Privacy policy in accordance with the GDPR

 

 

 

 

0. Contents of the privacy policy

I. Introduction 

 

II. Name and address of the Controller

 

III. Name and address of the Data Protection Officer

 

IV. General information regarding data processing

 

V. Provision of the website and creation of log files

 

VI. Utilisation of cookies 

 

VII. Information via e-mail (e-mail marketing)

 

VIII. Registration for image database

 

IX. Registration for hinge calculation programme

 

X. Personalised settings instructions

 

XI. Contact form and e-mail contact

 

XII. Data protection in case of job applications and in the application process

 

XIII. Web analysis with the PIWIK Pro analysis software

 

XIV. Social media

 

XV. Rights of the data subject

 

XVI. Data security

 

XVII. Topicality and changes to this privacy policy

 

 

 

 

 

I. Introduction

Thank you very much for visiting our website and for your interest in our company as well as our products and services. Protecting your personal data upon collection, processing and use on occasion of your visit to our website is an important concern for us.

 

This privacy policy provides information about which data we collect during your visit to this website and how we use said data. Some of that data that we store on our server is data that you are providing to us voluntarily by filling out forms, while other data is stored automatically in the context of registration and system usage.

 

We do not collect any data that allows for determining the identity of the individual visitor unless you yourself transmit your personal data in the context of the registration for a closed user group. Furthermore, we do not use any technological aids geared toward the identification of visitors.

 

 

 

IV. General information regarding data processing

a. Scope of the processing of personal data

On principle, we collect and use the personal data of our users only to the extent that this is necessary for providing a functional website as well as our contents and services. The collection and utilisation of the personal data of our users is carried out regularly only after having received the user’s consent. An exception applies in such cases in which a prior obtaining of consent is not possible for factual reasons and where the processing of the data is permitted by statutory regulations.

 

b. Legal basis for the processing of personal data

To the extent that we obtain a declaration of consent of the data subject for the processing operations of personal data, Art. 6 Par. 1 Lit. a of the EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data.

 

In case of the processing of personal data that is required for the fulfilment of a contract to which the data subject is a contractual party, Art. 6 Par. 1 Lit. b GDPR serves as legal basis. This shall also apply to processing operations that are necessary for the carrying out of pre-contractual measures.

 

To the extent that a processing of personal data is required for the fulfilment of a contractual obligation that our company is subject to, Art. 6 Par. 1 Lit. c GDPR serves as legal basis.

 

In case vital interests of the data subject or of another natural person make a processing of personal data necessary, Art. 6 Par. 1 Lit. d GDPR serves as legal basis.

 

If the processing is necessary for maintaining a legitimate interest of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 Par. 1 Lit. f GDPR serves as legal basis for the processing. 

 

c. Data erasure and duration of storage

The personal data of the data subject will be erased or restricted as soon as the purpose of storage no longer exists. A storage can, furthermore, be performed if this is provided for by the European or national legislatures in rules, laws, or other regulations under European Union law applicable to the Controller. A restriction or erasure of the data is also performed if a storage period prescribed by the specified standards expires unless a necessity exists for further storage of the data for conclusion or fulfilment of a contract.

 

 

 

 

V. Provision of the website and creation of log files

a. Scope of the processing of personal data

Each time our website is called up, our system automatically collects data and information from the computer system calling it up. 

 

During this process, the following data are collected:

1. Information regarding the type and version of the browser used

2. The user’s operating system

3. The IP address of the user

4. The Internet service provider of the user (this data is not collected directly, but the IP address (Item 3) allows for conclusion regarding the user’s Internet service provider) 

5. Date and time of access

6. ebsites from which the user’s system reached our website

 

The data is also stored in the log files of our system. This does not apply to the IP addresses of the user or other data that allows for an attribution of the data to a user. A storage of this data together with other personal data of the user does not take place.

 

b. Legal basis for the data processing

Legal basis for the temporary storage of the data is Art. 6 Par. 1 Lit. f GDPR.

 

c. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to make possible a delivery of the web page to the user’s computer. To effect this, the user’s IP address must remain stored for the duration of the session. This also constitutes our legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. In case of collection of the data for provision of the website, this is the case once the respective session has ended. 

 

e. Option to object and remove

The collection of the data for the provision of the website and the storage of the data in log files is mandatorily required for the operation of the website. Therefore, no option to object exists for the user.

 

 

 

 

VI. Utilisation of cookies

a. Description and scope of the data processing

Our website is using cookies. Cookies are small text files that are stored in and/or by the web browser on the user’s computer system. When a user calls up a website, a cookie can be stored on the user’s operating system this way. This cookie contains a characteristic sequence of character that allow for an unambiguous identification of the browser when the website is called up again.

 

We utilise cookies for a more user-friendly design of our website. Some elements of our website require that the browser performing the call-up can also be identified subsequent to switching pages. In the process, the following data is being stored and transmitted in the cookies:

 

1. The be_typo_user cookie is being used by TYPO3 for identification of a logged-in backend user. The user’s ID is being stored.

 

2. The fe_typo_user cookie is being used by TYPO3 for identification of a logged-in frontend user. This cookie is being used in the context of the utilisation of the image database (regarding this, also see VIII. Registration for the image database).  The user’s ID is being stored.

 

3. The cookiesAccepted cookie is being set once a website visitor has confirmed the cookie note by clicking on “OK”. The value 1/true is being stored which is representative of the positive confirmation of the notification.

 

4. The showedModalForm cookie is being set when the contact form has been displayed to the user on the download page (https://www.dr-hahn.eu/downloads/). The cookie prevents the form from being displayed to the user anew in case of a return visit. The value 1/true is being stored which stands for “Form has already been displayed”.

 

5. The ceDownloads cookie is used to limit downloads of the declarations of performance on the declarations of performance page (https://www.dr-hahn.eu/leistungserklaerungen/) to a maximum of 3 downloads per user. A value is being stored that reflects the number of downloads (NaN or a number between 1 and 3, respectively).

 

In addition, we utilise cookies on our website that allow for an analysis of the surfing behaviour of the users (regarding this, also see XIII. Web analysis with the PIWIK Pro analysis software). This way, the following data can be transmitted:

 

1. _pk_ref: This cookie stores information regarding the user’s origin, i.e., from which website the user came to us. 

 

2. _pkid: This cookie stores the user’s ID in order to identify returning users. 

 

3. _pk_ses: This is a session cookie. Session cookies are responsible for keeping the session active for 30 minutes after the last activity performed. When they expire, the visit is considered finished.

 

4. piwik_ignore: If a user objects to the tracking and utilises the opt-out option, this cookie is stored on the user’s computer. The analysis software then ignores the user in the future and does not send any data to the PIWIK server.

 

The users’ data collected in this manner are being pseudonymized via technical measures. Therefore, an attribution of the data to the user performing the call-up is no longer possible. The data are not being stored jointly with other personal data of the user. When calling up our website, users are being informed - by an info banner - of the utilisation of cookies for analysis purposes and are referred to this privacy policy. In this context, a notification also takes place how the storing of cookies can be prevented in the browser settings.

 

b. Legal basis for the data processing

Legal basis for the processing of personal data under utilisation of cookies is Art. 6 Par. 1 Lit. f GDPR.

 

c. Purpose of the data processing

Purpose of the collection of technically necessary cookies is to simplify the utilisation of the websites for the users. Some functions of our website cannot be offered without the utilisation of cookies. For these, is necessary that the browser can be “remembered” even after switching pages. This also constitutes our legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR.

 

We need cookies for the following applications:

 

1. The be_typo_user cookie is being used by TYPO3 for identification of a logged-in backend user.

 

2. The fe_typo_user is being used by TYPO3, in case of utilisation of the image database, for identification of a logged-in frontend user. (regarding this, also see VIII. Registration for the image database).

 

3. The cookiesAccepted cookie is being set once a website visitor has confirmed the cookie note by clicking on “OK”.

 

4. The showedModalForm cookie is being set when the contact form has been displayed to the user on the download page (https://www.dr-hahn.eu/downloads/). The cookie prevents the form from being displayed to the user anew in case of a return visit.

 

5. The ceDownloads cookie is used to limit downloads of the declarations of performance on the declarations of performance page (https://www.dr-hahn.eu/leistungserklaerungen/) to a maximum of 3 downloads per user.

 

The user data collected by technically necessary cookies are not being utilised to create user profiles.

 

The utilisation of analysis cookies is being carried out for the purpose of improving the quality of our website and of its contents. Through analysis cookies, we find out how the website is being utilised and how we can thusly continuously optimise our offer.

 

1. _pk_ref: This cookie stores information regarding the user’s origin, i.e., from which website the user came to us.

 

2. _pkid: This cookie stores the user’s ID in order to identify returning users.

 

3. _pk_ses: This is a session cookie. Session cookies are responsible for keeping the session active for 30 minutes after the last activity performed. When they expire, the visit is considered finished.

 

4. piwik_ignore: If a user objects to the tracking and utilises the opt-out option, this cookie is stored on the user’s computer. The analysis software then ignores the user in the future and does not send any data to the PIWIK server.

 

These purposes also constitute our legitimate interest in the processing of the personal data in accordance with Art. 6 Par. 1 Lit. f GDPR.

 

d. Duration of storage, option to object and remove

Cookies are stored on the user’s computer and transmitted from the latter to our website. Therefore, you, as the user, also have full control over the utilisation of cookies. By modifying the settings in your web browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you deactivate cookies for our website, it is possible that not all functions of the website can be utilised to their full extent any more.

 

In addition, the cookies have different usage periods and expire thereafter.

 

1. The be_typo_user cookie will be deleted automatically one year after the cookie has been set/updated.

 

2. The fe_typo_user cookie will be deleted automatically one year after the cookie has been set/updated.

 

3. The cookiesAccepted cookie effectively remains stored until the user manually removes the cookie.

 

4. The showedModalForm cookie will be deleted automatically one year after the cookie has been set/updated.

 

5. The cdDownloads cookie will be deleted automatically one year after the cookie has been set/updated.

 

6. _pk_ref: This cookie will be deleted automatically after 6 months.

 

7. _pkid: This cookie will be deleted automatically after one year.

 

8. _pk_ses: The cookie will be deleted 30 minutes after the last activity tracked.

 

9. piwik_ignore: The cookie is being stored until the user manually deletes it or withdraws his or her opt-out with a renewed click (regarding this, also see XIII. Web analysis with the PIWIK Pro analysis software)

 

 

 

 

VII. Information via e-mail (e-mail marketing)

a. Description and scope of the data processing

We inform interested users via e-mail. For this, the option exists on our website to register for this free of charge via a form. In the process, the data from the data entry mask is transmitted to us upon registration. Specifically, these are the following data:

 

1. First name

2. Last name

3. Company

4. E-mail address

 

Additionally, the following data are collected upon registration:

 

1. IP address of the computer performing the call-up

2. Date and time of the registration

 

Additionally, the user may provide his or her consent to the sending of information via e-mail upon registration for the image database (c.f. VIII) or for the hinge calculation programme (c.f. IX). In this case, first name, last name, company and e-mail address are being stored as well. Other data that may be transmitted in the context of the registration process is not relevant for this service and is not being stored in this context.

 

Your consent to the processing of the data is being collected in the course of the registration process and this privacy policy is being referred to. The registration is being performed via the so-called opt-in method. The registration process is only completed once the user has confirmed the registration via a confirmation link. No passing on of data to third parties is taking place in connection with the data processing for the sending of e-mails. The data are being used exclusively for the sending of e-mails.

 

b. Legal basis for the data processing

Legal basis for the processing of the data subsequent to the registration for the newsletter by the user is, in case of an existing declaration of consent of the user, Art. 6 Par. 1 Lit. a GDPR.

 

c. Purpose of the data processing

The collection of the user’s e-mail address serves for providing the user with information via e-mail. The collection of other personal data in the context of the registration process serves to prevent an abuse of the services or of the e-mail address utilised.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. As such, the data of the user remain stored for as long as Dr. Hahn informs registered users via e-mail. If the user cancels this service, the user data are deleted. A cancellation is possible at any time.

 

e. Option to object and remove

Any user who registered for this e-mail service can cancel it at any time. For this purpose, a corresponding link is included in each e-mail sent in connection with this. This also makes possible a withdrawal of consent to storage of the personal data collected during the registration process.

 

 

 

 

VIII. Registration for image database

a. Description and scope of the data processing

On our website, we provide users with the option to register for utilisation of the image database providing personal data. In the process, the data are entered into a data entry mask and transferred to us and stored. A passing-on of data to third parties does not take place. The following data are collected in the context of the registration process:

 

1. Salutation

2. Last name

3. First name

4. Company

5. Department

6. Position

7. Street address

8. Postal code and city

9. Country

10. Telephone number and fax number

11. E-mail address

In addition, the following data are being stored at the point of time of registration:

1. The IP address of the user

2. Date and time of the registration

 

In the context of the registration process, the user’s consent to the processing of this data is being obtained. The image database is a service exclusively for existing customers of Dr. Hahn. To identify them, the aforementioned data is being collected and transmitted upon registration

 

b. Legal basis for the data processing

Legal basis for the processing of the data, in case of an existing declaration of consent of the user, is Art. 6 Par. 1 Lit. a GDPR.

 

c. Purpose of the data processing

The image database is a service geared exclusively to customers of Dr. Hahn. To identify them, personal data are being collected. In addition, a legitimate interest exists in knowing who is using our images.

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. This is the case for the data collected during the registration process if the registration for the image database is being cancelled or modified.

 

e. Option to object and remove

As a registered user of the image database, you have the option to cancel the registration at any time. You may - at any time - have the stored data modified or deleted. To do so, simply send an informal email to bilddatenbank@dr-hahn.de. After an erasure of the stored data, a utilisation of the image database is no longer possible.

 

 

 

 

IX. Registration for hinge calculation programme

a. Description and scope of the data processing

On our website, we provide users with the option to register for utilisation of the hinge calculation programme providing personal data. In the process, the data are entered into a data entry mask and transferred to us and stored. A passing-on of data to third parties does not take place. The following data are collected in the context of the registration process:

 

1. Salutation

2. Last name

3. First name

4. Company

5. Department

6. Position

7. Street address

8. Postal code and city

9. Country

10. Telephone number and fax number

11. E-mail address

12. Manufacturers and systems

 

In addition, the following data are being stored at the point of time of registration:

1. The IP address of the user

2. Date and time of the registration

 

In the context of the registration process, the user’s consent to the processing of this data is being obtained.

 

b. Legal basis for the data processing

Legal basis for the processing of the data, in case of an existing declaration of consent of the user, is Art. 6 Par. 1 Lit. a GDPR.

 

c. Purpose of the data processing

The hinge calculation programme is a service geared exclusively to customers of Dr. Hahn. To be able to unambiguously identify them, a registration is necessary. Additionally, data is collected during registration that is necessary for the programme’s functionality (e.g. manufacturer and system).

 

d. Duration of storage

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. This is the case for the data collected during the registration process if the registration for the hinge calculation programme is being cancelled or modified.

 

e. Option to object and remove

As a registered user of the hinge calculation programme, you have to option - at any time - to cancel the registration and to have the data deleted. To do so, send an informal e-mail to technik@dr-hahn.de. You can view and modify the data stored about you from within the programme. Upon deletion of the data, a utilisation of the hinge calculation programme is no longer possible.