Privacy Policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data on our website and its associated websites, functions and content as well as external online presences. The collection and processing of your personal data is carried out in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

1.1 Controller

The controller within the meaning of the GDPR is:
Palmer Hargreaves GmbH
Vogelsanger Straße 66
50823 Cologne
Germany

Tel: +49 221 933220
E-Mail: cologne@palmerhargreaves.com
Website: https://next.palmerhargreaves.com 

Represented by the management:
Jörn Langensiepen, Susanne Hoffmann and Dr. Iris Heilmann

The processing operations described in this privacy policy are generally processed by the above-mentioned controller. Should there be any deviations from this, this will be indicated accordingly.

1.2 Data Protection Officer

If you have any questions about the handling of your personal data, please feel free to contact us by e-mail or the Data Protection Officer responsible for us:

Marco Peters (Nextwork GmbH)
E-Mail: dataprotection@palmerhargreaves.com

1.3 Changes to the privacy policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or to implement changes to our services in the privacy policy (e.g. when introducing new services). This privacy policy is for your information only.

Last updated: 31st August 2023

To protect the security of your data during transmission, this website is encrypted and authenticated using TLS 1.3. We use HTTPS by default.

When you access our website, information of a general nature is automatically collected - even if you do not register or otherwise submit information. It is processed for the following purposes:

• Ensuring a smooth connection of the website
• Ensuring a smooth use of our website
• To assess system security and system stability
• To optimise our website

The server log files include, for example, the IP address, the type of browser used, the sub-page visited, the date and time of access. A transmission to third parties does not take place.

The data is deleted as soon as it is no longer required for the purpose of processing. This is usually the case for the data used to provide the website when the respective session has ended.

This website is hosted in Germany by Open Telekom Cloud Deutschland (Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany). In accordance with article 28 of the GDPR, we as the controller have concluded a data processing agreement with Telekom Deutschland GmbH.

On our website, we provide you with our contact information, which can be used to contact us electronically. If you decide to contact us by e-mail, the personal data you send us by e-mail will be stored solely for the purpose of processing your enquiry or contacting you.

The legal basis for the processing of the data you provide us with is article 6 (1) b) of the GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us pursuant to article 6 (1) f) of the GDPR or on the basis of your consent pursuant to article 6 (1) a) of the GDPR, if this has been requested.

For sending out our PH News we collect personal data (e-mail address), which is transmitted to us via an input mask. For an effective registration, we need a valid e-mail address. In order to verify that the registration was actually made by the interested person, we use the “double opt-in” procedure. For this purpose, we log the registration to the PH News, the sending of a confirmation e-mail and the receipt of the response requested herewith.

Based on your explicit consent pursuant to article 6 (1) a) of the GDPR, we will send you our PH News to the e-mail address you have provided. You have the right to withdraw your consent at any time with effect for the future to the storage of your personal data and its use for sending out our PH News – in accordance with article 7 (3) of the GDPR. You can unsubscribe via the unsubscribe link included in every PH News, via our Data Protection Officer or via our contact details.

7.1 Location Cologne

We process the data you send us in connection with your application in order to assess your suitability for the job (or other open positions, if applicable) and to carry out the application process. 

The processing can be carried out electronically. This is particularly the case if you send us your application via our application form. In this context, we process the following categories of personal data from you: salutation, title, first name, last name, street, house number, postal code, city, country, telephone number, e-mail address, expected salary, application documents (cover letter, information in your curriculum vitae, samples of work), way of contact, content of the personal message written by you.

The legal basis for processing your personal data in this application procedure is primarily article 6 (1) b) of the GDPR – fulfilment of our (pre)contractual measures. In Germany, section 26 BDSG (Bundesdatenschutzgesetz) also applies. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after completion of the application process, if applicable, data processing may be carried out on the basis of the requirements of article 6 of the GDPR, in particular to safeguard legitimate interests pursuant to article 6 (1) f) of the GDPR. Our interest then consists of asserting or defending claims under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz). 

Data of applicants will be deleted after 6 months in case of rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our talent pool. There, the data will be deleted after 24 months. If you have been accepted for a position during the application process, the data will be transferred from the application system to our HR system. 

Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications are then made available to the internal department heads for the respective open position for review. As a matter of principle, only those persons who need to access your data for the proper conduct of our application process have access to your data.

The data provided as part of your application will be transmitted via TLS encryption and stored in a database. This database is operated and managed by Personio SE & Co.KG, Seidlstraße 3, 80335 Munich, Germany, which offers a personnel administration and application management software. Personio SE & Co.KG is our processor in this context in accordance with article 28 of the GDPR and stores the data exclusively on ISO-certified servers in Germany. A data processing agreement between Personio SE & Co.KG and us is concluded. The privacy policy of Personio SE & Co.KG can be found at https://www.personio.de/ueber-uns/datenschutz/#datenschutz-downloads. 

No automated decision-making or profiling takes place as part of the application process. 

The provision of personal data is not required by law or contract. However, without providing them, you will not be considered in the application process. A revocation has the consequence that we are no longer allowed to process your data from this point on and you will therefore no longer be considered in the application process.

We are present in the social networks. We share content, offers and present our products via the social media channels. The respective providers of the social networks use cookies and similar technologies to record your user behaviour during any interactions. This also includes general statistics on interests and demographic characteristics (e.g. age, gender, region). However, the scope and purpose of the processing of your personal data is determined by the providers of the social networks. If you have given your consent to the providers of the respective networks in the form of your own user account, the legal basis is article 6 (1) a) of the GDPR (consent). Otherwise, the legal basis is article 6 (1) (f) of the GDPR, whereby our legitimate interests lie in the above-mentioned purposes.

Like many other websites, we also use so-called “cookies”. Cookies are small text files that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. You can delete individual cookies or the entire cookie inventory, view cookies and renew or change your cookie consent. Your browser offers another option to prevent or manage data processing.

9.1 Technically necessary cookies

Technically necessary cookies do not contain any personal data. These cookies are also used if you surf through the internet completely anonymously. Nevertheless, you can specify in the settings of your browser whether and which cookies the browser should accept. However, rejecting cookies has the disadvantage that a session is then realised via a technical path that means more uncertainty for you.

The processing of data by means of technically necessary cookies is based on a legitimate interest, the provision of a functional website in accordance with article 6 (1) f) of the GDPR. 

Our website uses the cookie consent technology of Cookiebot to obtain your consent to store certain cookies in your browser and to document this in a data protection compliant manner. The service provider of this technology is Cookiebot. The company behind Cookiebot is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. By using this function, the following personal data will be sent from you to Cookiebot respectively Cybot, stored and processed:

• IP address (in anonymised form, the last 3 digits are set to 0)
• Date and time of your consent
• Our website URL
• Technical browser data
• An encrypted, anonymous key
• Approved cookies as proof of consent

In the cookie declaration of Cookiebot (at https://www.cookiebot.com/en/cookie-declaration/) you can see which cookies can be used by the consent manager. Cybot does not sell your personal data to third parties. The personal data collected is stored on servers in the EU (Frankfurt, Germany). Your data may be transferred to a Zendesk server in the USA and stored there. Cybot discloses the subcontractors used including legal basis as well as the measures taken regarding data processing and appropriate guarantees in case of a third country transfer in the privacy policy: https://www.cookiebot.com/en/privacy-policy/  

For the purpose of optimising our online presence, we use Piwik PRO Analytics Suite. With the help of Piwik PRO, we obtain anonymous statistics about visitor flows and their behaviour. The service provider is Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany. A data processing agreement in accordance with article 28 of the GDPR is in place. The legal basis for this processing is your consent pursuant to article 6 (1) a) of the GDPR. The information about the use of our website collected by the cookies is stored in the EU. The IP address is anonymised immediately after processing and before it is stored. The information is not used to personally identify our visitors and is not merged with other personal data of the visitors.

We use the “LinkedIn Insight Tag” on our website – an analysis and tracking tool of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps and page views. This data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days.

We process and store personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulator or another legislator in laws or regulations to which the controller is subject. If the purpose of storage no longer applies or if a legally prescribed retention period expires, the personal data shall be routinely blocked or deleted in accordance with the statutory provisions.

We do not use automated decision-making or profiling.