Based on applicable legal provisions, Höchsmann GmbH places the greatest emphasis on the security of information, particularly personal data. Below, we will inform you regarding data processing in accordance with EU Data Protection Regulation (DSGVO).
1. Domain of validity
This privacy statement applies to Höchsmann GmbH and its websites, offers, services, marketing activities, business relationships, application processes as well as all other services in which personal data is processed.
All these areas are described as services. Customers and suppliers are both referred to as business partners.
2. Responsible party
In connection with the use of our services, we only process personal data to the extent necessary in order to provide the functions or services.
The party responsible for the processing of your personal data in accordance with Art. 4 no. 7 DSGVO is
Schwabacher Straße 4
Data protection officer:
Ms Cornelia Kaluza
Schwabacher Straße 4
Tel: +49 35204 651-61
Fax: +49 35204 651-90
As the data subject, you can contact us or our data protection officers at any time with any questions and suggestions regarding data protection.
3. General information regarding data processing
In order to render all information clearly, different data records will be consolidated into general groups as follows:
- Personal master data: Title, salutation/gender, first name, last name, date of birth, language, personal identification and passport information
- Address data: Street, house number, if applicable, address additions, post code, city, country
- Contact data: Phone number(s), fax number(s), e-mail address(es)
- Login data: Points in time and technical information about logins
- Order data: Products requested and offered, products ordered, prices, payment and delivery information, number plates
- Payment data: Account data, credit card data, data concerning other payment services
- Newsletter usage profile data: Opening of the newsletter (date and time), content, selected links, as well as the following information of the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
- Access data: Name and URL of the file accessed, date and time of access, data volume transferred, notification of successful access (HTTP response code), pages accessed, browser version, operating system, referrer URL (website previously visited), IP address and corresponding provider
a) Provision of personal data
For the use of our services or initiation, conducting and ending of a business relationship, we process different personal data depending on the process. You are informed in this regard during the collection process and required fields are, for example, marked as a mandatory field. Failure to provide this required data results in us not being able to provide our services in their entirety.
To the extent you have granted us your consent to process personal data for certain purposes on the basis of the processing methods described below, your consent confirms the lawfulness of the processing. Consent that is granted can be revoked at any time.
c) Transfer of personal data to third countries
If we transfer data to third countries, that is, countries outside of the European Union (EU) or the European Economic Area (EEA), then the transfer will only occur in compliance with the conditions governing admissibility provided for by law, that is, if an adequacy decision in accordance with Art. 45 DSGVO or suitable guarantees in accordance with Art. 46 DSGVO are in place. One such adequacy decision is the implementation decision (EU) 2016/1250 of the European Commission of 12 July 2016 regarding the so-called EU-US privacy shield for the USA. The data protection level is generally considered adequate in the sense of Art. 45 DSGVO for transfers to companies, which are certified in accordance with EU-US privacy shield. Furthermore, adequacy decisions also exist for certain countries such as Switzerland, Canada and Israel. Alternatively or additionally, the conclusion of the standard EU data protection clauses passed by the European Commission with the receiving centre establishes suitable guarantees in accordance with Art. 46 para. 2 c) DSGVO and an appropriate level of data protection. You can obtain copies of the EU standard data protection clauses on the website of the European Commission under https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de.
Data processing is in some cases performed by external hosting service providers as commissioned by Höchsmann GmbH. With all functions below, it is possible that personal data is transferred to hosting service providers for the complete fulfilment of our services.
This ensures that we are able to provide our services in a secure manner in accordance with Art. 6 para. 1 p. 1 f) DSGVO in connection with Art. 28 DSGVO.
The service providers process data either exclusively in the EU/EEA or an adequate level of protection is guaranteed in consideration of the conditions governing admissibility specified under c.
e) Transfer to state authorities
In connection with the use of our services, it is possible in exceptional cases that we are obligated in accordance with Art. 6 para. 1 c) DSGVO to forward personal data to state authorities.
This may also occur if, in accordance with Art. 6 para. 1 f) DSGVO, it is necessary in order to assert, exercise or defend legal claims.
f) Deletion routines and blocking of personal data
As soon as the purpose of storage is no longer at hand and no legitimising circumstances apply, the personal data will be routinely blocked or deleted in accordance with legal provisions.
g) Legal basis of processing
In accordance with Art. 6 para. 1 lit. b DSGVO, personal data can be processed for the fulfilment of a contract. This is the case, for example, if goods are delivered or if the data is required in order to provide a service. Pre-contractual services such as customer inquiries regarding our products are included in this respect.
Processing in accordance with Art. 6 para. 1 lit. c DSGVO is possible if there is another legal obligation to do so as is the case e.g. when saving personal data for tax reasons.
Art. 6 para. 1 lit. d DSGVO permits the processing of personal data in order to protect the vital interests of the applicable persons or another natural person.
Finally, Art. 6 para. 1 lit. d DSGVO permits processing if this is necessary on the basis of legitimate interests of our company or a third party and to the extent that the interests, fundamental rights and freedoms of the applicable party do not outweigh this. Such an interest can, for example, be confirmed with respect to an existing customer relationship. Our interest in processing activity is evident in these cases such that we intend to perform our business activities for the benefit of our company, our employees and shareholders.
The aforementioned provisions indicate that the retention of personal data e.g. may be prescribed by law or is necessary because a contract may otherwise not be executed. In individual cases, data subjects can contact us and we will determine on which grounds the respective personal data is retained by us or processed in another manner.
4. Accessing our website
When accessing our website and using our services, access data is automatically processed in accordance with Art. 6 para. 1 f) DSGVO by us and the provider we commission, also if you are not logged on. This protects business processes and prevents abuse of our systems.
In particular, we wish to point out that transferring access data to external content providers is unavoidable based on how the transfer of information on the Internet works in a technical respect. The third-party providers are themselves responsible for operating the IT systems they used in compliance with data protection guidelines. The decision regarding the retention period for the data is the responsibility of the service providers.
We offer a variety of communication possibilities for establishing contact such as contact fields on the website, availability via post or phone as well as further communication platforms. If a data subject contacts us directly or using one of the aforementioned media, the data of the data subject that is transferred is processed in accordance with Art. 6 para. 1 b for the purpose of processing.
6. Inquiry, conclusion, execution or end of a contract
In connection with the inquiry, the conclusion of a contract, the execution or end of a contract, we process personal master data, address data, contact data, order data, payment data in order to identify, establish contact, conclude a contract, process an order, process payment transactions and render our services in accordance with Art. 6 Abs. 1 b), c) DSGVO.
The provision of further data may be helpful in order to process your order, but it is not absolutely necessary.
Depending on the process, data is forwarded to third parties and other companies in some cases:
- a) Suppliers will receive information regarding the delivery address and, if applicable, further contact data in accordance with Art. 6 para. 1 b) DSGVO
- b) Payment service providers receive the data required for processing the payment transaction in accordance with Art. 6 para. 1 b) DSGVO
- c) Authorities and customs receive information for order processing in accordance with Art. 6 para. 1 c) DSGVO
- d) Credit agencies receive personal master data and address data for assessing the credit rating in accordance with Art. 6 para. 1 f) DSGVO
- e) In order to provide you with the greatest possible offering and range of services, we will forward your contact data, personal data and order data to other companies and partners. This serves solely to provide a suitable offer and services relating to your inquiry/order.
7. Credit assessment and scoring
If we provide advance performance, e.g. in the case of a purchase on account, we will retrieve, if applicable, a credit rating on the basis of mathematical-statistical methods in order to uphold our legitimate interests. For this, we transfer the personal data required for a credit assessment to credit agencies. Your legitimate interests are considered in accordance with legal provisions.
8. Postal shipping and shipping of merchandise
In order to handle some transactions and measures, address data that is required for delivery is passed on to shipping providers in accordance with Art. 6 para. 1 b) DSGVO.
9. Creation of a user account
If you decide in favour of the user account on one of our platforms, we collect and process account data, address data, personal master data and contact data in accordance with Art. 6 para. 1 b) DSGVO.
10. Newsletter and marketing offers
Consent to the different newsletters is optional and can be revoked at any time.
Interesting and targeted advertising is important to us, which is why our newsletters and marketing offers are analysed with Google Analytics.
Important new developments in the industry and the Höchsmann company can also be sent using other methods. For this reason, the required address data can be passed on to the shipping provider for delivery. If you do not want this to happen, you can object to this at any time.
11. Applications via post or in the online process
During the application process, we collect and process personal master data, address data, contact data as well as the documents and images provided by you. This serves solely to conduct the application process (identification of the applicant, getting in contact as well as assessing the application). Storage of data serves to avoid mock or multiple applications in accordance with Art. 6 para., 1f) DSGVO. Another legitimate interest in this sense is, for example, a burden of proof in a procedure in accordance with the General Equal Treatment Act (AGG).
Cookies make it possible to optimise the information and offers on our website to the benefit of the users. Cookies allow us to recognise the visitors to our homepage. The purpose of the recognition is to make using our page easier for users.
The data subjects can prevent a cookie from being created by our website at any time by means of a corresponding setting in the browser they use. Almost all browsers offer this function. Apart from that, cookies that have already been created can be subsequently deleted by the system of the applicable persons. If a user disables the acceptance of cookies by the browser, it is possible in some circumstances that certain functions of our website cannot be used in their entirety.
Our website contains plugins from Youtube so that videos can be published in a quick, simple and uncomplicated manner. If you access a page from our services, which contains such a plugin, your browser will establish a direct connection to the servers of the respective provider. The content of the plugin is transferred by the provider directly to your browser and embedded in the page. Through this embedding, the provider receives the information that your browser has accessed the corresponding page, even if you do not have a profile with this provider or are not currently logged in there. This information (including your IP address) is transferred by your browser directly to a server of the provider (generally to the USA) where it is stored. If you have logged in with the provider, he can attribute the visit to our website directly to your profile. If you interact with the plugins, for example by clicking a button or submitting a comment, this information is also transferred directly to a server of the provider and saved there. The respective provider can, under certain circumstances, publish this information on your profile or display your contact.
If you do not want the providers to attribute the data collected via our website directly to your profile in the respective social network, you must log out of the corresponding network before you visit our website.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
14. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are saved on your computer and which permit the analysis of the use of the website by you. The information generated by the cookie concerning your use of this website is generally transferred to a server of Google in the USA and saved there. If IP anonymisation is activated on this website, your IP address is, however, shortened before by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be transferred to a server of Google in the USA and shortened there. As commissioned by the operator of this website, Google will use this information to analyse your use of the website in order to compile reports on website activities and provide further services associated with the use of the website and the use of the internet vis-à-vis the website operator. The IP address transferred by your browser in connection with Google Analytics is not combined with other Google data. You can prevent the storage of the cookies with a corresponding setting of your browser software; however, we wish to point out that you may not be able to use all functions of this website in their entirety in this case. You can also prevent the allocation of the data generated by the cookie and attributed to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading the browser plug available under the following link http://tools.google.com/dlpage/gaoptout?hl=de and install or alternatively, create a so-called opt-out cookie by clicking the following link.
Deactivate Google Analytics. This website uses Google Analytics with the addition “_anonymizeIp()”. As a result, IP addresses are processed in shortened form to prevent any possibility of them being attributed directly to a person.
We use Google Analytics to analyse the use of our website and improve it regularly. The acquired statistics allow us to improve our offer and make it more interesting for you as a user. For exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US privacy shield. The legal basis for using Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.
You can find more information about data processing by Google in Google’s privacy statement: http://www.google.de/intl/de/policies/privacy.
15. Google Maps
We use the Google Maps API of Google LLC., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to visually display geographic information, in particular to locate our customers.
16. Rights of the data subject
Every data subject has the right of access as per Article 15 DSGVO, the right to rectification in accordance with Article 16 DSGVO, the right to erasure in accordance with Article 17 DSGVO, the right to the restriction of processing in accordance with Article 18 DSGVO, the right to object on the basis of Article 21 DSGVO as well as the right to data portability on the basis of Article 20 DSGVO. With the right of access and right to erasure, the restrictions in accordance with sec. 34 and 35 BDSG apply. Furthermore, there is a right to object before a competent data protection supervisory authority (Article 77 DSGVO in connection with sec. 19 BDSG). You can revoke consent granted to the processing of personal data vis-à-vis us at any time. This also applies to the revocation of declarations of consent, which were issued vis-à-vis us before the application of DSGVO, that is, before 25 May 2018. Please note that the revocation will first take effect in the future. Processing which has taken place prior to revocation, will not be affected by it.
17. data protection information according to EU data protection basic regulation
In addition to these website-specific data protection notices, the data protection notices in accordance with the EU data protection basic regulation also apply. --->information duties
Information Obligations according to Article 13/14 General Data Protection Regulation (GDPR)
Höchsmann GmbH, Stefan Höchsmann, Schwabacher Strasse 4, 01665 Klipphausen Telephone: +49 35204 651-0, Fax: +49 35204 651-40, Email: firstname.lastname@example.org
Data Protection Commissioner
Mrs. Cornelia KaluzaTelephone: +49 35204 651-0, Email: email@example.com
1. Purpose, legal basis and necessity of the collection and processing of personal data
By virtue of your consent as laid out in Article 6 Paragraph 1a of the GDPR for specific purposes (such as email service for search agents).
For the fulfillment of pre-contractual and contractual obligations and services in accordance with Article 6 Paragraph 1b of the GDPR. Failure to provide information results in our inability to provide our services.
Due to legal requirements as stated in Article 6 Paragraph 1c of the GDPR.
To safeguard our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1f of the GDPR (eg. for marketing measures), provided there are no objections.
2. Data transmission to third parties or to a third country
Third parties, such as partners for service, finance, post, IT, logistics or other service providers, as well as business and trading partners, may receive data for specific purposes if this is necessary for consultation, conclusion, execution or termination of a contract with you or third parties in a contractual relationship.
Data transmission to countries outside the EU or the EEA may only take place if required for the provision of our services or delivery of our products or if required by law.
If service providers from a so-called third country are involved, they are obliged to comply with the data protection standards in Europe.
3. Duration of data storage
Personal information will be stored for at least the length of time necessary for us to fulfil our contractual and legal obligations.
In addition, personal data will be stored, for example, in order to maintain or restore the business relationship until the completion of the business. Erasure takes place at the request of the person concerned.
4. Your rights
You have the right of access according to Article 15 of the GDPR, the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right of objection (Article 21 GDPR) and the right to data portability (Article 20 GDPR). With regard to the right of access and the right to erase, the restrictions under §§ 34 and 35 BDSG apply.
You can object at any time to your given consent for data processing, with future effect. Furthermore, you have the right to lodge a complaint to a competent supervisory authority.
5. Automated decision-making according to Article 22 Paragraph 1,4 GDPR
Does not apply.
6. Data source publicly available
We make use of websites and other public sources for research purposes e.g. address searches or alterations.