Privacy policy

As of 16.11.2023

Based on the applicable legal provisions, Höchsmann GmbH attaches great importance to the security of information, in particular with regard to personal data. In the following, we inform you about data processing in accordance with the EU Data Protection Regulation (DSGVO).

1. Domain of validity

This data protection declaration applies to Höchsmann GmbH and its Internet sites, offers, services, marketing measures, business relationships, application processes and all other services in which personal data is processed.

All these areas are described as services. Customers and suppliers are both referred to as business partners.

2. Responsible party

When using our services, we process personal data only to the extent necessary to provide functions or services.

The party responsible for the processing of your personal data in accordance with Art. 4 no. 7 DSGVO is

Höchsmann GmbH
Schwabacher Straße 4
01665 Klipphausen

Data protection officer:

Mrs Cornelia Kaluza
Schwabacher Straße 4
01665 Klipphausen

Tel: +49 35204 651-61
Fax: +49 35204 651-90
E-Mail: datenschutz@hoechsmann.com

As a data subject, you can contact us or our data protection officer at any time with any questions or suggestions regarding data protection.

3. General information regarding data processing

Data categorisation

In order to render all information clearly, different data records will be consolidated into general groups as follows:

  • Personal master data: Title, salutation/gender, first name, last name, date of birth, language, personal identification and passport information
  • Address data: Street, house number, if applicable, address additions, post code, city, country
  • Contact data: Phone number(s), fax number(s), e-mail address(es)
  • Login data: Points in time and technical information about logins
  • Order data: Products requested and offered, Products ordered, Prices, Payment and delivery information, Car registration numbers
  • Payment data: Account data, credit card data, data concerning other payment services
  • Newsletter usage profile data: Opening of the newsletter (date and time), content, selected links, as well as the following information of the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
  • Access data: Name and URL of the file accessed, date and time of access, data volume transferred, notification of successful access (HTTP response code), pages accessed, browser version, operating system, referrer URL (website previously visited), IP address and corresponding provider

a) Provision of personal data

For the use of our services or the establishment, implementation and termination of a business relationship, we process various personal data depending on the process. You will be informed about this in the collection process and required fields are marked as mandatory, for example. In the case of this required data, failure to provide it will result in us not being able to provide our services in full.

b) Consents

Insofar as you have given us your consent to process personal data for specific purposes as described below, the lawfulness of this processing is based on your consent. Consent given can be revoked at any time.

c) Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union (EU) or the European Economic Area (EEA), the transfer takes place exclusively in compliance with the legally regulated admissibility requirements, i.e. if an adequacy decision pursuant to Article 45 of the GDPR or appropriate safeguards pursuant to Article 46 of the GDPR exist. One of these adequacy decisions is the European Commission's Implementing Decision (EU) 2016/1250 of 12 July 2016 on the so-called EU-US Privacy Shield for the USA. For transfers to companies that are certified under the EU-US Privacy Shield, the level of data protection is generally considered adequate within the meaning of Article 45 of the GDPR. Furthermore, there are adequacy decisions for certain countries such as Switzerland, Canada and Israel. Alternatively or additionally, the conclusion of the EU standard data protection clauses issued by the European Commission with the receiving entity creates appropriate safeguards pursuant to Art. 46 (2) c) of the GDPR as well as an adequate level of data protection. Copies of the EU standard data protection clauses are available on the website of the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de.

d) Hosting

Data processing is partly carried out by external hosting service providers on behalf of Höchsmann GmbH. It may happen with all the functionalities mentioned below that personal data is transferred to hosting service providers for the complete fulfilment of our services.

This ensures that we are able to provide our services in a secure manner in accordance with Art. 6 para. 1 p. 1 f) DSGVO in connection with Art. 28 DSGVO.

The service providers process data either exclusively in the EU/EEA or an adequate level of protection is guaranteed in consideration of the conditions governing admissibility specified under c.

e) Transfer to state authorities

In connection with the use of our services, it is possible in exceptional cases that we are obligated in accordance with Art. 6 para. 1 c) DSGVO to forward personal data to state authorities.

This may also occur if, in accordance with Art. 6 para. 1 f) DSGVO, it is necessary in order to assert, exercise or defend legal claims.

f) Deletion routines and blocking of personal data

As soon as the purpose of storage is no longer at hand and no legitimising circumstances apply, the personal data will be routinely blocked or deleted in accordance with legal provisions.

g) Legal basis of processing

According to Art. 6 para. 1 lit. b DSGVO, personal data may be processed for the performance of a contract. This is the case, for example, when goods are delivered or the data is required to provide a service. Pre-contractual services are included here, such as customer enquiries about our products.

Processing in accordance with Art. 6 para. 1 lit. c DSGVO is possible if there is another legal obligation to do so as is the case e.g. when saving personal data for tax reasons.

Art. 6 para. 1 lit. d DSGVO permits the processing of personal data in order to protect the vital interests of the applicable persons or another natural person.

Art. 6 para. 1 lit. f DSGVO allows processing if this is necessary due to the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject are not overridden. Such an interest can be affirmed, for example, in the case of an existing customer relationship. In these cases, our interest in the processing activity is to carry out our business activities for the benefit of our company, our employees and our shareholders.

It follows from the aforementioned regulations that the storage of personal data may, for example, be required by law or is necessary because a contract cannot otherwise be executed. Data subjects can contact us in individual cases and we will explain the reasons for which the respective personal data is stored or otherwise processed by us.

4. Accessing our website

When accessing our website and using our services, access data is automatically processed in accordance with Art. 6 para. 1 f) DSGVO by us and the provider we commission, also if you are not logged on. This protects business processes and prevents abuse of our systems.

In particular, we point out that the transmission of access data to external content providers is unavoidable due to the technical functioning of information transmission on the Internet. The third-party providers are themselves responsible for the data protection-compliant operation of the IT systems they use. The decision on the storage period of the data is the responsibility of the service providers.

5. Contact

We offer a variety of communication possibilities for establishing contact such as contact fields on the website, availability via post or phone as well as further communication platforms. If a data subject contacts us directly or using one of the aforementioned media, the data of the data subject that is transferred is processed in accordance with Art. 6 para. 1 b for the purpose of processing.

6. Inquiry, conclusion, execution or end of a contract

For the enquiry, conclusion of a contract, execution or termination of a contract, we process personal master data, address data, contact data, order data as well as payment data for the purpose of identification, contacting, conclusion of a contract, order processing, processing of payment transactions and the provision of our services pursuant to Art. 6 para. 1 b), c) DSGVO.

The provision of further data may be helpful in order to process your order, but it is not absolutely necessary.

Depending on the process, data is forwarded to third parties and other companies in some cases:

  • a) Suppliers will receive information regarding the delivery address and, if applicable, further contact data in accordance with Art. 6 para. 1 b) DSGVO
  • b) Payment service providers receive the data required for processing the payment transaction in accordance with Art. 6 para. 1 b) DSGVO
  • c) Authorities and customs receive information for order processing in accordance with Art. 6 para. 1 c) DSGVO
  • d) Credit agencies receive personal master data and address data for assessing the credit rating in accordance with Art. 6 para. 1 f) DSGVO
  • e) In order to provide you with the greatest possible offering and range of services, we will forward your contact data, personal data and order data to other companies and partners. This serves solely to provide a suitable offer and services relating to your inquiry/order.

7. Credit assessment and scoring

If we provide advance performance, e.g. in the case of a purchase on account, we will retrieve, if applicable, a credit rating on the basis of mathematical-statistical methods in order to uphold our legitimate interests. For this, we transfer the personal data required for a credit assessment to credit agencies. Your legitimate interests are considered in accordance with legal provisions.

8. Postal shipping and shipping of goods

In order to handle some transactions and measures, address data that is required for delivery is passed on to shipping providers in accordance with Art. 6 para. 1 b) DSGVO.

9. Creation of a user account

If you decide in favour of the user account on one of our platforms, we collect and process account data, address data, personal master data and contact data in accordance with Art. 6 para. 1 b) DSGVO.

10. Newsletter and marketing offers

Consent to the different newsletters is optional and can be revoked at any time.

Interesting and targeted advertising is important to us, which is why our newsletters and marketing offers are analysed with Google Analytics.

Important new developments in the industry and the Höchsmann company can also be sent using other methods. For this reason, the required address data can be passed on to the shipping provider for delivery. If you do not want this to happen, you can object to this at any time.

11. Applications via post or in the online process

During the application process, we collect and process personal master data, address data, contact data as well as the documents and images provided by you. This serves solely to conduct the application process (identification of the applicant, getting in contact as well as assessing the application). Storage of data serves to avoid mock or multiple applications in accordance with Art. 6 para., 1f) DSGVO. Another legitimate interest in this sense is, for example, a burden of proof in a procedure in accordance with the General Equal Treatment Act (AGG).

12. Cookies

We use cookies on our website. These are text files that are stored on a computer system via an internet browser. Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting. Cookies are used on numerous Internet pages. They often contain a so-called cookie ID, a unique identifier. Internet pages or servers can thus distinguish the individual browser of the user concerned from other browsers that contain other user-specific cookies.

Cookies can be used to optimise the information and offers on our website for the benefit of our users. Cookies enable us to recognise the users of our site. The purpose of recognition is to make it easier for users to use our site.

The persons concerned can prevent the setting of a cookie by our website at any time by means of the corresponding setting in the browser used. Almost all browsers provide this function. In addition, cookies that have already been set can be subsequently deleted from the system of the data subject. If a user deactivates the acceptance of cookies by the browser, it may not be possible to use all functions of our website to their full extent.

Cookie settings

13. Youtube

Our website contains plugins from Youtube so that videos can be published in a quick, simple and uncomplicated manner. If you access a page from our services, which contains such a plugin, your browser will establish a direct connection to the servers of the respective provider. The content of the plugin is transferred by the provider directly to your browser and embedded in the page. Through this embedding, the provider receives the information that your browser has accessed the corresponding page, even if you do not have a profile with this provider or are not currently logged in there. This information (including your IP address) is transferred by your browser directly to a server of the provider (generally to the USA) where it is stored. If you have logged in with the provider, he can attribute the visit to our website directly to your profile. If you interact with the plugins, for example by clicking a button or submitting a comment, this information is also transferred directly to a server of the provider and saved there. The respective provider can, under certain circumstances, publish this information on your profile or display your contact.

If you do not want the providers to attribute the data collected via our website directly to your profile in the respective social network, you must log out of the corresponding network before you visit our website.

Youtube:

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
https://policies.google.com/privacy

In addition, we use "YouTube API services". We would like to point out that by using this service you expressly agree to its terms of use. You can find them here https://www.youtube.com/t/terms
The operator is YouTube LLC (a subsidiary of Google LLC) with its registered office at 901 Cherry Ave, San Bruno, CA 94066, USA.

For the purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google's data protection information https://policies.google.com/privacy

14. Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are saved on your computer and which permit the analysis of the use of the website by you. The information generated by the cookie concerning your use of this website is generally transferred to a server of Google in the USA and saved there. If IP anonymisation is activated on this website, your IP address is, however, shortened before by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be transferred to a server of Google in the USA and shortened there. As commissioned by the operator of this website, Google will use this information to analyse your use of the website in order to compile reports on website activities and provide further services associated with the use of the website and the use of the internet vis-à-vis the website operator. The IP address transferred by your browser in connection with Google Analytics is not combined with other Google data. You can prevent the storage of the cookies with a corresponding setting of your browser software; however, we wish to point out that you may not be able to use all functions of this website in their entirety in this case. You can also prevent the allocation of the data generated by the cookie and attributed to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading the browser plug available under the following link http://tools.google.com/dlpage/gaoptout?hl=de and install or alternatively, create a so-called opt-out cookie by clicking the following link.

Deactivate Google Analytics. This website uses Google Analytics with the addition “_anonymizeIp()”. As a result, IP addresses are processed in shortened form to prevent any possibility of them being attributed directly to a person.

We use Google Analytics to analyse the use of our website and improve it regularly. The acquired statistics allow us to improve our offer and make it more interesting for you as a user. For exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US privacy shield. The legal basis for using Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.

You can find more information about data processing by Google in Google’s privacy statement: http://www.google.de/intl/de/policies/privacy.

15. Google Ads Conversion Tracking

In order to track the traffic on our websites, we use Google Ads Conversion Tracking. On the basis of 'legitimate interest', we use this procedure to analyse and optimise marketing measures and for the economic operation of our online offer. The corresponding legal basis is provided by Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). If you consent to the use of these cookies, the consent according to Art. 6 para. 1 lit. a DSGVO is the legal basis for the processing of personal data collected by Google Ads Conversion Tracking. Please note that your data may also be processed by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)..

YFor more information on the data protection of Google Ads, please click on the following link: https://policies.google.com/privacy?hl=en

16. Google Maps

We use the Google Maps API of Google LLC., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to visually display geographic information, in particular to locate our customers.

17. Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.

The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.

For more information on Google reCAPTCHA and Google's privacy policy, please see the following links:  https://www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.

18. Google Tag Manager

This website uses Google Tag Manager. Service provider: Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043.

The Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer With the Tag Manager itself (which implements the tags), for example, no user profiles are created or cookies stored. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager.

For more information on Google Tag Manager, please refer to Google's privacy policy at https://policies.google.com/privacy. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

19. Rights of the data subject

Every data subject has the right of access as per Article 15 DSGVO, the right to rectification in accordance with Article 16 DSGVO, the right to erasure in accordance with Article 17 DSGVO, the right to the restriction of processing in accordance with Article 18 DSGVO, the right to object on the basis of Article 21 DSGVO as well as the right to data portability on the basis of Article 20 DSGVO. With the right of access and right to erasure, the restrictions in accordance with sec. 34 and 35 BDSG (German Federal Data Protection Act) apply. Furthermore, there is a right to object before a competent data protection supervisory authority (Article 77 DSGVO in connection with sec. 19 BDSG). You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

20. Data protection information according to EU data protection basic regulation

In addition to this website-specific data protection information, the data protection information in accordance with the EU General Data Protection Regulation also applies--> Information duties

Information Obligations according to Article 13/14 General Data Protection Regulation (GDPR)

Responsible organisation

Höchsmann GmbH, Stefan Höchsmann, Schwabacher Strasse 4, 01665 Klipphausen
Telephone: +49 35204 651-0, Fax: +49 35204 651-40, Email: info@hoechsmann.com

Data Protection Commissioner

Mrs. Cornelia Kaluza
Telephone: +49 35204 651-0, Email: datenschutz@hoechsmann.com

1. Purpose, legal basis and necessity of the collection and processing of personal data

By virtue of your consent as laid out in Article 6 Paragraph 1a of the GDPR for specific purposes (such as email service for search agents).

For the fulfillment of pre-contractual and contractual obligations and services in accordance with Article 6 Paragraph 1b of the GDPR. Failure to provide information results in our inability to provide our services.

Due to legal requirements as stated in Article 6 Paragraph 1c of the GDPR.

To safeguard our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1f of the GDPR (eg. for marketing measures), provided there are no objections.

2. Data transmission to third parties or to a third country

Third parties, such as partners for service, finance, post, IT, logistics or other service providers, as well as business and trading partners, may receive data for specific purposes if this is necessary for consultation, conclusion, execution or termination of a contract with you or third parties in a contractual relationship.

Data transmission to countries outside the EU or the EEA may only take place if required for the provision of our services or delivery of our products or if required by law.

If service providers from a so-called third country are involved, they are obliged to comply with the data protection standards in Europe.

3. Duration of data storage

Personal information will be stored for at least the length of time necessary for us to fulfil our contractual and legal obligations.

In addition, personal data will be stored, for example, in order to maintain or restore the business relationship until the completion of the business. Erasure takes place at the request of the person concerned.

4. Your rights

You have the right of access according to Article 15 of the GDPR, the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right of objection (Article 21 GDPR) and the right to data portability (Article 20 GDPR). With regard to the right of access and the right to erase, the restrictions under §§ 34 and 35 BDSG apply.

You can object at any time to your given consent for data processing, with future effect. Furthermore, you have the right to lodge a complaint to a competent supervisory authority.

5. Automated decision-making according to Article 22 Paragraph 1,4 GDPR

Does not apply.

6. Data source publicly available

We make use of websites and other public sources for research purposes e.g. address searches or alterations.