Privacy Policy

 

We process personal data (hereinafter mostly only referred to as “data”) only to the extent required and to provide an operable and user-friendly web presence including its contents and the services offered there.

Pursuant to Art. 4(2) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter only referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the Privacy Policy below, we inform you, in particular, of the nature, scope, purpose, period and legal basis of personal data processing, where we decide on the purposes and means of processing either alone or together with others. Moreover, the following is to inform you of the third-party components used by us for optimisation purposes and to increase usage quality, where, in turn, third parties process data under their own responsibility.

Our Privacy Policy is structured as follows:

I. Information About Us as Controller
II. Users’ and Data Subjects’ Rights
III. Information on Data Processing


I. Information About Us as Controller

The responsible provider of this web presence under privacy law is:

HERWE GmbH
Kleines Feldlein 16-20
74889 Sinsheim
Germany

Phone: +49-7261-9281-0
Fax: +49-7261-9281-20
E-Mail: info@herwe.de

The provider’s data protection officer is:

Data Protection Officer

Kleines Feldlein 16-20
74889 Sinsheim
Germany

Phone: +49-7261-9281-35
Fax: +49-7261-9281-30
E-Mail: datenschutz@herwe.de


II. Users’ and Data Subjects’ Rights

Regarding data protection described in more detail below, users and data subjects have the right

  • to obtain confirmation as to whether or not data concerning them is being processed, access to the processed data, to further information about data processing and to copies of the data (cf. also Art. 15 GDPR);
  • to obtain rectification of inaccurate data or to have incomplete data completed (cf. also Art. 16 GDPR);
  • to obtain erasure of the data concerning them without undue delay (cf. also Art. 17 GDPR) or, alternatively, where further processing pursuant to Art. 17(3) GDPR is necessary, restriction of processing in accordance with Art. 18 GDPR;
  • to receive the data concerning them and provided by them and to have those data transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to lodge a complaint with a supervisory authority, where they take the view that the data concerning them is processed by the provider in violation of provisions under privacy law (cf. also Art. 77 GDPR).

In addition, the provider is obliged to notify all recipients, to whom data has been disclosed by the provider, of any rectification or erasure of data or of the restriction of processing based on Articles 16, 17(1), 18 GDPR. This obligation does not apply, however, where such notification is not possible or entails disproportionate effort. Notwithstanding the above, the user has a right of access to information about such recipients.

Likewise, pursuant to Art. 21 GDPR, the users and data subjects have the right to object at any time to processing of personal data concerning them, where the data is processed by the provider in accordance with point (f) of Art. 6(1) GDPR. In particular, objection to data processing for direct marketing purposes is admissible.

 

III. Information on Data Processing

Your data processed when using our web presence will be erased or blocked once the retention purpose ceases to exist, erasure of the data does not conflict with legal retention obligations and no other statements will be made below on individual processing operations.

Cookies

a) Session Cookies

We use cookies for our web presence. Cookies are small text files or other storage technologies placed or stored on your terminal by the web browser used by you. These cookies process certain information concerning you to an individual extent, for example your browser or location data or your IP address.

Such processing makes our web presence more user-friendly, effective and secure, since processing allows, for ex., to reproduce our web presence in different languages or to offer a shopping cart function.

The legal basis of such processing is point (b) of Art. 6(1) GDPR, where the cookies are processed for contract initiation or implementation.

If processing does not serve contract initiation or implementation, our legitimate interest is to improve the functionality of our web presence. In this case, the legal basis is point (f) of Art. 6(1) GDPR.

By closing your web browser, such session cookies will be erased.

b) Cookies of Third-Party Providers

Where appropriate, our web presence also uses cookies of partner companies we cooperate with to promote, analyse or ensure the functionalities of our web presence.

Details thereon, especially on the purposes and legal bases of processing such cookies of third-party providers, can be found in the information below.

c) Elimination Option

You can prevent or limit the installation of the cookies by setting your web browser accordingly. You can also erase at any time any cookies already installed. However, the steps and measures required to that end depend on the relevant web browser used by you. If you have any questions, please use the help function or documentation of your web browser or contact its manufacturer or support. For flash cookies, however, processing cannot be prevented by the browser settings. Instead, you have to change the setting of your Flash Player. The steps and measures required to that end, too, depend on the relevant Flash Player used by you. If you have any questions, please use the help function or documentation of your Flash Player or contact the manufacturer or user support as well.

If you want to prevent or limit the installation of the cookies, however, this may result in you not being able to use all functions of our web presence in full.

Customer Account / Registration Function

If you create a customer account with us using our web presence, we will collect and retain the data entered by you at the time of registration (e.g. your name, address or e-mail address) only for pre-contractual services, contract fulfilment or customer care purposes (e.g. to provide you with an overview of your orders placed with us so far or in order to offer you a wish list function). At the same time, we will then retain the IP address and the date and time of your registration. Of course, such data will not be disseminated to third parties.

As part of the further login process, we will obtain your consent to such processing while referring to this Privacy Policy. The data collected by us while doing so will be exclusively used to provide the customer account.

Where you consent to such processing, the legal basis of processing is point (a) of Art. 6(1) GDPR.

Where the opening of the customer account additionally serves pre-contractual measures or contract fulfilment, the legal basis for such processing also includes point (b) of Art. 6(1) GDPR.

Pursuant to Art. 7 (3) GDPR, you may withdraw at any time your consent given to us for the opening and maintenance of the customer account with effect for the future. To that end, you only have to notify us of your withdrawal.

The data collected to this extent will be erased once processing is no longer required. In doing so, however, we must observe retention periods under tax and commercial law.

Newsletter

If you want to subscribe to our free newsletter, the data queried from you in this respect, i.e. your e-mail address and, optionally, your name and address, will be transferred to us. Concurrently, we will retain the IP address of the Internet connection you use to access our web presence and the date and time of your registration. As part of the further login process, we will obtain your consent to the sending of the newsletter while precisely describing the content and referring to this Privacy Policy. The data collected in this case will be exclusively used by us to send the newsletter; in particular, it will thus not be disseminated to third parties either.

The legal basis in this case is point (a) of Art. 6(1) GDPR.

Pursuant to Art. 7 (3) GDPR, you may withdraw at any time your consent for the sending of the newsletter with effect for the future. To that end, you only have to notify us of your withdrawal or click on the unsubscribe link contained in each newsletter.

Contact Enquiries/Option

Where you contact us using a contact form or by e-mail, the data indicated by you in this case will be used to process your enquiry. Indication of the data is necessary to process and reply to your enquiry; if it is not provided, we will not be able to reply to your enquiry at all or only to a limited extent.

The legal basis for such processing is point (b) of Art. 6(1) GDPR.

Your data will be erased where your enquiry has been conclusively answered and its erasure does not conflict with legal retention obligations, e.g. in case of any subsequent contract implementation.

Google Analytics

We use Google Analytics in our web presence. This is a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “Google”.

By its certification pursuant to the EU-US Privacy Shield, see

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google guarantees that the EU data protection stipulations will also be complied with where data is processed in the US.

The Google Analytics service serves to analyse the usage behaviour of our web presence. The legal basis is point (f) of Art. 6(1) GDPR. Our legitimate interest includes the analysis, optimisation and economic operation of our web presence.

In this case, information relating to usage and users, such as IP address, place, time and frequency of visits to our web presence, is transferred to and retained by a Google server in the US. Nevertheless, we use the anonymisation function of Google Analytics. With this function, Google already shortens the IP address in the EU or EEC.

Google, in turn, uses the data collected in this way to provide us with an evaluation of the visit to and on the usage activities on our web presence. This data may also be used to render further services associated with the use of our web presence and of the Internet.

According to Google, your IP address will not be amalgamated with other data. Moreover, at

https://www.google.com/intl/de/policies/privacy/partners

Google holds available further privacy-law information for you, e.g. information on the options to prevent the use of such data.

Moreover, at

https://tools.google.com/dlpage/gaoptout?hl=en

Google offers a disabling add-on along with further related information. This add-on can be installed using common web browsers and offers you an extended option to control the data captured by Google upon any access to our web presence. In this case, the add-on informs the JavaScript (ga.js) of Google Analytics that information on the visit to our web presence is not supposed to be transferred to Google Analytics. This will not prevent, however, that information will be transferred to us or to other web analysis services. Of course, this Privacy Policy also contains information on whether we use other web analysis services (and if so, which ones).

Google-Maps

We use Google Maps in our web presence to display our location and to compile directions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “Google”.

By its certification pursuant to the EU-US Privacy Shield, see

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google guarantees that the EU data protection stipulations will also be complied with where data is processed in the US.

To allow for specific fonts to be displayed in our web presence, a connection will be established to the Google server in the US upon any access to our web presence.

Where you access the Google Maps component integrated into our web presence, Google will use your web browser to store a cookie on your terminal. Your user settings and data will be processed to display our location and to compile directions. In doing so, we cannot rule out that Google uses servers in the US.

The legal basis is point (f) of Art. 6(1) GDPR. Our legitimate interest is to optimise the functionality of our web presence.

The connection established with Google allows Google to determine the website used to send your enquiry and the IP address the directions are to be transferred to.

Where you do not agree to such processing, you may prevent the installation of the cookies by setting your web browser accordingly. Details for doing so can be found under “Cookies” above.

Moreover, use of Google Maps and of the information obtained via Google Maps is governed by the Google Terms of Use at https://policies.google.com/terms?gl=en and the Google Maps Additional Terms of Service https://www.google.com/intl/en_en/help/terms_maps.html.

Moreover, at

https://adssettings.google.com/authenticated

https://policies.google.com/privacy?hl=en

Google offers further information.

Google Fonts

We use Google Fonts in our web presence to display external fonts. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “Google”.

By its certification pursuant to the EU-US Privacy Shield, see

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google guarantees that the EU data protection stipulations will also be complied with where data is processed in the US.

To allow for specific fonts to be displayed in our web presence, a connection will be established to the Google server in the US upon any access to our web presence.

The legal basis is point (f) of Art. 6(1) GDPR. Our legitimate interest includes the optimisation and economic operation of our web presence.

The connection established with Google upon any access to our web presence allows Google to determine the website used to send your enquiry and the IP address the display of the font is to be transferred to.

At

https://adssettings.google.com/authenticated

https://policies.google.com/privacy?hl=en

Google offers further information, especially on the options to prevent data use.

MailChimp – Newsletter

We offer you the possibility to subscribe to our free newsletter using our web presence.

To send newsletters, we use MailChimp, a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter only referred to as “The Rocket Science Group”.

By its certification pursuant to the EU-US Privacy Shield, see

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

The Rocket Science Group guarantees that the EU data protection stipulations will also be complied with where data is processed in the US. Moreover, at

http://mailchimp.com/legal/privacy/

The Rocket Science Group offers further privacy information.

If you subscribe to the newsletter sent by us, The Rocket Science Group will process the data queried during the login process, such as your e-mail address and, optionally, your name and address. Moreover, your IP address and the date and time of your login will be retained. As part of the further login process, your consent to the sending of the newsletter will be obtained, with the content being precisely described and reference being made to this Privacy Policy.

The newsletter subsequently sent via The Rocket Science Group also contains a tracking pixel, also called “web beacon”. This tracking pixel allows us to evaluate whether and when you have read our newsletter and whether you have followed any further links contained in the newsletter. Besides further technical data, such as the data of your IT system and your IP address, we will retain the data processed in this context in order to optimise our newsletter offering and cater for the readers’ needs. The data will thus be used to increase the quality and attractiveness of our newsletter offering.

The legal basis for sending the newsletter and for the analysis is point (a) of Art. 6(1) GDPR.

Pursuant to Art. 7 (3) GDPR, you may withdraw at any time your consent for the sending of the newsletter with effect for the future. To that end, you only have to notify us of your withdrawal or click on the unsubscribe link contained in each newsletter.

Google AdWords incl. Conversion Tracking

We use the Google AdWords ad component including conversion tracking in our web presence. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only referred to as “Google”.

By its certification pursuant to the EU-US Privacy Shield, see

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google guarantees that the EU data protection stipulations will also be complied with where data is processed in the US.

We use conversion tracking to ensure targeted promotion of our offering. The legal basis is point (f) of Art. 6(1) GDPR. Our legitimate interest includes the analysis, optimisation and economic operation of our web presence.

If you click on an ad placed by Google, the conversion tracking used by us will store a cookie on your terminal. Such conversion cookies will become invalid after 30 days. Apart from that, they do not serve to identify you in person.

Where the cookie is still valid and you visit a specific site of our web presence, both we and Google may evaluate that you have clicked on one of our ads placed with Google and that you have subsequently been forwarded to our web presence.

Google uses the information obtained in this way to compile statistics on the visit to our web presence for us. Moreover, this will provide us with information about the number of users who have clicked on our ad(s) and about the sites subsequently accessed on our web presence. Nevertheless, this will enable neither us nor third parties using Google AdWords as well to identify you in this manner.

Moreover, you can prevent or limit the installation of the cookies by setting your web browser accordingly. Concurrently, you can erase at any time any cookies already installed. However, the steps and measures required to that end depend on the relevant web browser used by you. If you have any questions, please use the help function or documentation of your web browser or contact its manufacturer or support.

Furthermore, at

https://services.google.com/sitestats/en.html

http://www.google.com/policies/technologies/ads?hl=en

https://policies.google.com/privacy?gl=de&hl=en

Google offers further information on this topic, especially on the options to prevent data use.

Online Job Applications / Publication of Job Advertisements

We offer you the possibility to apply for a job at our company using our web presence. We use these digital applications to electronically collect and process your applicant and application data to implement the application process.

The legal basis for such processing is Section 26 (1) 1st sentence BDSG (German Federal Data Protection Act) i. c. w. Art. 88(1) GDPR.

Where an employment contract is concluded after the application process, we will retain in your personnel file your data transferred at the time of application for the customary organisation and administration process, observing, of course, the further legal obligations.

The legal basis for such processing is Section 26 (1) 1st sentence BDSG (German Federal Data Protection The legal basis for such processing is likewise Section 26 (1) 1st sentence BDSG i. c. w. Art. 88(1) GDPR.

If your application is rejected, the data transferred to us will be automatically erased by us two months after announcement of the rejection. The data will not be erased, however, if it must be retained for a longer period of up to four months or up to the completion of legal proceedings on account of legal provisions, e.g. due to the burden of proof pursuant to the German General Act on Equal Treatment (AGG).

In this case, the legal basis includes point (f) of Art. 6(1) GDPR and Section 24 (1) (2.) BDSG. Our legitimate interest is legal defence or enforcement.

Where you explicitly consent to any longer retention of your data, for ex. for your entry into an applicant or prospect database, the data will be further processed based on your consent. The legal basis in this case is point (a) of Art. 6(1) GDPR. However, you may, of course, withdraw at any time your consent with effect for the future by statement to us pursuant to Art. 7 (3) GDPR.

Muster-Datenschutzerklärung der Anwaltskanzlei Weiß & Partner

Kundenumfrage