Privacy policy in accordance with the GDPR

 

 

 

 

0. Contents of the privacy policy

[Translate to Niederländisch:] I. Introduction 

 

II. Name and address of the Controller

 

III. Name and address of the Data Protection Officer

 

IV. General information regarding data processing

 

V. Provision of the website and creation of log files

 

VI. Utilisation of cookies 

 

VII. Information via e-mail (e-mail marketing)

 

VIII. Registration for image database

 

IX. Registration for hinge calculation programme

 

X. Personalised settings instructions

 

XI. Contact form and e-mail contact

 

XII. Data protection in case of job applications and in the application process

 

XIII. Web analysis with the PIWIK Pro analysis software

 

XIV. Social media

 

XV. Rights of the data subject

 

XVI. Data security

 

XVII. Topicality and changes to this privacy policy

 

 

 

 

 

I. Introduction

Thank you very much for visiting our website and for your interest in our company as well as our products and services. Protecting your personal data upon collection, processing and use on occasion of your visit to our website is an important concern for us.

 

This privacy policy provides information about which data we collect during your visit to this website and how we use said data. Some of that data that we store on our server is data that you are providing to us voluntarily by filling out forms, while other data is stored automatically in the context of registration and system usage.

 

We do not collect any data that allows for determining the identity of the individual visitor unless you yourself transmit your personal data in the context of the registration for a closed user group. Furthermore, we do not use any technological aids geared toward the identification of visitors.

 

 

 

II. Name and address of the Controller

The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other provisions under data protection law is:

 

Dr. Hahn GmbH & Co. KG

Trompeterallee 162-170

D-41189 Mönchengladbach

Germany

Tel.: +49- (0) 2166-954-3

E-Mail: sales@dr-hahn.de

Website: www.dr-hahn.eu

 

 

 

 

III. Name and address of the Data Protection Officer

The Data Protection Officer of the Controller can be reached at:

Tel.: +49 241 47433-21

E-Mail: dr-hahnunser-datenschutz.de

 

 

 

 

IV. General information regarding data processing

a. Scope of the processing of personal data

On principle, we collect and use the personal data of our users only to the extent that this is necessary for providing a functional website as well as our contents and services. The collection and utilisation of the personal data of our users is carried out regularly only after having received the user’s consent. An exception applies in such cases in which a prior obtaining of consent is not possible for factual reasons and where the processing of the data is permitted by statutory regulations.

 

b. Legal basis for the processing of personal data

To the extent that we obtain a declaration of consent of the data subject for the processing operations of personal data, Art. 6 Par. 1 Lit. a of the EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data.

 

In case of the processing of personal data that is required for the fulfilment of a contract to which the data subject is a contractual party, Art. 6 Par. 1 Lit. b GDPR serves as legal basis. This shall also apply to processing operations that are necessary for the carrying out of pre-contractual measures.

 

To the extent that a processing of personal data is required for the fulfilment of a contractual obligation that our company is subject to, Art. 6 Par. 1 Lit. c GDPR serves as legal basis.

 

In case vital interests of the data subject or of another natural person make a processing of personal data necessary, Art. 6 Par. 1 Lit. d GDPR serves as legal basis.

 

If the processing is necessary for maintaining a legitimate interest of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 Par. 1 Lit. f GDPR serves as legal basis for the processing. 

 

c. Data erasure and duration of storage

The personal data of the data subject will be erased or restricted as soon as the purpose of storage no longer exists. A storage can, furthermore, be performed if this is provided for by the European or national legislatures in rules, laws, or other regulations under European Union law applicable to the Controller. A restriction or erasure of the data is also performed if a storage period prescribed by the specified standards expires unless a necessity exists for further storage of the data for conclusion or fulfilment of a contract.

 

 

 

 

V. Provision of the website and creation of log files

a. Scope of the processing of personal data

Each time our website is called up, our system automatically collects data and information from the computer system calling it up. 

 

During this process, the following data are collected:

1. Information regarding the type and version of the browser used

2. The user’s operating system

3. The IP address of the user

4. The Internet service provider of the user (this data is not collected directly, but the IP address (Item 3) allows for conclusion regarding the user’s Internet service provider) 

5. Date and time of access

6. ebsites from which the user’s system reached our website

 

The data is also stored in the log files of our system. This does not apply to the IP addresses of the user or other data that allows for an attribution of the data to a user. A storage of this data together with other personal data of the user does not take place.

 

b. Legal basis for the data processing

Legal basis for the temporary storage of the data is Art. 6 Par. 1 Lit. f GDPR.

 

c. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to make possible a delivery of the web page to the user’s computer. To effect this, the user’s IP address must remain stored for the duration of the session. This also constitutes our legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. In case of collection of the data for provision of the website, this is the case once the respective session has ended. 

 

e. Option to object and remove

The collection of the data for the provision of the website and the storage of the data in log files is mandatorily required for the operation of the website. Therefore, no option to object exists for the user.

 

 

 

 

VI. Utilisation of cookies

a. Description and scope of the data processing

Our website is using cookies. Cookies are small text files that are stored in and/or by the web browser on the user’s computer system. When a user calls up a website, a cookie can be stored on the user’s operating system this way. This cookie contains a characteristic sequence of character that allow for an unambiguous identification of the browser when the website is called up again.

 

We utilise cookies for a more user-friendly design of our website. Some elements of our website require that the browser performing the call-up can also be identified subsequent to switching pages. In the process, the following data is being stored and transmitted in the cookies:

 

1. The be_typo_user cookie is being used by TYPO3 for identification of a logged-in backend user. The user’s ID is being stored.

 

2. The fe_typo_user cookie is being used by TYPO3 for identification of a logged-in frontend user. This cookie is being used in the context of the utilisation of the image database (regarding this, also see VIII. Registration for the image database).  The user’s ID is being stored.

 

3. The cookiesAccepted cookie is being set once a website visitor has confirmed the cookie note by clicking on “OK”. The value 1/true is being stored which is representative of the positive confirmation of the notification.

 

4. The showedModalForm cookie is being set when the contact form has been displayed to the user on the download page (https://www.dr-hahn.eu/downloads/). The cookie prevents the form from being displayed to the user anew in case of a return visit. The value 1/true is being stored which stands for “Form has already been displayed”.

 

5. The ceDownloads cookie is used to limit downloads of the declarations of performance on the declarations of performance page (https://www.dr-hahn.eu/leistungserklaerungen/) to a maximum of 3 downloads per user. A value is being stored that reflects the number of downloads (NaN or a number between 1 and 3, respectively).

 

In addition, we utilise cookies on our website that allow for an analysis of the surfing behaviour of the users (regarding this, also see XIII. Web analysis with the PIWIK Pro analysis software). This way, the following data can be transmitted:

 

1. _pk_ref: This cookie stores information regarding the user’s origin, i.e., from which website the user came to us. 

 

2. _pkid: This cookie stores the user’s ID in order to identify returning users. 

 

3. _pk_ses: This is a session cookie. Session cookies are responsible for keeping the session active for 30 minutes after the last activity performed. When they expire, the visit is considered finished.

 

4. piwik_ignore: If a user objects to the tracking and utilises the opt-out option, this cookie is stored on the user’s computer. The analysis software then ignores the user in the future and does not send any data to the PIWIK server.

 

The users’ data collected in this manner are being pseudonymized via technical measures. Therefore, an attribution of the data to the user performing the call-up is no longer possible. The data are not being stored jointly with other personal data of the user. When calling up our website, users are being informed - by an info banner - of the utilisation of cookies for analysis purposes and are referred to this privacy policy. In this context, a notification also takes place how the storing of cookies can be prevented in the browser settings.

 

b. Legal basis for the data processing

Legal basis for the processing of personal data under utilisation of cookies is Art. 6 Par. 1 Lit. f GDPR.

 

c. Purpose of the data processing

Purpose of the collection of technically necessary cookies is to simplify the utilisation of the websites for the users. Some functions of our website cannot be offered without the utilisation of cookies. For these, is necessary that the browser can be “remembered” even after switching pages. This also constitutes our legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR.

 

We need cookies for the following applications:

 

1. The be_typo_user cookie is being used by TYPO3 for identification of a logged-in backend user.

 

2. The fe_typo_user is being used by TYPO3, in case of utilisation of the image database, for identification of a logged-in frontend user. (regarding this, also see VIII. Registration for the image database).

 

3. The cookiesAccepted cookie is being set once a website visitor has confirmed the cookie note by clicking on “OK”.

 

4. The showedModalForm cookie is being set when the contact form has been displayed to the user on the download page (https://www.dr-hahn.eu/downloads/). The cookie prevents the form from being displayed to the user anew in case of a return visit.

 

5. The ceDownloads cookie is used to limit downloads of the declarations of performance on the declarations of performance page (https://www.dr-hahn.eu/leistungserklaerungen/) to a maximum of 3 downloads per user.

 

The user data collected by technically necessary cookies are not being utilised to create user profiles.

 

The utilisation of analysis cookies is being carried out for the purpose of improving the quality of our website and of its contents. Through analysis cookies, we find out how the website is being utilised and how we can thusly continuously optimise our offer.

 

1. _pk_ref: This cookie stores information regarding the user’s origin, i.e., from which website the user came to us.

 

2. _pkid: This cookie stores the user’s ID in order to identify returning users.

 

3. _pk_ses: This is a session cookie. Session cookies are responsible for keeping the session active for 30 minutes after the last activity performed. When they expire, the visit is considered finished.

 

4. piwik_ignore: If a user objects to the tracking and utilises the opt-out option, this cookie is stored on the user’s computer. The analysis software then ignores the user in the future and does not send any data to the PIWIK server.

 

These purposes also constitute our legitimate interest in the processing of the personal data in accordance with Art. 6 Par. 1 Lit. f GDPR.

 

d. Duration of storage, option to object and remove

Cookies are stored on the user’s computer and transmitted from the latter to our website. Therefore, you, as the user, also have full control over the utilisation of cookies. By modifying the settings in your web browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you deactivate cookies for our website, it is possible that not all functions of the website can be utilised to their full extent any more.

 

In addition, the cookies have different usage periods and expire thereafter.

 

1. The be_typo_user cookie will be deleted automatically one year after the cookie has been set/updated.

 

2. The fe_typo_user cookie will be deleted automatically one year after the cookie has been set/updated.

 

3. The cookiesAccepted cookie effectively remains stored until the user manually removes the cookie.

 

4. The showedModalForm cookie will be deleted automatically one year after the cookie has been set/updated.

 

5. The cdDownloads cookie will be deleted automatically one year after the cookie has been set/updated.

 

6. _pk_ref: This cookie will be deleted automatically after 6 months.

 

7. _pkid: This cookie will be deleted automatically after one year.

 

8. _pk_ses: The cookie will be deleted 30 minutes after the last activity tracked.

 

9. piwik_ignore: The cookie is being stored until the user manually deletes it or withdraws his or her opt-out with a renewed click (regarding this, also see XIII. Web analysis with the PIWIK Pro analysis software)

 

 

 

 

VII. Information via e-mail (e-mail marketing)

a. Description and scope of the data processing

We inform interested users via e-mail. For this, the option exists on our website to register for this free of charge via a form. In the process, the data from the data entry mask is transmitted to us upon registration. Specifically, these are the following data:

 

1. First name

2. Last name

3. Company

4. E-mail address

 

Additionally, the following data are collected upon registration:

 

1. IP address of the computer performing the call-up

2. Date and time of the registration

 

Additionally, the user may provide his or her consent to the sending of information via e-mail upon registration for the image database (c.f. VIII) or for the hinge calculation programme (c.f. IX). In this case, first name, last name, company and e-mail address are being stored as well. Other data that may be transmitted in the context of the registration process is not relevant for this service and is not being stored in this context.

 

Your consent to the processing of the data is being collected in the course of the registration process and this privacy policy is being referred to. The registration is being performed via the so-called opt-in method. The registration process is only completed once the user has confirmed the registration via a confirmation link. No passing on of data to third parties is taking place in connection with the data processing for the sending of e-mails. The data are being used exclusively for the sending of e-mails.

 

b. Legal basis for the data processing

Legal basis for the processing of the data subsequent to the registration for the newsletter by the user is, in case of an existing declaration of consent of the user, Art. 6 Par. 1 Lit. a GDPR.

 

c. Purpose of the data processing

The collection of the user’s e-mail address serves for providing the user with information via e-mail. The collection of other personal data in the context of the registration process serves to prevent an abuse of the services or of the e-mail address utilised.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. As such, the data of the user remain stored for as long as Dr. Hahn informs registered users via e-mail. If the user cancels this service, the user data are deleted. A cancellation is possible at any time.

 

e. Option to object and remove

Any user who registered for this e-mail service can cancel it at any time. For this purpose, a corresponding link is included in each e-mail sent in connection with this. This also makes possible a withdrawal of consent to storage of the personal data collected during the registration process.

 

 

 

 

VIII. Registration for image database

a. Description and scope of the data processing

On our website, we provide users with the option to register for utilisation of the image database providing personal data. In the process, the data are entered into a data entry mask and transferred to us and stored. A passing-on of data to third parties does not take place. The following data are collected in the context of the registration process:

 

1. Salutation

2. Last name

3. First name

4. Company

5. Department

6. Position

7. Street address

8. Postal code and city

9. Country

10. Telephone number and fax number

11. E-mail address

In addition, the following data are being stored at the point of time of registration:

1. The IP address of the user

2. Date and time of the registration

 

In the context of the registration process, the user’s consent to the processing of this data is being obtained. The image database is a service exclusively for existing customers of Dr. Hahn. To identify them, the aforementioned data is being collected and transmitted upon registration

 

b. Legal basis for the data processing

Legal basis for the processing of the data, in case of an existing declaration of consent of the user, is Art. 6 Par. 1 Lit. a GDPR.

 

c. Purpose of the data processing

The image database is a service geared exclusively to customers of Dr. Hahn. To identify them, personal data are being collected. In addition, a legitimate interest exists in knowing who is using our images.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. This is the case for the data collected during the registration process if the registration for the image database is being cancelled or modified.

 

e. Option to object and remove

As a registered user of the image database, you have the option to cancel the registration at any time. You may - at any time - have the stored data modified or deleted. To do so, simply send an informal email to bilddatenbank@dr-hahn.de. After an erasure of the stored data, a utilisation of the image database is no longer possible.

 

 

 

 

IX. Registration for hinge calculation programme

a. Description and scope of the data processing

On our website, we provide users with the option to register for utilisation of the hinge calculation programme providing personal data. In the process, the data are entered into a data entry mask and transferred to us and stored. A passing-on of data to third parties does not take place. The following data are collected in the context of the registration process:

 

1. Salutation

2. Last name

3. First name

4. Company

5. Department

6. Position

7. Street address

8. Postal code and city

9. Country

10. Telephone number and fax number

11. E-mail address

12. Manufacturers and systems

 

In addition, the following data are being stored at the point of time of registration:

1. The IP address of the user

2. Date and time of the registration

 

In the context of the registration process, the user’s consent to the processing of this data is being obtained.

 

b. Legal basis for the data processing

Legal basis for the processing of the data, in case of an existing declaration of consent of the user, is Art. 6 Par. 1 Lit. a GDPR.

 

c. Purpose of the data processing

The hinge calculation programme is a service geared exclusively to customers of Dr. Hahn. To be able to unambiguously identify them, a registration is necessary. Additionally, data is collected during registration that is necessary for the programme’s functionality (e.g. manufacturer and system).

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. This is the case for the data collected during the registration process if the registration for the hinge calculation programme is being cancelled or modified.

 

e. Option to object and remove

As a registered user of the hinge calculation programme, you have to option - at any time - to cancel the registration and to have the data deleted. To do so, send an informal e-mail to technik@dr-hahn.de. You can view and modify the data stored about you from within the programme. Upon deletion of the data, a utilisation of the hinge calculation programme is no longer possible.

 

 

 

 

X. Personalised settings instructions

a. Description and scope of the data processing

On our website, we provide users with the option to create personalised instructions as PDF documents with individualised information. In the process, the data are entered into a data entry mask and transmitted to us as well as processed and written into the PDF document. A passing-on of data to third parties does not take place. The following data are collected in the context of the processing operations:

 

1. Door hinge and/or desired instructions

2. Company name 

3. Firmenname

4. Street address

5. Postal code and City

6. Telephone

7. Fax

8. E-mail

9. Homepage

 

All of the above information is option and serves for the creation of individualised instructions.

 

At the point in time of creation of the PDF, the following data are additionally being stored:

1. The IP address of the user

2. Date and time of the creation

 

In the context of the processing operation, the aforementioned data is written into a PDF document and displayed to the user. Subsequent to the processing, the user then has the option to download the PDF document and store it in a storage location of his or her choosing. The data transmitted for the creation of the individualised instructions is being deleted subsequent to the processing and/or subsequent to the closing of the displayed PDF.

 

b. Legal basis for the data processing

Legal basis for the processing of the data, in case of an existing declaration of consent of the user, is Art. 6 Par. 1 Lit. a GDPR. 

 

c. Purpose of the data processing

The data transmitted is needed for the creation and delivery of an individualised PDF document.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. The data transmitted for the creation of the personalised instructions are only retained for the processing operations and are deleted automatically thereafter.

 

e. Option to object and remove

The user cannot use the service for personalised settings instructions without the transmission of data since the individualisation of the PDF document is not possible without said data. Upon closing the generated PDF document, the transmitted data are deleted.

 

 

 

 

XI. Contact form and e-mail contact

a. Description and scope of the data processing

On the web pages regarding our products, contact forms exist which can be used to establish contact electronically. If a user exercises this option, his or her e-mail address and the individually entered text are transmitted to us and stored. At the point in time of sending the message, the following data are stored additionally:

 

1. The IP address of the user

2. Date and time of the registration

 

Alternatively, it is possible to establish contact via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail is being stored. 

No passing-on of the data to third parties takes place in connection with this. The data is exclusively being utilised for the processing of the conversation.

 

b. Legal basis for the data processing

Legal basis for the processing of the data transmitted by the contact form is Art. 6 Par. 1 Lit. b GDPR.

Legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 Par. 1 Lit. f GDPR. If the e-mail contact is geared towards the conclusion of a contract, the additional legal basis for the processing is Art. 6 Par. 1 Lit. b GDPR.

 

c. Purpose of the data processing

The processing of the personal data from the data entry mask serves us only in the processing of the establishing of contact. In case of an establishing of contact via e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent an abuse of the contact form and to ensure the security of our information technology systems.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the data entry mask of the contact form and for the personal data sent via e-mail, this is the case when the respective conversation with the user has ended. However, due to the Regulations on Data Access and Auditability of Digital Documents, all e-mails are being archived digitally in accordance with the required retention periods.

 

e. Option to object and remove

The user has the option to withdraw his or her consent to the processing of the personal data at any time. If the user establishes contact with us via e-mail, he or she can object to the storage of the personal data at any time. In such a case, the conversation cannot be continued. In order to delete the data sent via e-mail, an informal e-mail to the same e-mail address utilised by the user or to sales@dr-hahn.de is sufficient All personal data that was stored in the process of establishing contact will be deleted in this case.

 

 

 

 

XII. Data protection in case of job applications and in the application process

a. Description and scope of the data processing

Users and/or job applicants have the option to transmit their application documents via s separately set up e-mail address (bewerbung@dr-hahn.de). In connection with a job application, we store the following data:

 

1. First name and last name

2. Address

3. Telephone number

4. E-mail address

5. Application documents transmitted (e.g. cover letter, curriculum vitae, certificates, etc.)

 

We do not store data above and beyond that that cannot be utilised in accordance with the German General Equal Treatment Act (race, ethnic origin, gender, religion or ideology, disability, age, or sexual identity).

 

We utilise the application document only in connection with an existing job application process. The data are deleted as soon as the application process has been completed. A longer storage takes place only if this is required by statutory provisions or if the job applicant has agreed to a longer storage.

 

b. Legal basis for the data processing

Legal basis for the processing of the data, in case of an existing declaration of consent of the user, is Art. 6 Par. 1 Lit. a GDPR.

 

Legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 Par. 1 Lit. f GDPR. If the e-mail contact is geared toward the establishment of an employment relationship, the additional legal basis for the processing is RGL Art. 88 GDPR in conjunction with § 26 Par. 1 German Federal Data Protection Act (BDSG).

 

c. Purpose of the data processing

The personal job application data transmitted by you are used exclusively purpose-bound for the filling of positions within our company. On principle, your data are forwarded only to the offices and specialist departments within our company responsible for the specific job application process. A passing-on of your personal job application data to other companies does not take place without your prior express consent. A utilisation of your job application data above and beyond that or a passing on to a third party does not take place.

 

d. Duration of storage

On principle, an erasure of your personal job application data takes place subsequent to the conclusion of the job application process. This does not apply if statutory provisions prevent an erasure or if you expressly consented to a longer storage period.

In case a job offer is extended and accepted, a storage of the personal data in the personnel file takes place. Additional information regarding this is communicated within the context of the hiring process.

In case of a rejection of the job application, the personal data is stored for purposes of preservation of evidence in case of potential AGG lawsuits. An erasure is permitted after 6 months, the latest.

 

 

e. Option to object and remove

The job applicant has the option - at any time - to withdraw his or her consent to the processing of the personal data. If the user establishes contact with us via e-mail, he or she can object to the storage of the personal data at any time. In such a case the conversation cannot be continued and the job applicant can no longer be taken into consideration for the job application process.

 

To object to the storage of the data, an informal e-mail to bewerbung@dr-hahn.de will suffice. 

 

All personal data that was stored in the process of establishing contact will be deleted in this case. 

 

 

 

XIII. Web analysis with the PIWIK Pro analysis software

a. Description and scope of the data processing

We utilise the PIWIK PRO web analysis software to analyse visitor flows to our website. Web analysis is the collection, aggregation and analysis of data regarding the behaviour of visitors of websites. A web analysis tools captures, among other things, data about from which website the respective person came to a website, which sub-pages of the website were accessed, or how often and for how long a sub-page was viewed. 

 

For this, the following cookies are stored on your computer:

 

1. _pk_ref: This cookie stores information regarding the user’s origin, i.e., from which website the user came to us. This cookie will be deleted automatically after 6 months.

 

2. _pkid: This cookie stores the user’s ID in order to identify returning users. This cookie will be deleted automatically after one year.

 

3. _pk_ses: This is a session cookie. Session cookies are responsible for keeping the session active for 30 minutes after the last activity performed. When they expire, the visit is considered finished.

 

4. piwik_ignore: If a user objects to the tracking and utilises the opt-out option, this cookie is stored on the user’s computer. The analysis software then ignores the user in the future and does not send any data to the PIWIK server.

 

The data captured by PIWIK are stored in anonymized form on a server in Europe by shortening the IP address. This way, an inference of an individual user is prevented. It will not be passed on to third parties. We analyse the data collected to optimise our website and services based on the insights gained.

 

b. Legal basis for the data processing

Legal basis for the processing of personal data under utilisation of cookies is Art. 6 Par. 1 Lit. f GDPR.

 

c. Purpose of the data processing

We analyse the data collected with the help of the PIWIK analysis software and use the insights gained to optimise our website. This constitutes our legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR. The analyses are merely of a general nature. Inferences regarding the behaviour of individual users are not possible due to the anonymization of the data captured.

 

d. Duration of storage

The cookies utilised by the PIWIK PRO analysis software are stored on the user’s computer for different periods of time. The storage periods of the cookies used are as follows:

 

1. _pk_ref: This cookie will be deleted automatically after 6 months.

 

2. _pkid: This cookie will be deleted automatically after one year.

 

3. _pk_ses: This cookie will be deleted 30 minutes after the last activity tracked.

 

4. piwik_ignore: This cookie will not be deleted automatically.

 

The user can also actively delete stored cookies via the “delete” function of the browser utilised. By deleting the piwik_ignore cookie, the user’s computer will no longer be ignored by the analysis software. It is necessary to set the opt-out cookie again in order for the user’s computer to be ignored by the analysis software.

 

e. Option to object and remove

Users have two mutually independent options to object to a data collection by the PIWIK analysis software:

 

1. By activating the do-not-track function and/or do-not-follow function in the browser’s setting, data are no longer being transmitted. As long as this setting is active, no data are stored. This setting typically only applies to this one device and this one browser in which the setting has been activated. As such, this setting has to be carried out separately on each device and in each browser.

 

2. With the opt-out function, the user can actively object to the transmission of data for web analysis. If the check mark set below is removed via a click, the storage of data will no longer be performed.



XIV. Social media

a. Description and scope of the data processing

We utilise social media channels as a supplemental service and make supplemental information available there. On the website, there are links pointing to these social media channels. We do not utilise so-called “social plugins” (e.g. the Facebook “like” button). The links are merely captured in the web analysis (see XIII. Web analysis with the PIWIK Pro analysis software). We are linking to the following social media channels on our website:

 

Dr. Hahn Facebook page: https://www.facebook.com/Dr.Hahn.GmbH/

Inductio Facebook page: https://www.facebook.com/Tuerband4.Inductio/

YouTube channel: https://www.youtube.com/user/DrHahnTV

Google+ page: https://plus.google.com/+DrhahnEuTuerbaender

 

The social media platform are independent information offers and are independent of the Dr. Hahn website. The privacy policies of the social media platforms prove a detailed overview of the data utilisation on those platforms:

Facebook privacy policy: https://www.facebook.com/privacy/explanation

YouTube privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Google+ privacy policy: https://policies.google.com/privacy?hl=de

 

 

 

XV. Rights of the data subject

If personal data concerning you is being processed, you are the data subject within the meaning of the GDPR and the following rights are available to you against the Controller:

 

a. Right of Access

 

You may demand from the Controller a confirmation regarding whether personal data concerning you are being processed by us. If such a processing is the case, you shall have the right to demand access to the following information from the Controller:

(1) the purpose for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients and/or the categories of recipients to whom the personal data concerning you have been or still will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if specific statements regarding this are not possible, criteria for the specification of the storage period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Controller, or a right to object to this processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) any and all available information regarding the origin of the data if the personal data were not collected from the data subject;

(8) the existence of an automated decision-making, including profiling, in accordance with Art. 22 Par. 1 and 4 GDPR, and – at least in these cases – meaningful information about the logic involved as well as the significance and the envisioned consequences of such processing for the data subject.

 

You shall have the right to demand information whether the personal data that related are transferred to a third country or to an international organisation. In connection with this, you may demand to be informed about the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.

 

b. Right to rectification 

You have a right to rectification and/or completion against the Controller insofar as the personal data processed concerning you are incorrect or incomplete. The Controller must perform the rectification without undue delay.

 

c. Right to restriction of processing

Subject to the following prerequisites, you may demand restriction of the processing of personal data concerning you:

(1) if you contest the accuracy of the personal data concerning you, for a period enabling the Controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of processing but you still need them for the establishment, exercise or defence of legal claims, or

(4) you have objected to processing pursuant to Art. 21 Par. 1 GDPR and it has not yet been determined whether the legitimate grounds of the Controller override your grounds.

Where the processing of the personal data concerning you has been restricted, such data shall, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If the restriction of the processing was restricted pursuant to the above prerequisites, you will be informed by the Controller before the restriction is lifted.

 

d. Right to Erasure

 

i. Obligation to erase

You shall have the right to demand from the controller to erase the personal data concerning you without undue delay, and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:

(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing is based in accordance with Art. 6 Par. 1 Lit. a or Art. 9 Par. 2 Lit. a GDPR, and there is no other legal ground for the processing.

(3) You object to the processing pursuant to Art. 21 Par. 1 GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 Par. 2 GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.

(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 Par. 1 GDPR.

 

ii. Information to third parties

Where the Controller has made the personal data concerning you public and is obliged, pursuant to Art. 17 Par. 1 GDPR, to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 

 

iii. Exceptions

The right to erasure shall not apply to the extent that processing is necessary

 

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 Par. 2 Lit. h and i as well as Art. 9 Par. 3 GDPR;

(4) ffor archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 GDPR in so far as the right referred to section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

 

(5) for the establishment, exercise or defence of legal claims.

 

e. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against the Controller, the Controller shall be obliged to communicate to each recipient to whom the respective personal data concerning you was disclosed any rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves disproportionate effort.

 

You shall have the right against the Controller to be informed about those recipients.

 

f. Right to data portability

You shall have the right to receive the personal data concerning you, which you provided to the Controller, in a structured, commonly used and machine-readable format. In addition, you shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

 

(1) dthe processing is based on consent pursuant to Art. 6 Par. 1 Lit. a GDPR or Art. 9 Par. 2 Lit. a GDPR or on a contract pursuant to Art. 6 Par. 1 Lit. b GDPR; and

(2) the processing is carried out by automated means.

In exercising your right to data portability you shall, furthermore, have the right to have the respective personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to a processing of personal data that is needed for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

 

g. Right to object

You shall have the right, at any time, to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 Par. 1 Lit. e or f GDPR; this shall also apply to a profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves for the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

Where you object to the processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services – and Directive 2002/58/EC notwithstanding – you may exercise your right to object by automated means using technical specifications.

 

h. Right to withdraw the declaration of consent under data protection law

You shall have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of the declaration of consent will not affect the legality of the processing performed based on the declaration of consent up until the withdrawal.

 

i. Automated individual decision-making

You shall have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or that similarly affects you significantly. This shall not apply if the decision 

(1) is necessary for entering into, or performance of, a contract between you and the Controller,

(2) is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Art. 9 Par. 1 GDPR unless Art. 9 Par. 2 Lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With respect to the cases referred to in (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests which include, at least, the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.

 

j. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider the processing of personal data relating to you to be infringing on the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

XVI. Data security

All data transmitted are transmitted via the commonly used and secure SSL (Secure Socket Layer) standard. SSL is a secure and tried and tested standard. Among other things, you can identify a secure SSL connection by the attached https:// in your browser’s address bar or by the lock symbol in the bottom area of your browser. In addition, we are utilising suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and unauthorised access by third parties. Our security measures are continuously being improved corresponding to the technological development.

 

 

XVII. Topicality and changes to this privacy policy

This privacy policy is currently valid and has the version as of 15.05.2018. Due to the further development of the website or due to changed statutory requirements and/or those of the authorities, it may become necessary to change this privacy policy. You can call-up and print the respective current privacy policy at any time on our website at www.dr-hahn.eu/datenschutz/.