Google Ireland processes this data on our behalf to evaluate website usage, generate reports on user activity, and provide us related analytics services with other services related to the use of our website and internet usage. From the collected data, pseudonymized user profiles may be created.

The setting of cookies and subsequent data processing as described above only occurs with your consent. Therefore, the legal basis for processing personal data in connection with Google Analytics is Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time via our consent management tool with future effect.

We use Google Analytics with IP anonymization enabled. This means that user IP addresses are shortened by Google Ireland within EU member states or other contracting states of the European Economic Area Agreement. The user's IP address is not combined with other Google data. The shortening of the IP address takes place on servers in the EU.

User activity data is retained for 2 months and is then automatically deleted. Expired data is erased automatically once per month.

3. Appointment Scheduling via Calendly

To provide a convenient appointment scheduling option, we use Calendly, a service provided by Calendly, LLC (Calendly/USA). When you click on the appointment scheduling link, you will be redirected to Calendly’s appointment scheduling page. Calendly is solely responsible for processing data when you visit its website.

After selecting an appointment and entering your contact details, you will receive a confirmation email from Calendly. If you use this service, the information entered in the request form, including your contact details, will be stored both by us and by Calendly on our behalf. This data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The use of Calendly aligns with our legitimate interest in enhancing our service. Therefore, the legal basis for this processing is Art. 6 para. 1 lit. f GDPR. With Calendly, a transfer of data to the USA cannot be excluded. Please refer to the information in the section 'Are data transferred to third countries?'.

For more information on data protection at Calendly, please visit https://calendly.com/privacy.

hylane has a social media profile on LinkedIn. When you visit or interact with a hylane profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.

LinkedIn Company Page

For the processing of personal data when visiting the hylane LinkedIn company page, LinkedIn Ireland Unlimited Company (Ireland/EU – 'LinkedIn') is generally solely responsible for data protection. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

When you visit, follow, or engage with the hylane LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This gives us insights into the types of actions people take on our page (so-called page insights).

As part of the page insights, LinkedIn processes data that you have provided to LinkedIn, such as your function, country, industry, seniority, company size, and employment status. In addition, LinkedIn processes information about how you interact with our page, such as whether you are a follower of our page.

With page insights, LinkedIn does not provide us with personal data about you. We only have access to aggregated insights, and it is not possible for us to draw conclusions about individual members based on the page insights.

This personal data processing as part of the page insights is carried out by LinkedIn and hylane as joint controllers. We have entered into an agreement with LinkedIn on joint processing, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at https://legal.linkedin.com/pages-joint-controller-addendum.

In this agreement, the following points are particularly agreed:

LinkedIn and hylane have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online or reach LinkedIn through the contact details in the privacy policy. You can also contact LinkedIn’s data protection officers here.
You can also contact us at the contact details provided regarding the exercise of your rights in connection with the processing of personal data as part of the page insights. In such a case, we will forward your request to LinkedIn.
LinkedIn and hylane have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing the processing for page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.

Please note that according to LinkedIn's privacy policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision by the European Commission pursuant to Art. 45 GDPR exists or based on appropriate safeguards pursuant to Art. 46 GDPR.

5. Data Processing in Connection with Satisfaction Surveys

We occasionally conduct satisfaction surveys to improve the quality of our services and better meet the needs of our prospects and business partners. For these surveys, we use the tool Microsoft Forms, provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

As part of the satisfaction surveys, we process personal data such as your name, email address, and your responses to the survey questions. This data is used solely for the purpose of measuring the satisfaction of our prospects and business partners and improving our services accordingly.

Microsoft Forms processes data, among other things, in the USA. We point out that according to the new EU-U.S. Data Privacy Framework (DPF), an adequate level of protection for data transfer to the USA exists, provided that the US companies are certified under this framework. For more information, please visit https://privacy.microsoft.com/en-us/privacystatement.

As an additional safeguard, Microsoft uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses oblige Microsoft to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other things, here: https://privacy.microsoft.com/en-us/privacystatement.

The processing of your data as part of the satisfaction surveys is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

For more information on data processing by Microsoft Forms, please refer to the Microsoft Privacy Statement.

6. Data Processing in the Application Process

When you apply to hylane, we process the personal data you provide as part of your application. This includes, in particular, your contact details (such as name, address, email address, phone number) as well as the information contained in your application documents (such as cover letter, resume, certificates).

The processing of your application data is carried out solely for the purpose of conducting the application process. The legal basis for the processing of your application data is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and § 26 BDSG (data processing for employment purposes).

Your application data will generally be stored only as long as necessary to reach a decision on your application. If no employment results, your data will be deleted no later than six months after the conclusion of the application process, unless you have explicitly consented to a longer storage period or legal retention obligations apply.