Translation from German into English
The provisions of the EU General Data Protection Regulation (hereinafter "GDPR") apply throughout Europe. We wish to inform you about the processing of personal data performed by our company in accordance with this Regulation (see Articles 13 and 14 GDPR). If you have any questions or comments concerning this privacy statement, you can always send them to the e-mail address specified under clauses 2 or 3.
Content overview:
I. OVERVIEW
1. SCOPE OF APPLICATION
2. CONTROLLER
3. DATA PROTECTION OFFICER
4. DATA SECURITY
II. DATA PROCESSING IN DETAIL
1. GENERAL INFORMATION ABOUT DATA PROCESSING
2. ACCESSING THE WEBSITE / APPLICATION
3. APPLICATION
4. CLIENT CONTACT FORM
5. CUSTOMER AND SUPPLIER DATA
6. WEBSHOP PROCESSING
7. AHH INSIDER PROCESSING
8. TRACKING / USING GOOGLE ANALYTICS
III. RIGHT OF THE DATA SUBJECT
1. RIGHT TO OBJECT
2. RIGHT TO INFORMATION
3. RIGHT TO RECTIFICATION
4. RIGHT OF ERASURE ("RIGHT TO BE FORGOTTEN")
5. RIGHT TO RESTRICTION OF PROCESSING
6. RIGHT TO DATA PORTABILITY
7. RIGHT OF REVOCATION AFTER GIVING CONSENT
8. RIGHT OF APPEAL
IV. Glossary
This chapter of the privacy statement provides you with information about the scope of application, the controller for data processing, his data protection officer and data security.
Data processing performed by Alfons Haar Maschinenbau GmbH & Co. KG can essentially be divided into two categories:
- For contract processing purposes, all data required for execution of a contract with Alfons Haar Maschinenbau GmbH & Co. KG are processed. Where external service providers are also involved in the contract processing, for example logistics enterprises, your data are in each case disclosed to them to the required extent.
- Various information are exchanged between your terminal device and our server upon accessing the website / application. Such information may also cover personal data. The information collected in this way are, inter alia, used for optimizing our website.
This privacy statement applies to the following offers:
- our online offer, retrievable under www.alfons-haar.de;
- our webshop, retrievable under shop.alfons-haar.de; and
- our information portal, retrievable under insider.alfons-haar.de/insider/login.php. This portal is only accessible after prior registration.
All these offers are jointly also designated as "services".
The controller for data processing, thus the person deciding on the purposes and means of processing personal data, is in connection with the services:
Alfons Haar Maschinenbau GmbH & Co. KG
Fangdieckstraße 67
22547 Hamburg
Telephone: (+49) 40 833 91 - 0
E-mail: info@alfons-haar.de
You can contact our data protection officer as follows:
Contact form:
www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg
In order to develop the measures required in Article 32 GDPR and thus to achieve a level of protection appropriate to the risk, we have established an information security management system in our company.
In this chapter of the privacy statement we inform you in detail about the processing of personal data within the scope of our services. For the sake of clarity we arrange these details according to specific functionalities of our services. During normal use of the services, different functionalities and thus also different processings can take effect successively or simultaneously.
The following applies to all processing described below, unless otherwise specified:
There is neither a contractual nor a statutory duty to provide personal data. You are not obliged to provide data.
Where necessary data are concerned (data marked as mandatory details during data entry), the consequence of failure to provide such data is that the relevant service cannot be provided. Otherwise the consequence of failure to provide the data might be that our services cannot be provided in equal form and quality.
In various cases you have the option to give us your consent to further processing in connection with the processing described below (where appropriate for part of the data). In such case we inform you in the respective section of this statement about all modalities and the scope of consent, and about the purposes pursued by us with this processing.
When we transfer data to third countries, i.e. countries outside the European Union, the transfer is exclusively performed in compliance with the legally regulated admissibility requirements.
The admissibility requirements are regulated in Articles 44 to 49 GDPR.
Our data processing is to a large extent performed with the involvement of so-called hosting service providers, who make storage space and processing capacities available to us in their computer centers, and according to our instructions also process personal data on our behalf. These service providers process data either exclusively in the EU, or based on the EU standard data protection clauses used by us for guaranteeing an adequate level of data protection.
We transfer personal data to public authorities (including law enforcement agencies), if this is required for compliance with a legal obligation to which we are subject (legal basis: Article 6 paragraph 1 c) GDPR), or for asserting, exercising or defending legal claims (legal basis: Article 6 paragraph 1 f) GDPR).
We store your data for not longer than we need these data for the respective processing purposes. If the data are no longer necessary for fulfillment of contractual or statutory obligations, they are regularly deleted, unless a data retention continues to be necessary for a limited period. The underlying reasons can for example be:
• Compliance with retention obligations under trade and tax law
• Receipt of evidence for legal disputes within the scope of the legal statute of limitation.
It is likewise possible for us to continue storing your data on our end, if you expressly gave your consent to such ongoing storage.
o Account data: Login / user ID and password
o Personal master data: Title, address / sex, first name, surname, position within the company
o Address data: Street, house number, any address supplements, postcode, city, country
o Download data: Version of the downloaded workbench software
o Contact data: Telephone number(s), fax number(s), e-mail address(es)
o Login data: Information about the service used by you for login; points in time and technical information for login purposes, confirmation of disconnection; data specified by you for login
o Order data: Ordered products, prices, payment and delivery information
o Access data: Date and time of visiting our service; the page from which the accessing system reached our site; pages accessed during usage; data for session ID; furthermore the following information about the accessing computer system: IP address used, browser type and version, type of device, operating system and similar technical information
o Application data: Curriculum vitae, references, supporting documents, work samples, certificates, pictures
o Data according to Article 9 GDPR: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
This chapter describes how we process your personal data when accessing our services.
a. Information for processing | ||||
Intended purpose | Legal basis | Legitimate interest, if any | Storage period | |
Access data | Connection set-up, presentation of service contents, detection of attacks on our site based on unusual activities, troubleshooting | Article 6 paragraph 1 f) GDPR | Proper service function, security of data and business processes, prevention of abuse, prevention of damage caused by interference with information systems | 7 days |
b. Recipient of personal data | |||
Category of recipient | Data concerned | Legal basis of transmission | Legitimate interest, if any |
None |
|
|
During ongoing recruitment procedures we process your personal data in the following way:
a. Information for processing | ||||
Data category | Intended purpose | Legal basis | Legitimate interest, if any | Storage period |
Address data, contact data | Identifying, contacting, communicating for contract initiation | Article 6 paragraph 1 b) GDPR |
| 6 months |
Personal master data | Identifying, contacting, age verification | Article 6 paragraph 1 b) GDPR |
| 6 months |
Application data | Applicant selection | Article 6 paragraph 1 b) GDPR |
| 6 months |
b. Recipient of personal data | |||
Category of recipient | Data concerned | Legal basis of transmission | Legitimate interest, if any |
None |
|
|
|
Here you find information on how we process your personal data, when you address an enquiry to us via the contact form:
a. Information for processing | ||||
Data category | Intended purpose | Legal basis | Legitimate interest, if any | Storage period |
Personal master data, contact data and address data | Dealing with the enquiry and any queries | Declaration of consent (Article 6 paragraph 1 a) GDPR) |
| Maximally until revocation of the consent, at least for the statutory retention period |
b. Recipient of personal data | |||
Category of recipient | Data concerned | Legal basis of transmission | Legitimate interest, if any |
None |
|
|
|
Within the scope of a business relationship with customers and suppliers we process personal data to conclude, execute or terminate contracts in the following manner:
a. Information about processing | ||||
Data category | Purpose | Legal basis | Legitimate interest, if applicable | Length of storage |
Contact details, address details, personal master data, order data
| Planning, conducting, managing and administering the contractual relationship. Transacting the commission or order. | Art. 6 (1) a), b) GDPR: | Ensuring compliance with legal obligations, e.g. storing sales documents for tax purposes or sending legally required notifications and other announcements. | 10 years |
Payment details | Transacting the payment | Art. 6 (1) b), f) GDPR |
| 10 years |
b. Recipients of personal data | |||
Category of recipient | Relevant data | Legal basis for transmission | Legal basis |
Parcel service providers, carriers, direct suppliers | Address details, contact details, personal master data, if applicable | Art. 6 (1) b), f) GDPR | Delivering and collecting consignments and merchandise |
Payment service providers
| Payment details
| Art. 6 (1) b), f) GDPR
| Transacting the payment |
If applicable, collection service providers, courts
| Personal master data, contact details, payment details
| Transacting dunning procedures and collection proceedings in the event of non-payment
| Transacting dunning procedures and collection proceedings in the event of non-payment
|
The following information provide you with a description on how your personal data are being processed, when you use our webshop "shop.alfons-haar.de". Access data are recorded when accessing the site. The remaining data will only be recorded as soon as the user completes the registration and login process.
Registered users can submit enquiries for specific products to the selected order store automatically from the shop. In this case the data specified under 5.b) are forwarded to the respective country, where the order store is located. If this country is no member of the EU / EEA, but a third country, the following risks are incurred:
- No adequate level of data protection might exist; and
- Rights of the data subject might not be enforceable.
To process your email address in the event of a purchase we are, due to legal requirements in the German Civil Code (BGB), also obliged to send an electronic order confirmation (Article 6 (1) c) GDPR).
a. Information for processing | ||||
Data category | Intended purpose | Legal basis | Legitimate interest, if any | Storage period |
Access data | Connection set-up, presentation of service contents, detection of attacks on our site based on unusual activities, troubleshooting | Article 6 paragraph 1 f) GDPR | Proper service function, security of data and business processes, prevention of abuse, prevention of damage caused by interference with information systems | 7 days |
Personal master data, account data, contact data and address data | Offer preparation | Declaration of consent (Article 6 paragraph 1 a) GDPR) |
| Maximally until revocation of the consent, at least for the statutory retention period |
Login data | Offer preparation | Declaration of consent (Article 6 paragraph 1 a) GDPR) |
| Maximally until revocation of the consent, at least for the statutory retention period |
Order data | Offer preparation | Declaration of consent (Article 6 paragraph 1 a) GDPR) |
| Maximally until revocation of the consent, at least for the statutory retention period |
b. Recipient of personal data | |||
Category of recipient | Data concerned | Legal basis of transmission | Legitimate interest, if any |
Sales company responsible for executing the enquiry | Personal master data, contact data, address data and order data | Articles 44 to 49 GDPR | Preparation and submission of the concrete offer |
The following information provide you with a description on how your personal data are being processed, when you use our information portal "AHH Insider".
a. Information for processing | ||||
Data category | Intended purpose | Legal basis | Legitimate interest, if any | Storage period |
Access data | Connection set-up, presentation of service contents, detection of attacks on our site based on unusual activities, troubleshooting | Article 6 paragraph 1 f) GDPR | Proper service function, security of data and business processes, prevention of abuse, prevention of damage caused by interference with information systems | 7 days |
Personal master data, account data, contact data and address data | Provision of information and the workbench to registered clients | Declaration of consent (Article 6 paragraph 1 a) GDPR) |
| Until revocation of the consent |
Login data | Optimization of functionality | Declaration of consent (Article 6 paragraph 1 a) GDPR) |
| During the current login |
Download data | Service support | Declaration of consent (Article 6 paragraph 1 a) GDPR) |
| Until revocation of the consent |
b. Recipient of personal data | |||
Category of recipient | Data concerned | Legal basis of transmission | Legitimate interest, if any |
Service provider for server operation
| All data mentioned under a. | Job processing (Article 28 GDPR) |
|
If you have given your consent, Google Analytics, a web analysis service of Google LLC (“Google”) is used on this website. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.
Google Analytics uses “cookies“;, which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com
Purposes of the Processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
Legal Basis
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Recipients or Categories of Recipients
The recipient of the collected data is Google
Transfer to Third Countries
Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision. You can download the certificate here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
Duration of Data Storage
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month
Rights of the Persons affected
You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on: tools.google.com/dlpage/gaoptout. Opt-out cookies will prevent future collection of your data when you visit this website.
If you click here, the opt-out cookie will be set:
<link>Disable Google Analytics
1. Right to Object
You have furthermore the right to object, on grounds relating to your particular situation, at any time with effect for the future, to the processing of personal data concerning yourself, where the processing is made in accordance with Article 6 paragraph 1 letters e) or f) GDPR.
You may exercise the right to object on a cost-free basis.
You can reach us via the contact data specified under clause I.2.
2. Right to Information
You have the right to obtain information as to whether personal data concerning yourself are being processed by us, which personal data - if any - are concerned, and to obtain additional information according to Article 15 GDPR.
3. Right to Rectification
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning yourself (see Article 16 GDPR). Taking into account the purposes of the processing, you have the right to request completion of incomplete personal data, also by means of providing a supplementary statement.
4. Right of Erasure ("right to be forgotten")
You have the right to request us to immediately erase personal data concerning yourself, where one of the reasons mentioned in Article 17 paragraph 1 GDPR applies, and the processing is not necessary for one of the purposes regulated in Article 17 paragraph 3 GDPR.
5. Right to Restriction of Processing
You have the right to request restriction of processing of your personal data, where one of the prerequisites regulated in Article 18 paragraph 1 letter a) to d) GDPR is fulfilled.
6. Right to Data Portability
You have the right to receive the personal data concerning yourself, which you provided to us, in a structured, commonly used and machine-readable format. You have furthermore the right to transmit those data to another controller without hindrance from us, or to have the data transmitted directly by us, where technically feasible. This shall always apply in cases where the data processing is based on a declaration of consent or a contract, and where the data are processed automatically. Accordingly, this shall not apply to data kept in paper form only.
7. Right of Revocation after giving Consent
Insofar as the processing is based on your consent, you have the right to revoke such consent at any time. This shall not affect the lawfulness of processing performed on the basis of the declaration of consent until revocation.
8. Right of Appeal
You have the right to file an appeal with a supervisory authority.