Privacy notice
1. General
At Harro Höfliger Verpackungsmaschinen GmbH, we take the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in compliance with the relevant applicable legal data protection requirements for the purposes listed below. Personal data within the meaning of this Privacy Notice is any information relating to you.
In the following, you will learn how we handle this data. For reasons of clarity, we have divided our Privacy Notice into different sections.
2. Data controller and contact details for the data protection officer
The controller responsible for processing your personal data is:
Harro Höfliger Verpackungsmaschinen GmbH
Helmholtzstr. 4
71573 Allmersbach im Tal
Germany
If you have any questions on data protection or would like to make a comment (for instance, regarding accessing or updating your personal data), you may also contact our data protection officer.
Syngenity GmbH
Datenschutzbeauftragter
Ahornstraße 7
85296 Rohrbach
E-Mail: dataprivacy@hoefliger.de
3. Source of data collection
We process personal data collected directly from you.
Where required for the provision of our services, we will process personal data legitimately obtained from other organizations or other third parties (such as credit bureaus, mailing list brokers). We also process personal data which we have legitimately taken, received, or acquired from publicly accessible sources (such as telephone directories, commercial registers, registers of association, population registers, debtors lists, real estate registers, the press, the Internet, and other media) and which we are allowed to process.
4. Purposes with a legal basis
We process personal data in compliance with the provisions of the General Data Protection Regulation
(GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and other applicable data protection regulations (see details below). The answer to the questions of what specific data is processed and how it is used will largely depend on the services requested or agreed. Please consult the relevant contract documents, forms, a declaration of consent, and/or any other information provided to you (e.g., when you use our website or in our general terms and conditions) for further details or additional information on the purposes of data processing.
Purposes relating to the performance of a contract or to steps taken prior to entering into a contract (Article 6 (1) (b) GDPR)
Personal data is processed in order to perform our contracts with you and execute your orders, or to take steps and actions in the context of pre-contractual relationships, e.g., with prospective clients. This primarily includes the following: contract related communication with you, relevant billing and associated payment transactions, the ability to provide evidence of orders and other agreements, and quality control through the relevant documentation, goodwill procedures, measures to manage and optimize business processes and to comply with our general duties of care, management and control through affiliated companies; statistical analyses of corporate management, cost recording and controlling, reporting, internal and external
communication, emergency management, billing and tax evaluation of operational services, risk management, assertion of legal claims and defense in case of legal disputes; ensuring IT security (including system or plausibility tests) and general security, ensuring compliance with and exercising house rules (e.g., through access controls); safeguarding the integrity, authenticity, and availability of data, preventing and solving criminal offenses, and control through supervisory boards and other control bodies (e.g., internal auditing).
Purposes in the context of our legitimate interests or those of third parties (Article 6 (1) (f) GDPR)
We may process your data for other purposes than those relating to the actual performance of the contract or to steps taken prior to entering into a contract if such processing is necessary in order to safeguard our legitimate interests or those of third parties, in particular for the purposes of
- advertising or market research or opinion polling, to the extent that you have not objected to the use of your data;
- reviewing and optimizing our methods of requirements analysis;
- further developing our services and products, and our existing systems and processes;
- enriching our data, including by using or researching data that is publicly accessible;
- statistical analyses or market analysis; benchmarking;
- asserting legal claims and conducting the defense in case of a legal dispute which is not directly linked to the contractual relationship;
- storing restricted data, where its erasure is impossible or would involve a disproportionate effort due to the special nature of its storage;
- developing scoring systems or automated decision-making processes;preventing and solving criminal offenses, where this is not done exclusively to comply with legal requirements;
- ensuring building and system security (e.g., through access controls), where this goes beyond the general duties of care;
- internal and external inspections and security audits;
- the potential listening in to or recording of telephone conversations for quality control and training purposes;
- acquiring and maintaining official certifications or certifications under private law;
- ensuring compliance with and exercising house rules by taking appropriate steps (such as CCTV) and securing evidence where a criminal offense has been committed and the prevention thereof.
Purposes for which you have given your consent (Article 6 (1) (a) GDPR)
Your personal data may also be processed where you have given your consent to the processing for specific purposes (e.g., using your email address for marketing). You are generally entitled to withdraw your consent at any time. This also applies to the withdrawal of declarations of consent that you made to us before the application of the GDPR, i.e., before May 25, 2018. Information on the purposes of the processing and on the consequences of withdrawing or refusing your consent is provided separately in the relevant text of the consent form. A general rule is that the withdrawal of consent applies only to the future. Processing that took place before the withdrawal will not be affected and will remain lawful.
Purposes of compliance with legal requirements (Article 6 (1) (c) GDPR) or performance of a task carried out in the public interest (Article 6 (1) (e) GDPR)
As any person or entity involved in economic activities, we, too, are subject to a range of legal obligations. These are primarily legal requirements (e.g., commercial and fiscal laws), but may also be of a supervisory or other official nature. The purposes of data processing may also include the fulfillment of inspection and notification obligations and the archiving of data for data protection and data security purposes, as well as audits carried out by fiscal and other authorities. In addition, the disclosure of personal data may become necessary in the context of measures taken by authorities or courts in order to gather evidence or enforce civil law claims or for criminal prosecution.
Scope of your duties to provide data to us
You only have to provide us with data that is required to enter into and implement a business relationship with us or to establish a pre-contractual relationship with us or data that we are required by law to collect. Without this data, we will usually not be able to sign or perform a contract with you. This may also refer to data required later on in the course of the business relationship. If we are asking you for any data beyond this scope, we will indicate this to be information provided on a voluntary basis.
5. Source and categories of data not collected directly from you
Where required for the provision of our services, we will process personal data legitimately obtained from other organizations or other third parties. We also process personal data which we have legitimately taken, received, or acquired from publicly accessible sources (such as telephone directories, commercial registers, registers of association, population registers, debtors lists, real estate registers, the press, the Internet, and other media) and which we are allowed to process. Relevant personal data categories may be the following:
- data relating to your person (name, date of birth, place of birth, nationality, marital status, profession/sector, and similar data)
- contact data (address, email address, telephone number, and similar data)
- payment confirmation/confirmation of cover for bank and credit card history of customers
- data on your use of the telecommunications media we offer (e.g., time of access to our websites, apps, or newsletter, our web pages/links or entries you clicked on, and similar data)
- video/image recordings
6. Recipients or categories of recipients of your data
Within our company, only those internal offices or organizational units will receive your data which require such data to enable us to comply with our contractual and legal duties or which require such data in order to deal with and implement our legitimate interest.
Your data will be transferred to external bodies only
- in connection with executing the contract;
- for purposes of fulfilling legal obligations which require us to notify, report, or transfer data, or where the transfer of the data is in the public interest (see point 2.4);
- to the extent that external service providers process data on our behalf, acting as a processor or as an assignee of a function/functions (e.g. ; data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data validation or data plausibility tests, data destruction, purchase/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks and financial institutions, printers or data disposal companies, couriers, logistics);
- on the basis of our legitimate interest or the legitimate interest of the third party in the context of the purposes listed above (e.g., transfer to public authorities, credit bureaus, debt collection agencies, lawyers, courts, consultants, subsidiaries, or committees and supervisory/monitoring bodies);
- where you have given your consent to the transfer of the data to third parties.
We will not transfer your data to any third parties other than in the cases set out above. If we contract service providers to process data on our behalf, your data will be subject to the same security standards as if it was processed by us. In all other cases, the recipients of the data may not use it for any other purposes than those for which the data was transferred to them.
7. Period for which your data is stored
We process and store your data for the duration of our business relationship with you. That includes the period during which steps are taken to enter into a contract (pre-contractual legal relationship) as well as the execution of a contract.
Moreover, we are subject to various duties of retention and documentation, some of which arise from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The periods of retention or documentation specified thereunder are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
There may also be special legal provisions that require us to store the data for longer, such as the need to retain evidence within the scope of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), the standard limitation period is three years; however, limitation periods of up to 30 years may be applicable in some cases.
If the data is no longer needed for the purposes of fulfilling contractual or legal obligations and rights, it will be erased on a regular basis unless the processing has to be continued – for a limited period – for the purposes arising from an overriding legitimate interest. Such an overriding legitimate interest exists also, for instance, where erasing the data is impossible or would involve a disproportionate effort and where appropriate technical and organizational measures ensure that the data cannot be processed for other purposes.
8. Your rights
Under certain circumstances, you may exercise your data protection rights against us.
- Under Article 15 GDPR you have the right to access any data that we hold about you (potentially with the restrictions set out in Section 34 BDSG).
- If you request data that we hold about you to be rectified, we will do so as per Article 16 GDPR, if that data is wrong or inaccurate.
- If you request your data to be erased on the grounds set out in Article 17 GDPR, we will do so unless such erasure is precluded by other legal regulations (e.g., legal retention periods or the restrictions set out in Section 35 BDSG) or by an overriding interest on our part (e.g., the defense of our rights and claims).
- Taking account of the conditions set out in Article 18 GDPR, you may request us to restrict the processing of your data.
- Pursuant to Article 21 GDPR you may also object to the processing of your data, whereupon we must stop processing your data. However, this right to object only applies in very specific circumstances relating to your personal situation, and our own rights may potentially preclude your right to object.
- Where the conditions set out in Article 20 GDPR are met, you also have the right to receive your data, or transfer it to a third party, in a structured, commonly used, and machine-readable format.
- You also have the right to withdraw consent given to us for the processing of your personal data at any time with future effect (see point 2.3).
- In addition, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). We recommend however that you always contact our data protection officer first if you have a complaint.
- Your requests for exercising your rights should, where possible, be made in writing or via email to the address stated above or should be addressed directly to our data protection officer in writing or via email.
Special notice regarding your right to object under Article 21 GDPR
You have the right to object to the processing of your data at any time, where it is carried out on the basis of Article 6 (1) (f) GDPR (data processing on the basis of a balancing of interests) or Article 6 (1) (e) GDPR (data processing in the public interest), if you have reasons to do so that arise from your particular situation.
This applies also to profiling as defined in Article 4 (4) GDPR based on this provision. If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing is carried out for the establishment, exercise or defense of legal claims.
We may also process your personal data for the purposes of direct marketing. If you do not wish your personal data to be used for marketing, you have the right to object to it at any time; this applies also to profiling to the extent that it is related to such direct marketing. We will respect such objection in the future. We will no longer use your data for direct marketing purposes if you object to the processing for such purposes.
There are no particular requirements as to the format of the objection, but it should be addressed, if possible, to
Harro Höfliger Verpackungsmaschinen GmbH, Helmholtzstr. 4, 71573 Allmersbach im Tal, Germany
Harro Höfliger thanks you for your visit to our website and the interest you have shown in our company and products. The protection of your personal data is very important for us. Harro Höfliger Verpackungsmaschinen GmbH (hereafter referred to as “Harro Höfliger GmbH”, “we”, or “us”) values the safety of users’ data, as well as compliance with legal provisions related to data protection.
Harro Höfliger GmbH websites may contain links to the websites of other providers not covered by this Privacy Statement. The data that operators of these sites may collect is beyond our knowledge and ability to influence. You can obtain information from the privacy notice of the respective site.
In the following document, we will inform you in detail about how we handle your data.
Collection and processing of personal data
In principle, it is possible to use our website without providing any personal data. To the extent that you wish to make use of certain services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and no legal basis exists for such processing, we generally obtain consent from the data subject.
Anonymous data collection (server log files)
You can visit our site without actively giving information about your person. However, we do store access data every time the website is accessed (server log files), which include the name of your Internet service provider, the operating system used, the website from which you visit us and the duration of your visit or the name of the file requested. For security reasons (e.g. recognizing attacks on our websites), we also store the IP address of the computer used for a period of 60 days. These data are assessed exclusively for the improvement of our service and do not permit any inferences about your person. These data are not combined with other data sources. The legal basis for data processing is Article 6(1) GDPR. We process and use the data for the following purposes: 1. Providing the Harro Höfliger GmbH website, 2. Improving our website and 3. Preventing and detecting errors/malfunctions, as well as misuse of the website. This kind of data processing is undertaken either in fulfillment of the agreement regarding the use of the Harro Höfliger GmbH website, or because we are pursuing a legitimate interest in the functionality and error-free operation of the Harro Höfliger GmbH website, as well as customizing this website to user requirements.
Use of cookie tracking
In order to display our website in an attractive manner and facilitate the use of certain functions, we use cookies on our website. This is a standard Internet technology for storing and accessing login and other usage information for all visitors to the Harro Höfliger GmbH website. Cookies are small text files that are stored on your end device. They make it possible, among other things, for us to store user settings so that our website can be displayed in a customized manner on your device. Some of the cookies we use are erased after the browser session ends – that is, after you close your browser (session cookies). Other cookies remain on your device and allow us or our partner companies to recognize your browser on your next visit (persistent cookies).
You can configure your browser so that you are informed about the setting of cookies and decide on an individual basis whether to accept them, or bar the acceptance of cookies for certain cases or in general. Furthermore, cookies can be erased afterwards in order to remove data that websites have stored on your computer. You can easily find instructions on how to do this online. Deactivating cookies can lead to some limitations in the functionality of the Harro Höfliger GmbH websites.
Use of Google Analytics
This website uses features of the Google Analytics web analytics service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”, which are text files that are saved on your computer and enable the analysis of your use of the website. The information generated by the cookies about your use of this website (including your IP address) is transmitted to Google’s server in the USA and saved there. Google will use this information to evaluate your use of the website, compile reports about website activity for website operators and provide additional services associated with website usage and Internet usage. Google may also transfer this information to third parties, provided this is required by law or if third parties process this data on behalf of Google.
Preventing the storage of cookies
You can prevent cookies from being stored by selecting the corresponding setting in your browser software. However, we advise against this because then you may not be able to fully utilize all of the functions of this website. By using this website, you agree to Google processing the data collected about you in the manner and for the purposes set out above.
Objecting to data collection
If you do not want Google to receive data from your browser when you visit the pages, you'll find the link to the opt-out solution for Google Analytics here: http://tools.google.com/dlpage/gaoptout?hl=en.This plug-in prevents the browser from requesting the Analytics code, so Google will not receive any data when the page is viewed. The plug-in is only available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera. According to Google, the browser blocks the Google Analytics script after installation. For more information about Terms of Use and Privacy, please visit http://www.google.com/analytics/terms/en.html or http://www.google.com/intl/de/analytics/privacyoverview.html.
Retention period
We've used the Google Analytics data retention controls to determine how long data is stored at the user and event levels before they are automatically deleted from the Analytics servers. For this we have chosen the following storage period: 14 months.
IP anonymization
Please note that on this website Google Analytics has been extended by the code "gat.anonymizeIp" in order to ensure the anonymized collection of IP addresses (so-called IP-Masking). As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States.
Demographics with Google Analytics
This website uses the “Demographics” feature of Google Analytics. This allows the preparation of reports that contain statements on the age, sex and interests of visitors to the page. These data come from interest-based advertisements from Google as well as visitor data from third-party providers. These data cannot be assigned to any person in particular. You can deactivate this feature at any time using the display settings in your Google account, or forbid the collection of your data by Google Analytics on a general basis, as shown in the “Objecting to data collection” section.
Use of etracker
Our website uses the etracker analysis service. The provider is etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany. Web analysis is the collection, compilation and evaluation of data about the behavior of website users. Among other things, a web analysis service collects data on the websites from which a data subject has come to the website (referrers), which subpages are accessed, or how often and for how long a subpage is viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of web advertising.
A usage profile can be created from the data using a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are locally stored in your browser's cache. Cookies allow your browser to be recognized. The data collected using etracker technology are not used to identify visitors to our website personally, and are not combined with personal data about the bearer of the pseudonym without separate permission from the data subject.
You can object to the collection and storage of data at any time, which will take effect for the future. To object to the future collection and storage of your visitor data, you can obtain an opt-out cookie from etracker using the following link. This ensures that no visitor data will be collected and stored from your browser by etracker in the future. www.etracker.de/privacy. This sets a cookie from etracker with the name “cntcookie”. Please do not delete this cookie as long as you wish to maintain your objection. You can find further information in the etracker privacy provisions: https://www.etracker.com/en/data-privacy/
Order data processing
We have a contract with Google for the order processing of data, and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Our offers on social media platforms (Social Media Links)
On various social media platforms, we make offers (for example fan pages) available online that provide information about Harro Höfliger Verpackungsmaschinen GmbH and give us the opportunity to get in touch with you. We point out that we have no influence on the processing of your personal data on these platforms and only the respective operator of the platform has full knowledge of the content of the transmitted data and their use.
As a rule, cookies are stored in your browser when you visit the respective platform.
You may be affected by this data collection even if you are not registered on the respective platform. It is beyond our knowledge whether the data reaches outside the European Economic Area.
The processing of personal data on the platforms by us is based on Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in being able to portray Harro Höfliger Verpackungsmaschinen GmbH in a variety of ways to the outside world and to use the possibility of communication with our customers as effectively as possible.
In addition, consent to data processing pursuant to Art. 6 para. 1 lit. a DSGVO legal basis if you have given them to the platform operator.
You will receive detailed information about the data processing of the platform operators regarding the respective objection possibilities, the rights of access as well as specific information about the respective platforms via the following data protection instructions of the respective operators.
Use of Facebook
Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Privacy Statement: www.facebook.com/about/privacy/
Opt-Out: www.facebook.com/settings
The features of the Facebook service are integrated into our website. If you visit our website, the link creates a direct connection between your browser and the Facebook server. Facebook then receives the information that you have visited our website using your IP address. If you click on the Facebook “Like Button” while logged in to your Facebook account, the content of our website may be linked to your Facebook profile. Facebook can thus associate your visit to our website with your user account. Please note that, as the provider of the website, we do not receive any knowledge of the content of the transferred data or the use of this data by Facebook.
Specific information on Facebook fan pages: When visiting our Facebook fan page, Facebook processes your personal data (Facebook Insights). These data are transmitted to us by Facebook in the context of Facebook Insights anonymized. This anonymous data is statistical information about our fan page subscribers.
In addition, we receive from Facebook profile data from you, if you interact with us or our site, for example, like or comment on posts or write us via Facebook or follow our page.
If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.
Facebook Pixel, Custom Audiences and Facebook Conversion
As part of our online offerings, we use the Facebook pixel based on our legitimate interest in analysis, optimization and the economic operation of our online offerings. The Facebook pixel belongs to the Facebook social network, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park CA 94025, USA, or, if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereafter “Facebook”).
By using the Facebook pixel, it is possible for Facebook to identify visitors to our online offerings as a target group for displaying advertisements (“Facebook Ads”). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to Facebook users who have shown interest in our online offerings or certain features (e.g. interest in certain subjects or products as determined by the websites visited), which we submit to Facebook (“custom audiences”). Thanks to the Facebook pixel, we would also like to ensure that our Facebook ads match users’ potential interests, and are not annoying. We use the Facebook pixel to further understand the effectiveness of Facebook advertisements for statistical and market development purposes, as we see whether users were transferred to our website after clicking on a Facebook ad (“conversion”).
The processing of data by Facebook is carried out in accordance with Facebook's Data Use Policy. Accordingly, general information on the displaying of Facebook ads is available from Facebook's Data Use Policy: www.facebook.com/policy.php. You can find special information and details on the Facebook pixel and its functioning in Facebook’s help section: www.facebook.com/business/help/651294705016616.
You can object to the collection of your data by the Facebook pixel and its use to display Facebook ads. To configure the kinds of advertisements that are shown to you on Facebook, you can access the Facebook site set up and follow the instructions on configuring user-specific advertisements: www.facebook.com/settings. The settings are platform-neutral, meaning that they will be adopted by all devices, including desktop computers and mobile devices.
You can further object to the use of cookies used to measure reach and advertising objectives through the opt-out site of the Network Advertising Initiative (http://optout.networkadvertising.org/), as well as the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Use of LinkedIn
Provider: LinkedIn Corporation., 2029 Stierlin Court, Mountain View, CA 94043, USA.
Privacy Statement: www.linkedin.com/legal/privacy-policy
Opt-Out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Our website uses features of the LinkedIn network. Every time one of our pages containing LinkedIn features are accessed, a connection is established to the LinkedIn servers. LinkedIn is thereby informed that you have visited our website using your IP address. If you click the LinkedIn “Recommend” button while logged in to your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. Please note that, as the provider of the website, we do not receive any knowledge of the content of the transferred data or the use of this data by LinkedIn.
LinkedIn Specific Information: When you visit our LinkedIn Corporate Site, LinkedIn processes your personal information. This information is transmitted to us through LinkedIn as part of LinkedIn Analytics. These anonymized data are statistical data of our followers.
In addition, LinkedIn will tell us your profile name when you interact with us or our site, for example, like or comment on amounts, or follow our pages.
Use of YouTube
Operator: YouTube LLC, 901 Cherry Ave., San Bruno CA 94066, USA.
Privacy Statement: policies.google.com/privacy
Opt-Out: adssettings.google.com/authenticated
Our website uses features of the Google-operated site, YouTube. When you use one of our sites with YouTube features, a connection is established to the YouTube servers. This tells YouTube which of our pages you visited.
If you are logged into your YouTube account, you allow YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Specific Information about Youtube Accounts or Channels: When you visit our Youtube site, Youtube processes your personal information. These data are transmitted to us through Youtube as part of the Youtube STUDIO use anonymized. This anonymized data is statistical information about our channel subscribers.
In addition, we'll let Youtube know your Google+ profile username when interacting with us or our site, like liking or commenting on videos or subscribing to our channel.
Contact form/Queries
On our site, you can to send us queries using a contact form. In this form, your information from the contact form (the content of your query) is stored by us, along with the contact information you provide on the form (name, company, telephone, email and state) for the purpose of processing your query and for follow-up questions. We do not disclose these data without your consent. The legal basis for the collection and processing of data is Article 6(1) lit. f) GDPR.
The information you enter in the contact form is retained by us until you ask us to erase it, revoke your consent to its storage or if the purpose of the data storage is no longer applicable (e.g. after the processing of your query has been completed). Mandatory legal provisions – in particular, retention periods – are not affected.
Email contact
When you send us queries or information by email, your information (email address, content of your email, subject and date of your email) are stored by us, including the contact data given (first name, last name; where appropriate, telephone number and address) for the purpose of processing the query and for follow-up questions. We do not disclose these data without your consent. The legal basis for the collection and processing of data is Article 6(1) GDPR.
The user is advised that emails can be read or changed without authorization and without being noticed during transfer. Harro Höfliger GmbH uses software that filters undesirable email messages (spam filter). Email messages can be rejected by a spam filter if they are falsely identified as spam due to certain characteristics.
The information you enter is retained by us until you ask us to erase it, revoke your consent to its storage or if the purpose of the data storage is no longer applicable (e.g. after the processing of your query has been completed). Mandatory legal provisions – in particular, retention periods – are not affected.
Subscription to our "Up to Date"
On our website, you can subscribe to our company's "Up to Date". We use the "Up to Date" to inform our clients and business partners about our company's offerings on a regular basis. To do this, we require a valid email address from you, as well as information that allows us to check that you are the owner of the email address entered and have agreed to receive the "Up to Date". Other information is not collected, or is only collected on a voluntary basis. For legal reasons, a confirmation email is sent to the email address entered for a data subject the first time it is entered, as part of a double opt-in procedure. We use these data exclusively to send the "Up to Date" and do not disclose them to third parties. The legal basis for the collection and processing of data is Article 6(1) GDPR.
During the "Up to Date" registration, we also store the IP address provided by the Internet service provider (ISP) of the computer used by the data subject at the time of registration, as well as the date and time of registration. Collecting these data is necessary as part of our safeguards to trace the (possible) misuse of a data subject's email address at a later point.
You can revoke your consent to the storage of the data and email address, as well as the use of this information to send the "Up to Date", at any time, for example, by clicking the “unsubscribe” link in every "Up to Date". Alternatively, you are welcome to send your unsubscribe request by email at any time to info@hoefliger.com. The legality of the data-processing operations is unaffected by the revocation.
We store the data you have deposited with us for the purposes of subscribing to the "Up to Date" until your removal, and erase them after you have unsubscribed from the "Up to Date".
Customer Magazine
Our customer magazine is published under the following link: https://www.harro-magazine.com
The website uses Matomo, a cookie-based open-source web analytics software platform, to analyze the usage behavior of visitors to our website. The information collected by the cookie (browser type and browser version, operating system, your country of origin, date and time of server request, number of visits, your time spent on the website, as well as any external links that you have activated) is saved to our server. This information is used for the purpose of optimizing our website, in which we have a legitimate interest within the meaning of Art. 6 (1) (f) of the General Data Protection Regulation (GDPR).
This data is not passed on to any third party. It is standard practice to shorten or anonymize the IP address before saving. By anonymizing the IP address, it is impossible to identify the user. You may object to the anonymized data collection by Matomo by deselecting the checkbox. However, we wish to point out that in this case you would then only have restricted use of the website as not all functions will be available in full.
Your visit to this website is currently being analyzed by Matomo. For Opt-Out please follow this link:
https://www.harro-magazine.com/en/imprint-data-privacy-protection/#matomo
Deleting your cookies will also delete the Matomo Opt-Out cookie. The opt out must be reactivated when returning to our website.
Supplier Collaboration Portal
The Supplier Collaboration Portal is a tool we use to manage our business relationships with suppliers. The Supplier Collaboration Portal manages any collaboration with potential or existing suppliers, for example information provided by the supplier, order processing, transport management, etc.
Having a legitimate interest in the efficiency of our business operations and the secure running of our supplier portal, we process the personal data provided by business contacts or by contacts of potential and existing suppliers. Personal data is processed for the execution of pre-contractual measures and for the execution of contracts with potential and existing suppliers.
The following types of personal data are processed when visiting or using the supplier portal:
- Access and rights management (e.g. user ID, user authorizations, login history)
- Contact data (e.g. name, email, company)
- Organization data (e.g. supplier’s managing director, contact person for logistics)
- Communication data (e.g. email for new request, email for offer status)
- Document data (e.g. contact for supplier on invoice document)
- Meta/transaction data (e.g. offer confirmed on/by, order processed on/by)
- Meta/communication data (device information, IP addresses).
Further data protection information with regard to the processing of personal data from contact partners of potential and existing suppliers, such as the length of time for which the data is saved, can be found here: https://www.hoefliger.com/datenschutz-information
Career area/Online application
On our website, you can use the career area and/or send applications by email. The personal data (basic information, contact information, attachments such as cover letters, resumes, references, etc.) from candidates are collected and processed for the purposes of carrying out the application procedure. The processing can also be performed electronically. This occurs, in particular, when a candidate sends the pertinent application documents, for instance, by email or via a web form on the site to the controller. If the controller concludes an employment contract with a candidate, the data transmitted for the purpose of entering into the employment relationship are stored in accordance with legal provisions. If the controller does not conclude an employment contract with the candidate, the application documents are automatically erased six months after notification of the decision to reject, as long as no other legitimate interests on the part of the controller prevent this. In such a case, other legitimate interests, would include the burden of proof in a process under the General Act on Equal Treatment (AGG). The legal basis for the collection and processing of data is Article 6(1) GDPR.
Web fonts
For the uniform presentation of fonts, this site uses web fonts that have been prepared by Fonts.com. When accessing a site, your browser loads the necessary web fonts in a cache in order to display the text and fonts correctly.
The browser you use must establish a connection to the Fonts.com servers for this purpose. This informs the provider that your IP address was used to access our website. Web fonts are used in the interest of displaying our online offerings in a consistent and attractive manner. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR.
If your browser does not support web fonts, a standard font will be used from your computer.
You can find more information about web fonts at www.fonts.com/info/about-us and in the Privacy Statement at: www.fonts.com/info/legal/privacy
Duration of retention
In principle, we store your data for as long as it is necessary for the delivery of our online offerings and the related services, or as long as provided by the European regulatory authorities or another legislative authority in laws or provisions to which the controller is subject. In all other cases, we erase personal data after their purpose has been fulfilled, with the exception of such data as we must continue to store to meet legal obligations (for example, we are obliged by retention periods under tax and commercial law to retain documents such as contracts and invoices for a certain period).
Disclosure to third parties
We disclose your data to certain third parties that provide external services for us (processors) for the purpose of being able to provide applications and services. These include newsletter services, IT providers, etc. Disclosure to other third parties may occur in order to fulfill our obligations (authorities, banks, social insurance agencies, etc.). Third parties process the data according to our instructions; furthermore, they are prohibited from using these data for their own commercial purposes that do not correspond to the agreed-upon purposes.
We must disclose personal data when we are obliged to do so in ongoing court proceedings, on the basis of a decree, or by law (Article 6(1)(f) GDPR).
We only disclose your personal data to third parties if
• you have communicated your explicit consent to this under Article 6(1)(a) GDPR,
• the disclosure is necessary under Article 6(1)(f) GDPR on assertion, exercise or defense of legal rights and there is no reason to believe that you have an overriding interest worthy of protection in the non-disclosure of your data,
• a legal obligation to disclose exists under Article 6(1)(c) GDPR, and
• this is permitted by law and required for the processing of contractual relationships with you in accordance with Article 6(1)(b) GDPR.
If the processing of your data takes place outside of Europe, e.g. in India, Brazil, China, Switzerland, Singapore or in the USA, this transfer occurs in compliance with all current data protection laws, and especially with Article 44(f) GDPR.
Technical security
Harro Höfliger GmbH employs technical and organizational security measures to protect your data administered by us against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously being improved in accordance with technological development.
This site uses SSL (secure socket layer) encryption with the highest level of encryption supported by your browser for the purpose of the security and protection of transfers of confidential content such as queries you send to us as a website operator. You can tell if an individual page on our website is being transmitted using encryption if the browser's address line changes from “http://” to “https://”, and the lock symbol is shown in the address bar.
When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Please note that the transfer of data over the Internet (e.g. by email) may be vulnerable to security breaches. It is not possible to completely protect data from being accessed by third parties.
Legal basis for processing
Article 6(1)(a) GDPR serves as a legal basis for our company's data processing operations, under which we obtain consent for a specific processing objective. If the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, as may be the case for data processing operations that are necessary for the delivery of goods or the provision of a particular service or contribution, the processing is based on Article 6(1)(b) GDPR. The same applies to data processing operations that are necessary to carry out pre-contractual measures, for example in the event of queries regarding out products or services. If our company is subject to a legal obligation that necessitates the processing of personal data, such as the fulfillment of tax obligations, then processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary in order to protect the vital interests of the data subject or another individual. This would be the case, for example, if a visitor to our business were to be injured and their name, age and health insurance data or other vital information has to be disclosed to a doctor, hospital or other third party. In that case, processing would be based on Article 6(1)(d) GDPR. Finally, data processing operations could be based on Article 6(1)(f) GDPR. Data processing operations that are not covered by any of the legal bases indicated above are supported by this legal basis if the processing is necessary to safeguard a legitimate interest of a company or a third party, as long as it does not override the interests and fundamental rights and freedoms of the data subject. If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is carrying out our business activities in the interest of the well-being of all of our employees and customers.
Legal or contractual provisions on the provision of personal data, necessity for the conclusion of the contract, obligation of the data subject to provide personal data, possible consequences of non-provision
You should be aware that the provision of personal data is sometimes legally required (e.g. tax provisions) or can come about as a result of contractual provisions (e.g. Information on the contractual partner). From time to time, it can be necessary for the conclusion of a contract for a data subject to make personal data available to us that subsequently have to be processed by us. The data subject may be obliged to provide us with personal data when our company concludes a contract with them. The consequence of not providing personal data is that the contract cannot be concluded with the data subject. Before the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will make the data subject aware, on a case-by-case basis, of whether the provision of personal data is legally or contractually required, or necessary for the conclusion of the contract, and whether there is an obligation to provide personal data, and what consequences the failure to provide personal data would have.
Notice for underage persons
This online offering is not aimed at children younger than 16. Persons who have not yet reached the age of 16 may not send any personal data to Harro Höfliger GmbH without the consent of their legal guardians.
Rights of the data subject
You have the right to information regarding the data stored by us, the duration of the data retention, the reason and legal basis for the storage and the origin and recipients of disclosures. Inaccurate data must be corrected, data that is unlawfully stored or no longer required must be erased. In addition, the data subject has the right of objection, a right to restriction of processing and the right to data portability.
This information will be prepared at your request. This information is free of charge.
You also have the right to file a complaint with a supervisory authority.
Revocation of consent to data processing
Certain data processing operations are only possible with your explicit consent. You can revoke consent at any point after granting it. An informal email notification to dataprivacy@hoefliger.de suffices for this purpose. The legality of the data-processing carried out until the revocation is unaffected by the revocation.