Data Privacy Policy for the Heraeus Job Portal (

Data protection is a subject of special importance for Heraeus. Heraeus processes your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.

1 General

1.1 Objective and responsibility

(1) The Heraeus Job Portal provides an overview of job opportunities at Heraeus for potential applicants. The purpose of this data privacy policy is to inform you about the nature, scope and purpose of personal data processing through the use of the Heraeus Job Portal and the associated sites, functionalities and content (hereinafter collectively referred to as “website”). This data privacy policy does not apply to the Heraeus Online Application Portal. Regarding the collection and use of personal data in the Heraeus Online Application Portal, please refer to the data privacy policy of the Online Application Portal. The data privacy policy applies irrespective of the domains, systems, platforms and devices (e.g., desktop or mobile) on which the website is made available.

(2) The provider of the website and legally responsible for it under privacy law is Heraeus Holding GmbH, Heraeusstraße 12-14, 63450 Hanau, Germany (hereafter referred to as the “provider”, “we” or “us”). For further details as well as how to contact us, please see the legal information on our website.

(3) Our Data Protection Officer can be reached via the following email address: or by post:

Data Protection Officer
c/o Heraeus Business Solutions GmbH
Heraeusstr. 12-14
63450 Hanau.

(4) The term “user” includes all visitors to our website. The term "user" and other terms used are to be understood as gender neutral.

(5) In connection with this website, Heraeus processes only those personal data that are provided by the users themselves or that are technically required to enable the functionalities of this website.

(6) Heraeus processes the personal data provided by the users of this website, e.g., first and last names, contact details and data about every access to the website. These access data include the date / time of access to the website, IP addresses, browser versions and information about the sub-sites that are accessed on our website. Access data are stored in server logfiles.

1.2 Legal basis

Your personal data is collected and processed on the following legal basis:

(a) Consent in accordance with Art. 6 (1) (a) of the General Data Protection Regulation (GDPR). Consent is a statement of intent, freely given in a specific instance in an informed and unambiguous manner in the form of a declaration or another unequivocal affirmative act, where the data subjects make it clear that they consent to the processing of their personal data. Heraeus processes data of users if they have given their consent to such processing, e.g., the processing of user requests.

(b) Necessity for the performance of a contract or in order to take steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR, i.e., the data is necessary for us to carry out our contractual obligations to users or we need the data in order to prepare a contract with users. This website serves the purpose of initiating and/or establishing employment relationships. The personal data provided by users are exclusively processed for the aforementioned purpose.

(c) Processing for compliance with a legal obligation in accordance with Art. 6 (1) (c) GDPR, i.e., the data processing is required on the basis of a law or some other requirement.

(d) Processing to safeguard legitimate interests in accordance with Art. 6 (1) (f) GDPR, i.e., the processing is necessary to safeguard our legitimate interests or those of a third party, provided the interests do not outweigh the fundamental rights and freedoms of users who require the protection of personal data. Heraeus uses cookies that are technically necessary to ensure the functionality of this website. For more detailed information about cookies, please read section 2.2 below or visit the Cookie Information page. Furthermore, Heraeus processes the access data of each user.

1.3 Data subject rights

You can assert your rights as a data subject with regard to your processed personal data at any time using the contact details of the Data Protection Officer given above. As a data subject, you have the following rights.

(1) Right to revoke consent: If personal data is processed on the basis of consent, you have the right to revoke this consent at any time for the future in accordance with Art. 7 GDPR.

(2) Right to information: In accordance with Art. 15 GDPR, you can request confirmation of whether their data is being processed. If this is the case, users have the right to information regarding the information at no charge.

(3) Right to rectification: If personal data has been processed while incorrect, you have the right, to request that this data be corrected immediately in accordance with Art. 16 GDPR.

(4) Right to erasure: If you have revoked your consent, objected to the processing of your personal data (and there are no overriding legitimate reasons for the processing), your personal data is no longer necessary for the original purpose of the processing, there is a corresponding legal obligation or personal data has been processed unlawfully, you have the right to request the deletion of their personal data in accordance with Art. 17 GDPR.

(5) Right to restriction of processing: Under the provisions of Art. 18 GDPR, you have the right to demand that the processing of their personal data be restricted.

(6) Right to data portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data they provided in a structured, commonly used and machine-readable format.

(7) Right to object: If processing the personal data is necessary to safeguard the legitimate interests of our company, you can object to the processing at any time in accordance with Art. 21 GDPR.

(8) Right to file a complaint: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the responsible supervisory authorities.

1.4 Deletion of data

Your personal data is deleted as soon as the purpose for which it was collected has ceased to exist and there are no other legal or contractual obligations to retain it.

1.5 Security measures

State-of-the-art organizational and technical security measures are in place to ensure compliance with relevant legal provisions and to protect personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.

1.6 Transfer of data to third parties and third-party providers

(1) Heraeus transfers data to third parties exclusively in accordance with legal provisions. We only transfer user data to third parties if necessary (for example, for accounting purposes) or for other purposes necessary to meet our contractual obligations to users or legal requirements.

(2) Where we use sub-contractors to provide our services, we will take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable legal provisions.

(3) If, within the scope of this privacy policy, we use content, tools or resources of other providers (hereinafter collectively referred to as “third-party-providers“) whose registered office is in a third country, it must be assumed that data are transferred to such third countries.

(4) Third countries are countries where the GDPR does not apply directly, i.e., in principle, all countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if users have given their consent or if the transfer of such data is permitted by law.

1.7 Obligation to provide personal data

We do not make the conclusion of contracts with us conditional on you providing us with personal data beforehand. In principle, there is no legal or contractual obligation for you as a user to provide us with your personal data; however, it may be that we can only provide certain offers to a limited extent or not at all if you do not provide the data required for this. If this should exceptionally be the case with the products we offer presented below, you will be informed of this separately.

1.8 Automated decision-making process

We do not intend to use any personal information collected from you for any automated decision-making process (including profiling).

2 Data Processing in Detail

2.1 Collection of access data

(1) When accessing our website, information is automatically transmitted from your browser to us; this includes the name of the website and files that are accessed, the date and time they are accessed, the quantity of data transmitted, reports about successful access, the browser type and version, your operating system, the referrer URL (the page you visited prior to visiting our website), your IP address and the requesting provider.

(2) The processing of your above-mentioned personal data is technically necessary for offering our website as a service to you and is carried out based on our legitimate interests in accordance with Art. 6(1) (f) GDPR regarding the operation of our website and, to ensure the safeguarding of the security of the processing (e.g., to prevent and identify cyber-attacks).

(3) The collection and storage of your personal data in log files is necessary for the provision of the website. For this reason, you may not request the deletion or correction of this data or object to its processing.

2.2 Use of cookies

(1) On this website, Heraeus does not use cookies for the purpose of reach measurement or other advertising purposes. If you do not want to have cookies stored on your computer, you can deactivate the corresponding option in your system settings on their browser. Stored cookies can also be deleted in the browser’s system settings. Disabling cookies may limit the functionalities of this website.

(2) The legal basis for the use of cookies that are required for the technical functionality of the online platform is Art. 6 (1) (f) GDPR. Our legitimate interest is the user-oriented and economically efficient operation of our website. For more detailed information about cookies, visit the Cookie Information page of this website.

2.3 Cookie consent management

(1) We use the cookie consent management tool provided by SAP SuccessFactors, a company registered under the trade name SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany. SAP SuccessFactors uses technologically required cookies.

(2) The cookie that is stored only contains information about your consent, which was granted or declined when accessing the website. If you later would like to revoke this consent, you can simply delete the cookie in the browser. If you access the website again, the website will ask for you to consent to the cookie again.

3 Online Presence in Social Media

(1) We maintain a presence in social networks and platforms in order to be able to communicate with active customers, interested parties and users who are active there and to provide information to users there about our services.

(2) Please note that user data may be processed outside of the European Union and Switzerland. This may imply risks for users because, for example, it could be more difficult to enforce user rights. 

(3) In addition, user data is generally processed for market research and advertising purposes. example, user behavior and the resulting information about the user’s interests can be used to create user profiles. The user profiles can, in turn, be used to place advertisements, for example, within and outside of platforms that are supposedly in line with user interests. For these purposes, cookies that record the user’s behavior and interests are generally stored on the user’s computer. In addition, data can also be stored in the user profiles separately from the users' devices (in particular if the users are members of the relevant platforms and are logged in to them).

(4) The personal data of users is processed on the basis of our legitimate interests in providing effecting information to users and communicating with users. If the users are asked to consent to data processing by the respective providers (i.e., give their consent, for example, by clicking a check box or pressing a button), the legal basis of the processing is consent.

(5) For a detailed overview of the processing and opt-out options discussed in this paragraph, see the information from the provider in the following link:

Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
a.) Privacy policy:
b.) Opt-out:

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
a.) Privacy policy:
b.) Opt-out:

XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Privacy policy/opt-out:

Please note that if you are looking for information or asserting your rights, it is best to contact the respective provider directly. Only the providers have access to your data and can take appropriate measures and provide information. You can contact us if you still need assistance.

4 Changes to the Privacy Policy

(1) We reserve the right to change the privacy policy in order to adapt to changes in the legal situation or to changes in our services and data processing. However, this only applies to policies regarding data processing. 

(2) If the consent of the user is required or if elements of the privacy policy contain components of the contract agreed the user, the changes will only be made with the user's consent.

(3) Users are requested to familiarize themselves regularly with the content of the privacy policy.

Last updated: 11th July 2022
Version: Karriere.web-2.0