Datenschutzerklärung | H+E Gruppe

Legal basis for the processing of personal data

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not stated precisely in the data protection notice, the following applies:

The legal basis for obtaining consent is Art. 6 Para. 1 lit. a in conjunction with Art. 7 GDPR. The legal basis for processing to fulfill our services and implement contractual measures as well as to answer inquiries is Art. 6 Para. 1 lit. b GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR.

If the processing of your data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

Data deletion and storage period

We adhere to the principles of data minimization in accordance with Art. 5 Para. 1 lit. c GDPR and storage limitation in accordance with Art. 5 Para. 1 lit. e GDPR.

We only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the retention periods stipulated by law. Once the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.

Externe Links

This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to one of the websites outside of our responsibility, please note that these websites have their own data protection information. We accept no responsibility or liability for these third-party websites and their data protection information. Therefore, before using these websites, check whether you agree with the data protection statements there.

You can recognize external links either because they are displayed in a slightly different color from the rest of the text or because they are underlined. Your cursor shows you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website receives in particular your IP address, the time at which you clicked the link, the page on which you clicked the link, and other information that you can find in the data protection information of the respective provider.

Please also note that individual links may lead to data being transferred outside the European Economic Area. This could give foreign authorities access to your data. You may not have any legal recourse against this data access. If you do not want your personal data to be transferred to the link destination or even to be exposed to unwanted access by foreign authorities, please do not click on any links.

Rights of the data subject

As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).

Right of withdrawal:

Some data processing can only take place with your express consent. You have the option to revoke your consent at any time. However, the legality of the data processing up to the time of revocation is not affected by this.

Right of objection:

If the processing is based on Art. 6 Paragraph 1 Letter e or f of GDPR, you as the data subject can object to the processing of personal data concerning you at any time for reasons arising from your particular situation. You also have this right in the case of profiling based on these provisions within the meaning of Art. 4 Paragraph 4 of GDPR. If we cannot prove a legitimate interest in the processing which outweighs your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims, we will refrain from processing your data after you have objected.

If the processing of personal data is for direct marketing purposes, you also have the right to object at any time. The same applies to profiling that is associated with direct marketing. Here, too, we will no longer process personal data as soon as you object.

Right to lodge a complaint with a supervisory authority:

If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

Right to data portability:

If your data is processed automatically based on consent or fulfillment of a contract, you have the right to receive this data in a structured, common and machine-readable format. In addition, you have the right to request that the data be transferred and made available to another controller, provided this is technically feasible.

Right to information, correction and deletion:

You have the right to receive information about your personal data processed, including the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions about this topic or other topics relating to personal data, you can of course contact us using the contact options provided in the imprint.

Right to restriction of processing:

You can request the restriction of the processing of your personal data at any time. To do so, you must meet one of the following requirements:

You contest the accuracy of the personal data. For the duration of the verification of accuracy, you have the right to request restriction of processing.If processing is unlawful, you can request restriction of use of the data as an alternative to deletion.If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request restriction of processing as an alternative to deletion.If you object to processing in accordance with Art. 21 Para. 1 GDPR, a balance will be struck between your interests and ours. Until this balance has been struck, you have the right to request restriction of processing.

A restriction of processing means that the personal data, apart from storage, may only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Provision of the website (web host)

Our website is hosted by:

A100 ROW GmbH

Marcel-Breuer-Strasse, 12, D-80807 Munich

Germany

When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.

These are:

IP address of the website visitor's deviceDevice usedHostname of the accessing computerOperating system of the visitorBrowser type and versionName of the retrieved fileTime of the server requestAmount of dataInformation on whether the retrieval of the data was successful

This data will not be merged with other data sources.

Instead of running this website on our own server, we can also run it on the server of an external service provider (hosting company), which we have named above in this case. The personal data collected by this website is then stored on the servers of the hosting company. In addition to the data mentioned above, the web host also stores contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website for us.

The legal basis for the processing of this data is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed in order to enter into contract negotiations with us or to conclude a contract, this serves as an additional legal basis (Art. 6 Para. 1 lit. b GDPR). In the event that we have commissioned a hosting company, a contract for order processing exists with this service provider.

Use of Local Storage Items, Session Storage Items and Cookies

Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that allows data to be stored within the browser on your device. This data usually contains user preferences, such as the "day" or "night mode" of a website, and is retained until you manually delete the data. Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. After that, the session storage items are deleted from your device. Cookies are information that a web server (server that provides web content) stores on your device in order to be able to identify this device. They are either temporarily deleted for the duration of a session (session cookies) and after you have finished visiting a website, or permanently stored on your device (permanent cookies) until you delete them yourself or they are automatically deleted by your web browser.

These objects can also be stored on your device by third-party companies when you enter our site (third-party requests). This enables us as the operator and you as a visitor to this website to use certain services from third parties that are installed on this website. Examples of this include the processing of payment services or the display of videos.

These mechanisms have a wide range of possible uses. They can improve the functionality of a website, control shopping cart functions, increase the security and convenience of website use, and carry out analyses of visitor flows and behavior. Depending on the individual functions, these are classified under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or are used to optimize the website (e.g. cookies to measure visitor behavior), then they are used on the basis of Art. 6 Para. 1 lit. f GDPR. As website operators, we have a legitimate interest in storing local storage items, session storage items, and cookies to ensure that our services are technically error-free and optimized. In all other cases, local storage items, session storage items, and cookies are only stored with your express consent (Art. 6 Para. 1 lit. a GDPR).

If local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.

Use of external services

External services are used on our website. External services are third-party services that are used on our website. This can be done for various reasons, for example for embedding videos or for website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your consent as a visitor to our website before using them, which can be revoked at any time (Art. 6 Para. 1 lit. a GDPR).

Analytics

We process personal data of website visitors to analyse user behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to increase the user-friendliness of our website. The analysis tools used could, for example, be used to create user profiles for the display of targeted or interest-based advertising messages, recognise our website visitors the next time they visit our website, measure their click/scroll behaviour and downloads, create heat maps, recognise page views, measure the length of visit or bounce rates, and track the origin of website visitors (city, country, which page the visitor came from). The analysis tools can be used to improve our market research and marketing activities.

Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The legality of the processing carried out up to the time of revocation remains unaffected.

1&1 IONOS Web Analytics

We use the 1&1 IONOS Webanalytics service on our website. The service provider is IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany.

Since this service is hosted locally on the web server, no data is transferred to third parties.

Snowplow

We use the Snowplow service on our website. The service provider is Snowplow Analytics Limited, Floor 6, 17 Bevis Marks, London EC3A 7LN, Great Britain.

Since this service is hosted locally on the web server, no data is transferred to third parties.

Content Delivery Network (CDN)

We use a content delivery network (CDN) to optimize the performance and availability of our website. For this purpose, the service provider that provides this network processes your IP address and the information about when you visited our website. You can find all further information on data processing by this service provider in their privacy policy.

We base this processing on a legitimate interest (Art. 6 Para. 1 lit. f GDPR).

Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.

Amazon CloudFront

We use the Amazon CloudFront service on our website. The service provider is Amazon Web Services EMEA S.à rl, 38 Avenue John F. Kennedy L-1855, Luxembourg.

Using the service may result in data being transferred to a third country (USA). The provider is certified according to the EU-US Data Privacy Framework and therefore offers an appropriate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL: https://aws.amazon.com/de/privacy/.

Map service

We use a map service on this website. In order for the map to be used and displayed on the website, the map must be loaded from the provider's server. This involves transmitting your IP address to the provider's server. Depending on the provider, cookies and other technologies, including fonts, are loaded. You can find more information in the provider's privacy policy.

Google Maps

We use the Google Maps service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Using the service may result in data being transferred to a third country (USA). The provider is certified according to EU-US

Data Privacy Framework certified and therefore offers an appropriate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL:

https://policies.google.com/privacy.

Webfont

This site uses so-called web fonts for the uniform display of fonts. These are provided by an external provider and loaded by the browser when the website is accessed. The provider of the web font is informed that our website was accessed from your IP address because your browser establishes a direct connection to the provider of the web font.

Privacy Policy

Data protection information according to Art. 13 GDPR

Name and address of the person responsible

Name and address of the data protection officer

Legal basis for the processing of personal data

Data deletion and storage period

Note on data transfer to third countries

Externe Links

Rights of the data subject

General information on data processing

Provision of the website (web host)

Use of Local Storage Items, Session Storage Items and Cookies

Use of external services

Analytics

Wipe Analytics

Consent Management

Cookiebot

Content Delivery Network (CDN)

Amazon CloudFront

Webfont

MyFonts