Thank you for your interest in HÖRMANN Warnsysteme GmbH.
www.hoermann-ws.de is the joint website for the HÖRMANN Group. Under an arrangement on joint control (Art. 26 GDPR), HÖRMANN Holding GmbH & Co. KG complies with the data privacy obligations of the General Data Protection Regulation (GDPR) for this website. In this data privacy policy, the term “we” includes all affiliated companies of the HÖRMANN Group. However, HÖRMANN Holding GmbH & Co. KG complies with the data privacy obligations under the GDPR and hence is your point of contact at all times. Contact details can be found in section 2 below.
Data privacy is a particular priority for the HÖRMANN Group.
As a matter of principle, you can use the website without disclosing any personal data. If a data subject wishes to use our services via the website, this may necessitate the processing of personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we always obtain the consent of the data subject.
Personal data (e.g. the name, address, e-mail address or telephone number of a data subject) is always processed in accordance with the GDPR and the national data privacy provisions applicable to us, particularly the German Federal Data Protection Act (BDSG).
This data privacy policy is intended to inform the public about the nature, extent and purpose of the personal data collected, used and processed by us. This data privacy policy also informs data subjects about their rights.
As the processor, we have taken numerous technical and organisational measures to ensure that the personal data processed via the website is protected to the greatest possible extent.
As a matter of principle, however, data transmission via the Internet can be subject to security flaws. As such, complete protection cannot be guaranteed. Needless to say, all data subjects may transmit personal data to the company by alternative means, e.g. by telephone.
1. Definitions
This data privacy policy is based on the definition used by the European regulator in issuing the GDPR. The data privacy policy should be easy to read and easy to understand for all users. Accordingly, the data privacy policy begins by explaining the definitions used. Among other things, this data privacy policy uses the following definitions:
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘data subject’ means any identified or identifiable natural person whose personal data is processed by the controller.
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
- ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
-
2. Name and contact details of the controller
This privacy policy applies to data processing by the data controller:
HÖRMANN Warnsysteme GmbH, represented by the management: Matthias Müllner, and this in turn represented by info@hoermann-ws.de or T +49 8091 5630 300.
3. Contact details of the data protection officer
Herr Prof. Dr. Thorsten B. Behling
WTS Legal Rechtsanwaltsgesellschaft mbH
Sachsenring 83
50677 Köln
Deutschland
T: +49 221 348936245
thorsten.behling@wts-legal.de
https://wts.com/de-de
All data subjects may contact the data protection officer directly and at all times with any questions and suggestions concerning data protection.
4. Erasure and blocking of personal data
We process and store the personal data of the data subject only for the period required to achieve the purpose of storage or for the statutory storage period that the controller is obliged to observe under the applicable legislation.
If the purpose of storage no longer applies or a statutory storage period expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.
5. Collection and storage of personal data and type and purpose of its use
a) when visiting the website
As a matter of principle, you can use this website without disclosing your identity. When you access the website, the browser used on your device automatically sends information to the website server. This information is stored temporarily in a log file. The following information is recorded without any action on your part and until erased automatically:
- IP address of the accessing computer,
- date and time of the access,
- name and URL of the file retrieved,
- website from which the website was accessed (referrer URL),
- browser used and, where applicable, the operating system of your computer and the name of your access provider.
The company processes this data for the following purposes:
- to ensure the connection to the website is established smoothly,
- to ensure the website is convenient to use,
- to evaluate system security and stability, and
- for other administrative purposes.
The legal basis for data processing is Art. 6 (1) sentence 1 (f) GDPR. The legitimate interest of the company is based on the aforementioned data collection purposes. We never use the data collected to identify you. The data is erased after no more than 14 days.
We also use cookies and analytics services when you visit the website. Further details can be found in sections 9 and 11 of this data privacy policy.
b) when using the contact form or contacting us by e-mail
If you have any type of questions, we offer you the possibility of contacting the company using a contact form on the website or by e-mail. You must enter a valid e-mail address in order for us to know who sent the enquiry and be able to reply to it. All other disclosures are voluntary. It is up to you whether you submit this data using the contact form or by e-mail.
The data submitted is processed in order to handle your enquiry. The data is erased immediately after your enquiry has been handled unless it is subject to a statutory retention period.
The legal basis for data processing is Art. 6 (1) sentence 1 (b) GDPR if the enquiry is necessary for the performance of a contract or to take steps prior to entering into a contract, Art. 6 (1) sentence 1 (c) GDPR in the case of statutory retention periods, and otherwise legitimate interest in accordance with Art. 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in processing your enquiry in order to provide you with the best possible service even if it is not necessary for the performance of a contract or to take steps prior to entering into a contract.
The data is processed solely in order to reply to your enquiry and stored for the duration of the statutory retention period (6 years in accordance with section 257 (1) no. 2, (4) of the German Commercial Code (HGB)) if it constitutes commercial letters. The data is otherwise erased immediately after your enquiry is replied to.
6. Additional information on the legal basis of processing
Art. 6 (1) (a) GDPR serves as the legal basis for processing where consent is required to be obtained for a certain processing purpose. If processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis for processing is Art. 6 (1) (b) GDPR. The same applies for processing in order to take steps at the request of the data subject prior to entering into a contract, e.g. enquiries about products and services. If we are subject to a legal obligation to process personal data, the legal basis for processing is Art. 6 (1) (c) GDPR. In rare cases, processing of personal data may be necessary in order to protect the vital interests of the data subject or of another natural person. In this case, the legal basis for processing is Art. 6 (1) (d) GDPR. The legal basis for processing may also be Art. 6 (1) (f) GDPR if processing is not covered by one of the aforementioned legal bases but is necessary for the purposes of the legitimate interests perused by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In particular, such processing is permitted because it is specifically mentioned by the European legislator (see Recital 47 sentence 2 GDPR).
7. Consideration of legitimate interests
If the legal basis for processing personal data is Art. 6 (1) (f) GDPR, our legitimate interest is the performance and fulfilment of business activities to the benefit of our employees and shareholders.
8. Use of cookies
We use cookies on the website. Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone etc.) when you visit the company’s website. Cookies do not cause any damage to your device or contain any viruses, trojans or other malicious software.
Cookies are used to store information arising in connection with the specific device used. However, this does not mean that the company becomes directly aware of your identity as a result.
Cookies are used in order to make it easier for you use our website. For example, we use session cookies that recognise when you have already visited individual pages of the website. They are erased automatically when you leave the website.
We also use temporary cookies to optimise user-friendliness. These are stored on your device for a defined period. When you return to our website to use our services, the fact that you have previously visited the website, the data you entered and your settings are automatically recognised so that you do not have to enter them again.
We also use cookies to record statistics on the use of the website and to evaluate this data in order to optimise the website for you (see section 7). These cookies allow the website to automatically recognise the fact that you have previously visited it when you next return. These cookies are erased automatically after a defined period, and in any case after no more than six months. You can also erase the cookies in your browser before they are erased automatically. Please see your browser’s help function for details.
The data processed by cookies for the aforementioned purposes is necessary for the purposes of the legitimate interests pursued by us or a third party in accordance with Art. 6 (1) sentence 1 (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser to reject the storage of cookies or to always ask for permission before creating a new cookie. Please note that disabling cookies entirely may mean you are unable to use all of the functions of the website.
9. Analysis and tracking tools
The legal basis for the tracking tools listed below and used by us is Art. 6 (1) sentence 1 (f) GDPR. The company uses tracking tools to ensure the appropriate design and continuous optimisation of the website. The company also uses tracking tools to record statistics on the use of the website and evaluate this data in order to optimise the website for you. These interests are legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories are detailed in the corresponding tracking tools.
10. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are text files that are stored on your computer and that enable the analysis of your use of the website. The information generated by the cookie on your use of this website is typically transmitted to a Google server in the USA and stored there. Please note that Google Analytics has been extended on this website to include the “anonymizeIP” code in order to ensure that IP addresses are recorded anonymously (IP masking). This means that your IP address is abbreviated in Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area prior to being transmitted to the USA. The full IP address is transmitted to a Google server in the USA and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on the website activities and perform other services in connection with website use and Internet use for the website operator. The IP address transmitted by your browser for the purposes of Google Analytics is not combined with other Google data. You can configure your browser software to reject the storage of cookies; however, please note that this may mean you are unable to use all of the functions of this website in full. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being recorded and processed by Google by downloading and installing the browser plug-in that can be accessed at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
You can prevent data from being recorded by Google Analytics by clicking the following link. This will set an opt-out cookie that prevents your data from being collected when visiting this website in future: Deactivate Google Analytics
For more information on the conditions of use and data protection:
• http://www.google.com/analytics/terms/de.html
• https://www.google.com/intl/de/policies/privacy/partners/<7a>
• https://policies.google.com
IP addresses and other personal data are stored only for the minimum period specified by Google Analytics, which is 14 months.
11. Social media plug-ins
We use plug-ins for social networks (e.g. Facebook, Twitter, Google+) on the website on the basis of Art. 6 (1) sentence 1 (f) GDPR in order to increase awareness of the company via these channels. The underlying commercial purpose constitutes a legitimate interest within the meaning of the GDPR. Responsibility for operation in compliance with data privacy legislation must be ensured by the respective provider. The company integrates these plug-ins using the two-click method in order to protect visitors to the website to the best possible extent.
a) YouTube
This website uses YouTube videos in the data privacy-friendly two-click variant, i.e. personal data is processed only when you enable the plug-in by clicking on it. YouTube plug-ins are plug-ins provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
When you enable the plug-ins, information is transmitted to YouTube LLC and may be transmitted to Google Inc. in the USA. This enables YouTube and Google to see that you have visited our website. If you are logged in to your YouTube and/or Google account when you enable the plug-ins, YouTube and/or Google may be able to identify you directly.
Please note that, as the operator of this website, we have no information about the data transmitted to YouTube and Google, the purposes of data collection or the use of this data by Facebook. You can find more information on the data collected in Google’s data privacy policy, which can be accessed at https://policies.google.com/privacy?hl=de.
We cannot provide any information on the storage period, as this falls solely within the area of influence and responsibility of YouTube or Google respectively.
b) Google Maps
This website has integrated a map from Google Maps in order to show you our locations. If you access our website with the Google Maps map, this establishes a connection to Google’s servers and may transmit personal data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged in to your Google account, Google may be able to identify you directly. If you wish to avoid this, log out of your Google account.
Google’s data privacy policy can be found here: https://policies.google.com/privacy?hl=de.
12. Job applications
If you submit a job application to us via our careers page or by e-mail, your personal data will be processed for the purposes of handling your application. The legal basis is section 26 BDSG (data processing for employment-related purposes) and Art. 6 (1) sentence 1 (f) GDPR (legitimate interest). In the case of rejection, your data will be erased six months after your application is rejected. We have a legitimate interest in retaining your data for a period of six months even after rejecting your application in order to defend ourselves against claims under the German General Equal Treatment Act (AGG).
13. Rights of the data subject
You have the right:
- to obtain information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request the rectification or erasure of personal data or restriction of processing or to object to such processing, the existence of the right to lodge a complaint, the source of your personal data where not collected by us, and the existence of automated decision-making, including profiling, and meaningful information about their details where applicable,
- to obtain without undue delay the rectification of inaccurate personal data or the completion of personal data stored by us in accordance with Art. 16 GDPR,
- the right to obtain the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims,
- the right to obtain the restriction of processing of your personal data in accordance with Art. 18 GDPR where the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of the personal data, we no longer need the data but it is required by you for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR,
- to receive the personal data you provided to us in a structured, commonly used and machine-readable format or to demand that this data be transmitted to another controller in accordance with Art. 20 GDPR,
- to withdraw the consent you previously gave to us at any time in accordance with Art. 7 (3) GDPR. This means we will no longer be permitted to process the data covered by this consent in future, and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You may typically lodge a complaint with the responsible supervisory authority for your habitual residence or place or work or the domicile of one of our companies. An overview of the supervisory authorities can be found here (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_link…); the supervisory authority that is typically responsible for HÖRMANN Holding GmbH & Co. KG is the
Bavarian State Office for Data Protection Supervision
Promenade 27 (Schloss)
91522 Ansbach
Germany
T +49 98153 1300
F + 49 98153 5300
poststelle@lda.bayern.de
http://www.lda.bayern.de
14. Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR on grounds relating to your particular situation or where the objection relates to direct marketing. In the latter case, you have a general right to object that we will implement without this requiring grounds relating to your particular situation.
If you wish to exercise your right to withdraw consent or your right to object, simply send an e-mail to:
datenschutz@hoermann-gruppe.com
15. Data security
We use the widely used Secure Socket Layer (SSL) method in conjunction with the highest level of encryption supported by your browser when you visit our website. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, the company instead uses 128-bit v3 technology. Whether an individual page of our website is transmitted in encrypted form is indicated by whether the key or lock symbol in the status bar at the bottom of your browser window is closed.
We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorised access by third parties. These security measures are continuously improved in line with the state of the art.
16. Validity of and amendments to this data privacy policy
This data privacy policy is currently valid and was most recently amended in January 2020.
It may be necessary to amend this data privacy policy in response to the further development of our website and the services provided on it or due to changes in statutory and/or regulatory requirements.