Data Privacy Policy for the Heraeus Job Portal (

Data protection is a subject of special importance for Heraeus. Heraeus processes your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.

1. Objective and Responsibility

1.1. The Heraeus Job Portal (hereinafter referred to as "Website") provides an overview of job opportunities at Heraeus for potential applicants.

The purpose of this Data Privacy Policy is to advise all users of the Website if and to which extent and to what purposes personal data are processed as a result of their use of the Website. This Data Privacy Policy does not apply to the Heraeus Online Application System. Regarding the collection and use of personal data in the Heraeus Online Application System, please refer to the Data Privacy Policy of the Online Application System.

1.2. The provider of this Website and the organization responsible for ensuring compliance with the applicable data protection regulations is Heraeus Holding GmbH, Heraeusstraße 12-14, 63450 Hanau, Germany (hereinafter referred to as “Heraeus”).

1.3. This Website is available for all companies of the Heraeus Group.

1.4. The Heraeus Data Protection Officer may be contacted by e-mail at or by mail at the address stated in Sec. 1.2 above.

1.5. The term "user" comprises all visitors to the Website. For better readability, the language contained in this Privacy Policy does not provide for double gender references.

1.6. In connection with this Website, Heraeus processes only those personal data that are provided by the users themselves or that are technically required to enable the functionalities of this Website.

1.7. Heraeus processes the personal data provided by the users of this Website, e.g., first and last names, contact details and data about every access to the Website. These access data include the date / time of access to the Website, IP addresses, browser versions and information about the sub-sites that are accessed on our Website. Access data are stored in server logfiles.

2. Purposes and Legal Bases of Data Processing

2.1. Heraeus processes personal data of users only in accordance with the applicable data protection regulations requiring and/or authorizing Heraeus to process user data.

2.2. This Website serves the purpose of initiating and/or establishing employment relationships. The personal data provided by users are exclusively processed for the aforementioned purpose. The legal basis for such processing is Sec. 26 (1) sentence 1 of the German Federal Data Protection Act [BDSG] and Article 6 (1) lit. b) GDPR.

2.3. Heraeus uses cookies that are technically necessary to ensure the proper functioning of this Website. For more detailed information about cookies, please read Sec. 5 below or visit the Cookie Information Page. Furthermore, Heraeus processes the access data of each user. The legal basis for such processing is Art. 6 (1) lit f) GDPR.

2.4. Furthermore, Heraeus processes data of users if they have given their consent to such processing, e.g., the processing of user inquiries. The legal basis for such processing is Sec. 26 (2) sentence 1 BDSG and Article 6 (1) lit. a) GDPR.

3. Security Measures

3.1. Heraeus has in place state-of-the-art organizational, contractual and technical security measures to ensure compliance with data protection legislation and to adequately protect your personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.

3.2. Our security measures include, in particular, the end-to-end encryption of data for transmission between your browser and our server.

4. Transfer of Data to Third Parties and/or Third Countries

4.1. Heraeus transfers user data to other companies of the Heraeus Group provided that the respective user agrees to the transfer of such data. User data are not transferred to other third parties unless such transfer is required by mandatory law. In such case, Heraeus will inform the relevant user, unless any statutory or regulatory prohibition requires otherwise.

4.2. If a user agrees to the disclosure of his data to companies of the Heraeus Group located in third countries, the data will be transferred to such third countries. Furthermore, data may be transferred to third countries in accordance with Sec. 6.2.

4.3. Third countries are countries in which the GDPR is not directly applicable, i.e., in principle, countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if our users have given their consent or if the transfer of such data is permitted by law.

5. Cookies & Audience and Media Reach Measurement

5.1. Cookies are small pieces of information that are sent from the web server of this website to your web browser and stored locally on your computer for later retrieval. Cookies are small files or other types of stored information. On this Website, Heraeus does not use cookies for audience and media reach measurement or other advertising purposes.

5.2. For more detailed information about cookies, visit our Cookie Information Page on the Heraeus Careers Website. On this Website, Heraeus only uses the cookies described in Sec. 5.1 above. Regarding cookies that may be used on social media pages to which this Website is linked, please refer to Sec. 6 below.

6. Online Presence in Social Media

6.1. Heraeus maintains an online presence in social media networks and platforms in order to communicate with customers, interested parties and users who are active on these networks, and to inform them about the services of Heraeus.

6.2. Please note that user data may be processed outside the European Union and Switzerland. This may imply risks for users because, for instance, the enforcement of user rights might become more difficult. Please also note that US providers that are certified under the Privacy Shield are committed to comply with the data protection standards of the EU and the Swiss Confederation.

6.3. Furthermore, user data gathered through social media online platforms are usually processed for market research and advertising purposes.   For instance, user profiles may be created based on user behavior and the identified user interests. User profiles can be used, for example, to place advertisements in and outside of platforms that are likely to match the user's interests. For these purposes, usually cookies are stored on the computers of users to map user behavior and user interests. In addition, data for the creation of user profiles may be collected independently from the users' devices (in particular if the users are members of the respective platforms and if they are logged onto them).

6.4. We process the personal data of users based on our legitimate interest to inform our users and establish an efficient communication with them. If the users are asked by the respective providers to consent to the processing of data (i.e., by ticking a check box or pressing a button), the legal basis of the processing is the consent of the user.

6.5. For a detailed description of the various processing activities referred to in this Section 6 and of your options to object to the processing of personal data (opt-out), please follow the links of the individual providers below.

6.6. Users who wish to make a request for information or who wish to assert user rights are advised to directly contact these providers to ensure that their request is efficiently processed. Only the providers themselves have access to the data of the users and can take appropriate measures and provide information directly.

7. Rights of our Users

Right to information: Pursuant to Article 15 GDPR, users can request a confirmation as to whether their personal data are or have been processed. If this is the case, users have the right to request information, free of charge, about the data processed.

Right to revoke consent: If personal data are processed on the basis of consent given by a user, the user has the right to revoke such consent at any time in accordance with Article 7 GDPR.

Right to object: If personal data are processed to safeguard the legitimate interests of Heraeus, users may object to the processing of their data at any time in accordance with Article 21 GDPR. Based on a user's objection, Heraeus will stop processing such user's personal data unless Heraeus is allowed to continue the processing of the data for compelling legitimate reasons.

Right to erasure: If a user has revoked his consent, objected to the processing of his personal data (and there are no compelling legitimate reasons for the processing of the data), the personal data are no longer necessary for the purposes of the processing, a legal obligation applies in this respect, or the user's personal data have been processed unlawfully, he has the right to request the erasure of his personal data in accordance with Article 17 GDPR.

Right to rectification: If inaccurate personal data of a user have been processed, the user has the right to request that the data be corrected immediately according to Article 16 GDPR.

Right to restriction of processing: Subject to the provisions of Article 18 GDPR, users have the right to demand the restriction of the processing of their personal data.

Right to data portability: Pursuant to Article 20 GDPR, users have the right to receive the personal data concerning them, which they have provided to Heraeus, in a structured, commonly used and machine-readable format.

Right to lodge a complaint: According to Article 77 GDPR, users have a right to lodge a complaint with a competent supervisory authority.

8. Deletion of Data

The data stored by Heraeus will be deleted as soon as they are no longer required for the purpose for which they were collected unless applicable law requires longer retention. If data of users are not deleted because they are required for other, lawful purposes, their processing will be restricted. This means that the data will be blocked and will not be processed for other purposes.

Date: November 2019