Data Privacy Statement

Thank you for your visit and for your interest in our website www.hensoldt-cyber.com and its web pages. We the HENSOLDT Cyber GmbH and its subsidiaries (referred to as ‘HENSOLDT Cyber’) greatly appreciate your interest in our products and services and your visit to our website. As your privacy is of great importance to us, we are committed to protecting your data so that you can feel secure when visiting our website.

This Privacy Policy is intended to inform you about the manner in which we process and protect your personal data based on the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Personal data are data that can be used to identify individuals. It makes no difference whether individuals can be identified on the basis of a single piece of information. The more information and data can be aggregated, the more precisely an individual may be identified. Personal data include, for example, a person’s name, address, age, email address and telephone number.

1. Controller responsible for data collection

If you have any questions, requests for information, applications, complaints or criticism with regard to our data protection measures, please contact:

HENSOLDT Cyber GmbH
Willy-Messerschmitt-Strasse 3
82024 Taufkirchen

Germany

Email: info@hensoldt-cyber.com

We have appointed a data protection officer in order to ensure compliance with data protection requirements. You have the option of contacting this officer directly if you have any questions regarding the processing of your personal data.

HENSOLDT Cyber

E-Mail: datenschutz@hensoldt-cyber.com

2. Collection, processing and storage of personal data via HENSOLDT Cyber

HENSOLDT collects, processes and stores your personal data solely if this is permitted by law or if you consent to it. We obtain these data in two ways: either you provide them to us or we collect them when our services are used.

2.1 Data that you provide to us

You can generally use our website without providing us with personal information. We do request personal information from you for some services so that we can process the respective service quickly and in a user-friendly manner or so that we can offer the service in the first place. Further details on all of the services offered by HENSOLDT on this website are contained in the ‘Individual services’ section of this Privacy Policy.

2.2 Data that we obtain through your use of our services

Some data are automatically collected for technical reasons when you visit our website. These data are stored temporarily in a log file. The following information is collected as part of this, without any action on your part, and stored until automatic erasure:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, where applicable, your computer’s operating system as well as the name of your access provider

We process the aforementioned data for the following purposes:

  • To ensure the straightforward establishment of a connection to the website
  • To ensure the ease of use of our website
  • To evaluate system security and stability

The legal basis for the data processing is Art. 6(1)(1)(f) GDPR. Our legitimate interest is derived from the processing purposes listed above. We never use the collected data to draw conclusions about you. The aforementioned data are erased as soon as they are no longer necessary for achieving the purpose for which they were collected. We also use cookies when our website is visited. For more information on these, please refer to Section 3 of this Privacy Policy.

2.3  Disclosure of data

In principle, we do not transfer personal data to third parties. If, in individual cases, data are transferred to a third party, you will find the relevant information in this Privacy Policy. We take appropriate measures and carry out regular checks to ensure that the data we collect cannot be viewed or accessed by unauthorized external parties.

3. Use of cookies

3.1  Definition

‘Cookies’ are small files automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.). Cookies are used to store information that arises in connection with the specific end device used. This does not mean that we can thereby identify you directly. Cookies are used to make our website more user-friendly for you. A distinction is made between the types of cookies below.

3.1 Types of cookies

Essentially necessary cookies are those used for the functionality of a website and are therefore key to navigate and operate as well as usability.

Preference cookies enable a website to remember information that changes the way a website behaves or looks, e.g. the region that you are in.

Statistic cookies allow the number of visitors and traffic sources to be logged and counted in order to measure and improve website performance. They are also used to find out if certain pages have problems or errors, which pages are the most popular and how visitors navigate the website.

Marketing cookies are used to track visits and individual activities on websites and to deliver targeted and other advertising.

In your browser, you can view the cookies that are stored on your computer, delete any cookies that have been set or change your settings to opt out of some or all cookies. Please note that some web functions may not work (properly) if you opt out of cookies or deactivate the cookie option.

3.2 Use of cookies on our website

The data processed by the cookies required to operate a website are necessary for the purposes of our legitimate interests pursuant to Art. 6(1)(f)GDPR. We also process personal data in relation to cookies with your consent pursuant to Art. 6(1)(a)GDPR. A cookie banner is displayed the first time you visit our website. This informs you which cookies are set by us or our third-party providers in which category, the purpose for which they are used and for how long they persist. You can also use this banner to make your own choices regarding whether to allow all categories, only certain categories or only strictly necessary cookies. You may change or withdraw your consent to the use of cookies at any time on our website. Please see below which consent you have currently given and which cookies are set by us and our third-party providers in which categories:

4.  Individual Services

4.1   Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (‘Google’). Google Analytics uses marketing cookies to analyze your usage of the website. The information generated by such cookies about your use of this website is usually transmitted to and stored on a Google server in the USA. IP anonymisation has been activated on this website, which means that your IP address is truncated beforehand by Google within European Union (EU) member states and other countries which are contracting parties to the Agreement on the European Economic Area. Full IP addresses are only transmitted to a Google server in the USA and truncated there in exceptional cases. On behalf of the operator of this website, Google uses this information to analyze how you use the website, to compile reports on the website activity and to provide other services relating to the use of the website and Internet usage for the website operator. The IP address transmitted by your browser within the scope of the Google Analytics service is not associated with other Google data. Google Analytics cookies are only stored if you have selected the ‘Allow all cookies’ option in the cookie banner. You may also prevent the data generated by a cookie based on your usage of the website (including your IP address) being transmitted to and processed by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

4.2   YouTube

YouTube, an online video portal provided by Google Ireland Limited, Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as ‘Google’) is used on this website. YouTube enables video publishers to upload video clips, free of charge, and other users to view, rate and comment on these, also free of charge. YouTube permits the publication of all kinds of videos, which is why entire movies and TV programmes as well as music videos, trailers and user home videos can be accessed via the web portal. Each time individual pages of this website operated by the controller responsible for the processing and into which a YouTube component (YouTube video) has been integrated are accessed, the browser on the data subject’s information technology system is automatically prompted by the respective YouTube component to download a corresponding version of the YouTube component from YouTube. Further information on YouTube is available at www.youtube.com/yt/about/de/. During this technical process, YouTube and Google gain knowledge of which specific subpage of our website was visited by the data subject. If the data subject is logged into YouTube at the same time, YouTube recognizes which specific subpage of our website was visited by the data subject when a subpage containing a YouTube video is visited. This information is collected by YouTube and Google and associated with the YouTube account of the respective data subject. YouTube and Google are therefore always informed via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the same time they visit our website; this occurs regardless of whether or not the data subject clicks on a YouTube video. If the data subject does not wish such information to be transferred to YouTube and Google, they can prevent this by logging out of their YouTube account before they visit our website.

YouTube’s published Privacy Policy, available at http://www.google.de/intl/de/policies/privacy/, provides information on how YouTube and Google collect, process and use personal data.

4.3  Applicant portal

On our website we offer you an applicant portal. In addition to the classic postal service, you can send us your application documents in this way. The use of this portal is voluntary. We have carefully selected the responsible service provider and are committed to data protection. The data transfer is secured by the most secure encryption method available in your browser. All personal information that you send us in this way will be processed with the tool Recruitee, provided by Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, Niederlande. You can find further information about Recruitee’s data processing and data protection at: https://recruitee.com/en/privacy

In addition to your name and contact details, this includes information on your educational background, qualifications and previous employers. This data will only be processed by the above-mentioned person responsible (HENSOLDT Cyber GmbH) and will not be passed on to third parties. It is only passed on within the company for the purpose of checking suitability for the advertised position. The processing is carried out on the basis of Art. 6 para. 1 lit. b  GDPR in conjunction with § 26 BDSG for the possible establishment of an employment relationship. In regard to your personal data, you have in accordance to Art. 12 – 23 GDPR the following rights:

  • Right to information (Art. 5)
  • Right to correction or deletion (Art. 16 and 17)
  • Right to data restriction (Art. 18)
  • Right to data portability (Art. 20

To do so, please contact our data privacy department.

We only keep your data for as long as necessary for the application process. If no employment contract is concluded on the basis of your application, we will delete your data at the latest 180 days after completion of the process, provided that there is no other legal basis and no legitimate interest. Our legitimate interest in accordance with Art. 6 Para. 1 letter f GDPR for the storage is based on the securing of a possible burden of proof in proceedings under the General Equal Treatment Act (AGG). If an employment contract is concluded on the basis of your application, your application documents will be stored in your personnel file for up to ten years after leaving our company for the purpose of processing the employment relationship in compliance with the statutory provisions (Art.88 in conjunction with § 26 BDSG).

4.4 Online Shop

On our website we offer you an online shop. In addition to the classic postal service, you can send us your requests by this mean. The use of the online shop is voluntary. We have carefully selected the responsible service provider and are committed to data protection. The data transfer is secured by the most secure encryption method available in your browser. If no order is concluded on the basis of our offer or your order, we will delete your data at the latest 180 days after initial contact, provided that there is no other legal basis and no legitimate interest. Our legitimate interest in accordance with Art. 6 Para. 1 letter f GDPR for the storage is based on the securing of a possible regulatory matter. If an order is concluded on the basis of your request, all details connected to the order will be stored in our customer file for up to ten years for the purpose of accounting matters. According to Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide them to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the address of the person responsible mentioned above. We save and use the data you have provided to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with due regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we reserve the right to further use your data as permitted by law.

Data processing for order processing

To process your order, we work together with the following service provider (s) who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for forwarding the data is Article 6 Paragraph 1 lit. b GDPR. In order to fulfill our contractual obligations towards our customers, we work together with external shipping partners. We give your name and your delivery address exclusively for the purpose of delivering goods, Art. 6 Para. 1 lit. b GDPR to a shipping partner selected by us.

Matrium – Fulfillment provider

If the goods are delivered by the transport service provider Matrium (HENSOLDT Cyber GmbH c/o Matrium, Willy-Messerschmitt-Straße 3, 82024 Ottobrunn, Germany), we will give your e-mail address in accordance with Art. 6 Para. 1 lit. a GDPR to DHL before delivery of the goods for the purpose of agreeing a delivery date or to announce delivery, provided that you have given your express consent in the ordering process.

4.5   Social Media Sites

We also offer you comprehensive personal support and the option to remain in contact with us via our social media pages (LinkedIn, YouTube) based on Art. 6(1)(1)(f) GDPR. These social media services themselves collect personal data in certain circumstances, e.g. via your profile stored there. It cannot be ruled out that each visitor to these sites may be logged by the aforementioned companies. For information about the purpose and scope of the data collection and the further processing and use of the data by these companies as well as your related rights and settings that may be used to protect your privacy, please refer to the privacy policies of:

LinkedIn: https://www.linkedin.com/legal/privacy-policy

YouTube: https://policies.google.com/privacy?hl=de&gl=de

4.6  Social Media Plugins

We use the following social media plugins on our website:

  • LinkedIn
  • YouTube

If you access one of our web pages that contain such a plugin, your browser establishes a direct connection to the servers of the respective companies. The plugin content is transferred directly from these to your browser and integrated into the website. Therefore, we have no influence on the amount of data collected by the respective companies with the help of these plugins. We therefore wish to inform you of the following based on the information available to us: By integrating the plugins, the respective companies receive information that you have accessed the relevant page of our web presence. If you are logged in to one of the companies mentioned above, they may assign the visit to your account there. If you interact with the plugins, the corresponding information is transferred directly from your browser to the respective company and stored there. If you do not have an account with one of the aforementioned companies, it is still possible that they may find out and store your IP address. Therefore, it cannot be ruled out that any visitor to our web presence may be logged by the aforementioned companies on the basis of their IP address and the URL accessed, even if they do not click on the plugins and are not logged into a user account with the respective company either. If you no longer wish to be shown ads based on data collected by AddThis, you can use the opt-out button at http://www.addthis.com/privacy/opt-out.

This sets an opt-out cookie which you should not delete if you wish to maintain this set-up. For information about the purpose and scope of the data collection and the further processing and use of the data by these companies as well as your related rights and settings that may be used to protect your privacy, please refer to the privacy policies of:

LinkedIn: https://www.linkedin.com/legal/privacy-policy

YouTube: https://www.linkedin.com/legal/privacy-policy

4.7  Google Maps

Within our website we implemented Google Maps to display our exact location and offer routing options to you. It is a service provided by Google Ireland Limited, Barrow Street, Dublin 4, Ireland, here forth referred to as ‘Google’. Google guarantees to comply with European law and the guidelines of GDPR even when processing data in the US. Google is certified with the EU-US Privacy Shield. For displaying of certain lettering styles, a connection to US-Google-Servers is established on our website. Providing that you make use of the embedded Google Maps components on our web appearance, Google will store a cookie on your device via your browser. To display our location and provide online directions on how to get to us, your user data and preferences are being processed. We cannot exclude the possibility of Google using US-Servers. Based on Art. 6(1)(1)(f) GDPR, we are practicing our legitimate right to optimize the functionality of our web appearance. By analyzing the established connection, Google may be able to identify which website is sending the data and to which IP-address the route is to be transferred. All use of Google Maps and of information received through Google Maps, happens according to Google’s terms of use https://policies.google.com/terms?gl=DE&hl=de and Google’s standard business conditions https://www.google.com/intl/de_de/help/terms_maps.html.

4.8  Newsletter

To register for our newsletter we collect your email-address with the tool Mailchimp provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. After registration you will receive a confirmation via the email-address provided, in which you will have to re-confirm to receive the newsletter in the future (so called Double-Opt-In). This procedure is a verification, that the registration to our newsletter has been initiated by yourself. Basis for receiving the newsletter is your consent (Art. 6(1)(1)(a) GDPR). You have the right to withdraw your consent without reason, by clicking on the link at the end of any of our newsletters.

4.9  Contact form

By using our contact form on the website the following personal data are collected:

  1. E-Mail address

The information and details with your inquiry will stored and processed for the handling of your query only and are not being transferred in any way without further consent. Hence the processing of the data provided via the contact form is based your consent and thereby Art. 6(1)(1)(a) GDPR). You have the right to object and to withdraw your consent anytime. The legitimacy of processing prior to withdrawal will remain unaffected. We save and use the data you have provided to process the query. After the query has been fully processed, your data will be blocked with due regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we reserve the right to further use your data as permitted by law.

4.10 Support Portal 

By using our online shop or our contact form on our website, you can contact us and provide information on any questions around our products that you encounter during use. The information and details with your inquiry will be stored and processed for the handling of your request only and are not being transferred in any way without further consent.

Therefore, we collect your email address or forward it from our online shop or the contact form to our JIRA Service Desk application that we host and manage ourselves. Hence the processing of the data provided via the contact form or the order process within the online shop is based on your consent and thereby Art. 6(1)(1)(a) GDPR).

We save and use the data you have provided to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked with due regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we reserve the right to further use your data as permitted by law.

4.11 Blog with comments

We offer a Blog on our website, in which you have the feature to leave a comment. We there ask for your name and email-address. Both makes conversation and discussions more personal. Also comments and answers are easier to connect. By giving your email-address you will be informed as soon as there has been a reaction to your post. All information is voluntary, so you do not have to give details. Instead of your name the blog will display ‘anonymous’ with your comment. Also, by leaving a comment, your IP-Address will be stored by your browser. Another function allows the user, to save the data provided until your next visit of our blog. The storage of this data is only after you consent. By activating the box, the site will save a cookie with the user data. This consent can also be withdrawn any time by sending us an informal email. The legitimacy of processing prior to withdrawal will remain unaffected.

5. Your rights

Of course, you retain control over all personal data that you provide to us when you visit the website and use our services. You have the following rights which you may assert free of charge.

5.2  Right of access

You have the right at all times to obtain information regarding your personal data stored by us.

5.3  Right to withdraw of consent given

You have the right to withdraw consent you have given to the processing of your personal data at any time with future effect. In the event of a withdrawal, we will erase the data concerned without undue delay provided there is no legal basis that would support further processing. Your withdrawal of consent does not affect the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn.

5.4  Right to object

If we process your personal data in the context of a consideration of interests based on our overriding legitimate interests, you have the right to object, on grounds relating to your particular situation, at any time to this processing with future effect. If you assert your right to object, we stop processing the data concerned. However, we reserve the right to continue processing if we can provide documentary proof of compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms or if the processing is necessary for the assertion, exercise or defense of legal claims. Where we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing.

5.5 Right to data portability

You have the right to request that we transfer your personal data to another entity.

5.6  Right to rectification, erasure or restriction of processing

You have the right to have your personal data rectified or erased or to restrict the processing thereof.

5.7  Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority or our company if you have a reason for a complaint. If you wish to assert rights vis-à-vis our company, please reach out to the contacts listed at the start of this Privacy Policy.

6. Period of storage

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After that period has expired, the corresponding data are routinely erased if they are no longer necessary for the achievement of the required purposes.

7. Automated decision-making

There is no automated decision-making based on the personal data collected.

8. Data security

We use the popular SSL (Secure Socket Layer) method in combination with the highest encryption level supported by your browser.

A whole key or closed padlock icon in your browser’s upper status bar indicates whether individual pages of our web presence are transmitted in encrypted form.

Generally, we use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and unauthorized third-party access. We continuously improve our security measures in line with technological advancements.