Data protection

Data protection information (as of October 2023)

Privacy policy of HF Opportunities GmbH

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

HF Oppurtunities GmbH
Managing Directors:
Goetz Hertz-Eichenrode, Robert Pauli und Hermann Reitze
Günther-Wagner-Allee 13
30177 Hannover
Telephone: +49 511 28007-70
Fax: +49 511 28007-37
Email: mail(at)

Name and address of the data protection officer

The data protection officer of the controller is: Christopher Schewior (Data Protection Officer (TÜV))
E-Mail: cschewior(at)

1. General information on the processing of personal data at HF Opportunities GmbH

1.1 Type of personal data processing

As a matter of principle, we only process personal data to the extent necessary for the agreed service and to provide a functional website and our content. The processing of personal data can be carried out with your consent. If we do not consider a declaration of consent, the processing of data in our company is permitted by law.
Should you contact us, we may collect the following information in specific individual cases:

  • Title, first name, surname, gender
  • Your address
  • Email address
  • Telephone number
  • Website usage data, such as web pages visited, interest in content, access times
  • Meta and communication data, such as device information, IP addresses
  • Information that is necessary for the assertion and defense of your rights in the context of contract processing in order to be able to identify you as our contractual partner and contact person
  • for the settlement of any liability claims and the assertion of any claims against you
  • for direct advertising and marketing
  • for the administration of contractual partner data of the contract history

Further details or additions to the personal data processing can be found in the respective contract documents and/or the following information.

1.2 Collection and storage of personal data and the nature and purpose of their use

1.2.1 Purposes for fulfilling a contract or pre-contractual measures Art. 6 Para. 1 S. 1 lit. b GDPR

The processing of personal data takes place upon your request for the execution of our contracts with you and the performance of your orders as well as the implementation of measures and activities within the scope of pre-contractual relationships by prospects. The collection of this data is primarily for:

  • Identifying you as our contractual partner
  • Providing you with appropriate advice
  • Corresponding with you
  • Invoicing
  • Managing possible liability claims and asserting any claims against you
  • Measures for controlling and optimizing business processes
  • Evidence of transactions and orders
  • Fulfilling general due diligence obligations
1.2.2. Purposes in the context of a legitimate interest of us or third parties Art. 6 para. 1 sentence 1 lit. f GDPR

Beyond the actual fulfillment of the contract or pre-contract, we may process your personal data when it is necessary to protect legitimate interests of ours or third parties, especially for purposes of:

  • Postal advertising, provided you have not objected to the use of your data
  • Sending newsletters, provided we have informed you at the conclusion of the contract and you have not objected to the use of your data
  • Testing and optimizing procedures
  • Developing services as well as existing systems and processes
  • Asserting legal claims and defense in legal disputes
  • Limited storage of data, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage
  • Building and facility security through access controls and video surveillance
  • Internal and external investigations, security reviews
1.2.3 Purposes for the fulfilment of legal requirements Art. 6 para. 1 sentence 1 lit. c GDPR or in the public interest Art. 6 para. 1 sentence 1 lit. e GDPR

Like everyone involved in business, we are also subject to a variety of legal obligations. These are primarily legal requirements such as compliance with tax and regulatory requirements. In addition, the disclosure of personal data may become necessary in the context of official and/or judicial measures for the purposes of gathering evidence, criminal prosecution, or the enforcement of civil law claims.

1.3 The categories of data processed by us, if we do not receive data directly from you, and their origin

Insofar as this is necessary for the provision of our services, we process personal data lawfully obtained from other companies or third parties. We may also process personal data that we have legitimately collected from publicly accessible sources such as telephone directories, commercial and association registers, population registers, debtor directories, land registers, the Internet, and other media. Relevant categories of personal data may include:

  • Personal data, name, profession, industry, and comparable data
  • Contact details, address, email address, telephone number and similar data
  • Data about your use of the tele media offered by us, such as the time of accessing our websites
  • Meta and communication data, for example device information, IP addresses

1.4 Recipients or categories of recipients of your data

Your personal data will only be transferred to third parties if:

  • you have given us your consent to transfer your data to third parties;
  • this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR
  • this is necessary to fulfil legal requirements according to which we are obliged to provide information, report, or pass on data
  • external service companies process data on our behalf as processors or function providers, such as external data centers, support and maintenance of EDP/IT applications, marketing agencies, website management, auditing services, credit institutions, printers, or companies for data disposal.

We will not pass on your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards as we do. The data passed on may only be used by the third party for the stated purposes for which it was transmitted to them.

1.5 Duration of the storage of your data

We process and store your data for the duration of our business relationship. This includes the initiation of a contract during pre-contractual negotiations and the execution of a contract.

The personal data collected by us for the contractual relationship will be stored for 3 years after the end of the calendar year in which the (pre)contractual relationship was terminated until the expiry of the statutory retention obligation and then deleted, unless a) we are obliged to store it for a longer period in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations or b) you have consented to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Furthermore, special statutory provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation periods or other retention and documentation obligations under regulatory and procedural law. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data are no longer required for the fulfilment of contractual or legal obligations and rights, they are regularly deleted unless their – temporary – further processing is necessary for the fulfilment of the above-mentioned purposes based on an overriding legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organizational measures, as well as for the management of contractual partner data in a history.

1.6 Processing of your data in a third country

Data transfer to entities in third countries outside the European Union (EU) or the European Economic Area (EEA) occurs when it is necessary for the execution of a contract with you, it is legally required, such as due to tax reporting obligations, or you have given us your consent.

The data transfer may also occur in connection with the involvement of service providers in the context of order processing to a third country. If there is no decision by the EU Commission regarding an adequate level of data protection in the concerned country, we ensure, according to EU data protection requirements through appropriate contracts, that your rights and freedoms are adequately protected and guaranteed. We will provide you with detailed information upon request.

2. Data processing on the HF Opportunities GmbH website

2.1 Provision of the website using functional cookies

We use functional cookies on our website. Cookies are small text files that are stored in your Internet browser or by the Internet browser on your computer system. Cookies are downloaded when you visit a page. Functional cookies contain a unique string of characters that enables the browser to be uniquely identified when the website is revisited. We use functional cookies to make our website user-friendly and to ensure its proper function (technically necessary cookies). Temporary cookies, session cookies or transient cookies are cookies that are deleted after a user leaves the website and closes their browser. A login status, for example, can be stored in such a cookie. Permanent or persistent cookies are cookies that remain stored even after the browser has been closed. In addition, these cookies can be used to store user interests which are then used, for example, to measure reach or for marketing purposes. Some elements of the website require the browser from which you access our website to be able to identify you even after a page change. Each time our website is accessed, our system or the system of our hosting provider therefore automatically collects the following data and information from the computer system of the accessing computer:

  • Information about the browser type and version used, the operating system of your computer and the name of your access provider
  • The IP address of the requesting computer
  • Date and time of access
  • Access status (HTTP status)
  • Time zone difference to GMT
  • Websites from which the user’s system accesses our website
  • Websites that are accessed by the user’s system via our website

The data is stored in the server log files. We do not use the data for the purpose of drawing conclusions about your person. The aforementioned data is processed by our company for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring convenient use of our website
  • Analyzing system security and stability
  • For other administrative purposes

The legal basis for the storage of the data is Art. 6 para. 1 sentence 1 lit. f) GDPR. The aforementioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

The data is temporarily stored and deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is stored in log files, this is done after no more than 3 days. Further storage is possible; in the case of an error message, for a maximum of 30 days. Error logs, which record faulty page accesses, are deleted after 7 days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the website accessed. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user. Please note that you have no control over the use of necessary functional cookies.


2.2 Cookie consent with Borlabs

This website uses the cookie consent technology of Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg, hereinafter referred to as Borlabs) to obtain your consent for storing certain cookies on your device or for using certain technologies and to document this in a manner compliant with data protection laws. The WordPress cookie from Borlabs allows visitors to the website to select via a checkbox or switch button for each cookie and cookie group which cookies they wish to consent to (Opt-in).

When you enter our website, the following personal data is transferred to Borlabs:

  • Your consent(s) or the withdrawal of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your device
  • The time of your visit to the website

Furthermore, Borlabs stores a cookie in your browser to be able to assign the consents granted or their revocation. The data collected in this way will be stored until you ask us to delete it, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

The use of Borlabs is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 Para. 1 S. 1 lit. c) and Art. 7 GDPR.

Users can prevent or stop the installation of the cookie and its storage, and thus their cookie consent, at any time through the settings of their browser.

For more information on Borlabs, please visit: und

2.3 Matomo

Our website uses the web analysis service Matomo, a service provided by “InnoCraft Ltd”, a company based at 7 Waterloo Quay, PO625 Wellington, New Zealand. As InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU: ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg, Germany (


Matomo uses “cookies”, which make it possible to analyze the use of the website. For this purpose, the usage information recorded in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit any data to servers that are outside our control. Your IP address is immediately anonymized during this process so that you as a user are not identifiable to us. The information collected about your use of this website is not passed on to third parties.

We use the data collected for the statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website and for marketing purposes.

The legal basis for the use of Matomo is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Further information on Matomo and the option to withdraw your consent can be found here :

 [borlabs-cookie type=”btn-cookie-preference” title=”Einwilligungen überprüfen oder widerrufen” element=”link”/]

2.4 Email contact

On our website, you have the option to contact us via the provided email addresses. User information may be stored in a Customer Relationship Management system (“CRM system”) or a similar system. Our email procedure offers transport encryption of communication. With transport encryption, emails are encrypted on their way from the sender’s client computer to the sender’s email server, from there to the recipient’s email server and to the recipient’s client computer. They are also encrypted on the client computers and on the mail servers.

In the case of email contact, the personal data transmitted with the email from the user are stored.

  • This data regularly includes: Email address
  • First name, surname
  • Postal address

The following data is also stored at the time the message is sent:

  • IP address of the user
  • Date and time of registration

The data is used exclusively for processing the conversation.

The legal basis for processing the data transmitted while sending an email is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing may be Art. 6 para. 1 sentence 1 lit. b) GDPR.

The processing of personal data serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the email procedure and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no longer any statutory or contractual retention obligations.

If the user contacts us by email, they can object to the storage of their personal data at any time at the email address they used to contact us and/or at the email address, which is used for further communication by our company. In such a case, the conversation cannot be continued.

All personal data stored while making contact will be deleted if the requirements are met in this case.

2.5 LinkedIn company page

When you visit our LinkedIn company page, we are jointly responsible for the processing of your personal data with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (

We operate our LinkedIn page for information and communication with you as a user and interested party of our offer or as a potential employee/applicant. In accordance with LinkedIn’s terms of use, which every user has agreed to when creating a LinkedIn profile, we can identify subscribers to the page and view their profiles and other information shared by them. For example, your LinkedIn name and profile picture are visible to us (and other LinkedIn users) when you visit our site or comment on our posts. We therefore only collect the personal data that has obviously become part of our LinkedIn page through your involvement. We have no interest in collecting and further processing your individual personal data for marketing purposes. Accordingly, we only use the data to customize and improve our offering.

LinkedIn uses cookies to store and further process this information, i.e. small text files that are stored on the user’s various end devices. According to LinkedIn, the cookies used by LinkedIn are used for authentication, security, preferences, functions, and services, personalized advertising, analysis, and research. You can view details of the cookies used by LinkedIn here:


LinkedIn’s privacy policy contains further information on data processing.

The operation of the LinkedIn page, including the processing of users’ personal data, is based on Art. 6 para. 1 lit. f) GDPR for the realization of our legitimate interests in an information and interaction opportunity via LinkedIn for and with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 lit. a), b), c) GDPR.

We delete personal data if the purpose of the data processing has been achieved and there are no other legal reasons against deleting the data. We always delete private messages in our LinkedIn account manually after 12 months.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA:

3. Privacy Information for Applicants

3.1 Type, purposes, and scope of personal data processing

When you apply to HF Opportunities GmbH, the following information may be processed in specific individual cases:

  • Name, first name
  • Date of birth
  • Place of birth
  • Private address/telephone
  • Private email
  • Tax numbers/tax office
  • Social security number
  • Health insurance number
  • Gender/marital status/children/religion
  • Bank details
  • Compensation
  • Employee number
  • Illnesses/disabilities/pregnancy
  • Meta and communication data, such as the IP address
  • Working hours
  • Photos
  • CV/certificates/references/previous employers
  • Connection data
  • Credit card/ID data

3.2 Legal bases and purposes of personal data processing

Personal data may be processed upon your request via a speculative application, for the decision on the establishment of an employment relationship, if necessary, or for the purpose of fulfilling legal obligations to which the company is subject.

The legal basis for the processing of personal data for the aforementioned purposes is § 26 (1) BDSG in conjunction with Art. 88 GDPR.

Insofar as special categories of personal data are processed, the processing of this information is based on the exercise of rights or the fulfillment of legal obligations from labor law, tax law, and social security law. The legal basis for the aforementioned purposes for processing special categories of personal data is § 26 (1, 3) BDSG in conjunction with Art. 9 (2) lit. b), h) GDPR.

3.3 Duration of storage

Your data will not be stored longer than necessary to achieve the aforementioned purposes and the statutory civil and labor law retention rights and obligations; namely, after the conclusion of an application process in the event of non-hiring for six months, and after the commencement of pre-contractual negotiations in the context of a potential employment relationship in the event of non-hiring for a period of three years, and for a longer period if this is necessary due to further legal retention obligations or to protect the legitimate interests of HF Opportunities GmbH for the proof, assertion, and defense of legal claims.

3.4 Data transfer to third parties

Personal data is not transferred to third parties for purposes other than those mentioned above. To the extent necessary for the potential processing of an employment contract and for the establishment, implementation, and termination of an employment relationship, personal data will be disclosed to third parties, about which you will then be informed at the time of further processing.

For information on the processing of personal data when using the website and email procedures of HF Opportunities GmbH, please refer to the website’s privacy policy.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you may be entitled to the following rights vis-à-vis the controller, i.e. vis-à-vis our company, after a review of the specific individual case:

You have the right:

  • Under Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage duration, the existence of a right to correction, deletion, limitation of processing or opposition, the existence of a right of appeal, the source of your data if they were not collected from us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about their details.
  • Under Art. 16 GDPR, to demand the correction of incorrect or complete personal data stored by us immediately.
  • Under Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless the processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims.
  • Under Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion, and we no longer need the data, but you need it to assert, exercise, or defend legal claims, or you have filed an objection against the processing under Art. 21 GDPR.
  • Under Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request the transfer to another controller.
  • Under Art. 7 Para. 3 GDPR, to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent for the future.
  • Under Art. 77 GDPR, to complain to a supervisory authority. Typically, you can contact the supervisory authority of your usual place of residence, workplace, or our company headquarters.

Your right to object pursuant to Art. 21 GDPR

If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR (data processing based on a balancing of interests) or Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest), you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling as far as it is associated with such direct advertising. We will honor this objection with effect for the future.

Your data will no longer be processed for direct marketing purposes if you object to processing for these purposes.

If you wish to exercise your right of cancellation or objection, simply send an informal e-mail to mail(at)