Information security and data protection
In our daily business activities we collect and process large quantities of confidential information and personal data, particularly from customers, employees, business partners, and investors. HORNBACH takes the responsible treatment of this data very seriously and ensures that all data is only processed in accordance with strict statutory requirements.
This requires highly effective and secure IT infrastructure. We implement those technical and organizational measures that are required by law and economically reasonable in our IT systems, online shops and websites in order to minimize the likelihood of unauthorized access, unauthorized changes to or processing of data, and the loss or destruction of such data and resultant damages. The IT infrastructure is maintained and optimized within economically reasonable limits by qualified internal and external experts. We base our actions on the relevant information security and cybersecurity standards and have put suitable checks in place where necessary.
The most significant data protection requirements result from the EU General Data Protection Regulation (GDPR). Our group companies outside the EU also base their actions on this regulation. Should they work with personal data, our employees and external service providers are obliged to comply with the requirements of data protection law. Data processors who receive data from us are selected in accordance with strict criteria and must have adequate technical and organizational measures in place to protect the data entrusted to them.
We inform all persons affected (“data subjects”) about the processing of their data.
- We provide information about the processing of customer data when purchases are made in the stationary store, the online shop, via the HORNBACH app, or in interaction with our customer service and about data processing by suppliers and service providers by publishing data protection notices on the websites of our group companies:
- HORNBACH Holding AG & Co. KGaA
- HORNBACH Baumarkt AG (Germany)
- HORNBACH Baumarkt GmbH (Austria)
- HORNBACH Baumarkt (Schweiz) AG (Switzerland)
- HORNBACH Baumarkt Luxemburg S.à.r.l (Luxembourg)
- HORNBACH Bouwmarkt (Nederland) B.V. (Netherlands)
- HORNBACH BAUMARKT CS spol. s r.o. (Czech Republic)
- HORNBACH-Baumarkt SK spol. s r.o (Slovakia)
- Hornbach Byggmarknad AB (Sweden)
- HORNBACH Centrala S.R.L. (Romania)
- BODENHAUS GmbH
- Hornbach Baustoff Union GmbH
- HORNBACH FORST GmbH
- Information about the processing of employee data is available to all employees on the intranet.
- We provide information about the processing of shareholder data on the HORNBACH Group’s website:
We ensure that data subjects are able to assert their data protection rights. In particular, such persons have the following rights:
- Blocking / restriction of processing
- Data portability
- Lodge a complaint with the relevant supervisory authority
- Withdraw consent with future effect
Responsibility for data protection and information security is incumbent respectively on the Board of Management of HORNBACH Holding KGaA (represented by HORNBACH Management AG) and HORNBACH Baumarkt AG, as well as on the management at individual group companies. The Information Security Officer reports directly to the Boards of Management of HORNBACH Management AG and HORNBACH Baumarkt AG. Where required by law and commercially relevant, all HORNBACH companies have appointed data protection officers.
HORNBACH Group employees receive training on information security and data protection where necessary and relevant. The corresponding company policies are available to all employees on the intranet.
We use a third-party service to embed stock quotes and the stock chart. This service may collect data about your activities. Please accept to view this content.
New Head of Communications and Investor Relations at Hornbach Group
Very first HORNBACH Vloeren opened