DATA PRIVACY POLICY

Data Privacy Policy

Version 08.06.2021

 

Introduction

Thank you for visiting our website. Andreas Hettich GmbH & Co. KG in Tuttlingen (hereinafter "Hettich", "we" or "us") puts great emphasis on the security of users' data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.

 

Responsible authority and data protection officer

Responsible authority:

Andreas Hettich GmbH & Co. KG, Föhrenstraße 12, 78532 Tuttlingen, Germany

Phone: +49 7461 705-0

E-Mail: info@hettichlab.com

 

External Data Protection Officer:

DDSK GmbH

Stefan Fischerkeller

Tel.: 07542 949 21 -0

E-Mail: anfragen@ddsk.de

 

Terms

The technical terms used in this data protection declaration are to be understood as legally defined in Article 4 GDPR.

 

Notes on data processing

Automated data processing (log files etc.)

Our site can be visited without the user actively providing personal information. However, we automatically store access data (server log files) each time the website is called up, such as the name of the Internet service provider, the operating system used, the website from which the user visited us, the date and duration of the visit or the name of the requested file, and for security reasons, for example, to detect attacks on our website, the IP address of the terminal device used for a period of three days. This data is evaluated exclusively to improve our offer and does not allow any conclusions to be drawn about the person of the user. This data is not merged with other data sources.

We process and use the data for the following purposes: provision of the website, improvement of our websites, prevention and detection of errors/malfunctions and misuse of the website.

Legal basis:
Consent, pursuant to Article 6 para. 1 lit. f) GDPR

Legitimate interests:
Ensuring the functionality, error-free and secure operation of the website as well as adapting this website to the requirements of the users.

 

Use of cookies (general, mode of operation, opt-out links, etc.)

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on our website. The use of cookies serves our legitimate interest in making the visit to our website as pleasant as possible and is based on Article 6 para. 1 lit. f) GDPR. Cookies are a standard internet technology for storing and retrieving login and other usage information for all website users. Cookies are small text files that are stored on the end device. They allow us to store, among other things, user preferences so that our website can be displayed in a format tailored to the user's device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the user's end device and enable us or our partner companies to recognise the browser on the next visit (so-called permanent cookies).

The browser can be set in such a way that the user is informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Furthermore, the cookies can be deleted afterwards in order to remove data that the website has stored on the user's computer. The deactivation of cookies (so-called opt-out) may lead to some restrictions in the functionality of our website.

Categories of data subjects:  
Website visitors, users of online services

Opt Out:
Internet Explorer: https://support.microsoft.com/de-de/help/17442  

Firefox:https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:https://support.google.com/chrome/answer/95647?hl=de

Safari https://support.apple.com/de-de/HT201265

Legal basis:                           
Consent, (Article 6 para. 1 lit. a) GDPR); Legitimate interests (Article 6 Abs. 1 lit. f) GDPR)

The relevant legal basis in each case is specifically named for the corresponding tool.

Legitimate interests:
Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, preservation of user status over the entire website, recognition for next website visitors, user-friendly online offer, ensuring chat function

 

Registration

We offer the possibility to create a user account on our online presence. We collect the necessary data from interested visitors during registration that we need to provide a user account and to provide the associated functions.

If visitors to our online presence decide to register, they will receive an e-mail that must be confirmed and which serves to prevent the misuse of false e-mail addresses.

To protect the use of the internal area, we collect IP addresses and the time of access in order to prevent misuse of a user account and unauthorised use. We do not pass this data on to third parties unless this is necessary to pursue our claims or we are legally obliged to do so.

 

Categories of affected subjects:        
registered users

Categories of data:                 
master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), login data (user name and password), possibly other content data (e.g. text entries, photographs, videos), meta and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interests, access times)

Purposes of processing:     
simplification of website function, contract fulfilment, customer retention

Legal basis:                
Consent (Art. 6 para. 1 lit. a) DSGVO)

 

Online marketing

In order to continuously increase our reach and the awareness of our online offer, we process personal data within the scope of online marketing, in particular with regard to potential interests and the measurement of the effectiveness of our marketing measures.

For the purpose of measuring the effectiveness of our marketing measures and identifying potential interests, relevant information is stored in cookies or similar procedures are used. The data stored in the cookies may include content viewed, online sites visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. The data is then modified in such a way that the actual identity of the user is known neither to us nor to the provider of the tool used. The data modified in this way is often stored in user profiles.

If user profiles are stored, the data can be read out, supplemented and added to on the server of the online marketing provider when visiting other online offers that use the same online marketing method.

We can determine the success of our advertisements on the basis of summarised data made available to us by the provider of the online marketing procedure (so-called conversion measurement). Within the scope of these conversion measurements, we can track whether a marketing measure has led to a purchase decision on the part of the visitor to our online offer. This evaluation serves to analyse the success of our online marketing.

Categories of data subjects:  
Website visitors, users of online services, interested parties, communication partners, business and contractual partners

Categories of data:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact data, content data (e.g. text details, photographs, videos)

Purposes of processing:
Marketing (partly also interest-based and behavioural), conversion measurement, targeting, click tracking, developing marketing strategies and increasing the efficiency of campaigns

Legal basis:
Consent (Article 6 para. 1 lit. a) GDPR); Legitimate interests (Article 6 Abs. 1 lit. f) GDPR)

Legitimate interests:
Optimisation and further development of the website, increase in profits, customer loyalty and customer acquisition

 

Google Analytics

Service used:               
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection: https://policies.google.com/privacy

Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal basis:
Consent (Article 6 para. 1 lit. a) GDPR)

Available guarantee      
https://policies.google.com/privacy/frameworks?hl=de

(Third country transfer)

 

LinkedIn

Service used:              
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Data protection:           
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Opt-out link:                 
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Legal basis:                 
Consent (Article 6 para. 1 lit. a) GDPR)

Available guarantee      
https://www.linkedin.com/help/linkedin/answer/62533

(Third-country transfer)

 

Plug-ins and integrated third-party content

We have integrated functions and contents into our online offer that are obtained from third-party providers. For example, videos, presentations, buttons or articles (hereinafter referred to as content) may be integrated.

In order to be able to display content to visitors to our online offer, the respective third-party provider processes, among other things, the IP address of the user so that the content can be transmitted to the browser and displayed. Without this processing, the display of third-party content is not possible.

In some cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on our online offer, technical information about the user's browser or operating system, the time of the visit or about referring websites. The data obtained in this way is stored in cookies on the user's end device.

In order to protect the personal data of visitors to our online offering, we have taken certain security precautions to prevent the automatic transmission of this data.

Categories of data subjects:  
Users of the plug-in or embedded third-party content

Categories of data:                 
Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. email address, telephone number), master data (e.g. name, address)

Purposes of processing:        
Designing our online offer, increasing the reach of advertisements in social media, sharing posts and content, interest and behaviour-based marketing, cross-device tracking

Legal basis:                           
Consent (Article 6 para. 1 lit. a) GDPR)

 

YouTube

Service used:              
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection:           
https://policies.google.com/privacy?hl=de&gl=de

Opt-out link:                 
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal basis:                 
Consent (Article 6 para. 1 lit. a) GDPR)

Available guarantee      
https://policies.google.com/privacy/frameworks?hl=de

(Third-country transfer)

 

Contacting

On our online offer, we provide the possibility to contact us directly or to obtain information via various contact options. In the event of contact being made, we process the data of the person making the enquiry to the extent necessary to answer or process the enquiry. Depending on how we are contacted, the data processed may vary.

Categories of data subjects:  
Inquiring persons

Categories of data:                 
Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing:        
Processing of enquiries

Legal basis:
Consent (Article 6 para. 1 lit. a) GDPR), fulfilment or initiation of a contract (Article 6 para. 1 lit. b) GDPR)

 

Data transmission

We transmit the personal data of visitors to our online offer for internal purposes (e.g. for internal administration or to the personnel department in order to comply with legal or contractual obligations). The internal transfer or disclosure of data only takes place to the extent necessary and in compliance with the relevant data protection regulations.

In order to execute contracts or to fulfil a legal obligation, it may be necessary for us to disclose personal data. If we are not provided with the data required in this respect, it may not be possible to conclude the contract with the data subject.

We transfer data to countries outside the EEA (so-called third countries). This takes place on the basis of the above-mentioned purposes. The transfer only takes place for the fulfilment of our contractual and legal obligations or on the basis of a previously granted consent of the data subject.

In the event that we transfer data to a country outside the EEA for processing purposes, we ensure that the processing is legally permissible in the manner we intend. In this case, we have concluded standard data protection clauses including a separate regulation of suitable technical and organisational measures in order to protect the data of data subjects in the best possible way. You will find a link to the guarantees used in the description of the provider used in each case, insofar as a third country transfer takes place.

 

Storage period

As a matter of principle, we store the data of visitors to our online offer for as long as is necessary for the provision of our service or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to comply with legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

 

Automated decision-making

We do not use automated decision-making or profiling pursuant to Article 22 GDPR.

 

Legal basis

The relevant legal basis is primarily derived from the GDPR. This is supplemented by national laws of the member states and are applicable together with or in addition to the GDPR where applicable.

Consent: 
Article 6 para. 1 lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Performance of a contract: 
Article 6 para. 1 lit. b) GDPR serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the request of the data subject.

Legal obligation:
Article 6 para. 1 lit. c) GDPR serves as the legal basis for processing which is necessary for compliance with a legal obligation.

Vital interests:
Article 6 para. 1 lit. d) of the GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest:
Article 6 para. 1 lit. e) of the GDPR serves as the legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest:
Article 6 para. 1 lit. f) GDPR serves as the legal basis for processing necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

 

Rights of data subjects

Right of access:
Pursuant to Article 15 of the GDPR, data subjects have the right to request confirmation as to whether we are processing data relating to them. They can request information about this data as well as the further information listed in Article 15 (1) GDPR and a copy of their data.

Right to rectification: 
Pursuant to Article 16 of the GDPR, data subjects have the right to request that data concerning them and processed by us be corrected or completed.

Right to erasure:
Data subjects have the right under Article 17 of the GDPR to request the immediate erasure of data concerning them. Alternatively, they may request that we restrict the processing of their data in accordance with Article 18 of the GDPR.

Right to data portability:
Pursuant to Article 20 GDPR, data subjects have the right to request that the data they have provided to us be made available to them and to request that it be transferred to another data controller.

Right to complain:
Data subjects also have the right to complain to the supervisory authority responsible for them in accordance with Article 77 GDPR.

Right to object: 
If personal data are processed on the basis of legitimate interests pursuant to Article 6 para. 1 sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Article 21 GDPR, insofar as there are grounds for doing so which arise from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which is implemented by us without specifying a particular situation.

 

Revocation

Some data processing operations are only possible with the express consent of the data subjects. You have the possibility to revoke an already given consent at any time. An informal message or e-mail to info@hettichlab.com is sufficient for this purpose. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

External links

Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

 

Changes

We reserve the right to adapt this data protection notice at any time in the event of changes to our online offer and in compliance with the applicable data protection regulations so that it meets the legal requirements.