Privacy statement

22/06/2018

Based on applicable legal provisions, Höchsmann GmbH places the greatest emphasis on the security of information, particularly personal data. Below, we will inform you regarding data processing in accordance with EU Data Protection Regulation (DSGVO).

1. Domain of validity

This privacy statement applies to Höchsmann GmbH and its websites, offers, services, marketing activities, business relationships, application processes as well as all other services in which personal data is processed.

All these areas are described as services. Customers and suppliers are both referred to as business partners.

2. Responsible party

In connection with the use of our services, we only process personal data to the extent necessary in order to provide the functions or services.

The party responsible for the processing of your personal data in accordance with Art. 4 no. 7 DSGVO is

Höchsmann GmbH
Schwabacher Straße 4
01665 Klipphausen

Data protection officer:

Ms Cornelia Kaluza
Schwabacher Straße 4
01665 Klipphausen

Tel: +49 35204 651-61
Fax: +49 35204 651-90
E-Mail: datenschutz@hoechsmann.com

As the data subject, you can contact us or our data protection officers at any time with any questions and suggestions regarding data protection.

3. General information regarding data processing

Data categorisation

In order to render all information clearly, different data records will be consolidated into general groups as follows:

  • Personal master data: Title, salutation/gender, first name, last name, date of birth, language, personal identification and passport information
  • Address data: Street, house number, if applicable, address additions, post code, city, country
  • Contact data: Phone number(s), fax number(s), e-mail address(es)
  • Login data: Points in time and technical information about logins
  • Account data: User name
  • Order data: Products requested and offered, products ordered, prices, payment and delivery information, number plates
  • Payment data: Account data, credit card data, data concerning other payment services
  • Newsletter usage profile data: Opening of the newsletter (date and time), content, selected links, as well as the following information of the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
  • Access data: Name and URL of the file accessed, date and time of access, data volume transferred, notification of successful access (HTTP response code), pages accessed, browser version, operating system, referrer URL (website previously visited), IP address and corresponding provider

a) Provision of personal data

For the use of our services or initiation, conducting and ending of a business relationship, we process different personal data depending on the process. You are informed in this regard during the collection process and required fields are, for example, marked as a mandatory field. Failure to provide this required data results in us not being able to provide our services in their entirety.

b) Consents

To the extent you have granted us your consent to process personal data for certain purposes on the basis of the processing methods described below, your consent confirms the lawfulness of the processing. Consent that is granted can be revoked at any time.

c) Transfer of personal data to third countries

If we transfer data to third countries, that is, countries outside of the European Union (EU) or the European Economic Area (EEA), then the transfer will only occur in compliance with the conditions governing admissibility provided for by law, that is, if an adequacy decision in accordance with Art. 45 DSGVO or suitable guarantees in accordance with Art. 46 DSGVO are in place. One such adequacy decision is the implementation decision (EU) 2016/1250 of the European Commission of 12 July 2016 regarding the so-called EU-US privacy shield for the USA. The data protection level is generally considered adequate in the sense of Art. 45 DSGVO for transfers to companies, which are certified in accordance with EU-US privacy shield. Furthermore, adequacy decisions also exist for certain countries such as Switzerland, Canada and Israel. Alternatively or additionally, the conclusion of the standard EU data protection clauses passed by the European Commission with the receiving centre establishes suitable guarantees in accordance with Art. 46 para. 2 c) DSGVO and an appropriate level of data protection. You can obtain copies of the EU standard data protection clauses on the website of the European Commission under https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de.

d) Hosting

Data processing is in some cases performed by external hosting service providers as commissioned by Höchsmann GmbH. With all functions below, it is possible that personal data is transferred to hosting service providers for the complete fulfilment of our services.

This ensures that we are able to provide our services in a secure manner in accordance with Art. 6 para. 1 p. 1 f) DSGVO in connection with Art. 28 DSGVO.

The service providers process data either exclusively in the EU/EEA or an adequate level of protection is guaranteed in consideration of the conditions governing admissibility specified under c.

e) Transfer to state authorities

In connection with the use of our services, it is possible in exceptional cases that we are obligated in accordance with Art. 6 para. 1 c) DSGVO to forward personal data to state authorities.

This may also occur if, in accordance with Art. 6 para. 1 f) DSGVO, it is necessary in order to assert, exercise or defend legal claims.

f) Deletion routines and blocking of personal data

As soon as the purpose of storage is no longer at hand and no legitimising circumstances apply, the personal data will be routinely blocked or deleted in accordance with legal provisions.

g) Legal basis of processing

In accordance with Art. 6 para. 1 lit. b DSGVO, personal data can be processed for the fulfilment of a contract. This is the case, for example, if goods are delivered or if the data is required in order to provide a service. Pre-contractual services such as customer inquiries regarding our products are included in this respect.

Processing in accordance with Art. 6 para. 1 lit. c DSGVO is possible if there is another legal obligation to do so as is the case e.g. when saving personal data for tax reasons.

Art. 6 para. 1 lit. d DSGVO permits the processing of personal data in order to protect the vital interests of the applicable persons or another natural person.

Finally, Art. 6 para. 1 lit. d DSGVO permits processing if this is necessary on the basis of legitimate interests of our company or a third party and to the extent that the interests, fundamental rights and freedoms of the applicable party do not outweigh this. Such an interest can, for example, be confirmed with respect to an existing customer relationship. Our interest in processing activity is evident in these cases such that we intend to perform our business activities for the benefit of our company, our employees and shareholders.

The aforementioned provisions indicate that the retention of personal data e.g. may be prescribed by law or is necessary because a contract may otherwise not be executed. In individual cases, data subjects can contact us and we will determine on which grounds the respective personal data is retained by us or processed in another manner.

4. Accessing our website

When accessing our website and using our services, access data is automatically processed in accordance with Art. 6 para. 1 f) DSGVO by us and the provider we commission, also if you are not logged on. This protects business processes and prevents abuse of our systems.

In particular, we wish to point out that transferring access data to external content providers is unavoidable based on how the transfer of information on the Internet works in a technical respect. The third-party providers are themselves responsible for operating the IT systems they used in compliance with data protection guidelines. The decision regarding the retention period for the data is the responsibility of the service providers.

5. Contact

We offer a variety of communication possibilities for establishing contact such as contact fields on the website, availability via post or phone as well as further communication platforms. If a data subject contacts us directly or using one of the aforementioned media, the data of the data subject that is transferred is processed in accordance with Art. 6 para. 1 b for the purpose of processing.

6. Inquiry, conclusion, execution or end of a contract

In connection with the inquiry, the conclusion of a contract, the execution or end of a contract, we process personal master data, address data, contact data, order data, payment data in order to identify, establish contact, conclude a contract, process an order, process payment transactions and render our services in accordance with Art. 6 Abs. 1 b), c) DSGVO.

The provision of further data may be helpful in order to process your order, but it is not absolutely necessary.

Depending on the process, data is forwarded to third parties and other companies in some cases:

  • a) Suppliers will receive information regarding the delivery address and, if applicable, further contact data in accordance with Art. 6 para. 1 b) DSGVO
  • b) Payment service providers receive the data required for processing the payment transaction in accordance with Art. 6 para. 1 b) DSGVO
  • c) Authorities and customs receive information for order processing in accordance with Art. 6 para. 1 c) DSGVO
  • d) Credit agencies receive personal master data and address data for assessing the credit rating in accordance with Art. 6 para. 1 f) DSGVO
  • e) In order to provide you with the greatest possible offering and range of services, we will forward your contact data, personal data and order data to other companies and partners. This serves solely to provide a suitable offer and services relating to your inquiry/order.

7. Credit assessment and scoring

If we provide advance performance, e.g. in the case of a purchase on account, we will retrieve, if applicable, a credit rating on the basis of mathematical-statistical methods in order to uphold our legitimate interests. For this, we transfer the personal data required for a credit assessment to credit agencies. Your legitimate interests are considered in accordance with legal provisions.

8. Postal shipping and shipping of merchandise

In order to handle some transactions and measures, address data that is required for delivery is passed on to shipping providers in accordance with Art. 6 para. 1 b) DSGVO.

9. Creation of a user account

If you decide in favour of the user account on one of our platforms, we collect and process account data, address data, personal master data and contact data in accordance with Art. 6 para. 1 b) DSGVO.

10. Newsletter and marketing offers

Consent to the different newsletters is optional and can be revoked at any time.

Interesting and targeted advertising is important to us, which is why our newsletters and marketing offers are analysed with Google Analytics.

Important new developments in the industry and the Höchsmann company can also be sent using other methods. For this reason, the required address data can be passed on to the shipping provider for delivery. If you do not want this to happen, you can object to this at any time.

11. Applications via post or in the online process

During the application process, we collect and process personal master data, address data, contact data as well as the documents and images provided by you. This serves solely to conduct the application process (identification of the applicant, getting in contact as well as assessing the application). Storage of data serves to avoid mock or multiple applications in accordance with Art. 6 para., 1f) DSGVO. Another legitimate interest in this sense is, for example, a burden of proof in a procedure in accordance with the General Equal Treatment Act (AGG).

12. Cookies

We use cookies on our website. Cookies are text files, which are stored and saved on a computer system via an Internet browser. Through the use of cookies, we can provide users of this website with user-friendly services, which would not be possible without creating the cookies. Cookies are used on numerous websites. They often contain a so-called cookie ID, a unique identifier. Web pages or servers can differentiate the individual browser of the applicable user from other browsers, which contain other user-specific cookies.

Cookies make it possible to optimise the information and offers on our website to the benefit of the users. Cookies allow us to recognise the visitors to our homepage. The purpose of the recognition is to make using our page easier for users.

The data subjects can prevent a cookie from being created by our website at any time by means of a corresponding setting in the browser they use. Almost all browsers offer this function. Apart from that, cookies that have already been created can be subsequently deleted by the system of the applicable persons. If a user disables the acceptance of cookies by the browser, it is possible in some circumstances that certain functions of our website cannot be used in their entirety.

13. Youtube

Our website contains plugins from Youtube so that videos can be published in a quick, simple and uncomplicated manner. If you access a page from our services, which contains such a plugin, your browser will establish a direct connection to the servers of the respective provider. The content of the plugin is transferred by the provider directly to your browser and embedded in the page. Through this embedding, the provider receives the information that your browser has accessed the corresponding page, even if you do not have a profile with this provider or are not currently logged in there. This information (including your IP address) is transferred by your browser directly to a server of the provider (generally to the USA) where it is stored. If you have logged in with the provider, he can attribute the visit to our website directly to your profile. If you interact with the plugins, for example by clicking a button or submitting a comment, this information is also transferred directly to a server of the provider and saved there. The respective provider can, under certain circumstances, publish this information on your profile or display your contact.

If you do not want the providers to attribute the data collected via our website directly to your profile in the respective social network, you must log out of the corresponding network before you visit our website.

Youtube:

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

https://policies.google.com/privacy

14. Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are saved on your computer and which permit the analysis of the use of the website by you. The information generated by the cookie concerning your use of this website is generally transferred to a server of Google in the USA and saved there. If IP anonymisation is activated on this website, your IP address is, however, shortened before by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be transferred to a server of Google in the USA and shortened there. As commissioned by the operator of this website, Google will use this information to analyse your use of the website in order to compile reports on website activities and provide further services associated with the use of the website and the use of the internet vis-à-vis the website operator. The IP address transferred by your browser in connection with Google Analytics is not combined with other Google data. You can prevent the storage of the cookies with a corresponding setting of your browser software; however, we wish to point out that you may not be able to use all functions of this website in their entirety in this case. You can also prevent the allocation of the data generated by the cookie and attributed to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading the browser plug available under the following link http://tools.google.com/dlpage/gaoptout?hl=de and install or alternatively, create a so-called opt-out cookie by clicking the following link.

Deactivate Google Analytics. This website uses Google Analytics with the addition “_anonymizeIp()”. As a result, IP addresses are processed in shortened form to prevent any possibility of them being attributed directly to a person.

We use Google Analytics to analyse the use of our website and improve it regularly. The acquired statistics allow us to improve our offer and make it more interesting for you as a user. For exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US privacy shield. The legal basis for using Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.

You can find more information about data processing by Google in Google’s privacy statement: http://www.google.de/intl/de/policies/privacy.

15. Google Maps

We use the Google Maps API of Google LLC., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to visually display geographic information, in particular to locate our customers.

16. Rights of the data subject

Every data subject has the right of access as per Article 15 DSGVO, the right to rectification in accordance with Article 16 DSGVO, the right to erasure in accordance with Article 17 DSGVO, the right to the restriction of processing in accordance with Article 18 DSGVO, the right to object on the basis of Article 21 DSGVO as well as the right to data portability on the basis of Article 20 DSGVO. With the right of access and right to erasure, the restrictions in accordance with sec. 34 and 35 BDSG apply. Furthermore, there is a right to object before a competent data protection supervisory authority (Article 77 DSGVO in connection with sec. 19 BDSG). You can revoke consent granted to the processing of personal data vis-à-vis us at any time. This also applies to the revocation of declarations of consent, which were issued vis-à-vis us before the application of DSGVO, that is, before 25 May 2018. Please note that the revocation will first take effect in the future. Processing which has taken place prior to revocation, will not be affected by it.