Effective as of: 22.01.2019
Data protection has a particularly high priority for the management of Hauer GmbH. In principle, it is possible to use the website of Hauer GmbH without providing any personal data. However, if a data subject wishes to use our company’s special services via our website, it may be necessary to process their personal data. As a rule, if the processing of personal data is required and there is no legal basis for this, we seek to obtain the consent of the data subject.
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter: the data subject). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by association with an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Data processing
Data processing is any operation performed in connection with personal data, with or without the aid of automated procedures. This includes the collection, recording, organising, structuring, storage, adaptation or alteration, retrieval, querying, use, disclosure by transmission, dissemination or other form of provision, cross-checking or linking, restriction, deletion or destruction of personal data.
d) Restriction of processing
Restriction of processing refers to the marking of stored personal data, with the aim of restricting its future processing.
Profiling includes any form of automated processing of personal data, consisting of the use of personal data to evaluate certain personal aspects relating to a natural person – in particular, to analyse or predict aspects concerning this natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or changes of location.
Pseudonymisation refers to the processing of personal data in such a way that it can no longer be associated with a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organisational measures which ensure that the personal data will not be associated with an identified or identifiable natural person.
g) Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural person or legal entity, authority, agency, or other body, which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by EU law or the law of EU Member States, the controller and/or the specific criteria for their designation may also be provided for by EU law or the law of EU Member States.
The processor is a natural person or legal entity, authority, agency, or other body, which processes personal data on behalf of the controller.
The recipient is a natural person or legal entity, authority, agency or other body, to which personal data is disclosed, regardless of whether this is a third party or not. However, authorities which may receive personal data in the context of a particular remit in accordance with EU law or the law of EU Member States are not regarded as recipients.
j) Third parties
Third parties are natural persons or legal entities, authorities, agencies or other bodies other than the data subject, controller, processor or people who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any freely granted, informed and unambiguous indication of the wishes of the data subject, for a specific circumstance, in the form of a statement or another clear affirmative action, which signifies the data subject’s agreement to the processing of their personal data.
The General Data Protection Regulation (GDPR) protects the personal data of natural persons. The data of legal entities is not subject to this protection. Personal data is individual information about personal or factual circumstances that can be associated with you personally (for example, your name in combination with your telephone number or email address). Information that cannot be directly associated with your identity (such as items shown to you on a webpage) is not covered.
Your data is protected
Personal data refers to information about your identity. This includes, for example, information such as your name, address, telephone number and email address. It is not necessary for you to disclose your personal data in order to use our website and our webshop. In certain instances, however, such as when ordering items, we need your name and email address, as well as other information, to enable us to provide the services or deliveries you require.
The same applies, for example, to the dispatch of informational material/catalogues or to answering individual questions. If this data is required, we will notify you accordingly.
If you make use of our services, we will only collect the data we need to provide the respective service. This data is only processed to provide the requested services. If we ask you for additional data, this is considered to be voluntary information. Your personal data will not be disclosed to third parties without your required consent.
Non-personal data that is automatically collected
When using our website, the following data is stored for organisational and technical purposes: the names of the pages accessed, the browser and operating system used, the date and time of access, the search engines used, the names of downloaded files and your IP address.
We evaluate this technical data in an anonymised manner and only for statistical purposes, in order to be able to continuously optimise our website and make our Internet offering even more attractive. This anonymised data is stored separately from personal information, on secure systems, and does not allow any conclusions to be made about an individual person. Your personal data and privacy are protected at all times.
YouTube elements are also integrated into this Internet site. YouTube is an Internet video portal that enables video providers to post videos for free and visitors to view, comment on and rate these videos, also free of charge.
This video portal is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Every time a visitor accesses an individual website that incorporates a YouTube video, their Internet browser automatically downloads a version of the corresponding YouTube components (video or video preview) from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google obtain information about which specific subpage of our website the data subject has visited.
If the data subject is simultaneously logged into YouTube, YouTube recognises which specific subpage of our website the data subject is visiting when accessing a subpage containing a YouTube video. YouTube and Google gather this information and assign it to the data subject’s YouTube account.
The YouTube components always notify YouTube and Google that the data subject has visited our website, if they are simultaneously logged into YouTube at the time they access our website; this happens regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want such information to be disclosed to YouTube and Google, they can prevent this disclosure by logging out of their YouTube account before accessing our website.
Our website uses the analysis service, Google Analytics, a web analysis service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter abbreviated to: Google). Google Analytics uses “cookies”; text files that are stored on your computer and allow the analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in Ireland, where it is stored. As IP anonymisation has been enabled on this website, however, your IP address is first truncated by Google within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in Ireland, where it is then truncated. Google will use this information on behalf of the operator of this website, in order to evaluate your use of the website, compile reports about website activity and provide the website operator with other services related to website activity and Internet usage. The IP address transmitted by your browser in connection with Google Analytics will not be combined with other Google data. You can prevent the storage of cookies by adjusting your browser software settings accordingly; we would point out, however, that in this case you may not be able to fully use all the features of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to this browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data on this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.
Google’s Security and Privacy Policies are available at https://policies.google.com/privacy?hl=en.
Facebook Pixel, Custom Audiences and Facebook conversion
Within our website, we use Facebook Pixel provided by the social network, Facebook, on the basis of our legitimate interests in accordance with Article 6 (1f) of the GDPR. Facebook is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside of the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook is certified within the Privacy Shield framework and therefore guarantees to comply with European data protection legislation, which can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. Facebook Pixel allows Facebook to specify visitors to our website as the target audience for the display of adverts and Facebook ads. We use Facebook Pixel to only display our adverts (Facebook ads) to those Facebook users who are also interested in our website or specific features, such as an interest in certain topics or products based on the visited websites (Custom Audiences); we then transmit this data to Facebook. With the help of Facebook Pixel, we ensure that our adverts (Facebook ads) correspond with the user’s interests and that they are not unduly disturbed. Facebook Pixel also helps us to understand the effectiveness of our Facebook ads for statistical and market research purposes, by seeing whether users were redirected to our website after clicking on a Facebook ad (conversion).
Facebook processes the data within the framework of Facebook’s Data Usage Policy. More information about the data processing and instructions for viewing Facebook ads is available at https://www.facebook.com/policy. Information about Facebook Pixel and how it works can be found at https://www.facebook.com/business/help/651294705016616.
You can object to the collection of your data by Facebook Pixel and its use to display Facebook ads. To set your ad preferences within Facebook, simply go to the dedicated Facebook page and follow the instructions for usage-based advert settings: https://www.facebook.com/settings?tab=ads. The settings can be adjusted regardless of the platform.
Functions of the provider Google Maps are integrated into our website, in order to present geographic information in a graphical format.
If you submit an enquiry via our contact form, the information you have provided on the contact form, including your contact details, will be stored for the purpose of processing your enquiry and in the event of follow-up questions.
Privacy during recruitment and the application process
If a candidate submits their application documents via email, we electronically collect and process their personal data as part of the application process. If we conclude an employment contract with the candidate following the application process, the data transmitted is stored for the purpose of the employment relationship in accordance with the statutory provisions. If we do not conclude an employment contract with the candidate, we will delete their application documents two months after informing them of their rejection, provided this deletion is not contrary to any other legitimate interest for our company, such as evidence in proceedings in accordance with the General Equality of Treatment Act (AGG).
Persons under the age of 18 should not submit any personal data to us without the consent of their parents or legal guardians. We do not solicit personal data from children and young people, do not collect such data and do not disclose it to third parties.
We have implemented technical and organisational security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All of our employees and all third parties involved in data processing are obligated to comply with the Federal Data Protection Act for the confidential handling of personal data.
In the case of the collection and processing of personal data, the information is transmitted in encrypted form in order to prevent misuse of the data by third parties. Our security measures are constantly revised in line with technological developments.
Legal bases for data processing
Article 6 (1a) of the GDPR serves our company as the legal basis for data processing operations in instances where we have obtained consent for a particular processing purpose. If the processing of personal data is necessary to fulfil a contract to which the data subject is a party, as is the case, for example, where data processing is necessary in order to supply goods or provide any other service or consideration, this processing will be based on Article 6 (1b) of the GDPR. The same applies to data processing needed to carry out pre-contractual measures, such as in cases of enquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, this processing will be based on Article 6 (1c) of the GDPR. In rare cases, the processing of personal data may be required in order to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises was injured and their name, age, health insurance number or other vital information would need to be disclosed to a doctor, hospital, or other third party. In such an instance, this processing would be based on Article 6 (1d) of the GDPR. Lastly, data processing operations could be based on Article 6 (1f) of the GDPR. This clause provides the legal basis for data processing operations that are not covered by any of the above-mentioned legal bases, if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that these do not outweigh the interests, fundamental rights and fundamental freedoms of the data subject. We are particularly permitted to implement such data processing operations because they have been specifically mentioned by the EU legislator. In this regard, it is considered that a legitimate interest may be assumed if the data subject is a customer of the controller (Recital 47, Clause 2 of the GDPR).
Legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data has its legal basis in Article 6 (1f) of the GDPR, our legitimate interest lies in conducting our business for the benefit of all our employees and our shareholders.
Duration of personal data storage
The storage of personal data is subject to legally prescribed retention periods. Upon expiry of a retention period, the corresponding data will be deleted, unless it is needed for the purpose of fulfilling or initiating a contract. This includes legal or contractual requirements for providing personal data, the necessity for concluding a contract, obligations of the data subject to provide personal data, and the possible consequences of failing to do so.
Please be aware that the provision of personal data is sometimes required by law (such as tax regulations), or may also result from contractual clauses (such as information about the contracting party). In order to conclude a contract, it may be necessary for a data subject to provide us with personal data which we will subsequently need to process. For example, the data subject must provide us with personal information when our company enters into a contract with them. Failure to provide personal data would mean that the contract could not be concluded with the data subject. Prior to any personal data being provided by the data subject, the data subject will need to contact one of our employees. Our employee will inform the data subject, based on their individual circumstances, whether the provision of personal data is legally or contractually required, or is needed in order to conclude a contract, whether there is an obligation to provide personal data and the consequences of failing to provide personal data.
Existence of automated decision-making
No profiling or automated decision-making is used on our website.
Right to information, erasure and blocking as well as withdrawal of consent
At any time, you have the right, at no cost to you, to obtain information about your stored personal data, its origin and recipients of the data, as well as the purpose of the data processing and the right to correct, block or erase this data. In this regard and for further questions on the subject of personal data, you can contact us at any time at the address indicated in the imprint. In addition, you can withdraw your consent to the collection and storage of your personal data at any time. In all instances, please contact the following:
An der Raumfabrik 31A
Tel: +49 (0)721 94 795 0
Fax: +49 (0)721 94 795 55
Or send an email to:
You can contact our Data Protection Officer at Team Datenschutz (a brand of EUWIS GmbH)
Mr Alexander Gehring
c/o evival Technologies GmbH & Co. KG