Information security and data protection


Information security and data protection

In our daily business activities, we collect and process large quantities of confidential information and personal data, particularly from customers, employees, business partners, and investors. HORNBACH takes the responsible treatment of this data very seriously and ensures that all data is only processed in accordance with strict statutory requirements. 

This requires highly effective and secure IT infrastructure. We implement those technical and organizational measures that are required by law and economically reasonable in our IT systems, online shops, and websites in order to minimize the likelihood of unauthorized access, unauthorized changes to or processing of data, and the loss or destruction of such data and resultant damages. The IT infrastructure is maintained and optimized within reasonable economic limits by qualified internal and external experts. We base our actions on the relevant information security and cybersecurity standards and have put suitable checks in place where necessary.


The most significant data protection requirements result from the EU General Data Protection Regulation (GDPR).

Our Group companies outside the EU also base their actions on this regulation. Should they work with personal data, our employees and external service providers are obliged to comply with the requirements of data protection law. Data processors who receive data from us are selected in accordance with strict criteria and must have adequate technical and organizational measures in place to protect the data entrusted to them.


We inform all persons affected (“data subjects”) about the processing of their data.


We ensure that data subjects are able to assert their data protection rights. In particular, such persons have the following rights: 

  • Information
  • Rectification
  • Erasure
  • Blocking / restriction of processing
  • Objection
  • Data portability
  • Lodge a complaint with the relevant supervisory authority
  • Withdraw consent with future effect

Responsibility for data protection and information security is incumbent respectively on the Board of Management of HORNBACH Holding KGaA (represented by HORNBACH Management AG) and HORNBACH Baumarkt AG, as well as on the management at individual Group companies. The Information Security Officer reports directly to the Boards of Management of HORNBACH Management AG and HORNBACH Baumarkt AG. Where required by law and commercially relevant, all HORNBACH companies have appointed data protection officers. 

HORNBACH Group employees receive training on information security and data protection where necessary and relevant. The corresponding company policies are available to all employees on the intranet.