Küste Hero Istock-1618458398 Chirapriya Thanakonwirakit

Data Privacy on the Websites of the Helmholtz-Zentrum hereon GmbH

Responsible party

The responsible party decides on the purpose and type of processing of your personal data. In the following, we inform you of the personal data collected, stored, and processed by the responsible party, the Helmholtz-Zentrum Hereon (hereinafter: “Hereon”), when you use the website. The websites of the Hereon might include links to websites of third parties, which are not covered by this data privacy notice.

General contact information

Phone: +49 (0)41 52 87-0

Fax: +49 (0)41 52 87-1403

E-mail contact

Max-Planck-Straße 1
21502 Geesthacht, Germany

Postal address:

Hereon data protection officer

Phone: +49 (0) 41 52 87-2010

E-mail contact

Helmholtz-Zentrum Hereon
P.O. Box 1160
21494 Geesthacht, Germany

Processing of personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

When processing personal data collected through the use of our website, we comply with the applicable legal provisions. The processing of your personal data depends on the use of our website and the contents and services offered thereon. Data processing can take place without your express consent if a legal basis exists, or if strictly necessary to render an offered service; otherwise, the use of the service or processing of your request or application would not be possible. Additionally, we only process personal user data with the users’ consent.

The Hereon uses your personal data for the following processing purposes:
collection, processing or use of your personal data otherwise takes place.

Websites

When accessing one of our websites (at www.hereon.de, www.baltic.earth, www.clm-community.eu, www.norddeutscher-klimaatlas.de, www.norddeutscher-klimamonitor.de, www.kuestenschutzbedarf.de, www.regionaler-klimaatlas.de, kofserver2.hzg.de, www.mossco.de, www.gerics.de, www.climate-service-center.de, www.klimanavigator.de, www.coastdat.de, www.noah-project.de, www.sheba-project.eu, alumni.hzg.de), we collect the following data about you: name of the accessed website, type and version of Internet browser used, date and time of page access, duration of website visit, IP address, name of the Internet provider, and the referring website from which the page was accessed. Additional collection of data can take place if the website offers additional services.

The purpose of data collection and processing exists in the access and use of the Hereon websites as well as safeguarding the functionality, optimisation, and safety of the websites. These data are also stored in the log files of our system, however they are stored separately from other personal data on the user.

The legal basis for data processing is the contract initiation or performance, or a justified interest pursuant to Article 6 (1) letter b, f of the GDPR. If we request your consent to perform certain services, the legal basis is Article 6 (1) letter a of the GDPR.

Newsletter

We will use your e-mail address to inform you about activities of the Hereon after an initial contact between you and us. You can receive a one-time notification e-mail via our newsletter if you have provided us with your e-mail address and we can assume that the contents of our newsletter may be interesting for you. The legal basis of the processing is Art. 6 Para. 1 lit. f GDPR. In accordance with our data protection declaration, you may request at any time not to receive further e-mails (by e-mail to contact@hereon.de or via the link at the end of an e-mail). You will not incur any costs other than the transmission costs according to the basic tariffs. If you do not register for the newsletter after receiving the one-time information e-mail, you will not receive any further information about our newsletter. Your e-mail address will be deleted.

Based on your consent, you may subscribe to our newsletter, which informs you about current topics from the Hereon.

To subscribe to our newsletter we use the so-called double opt-in procedure. After your registration, we will send you an e-mail to your specified e-mail address in which we will ask you to confirm that you would like to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you used and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separate data is voluntary and may be used to address you personally. We use the services of CleverReach GmbH & Co. KG as a processor for the administration and sending of newsletters (data recipient). We transfer personal data to CleverReach exclusively for the purposes of sending newsletters and managing e-mail distribution lists. We do not forward your data to third parties. Further information can be found in CleverReach's privacy policy: https://www.cleverreach.com/en/privacy-policy/
After your confirmation, we process your e-mail address for sending you the newsletter. The legal basis is Art. 6 Para. 1 lit. a GDPR.

You may revoke your consent to the sending of the newsletter at any time and cancel your subscription to the newsletter. You may revoke your consent by clicking on the link provided in each newsletter e-mail or by sending an e-mail to contact@hereon.de. After a cancellation, your personal data will be deleted.

Registrations

On our website, we offer the opportunity to register for events and receive informational material, as well as to use certain website services such as the alumni portal. Here, we collect the personal data necessary to perform the respective process, such as your contact data. You agree to our transferring of said data to third parties if this is required to perform the services and associated processes, such as payment processing. Your data are transferred e.g. if an event is not organised by us, but rather by a third party.
Applications through our applicant portal.

Applications through our applicant portal

Hereon respects your right to data protection. In the following, we will therefore inform you about the personal data collected on you as you apply through our applicant portal, as well as the purposes of their use.

1. General and scope of application

The data protection notice applies to the online application management system on the Hereon website, accessible via the URL: www.hereon.de/career/vacencies/index.php.de.

2. What are personal data?

Personal data are information that can be used to draw conclusions about your personal or material circumstances (e.g. first and last name, gender, address, telephone number, date of birth, e-mail address, or career information).

3. Purpose of data processing – what personal data are collected and processed by us?

Hereon uses this platform as the central applicant management system to recruit new employees. The applicant management system facilitates the publication of vacancies; applicants can register in our Hereon system, search for vacancies, and apply directly. The personal data stored on you in the applicant management system are used to fill vacancies. First, your data is processed for your application to a concrete vacancy specified by you. This includes any written, electronic, or telephone communication with you that takes place during an application process. Additionally, if you have given us separate consent for it, we can store your data for up to two years and process these to fill further vacancies, for which you have not applied directly. If you wish to stop the further processing of your data during this period, you can revoke your consent or object to further processing by notifying us.

In the case of rejections, we delete your data after the application procedure, except for when you have provided your consent to further storage.
Hereon solely uses the personal data collected through these websites for the aforementioned purposes and to process your application. With successful applications, we can use said data for our personnel administration.

Your personal data are only then transferred to third parties if a legal obligation to transfer exists (for example to comply with official inspection or reporting obligations), or if a notification of said transfer is provided in this data privacy notice. No data are transferred to non-EU countries.

In the following, you will find a more detailed description of the processing of your personal data by Hereon :

4. Registration and application with Hereon

To submit your application with Hereon, apply online for a vacancy through our website.

After registering for our applicant portal, you can provide us with your personal data and documents. An application dashboard is initially configured for your applications. After your online application, you will receive a registration e-mail with your access data. Your password is transmitted to our server in an encrypted manner to be stored there. If you forget your password, please use the “Forgot Password?” function provided on our website to create a new password.

During the application process, aside from your title, academic degree, family name, first name, and your degree of your education or training, the usual correspondence data such as your postal address, e-mail address, and telephone number are also collected and stored by us. In addition, application documents such as cover letters, CVs, and vocational, educational, and training qualifications, as well as employer references and possibly other documents provided by you, are collected. Special types of personal data are generally not collected through our applicant portal. The Federal Data Protection Act defines these as information about racial and ethnic origin, political opinions, religious or philosophical beliefs, union membership, health, or sex life. Information about severe disabilities is provided voluntarily.

Information that is mandatory as part of the data collection is marked accordingly (*); all further information is provided on a voluntary basis. The data you enter are transferred through a secure connection.

These data are solely stored, processed, or transferred internally within the context of your application. They are only accessible to members of the HR department and to employees responsible for recruiting within the Hereon. Your data are not transferred to companies or persons outside of the Hereon nor used for other purposes, except with your consent or where there exists an official order.

5. Consent

When registering for our applicant management programme, you provide Hereon with your personal data and express interest in employment with us. The provision of your applicant data and the consent to the processing of said data by Hereon in accordance with this data privacy statement takes place on a completely voluntary basis; therefore, we request that you, within the context of the application process, submit your consent to the processing of your data by checking the box next to “Yes, I have read and accept the data privacy statement”. Unfortunately, you cannot submit your application without providing consent.

6. “Send a vacancy via e-mail” (Tell a Friend

You have the opportunity to forward vacancies posted through our applicant dashboard to any e-mail address. To do so, select the desired vacancy under “vacancies” and use the “Tell a Friend” function. You have the opportunity of copying the link and sending it through your e-mail client. Alternatively, you can also directly open the e-mail software installed on your computer by selecting the link “forward vacancy via e-mail”. In both cases, the recipient will receive an e-mail containing a link to the vacancy in his e-mail inbox, in which you are specified as the sender.

7. Responsible party, contact, and support

The party responsible for data processing is the Helmholtz-Zentrum hereon GmbH (hereinafter: “Hereon ”). You can contact us and our data protection officer via e-mail or postal service (P.O. Box 1160, 21494 Geesthacht, Germany).
Please direct your general questions and request to us via e-mail at any time (contact@hereon.de). When contacting us via e-mail, you are generally free in choosing which data you provide to us; however, in certain cases we might not be able to properly handle your request without having certain mandatory information. Please note that the contents of e-mails are generally not encrypted before transmitting them, which makes the protection of personal data or confidential contents impossible.

In this case, we use your personal data to respond to your requests.

8. Information about the personal data on you stored by us / storage duration / deletion

You can, at any time, assess, modify or update, or delete the personal data provided by you, by logging in to your applicant dashboard and configure your data accordingly. If you choose to permanently delete your registration, the data stored in your applicant profile are automatically completely deleted. You do not need to submit a request for deletion.

9. Data processing and consent to applicant pool

If you have applied with our company, but we were currently unable to offer you an appropriate vacancy, we can – with your consent – add your application to an applicant pool. This allows us to contact you in future if a vacancy corresponds to your profile. If your application is added to an applicant pool, the data are stored for two years before they are deleted pursuant to the relevant legal provisions. If you are no longer interested in further opportunities with our company, you have the option to revoke your consent and delete your data (profile and application) yourself at any time.

Security and confidentiality of online communication

We take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, and destruction, as well as to prevent unauthorised access. Our security measures are continuously improved in line with technological developments. This is realised through the use of, inter alia, encryption mechanisms; however, there cannot be a full guarantee of security.

Please note that, particularly when sending e-mails, the confidentiality of the contents are not guaranteed without additional encryption; if possible, we advise the use of alternative means of communication.

Data deletion and storage duration

The personal data of data subjects are deleted or blocked from access as soon as the purpose of storage no longer exists. Data can also be stored to comply with legal provisions to which the Hereon is subject. Data will also be deleted or blocked from access after expiry of a legal storage duration, apart from those cases in which further storage is necessary for the conclusion or performance of a contract. In addition, your data are deleted whenever you exert your right to deletion, and we are similarly entitled to delete said data.

Third- party data transfer

If you provide us with the personal data of third parties, i.e. of persons other than you, you must first ensure that the affected person is informed thereof and that a legal basis for data transfer exists, as well as in some cases get the affected persons consent.

The legal provisions or your consent provides the basis for our transferring of your personal data to external third parties or contractors for our processing purposes.

The use of cookies

We use so-called cookies on different pages to make visiting our website more user-friendly and to enable the use of certain functions. These are small text files that are stored on your device. Some of the cookies that we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies to identify your browser the next time you pay a visit (persistent cookies). You can configure your browser to be informed whenever a cookie is placed, to accept or reject them in certain cases, or to completely disable their use. If you do not accept cookies, some functions on our website may be restricted.
Technically necessary cookies allow you to navigate our website and use its functions. Without these cookies, the functionality of certain features, such as actions made by you during a visit (e.g. text entry), cannot be guaranteed when navigating between various parts of the website.

Functional cookies make it possible for a website to store certain provided information (e.g. user name, language selection, or location information) and enhance the opportunity to offer users personal functions. These cookies gather anonymised information and cannot trace your activities on other websites.

Performance cookies gather information about the use of a website, for example which pages a user visits most often or whether the website transmits an error notification. These cookies do not store any information that allows users to be identified. The collected data are compiled and anonymised. These cookies are exclusively used to improve website performance and thereby its user-friendliness.

If you do not wish for Hereon to gather and analyse information about your visit, you have the option to object thereto at any time, with future effect (opt-out).
An opt-out cookie is stored in the browser for the technical realisation of said objection. This cookie solely serves to represent your objection. Please note that opt-out cookies, for technical reasons, can only be used for the browser that was used when it was stored. If you delete cookies or use a different browser or device, you must deregister again.

Web analysis

For the statistical analysis of the number of individual page views on our website, we use the tools AWStats, Matomo (formerly PIWIK), and Webalizer. Said data are statistically analysed in AWStats and Webalizer. They are not compiled with data from other sources. The IP addresses are deleted after analysis is completed.

Statistical evaluation using Matomo

This website uses Matomo, open-source software for the statistical analysis of visitor accesses. Matomo uses so-called “Cookies”, which are text files that are stored on your computer and allow for an analysis of your use of the website. The “session cookies” used are text files that are stored on your computer. As soon as the web browser is closed, they are deleted. The information collected by the cookie on your use of our Internet offer is transferred to a server hosted in a German computer centre. The collected data are not transferred to third parties and serve to identify and improve relevant content of our Internet offer.

The IP address is anonymised immediately after processing and before storage. Matomo is configured pursuant to the recommendations of the Unabhängiges Landeszentrum für Datenschutz (ULD) [Independent State Centre for Data Protection], in line with the applicable data protection provisions. By using this website, you consent to the processing of the data collected on you, in the manner described, and only for the stated purpose.

Withdrawal of consent to data collection by Matomo

When deactivating the web analysis, a “permanent cookie” is stored on your computer if your browser is configured accordingly. This cookie informs Matomo not to collect data on your browser.

Please note that the Matomo deactivation cookie is deleted if you clear the cookies stored in your browser. You also need to deactivate the web analysis again if you use a different computer or web browser.

Rights of data subjects – right of access

You can request Hereon to confirm data processing of your personal data. If said processing takes place, you can request the following information from Hereon:

  • the purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom your personal data are or will be disclosed;
  • the planned storage duration of the personal data affecting you or, if no concrete information can be given, criteria that define said storage duration;
  • the existence of a right to correct or delete personal data that affect you, the right to restrict processing by the responsible party, and the right to object against said processing;
  • the existence of a right to complain with a supervisory authority;
  • all available information on the origin of the data, if the personal data was not collected directly from the data subject;
  • the existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved, as well as the consequences and intended effects of said processing for the data subjects.

You reserve the right to request information about whether the personal data that affect you are transferred to a non-member country or international organisation. Within this context, you can request to be informed of the appropriate guarantees relating to the transfer pursuant to Article 46 GDPR. Your right to information can be restricted if it is expected to render impossible or significantly impair certain statistical purposes, and this restriction is necessary to fulfil said statistical purposes.

Rights of data subject – right of rectification
You have the right to request rectification and/or completion vis-à-vis the Hereon if the processed personal data that affect you are inaccurate or incomplete. The Hereon undertakes to immediately make these corrections. Your right to rectification can be restricted if it is expected to render impossible or significantly impair certain statistical purposes, and this restriction is necessary to fulfil said statistical purposes.

Rights of data subjects – right to restrict processing

Under the following conditions, you can request the restriction of the processing of personal data that affect you:

  • if you dispute the correctness of the personal data that affect you for a duration that allows the responsible party to assess the correctness of personal data;
  • if the processing is illegitimate and you reject the deletion of your personal data, requesting instead the restriction of the use of your personal data;
  • if Hereon no longer requires the personal data for the processing purposes, but still requires these to assert, exercise, or defend legal claims; or
  • if you have objected against processing pursuant to Article 21 (1) of the GDPR and it has not yet been decided whether your justified interests outweigh those of the Hereon.

If the processing of the personal data that affect you is restricted, these data may only be processed – storage is not affected by this – with your consent, to assert, exercise, or defend legal claims, to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a member state.

If the processing is restricted in accordance with the aforementioned conditions, Hereon shall inform you before lifting said restriction .Your right to restrict processing can be restricted if it is expected to render impossible or significantly impair certain statistical purposes, and this restriction is necessary to fulfil said statistical purposes.

Rights of data subjects – right to erasure

You have the right to request immediate deletion vis-à-vis the Hereon if the processed personal data that affect you are inaccurate or incomplete. The Hereon undertakes to immediately delete these data if one of the following reasons applies:

  • the personal data that affect you are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you revoke your consent substantiating the processing pursuant to Article 6 (1) letter a or Article 9 (2) letter a of the GDPR, and no other legal basis for processing exists;
  • you object to the processing pursuant to Article 21 (1) of the GDPR and no overriding justified grounds exist for processing, or if you object to the processing pursuant to Article 21 (2) of the GDPR;
  • the personal data that affect you have been processed illegitimately;
  • the deletion of the personal data that affect you is necessary to comply with a legal obligation resulting from EU or member state law, to which the responsible party is subject; or
  • the personal data that affect you are collected in connection with information society services pursuant to Article 8 (1) of the GDPR.

If the Hereon discloses personal data that affect you, and if it is obliged to delete said data pursuant to Article 17 (1) of the GDPR, the Hereon shall take, under consideration of the technology available and the costs of implementation, appropriate measures (also technical) to inform parties responsible for processing said personal data of your request as a data subject to delete all links to these personal data, as well as to delete copies or replications of these personal data.

The right to deletion does not apply if the processing is necessary to:

  • exercise the right to freedom of speech and information;
  • comply with a legal obligation that requires processing pursuant to EU or member-state rights that apply to the responsible party, to perform a task carried out in the public interest, or in the exercise of official authority;
  • serve archival purposes that are in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) of the GDPR, if the right listed under section a) is expected to render impossible or significantly impair the realisation of the purposes of said processing; or
  • assert, exercise, or defend legal claims.

Rights of data subjects – Notification obligation regarding rectification or erasure of personal data or restriction of processing

If you assert your right to correction, deletion, or processing restriction vis-à-vis the Hereon, the Hereon is obliged to inform all parties to whom the personal data that affect you have been disclosed of said data correction, deletion, or processing restriction, except for those cases in which this is impossible or associated with disproportionate effort. You reserve the right vis-à-vis the Hereon to be informed about these parties.

Rights of data subjects – right of objection

You have the right to, for reasons relating to your particular situation, at any time object to the processing of the personal data that affect you pursuant to Article 6 (1) letter e or f of the GDPR.
The Hereon shall halt the processing of personal data that affect you, unless it can demonstrate compelling legitimate grounds for said processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If the personal data that affect you are processed for purposes of direct advertisement, you have the right to object to the processing of said data for this purpose at any time. If you object to processing for direct advertising purposes, the personal data that affect you will no longer be processed for these purposes.

You also have the right to, for reasons relating to your particular situation, object to the processing of personal data that affect you for statistical purposes pursuant to Article 89 (1) of the GDPR. Your right to objection can be restricted if it is expected to render impossible or significantly impair certain statistical purposes, and this restriction is necessary to fulfil said statistical purposes.

Rights of data subjects – right to withdraw a data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. The legitimacy of the processing that took place up to the moment of revocation shall remain unaffected by said revocation.

Rights of data subjects – right to lodge a complaint to a supervisory authority

Irrespective of other legal remedies, be they administrative or judicial, you have the right to submit a complaint to a supervisory authority, in particular in the member state of your domicile, workplace, or the location of an alleged infraction, if you are of the opinion that the processing of personal data that affect you infracts on the GDPR.