Entity responsible:
- Hecht Fördertechnik GmbH
- Imkerweg 4a
- 32832 Augustdorf
- Lemgo HRB 4820
- Christian Küsel
- 05237 22998-0
- info@hecht-stapler.de
Stand: 24.05.2018M
1. Basic Information on Data Processing and Legal Bases
1.1. This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data within our online offering and the related websites, features and content (collectively referred to as the „online offering” or „website”). The Privacy Policy applies regardless of the domains, systems, platforms, and devices (e.g. desktop or mobile) on which the online offering is performed.
1.2. The terminology used, such as „personal data” or its „processing” refers to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). The personal data of users processed in the context of this online offering includes information data (e.g. customer names and addresses), usage data (e.g. the visited websites of our online offering, interest in our products) and content data (e.g. details entered in the contact form).
1.3. The term „user” covers all categories of data subjects. These include our business partners, customers, interested parties and other visitors to our online offering. The terminology used, such as „users” is to be understood gender-neutral.
1.4. We process personal data of users only in compliance with the relevant data protection regulations. This means that users' data will only be processed in case of legal permission. I.e., especially if the data processing for the provision of our contractual services (e.g. the processing of orders) and online services is required or prescribed by law, the consent of the user is obtained, as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offering within the meaning of Art. 6 para. 1 let. f of the GDPR, in particular in case of audience measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services.
1.5. We would like to point out that the legal basis of the consents is Art. 6 para. 1 let. a. and Art. 7 of the GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures is Art. 6 para. 1 let. b. of the GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6 para. 1 let. c. of the GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 para. 1 let. f. of the GDPR.
2. Security Measures
2.1. We undertake organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
2.2. The security measures include in particular the encrypted transfer of data between your browser and our server.
3. Transfer of Data to Third Parties and Third-Party Providers
3.1. A transfer of data to third parties is carried out only within the scope of legal requirements. We pass on the data of the users to third parties only if this is required for e.g. the purposes of the contract on the basis of Art. 6 para. 1 let. b) of the GDPR or on the basis of legitimate interests in acc. with Art. 6 para. 1 let. f. of the GDPR in the economical and effective operation of our business.
3.2. Insofar as we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.
3.3. If, within the scope of this Privacy Policy any content, tools or other means of other providers (collectively referred to as „third party providers”) are used and their seat is located in a third country, it should be assumed that data will be transferred to the countries of residence of the third party providers. The third countries are countries in which the GDPR is not a directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries occurs either when there is an adequate level of data protection, user consent or other legal permission.
4. Provision of Contractual Services
4.1. We process information data (e.g. names and addresses as well as contact data of users), contractual data (e.g. services delivered, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in acc. with Art. 6 par. 1 let. b. of the GDPR.
5. Establishing Contact
5.1. When contacting us (via contact form or e-mail), the information provided by the user in order to process the contact inquiry and its further handling will be processed acc. to Art. 6 par. 1 let. b) of the GDPR.
5.2. The user details can be stored in our Content Management System („CMS”).
6. Comments and Contributions
6.1. If users leave comments or other contributions, their IP addresses are retained for 7 days based on our legitimate interests within the meaning of Art. 6 para. 1 let. f. of the GDPR.
6.2. This is for our own safety, in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In such case we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.
7. Collection of Access Data and Log Files
7.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 let. f of the GDPR, we collect data about each access to the server on which this service is located (so-called server log files). The access data include name of the viewed website, file, date and time of your visit, volume of data transmitted, notification of successful access, web browser type along with its version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
7.2. The logfile information is retained for security purposes (e.g. to clarify abusive or fraudulent activities) for a maximum period of seven days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion until final clarification of the incident.
8.Cookies & Audience Measurement
8.1. Cookies are information transmitted from our web server or third-party web servers to users' web browsers and retained there for later visit. Cookies are small files or other types of information storage.
8.2. We use „session cookies” that are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offering at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies cannot save any other data. Session cookies are deleted when you have finished using our online offering and you have e.g. logged out or closed the browser.
8.3. The users will be informed about the use of cookies in the scope of pseudonymous audience measurement in the context of this privacy policy.
8.4. If users do not want cookies to be stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offering.
8.5. You may object to the usage of cookies that serve audience measurement and promotional purposes through a deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and, in addition, the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
9. Google Analytics
9.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 let. f. of the GDPR), we use Google Analytics, a web analysis service provided by Google Inc. („Google”). Google uses cookies. The information generated by a cookie about the use of the online offering by the users is usually transmitted to a Google server in the USA and stored there.
9.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offering and the internet usage. In this case, from the processed data pseudonymous usage profiles of the users can be created.
▪ We use Google Analytics to display the advertisements displayed within Google's advertising services and its affiliates, but only to those users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in particular topics or products that are determined by the websites visited) that we provide to Google (so-called „Remarketing-” or „Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to make sure that our advertisements are in line with the potential interest of users and are not perceived to be annoying.
9.4. We only use Google Analytics with activated IP anonymisation. This means that the IP addresses of the users will be shortened by Google within member states of the European Union or in other Contracting States of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the USA and shortened there.
9.5. The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can block the storage of cookies by setting their browser software accordingly; users may also block the collection of data generated by the cookie and related to its use of the online offering as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
9.6. Further information information about data usage by Google, setting and appeal possibilities you will find on Google websites: https://www.google.com/intl/en/policies/privacy/partners („Usage of data by Google during your usage of websites or apps of our partners”), http://www.google.com/policies/technologies/ads („Data usage for advertising purposes”), http://www.google.com/settings/ads („Managing information used by Google to show you advertisements”).
10. Google Re/Marketing Services
10.1. Based on our legitimate interests (such as interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 para. 1 let. f. of the GDPR), we use the marketing and remarketing services (in short „Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google”).
10.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. Google Marketing Services allow us to better target advertisements for and on our website so that we present the users only ads that potentially match their interests. For example, if a user sees advertisements for products he/she has been interested in on other websites, this is called „remarketing”. For these purposes, when visiting our and other websites with activated Google Marketing Services function, a Google code is implemented and so-called (Re)marketing tags (invisible graphics or codes, also known as „web beacons”) are integrated into the website. With their help, a small file with an individual cookie is saved on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be integrated by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file is noted which web pages the user visited, in what content he is interested and what offers he has clicked, as well as technical information about the browser and operating system, referring web pages, time of visit and other information on the use of the online offering. The IP address of the users is also recorded, whereby in the context of Google Analytics we announce that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases completely transferred to a Google server in the USA and shortened there. The IP address will not be merged with data of the user within other offers from Google. The aforementioned information may also be linked by Google with such information from other sources. Subsequently, if the user visits other websites, they can be displayed according to his interests with advertisements tailored to his/her specific needs.
10.4. The data of the users in the context of the Google marketing services are processed pseudonymously. This means that Google does not store and process e.g. the name or e-mail address of the users, but processes the relevant cookie-related data within pseudonymous user profiles. In other words, Google does not manage and display advertisements for a specifically identified person, but for the cookie owner, regardless of who the cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google's servers in the USA.
▪ Among the Google marketing services we use is i.a. the online advertising program „Google AdWords”. In the case of Google AdWords, each AdWords client receives a different „conversion cookie”. Cookies cannot be tracked through AdWords advertisers' websites. The information collected through the cookie is used to generate conversion statistics for AdWords clients who have decided for conversion tracking. The AdWords clients will see the total number of users who clicked on their advertisement and were redirected to a conversion tracking tag page. But they do not receive information that allow for the personal identification of users.
10.5. More information about data usage by Google for marketing purposes you will find on the overview page: https://www.google.com/policies/technologies/ads, Google Privacy Policy is available under https://www.google.com/policies/privacy
10.6. If you wish to opt-out to interest-related advertising through Google Marketing Services, you can use Google's setting and opt-out options: http://www.google.com/ads/preferences.
11. Integration of Services and Contents of Third Parties
11.1. Within our online offering we use content or service offers provided by third parties based on our legitimate interests (such as interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 let. f. of the GDPR) to integrate e.g. videos and fonts in their content and services (hereinafter uniformly referred to as the „content”). This always assumes that the third-party providers of this content use the IP addresses of the users, since they do not provide the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. The third-party providers may also use so-called pixel tags (invisible graphics, also referred to as „web beacons”) for statistical or marketing purposes. The „pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include i.a. technical information about the browser and operating system, referring web sites, time of visit and information from other sources regarding the use of our online offering.
11.2. The following presentation provides an overview of third-party providers as well as their contents and links to their privacy policies, which contain further information on the processing of data and, partially already mentioned here, contain opt-out possibilities (so-called opt-out):
▪ External fonts from Google, Inc., https://www.google.com/fonts („Google Fonts”). The integration of Google fonts is done by a server call on Google (usually in the USA). Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
▪ Maps provided by „Google Maps” of the third-party service provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out:
▪ https://www.google.com/settings/ads/. Videos provided by „YouTube” platform of the third-party provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
▪ Our online offering includes features of the Google+ service. These features are provided by the third-party provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. If you're logged in to your Google+ account, you can link the contents of our pages to your Google+ profile by clicking the Google+ button. This allows Google to associate your visit to our pages with your user account. We would like to point out that we as the provider of the pages have not sufficient knowledge of the content of the transmitted data and their usage by Google+. Privacy Policy:
▪ https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/. We use functions of XING network. The provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you visit one of our sites that includes Xing functions, it connects to Xing servers. To the best of our knowledge, the storage of personal data is not carried out. In particular, no IP addresses are retained or the usage behaviour is not evaluated. Privacy Policy: https://www.xing.com/app/share?op=data_protection. External code of the JavaScript framework „jQuery” is provided by the third-party provider jQuery Foundation, https://jquery.org.
12. Rights of Users
12.1. Users shall have the right, upon request, to receive information free of charge about their personal data that we have retained.
12.2. In addition, the users shall have the right to correct inaccurate data, restrict the processing and delete their personal data, where appropriate, assert their rights to data portability and, in the event of unlawful processing, file a complaint to the competent Supervisory Authority.
12.3. Similarly, users can revoke consent, generally with future implications.
13. Deletion of Data
13.1. The data retained by us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory retention requirements. If the users' data are not deleted because they are required for other and legally permitted purposes, their processing will be restricted. This means the data is blocked and not processed for other purposes. This applies, for example for data of users which must be kept for commercial or tax reasons.
13.2. According to legal requirements, the retention takes place for 6 years in accordance with § 257 para. 1 of the HGB (German Commercial Code – trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 of the AO (Regulation of Taxation – books, records, management reports, accounting records, trade and business letters, tax documents, etc.).
14. Right of Objection
Users may object to the future processing of their personal data in accordance with legal requirements at all times. The objection may in particular be made against processing for direct marketing purposes.
15. Amendments to Privacy Policy
15.1. We reserve the right to change the Privacy Policy in order to adapt it to changed legal situations, or in case of changes in the service and data processing. However, this only applies with regard to declarations of data processing. If the users' consent is required or parts of the Privacy Policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
15.2. Users will be asked to update themselves regularly about the content of the Privacy Policy.