Privacy Statement

Version August 2020

I. Name and address of those responsible

The responsible in the sense of the General Data Protection Regulation and other national  data protection laws of the member states as well as any other legal data protection regulations is:

Eugen Hensle Ordnungs- und Zuführtechnik GmbH
Marie-Curie-Strasse 4
71364 Winnenden-Hertmannsweiler
Germany
+49 (0) 7195/9181-0
info@hensle-zufuehrtechnik.de
www.hensle-zufuehrtechnik.de

II. Name and address of the data protection officer

The data protection officer of the responsible is:

DataCo GmbH
Dachauer Strasse 65
80335 München
Deutschland
+49 89 740045840
datenschutz@dataguard.de
www.dataguard.de

III. General information on data processing

1. Scope of personal data processing

We solely process personal data of our users in order to provide a functioning website and to meet the requirements for the contents and services. The processing of personal data of our users regularly takes place only with the users consent. An exception may only be made in such cases if it impossible to obtain prior permission and the processing1 of the data is permitted by legal stipulations.

2. Legal basis for the processing of personal data

Article 6 paragraph 1 S. (1)(a) of the General Data Protection Regulation (GDPR) serves as a legal basis and applies if we obtain the person’s consent for the processing of personal data.

Article 6 paragraph 1 S. (1)( b) of the General Data Protection Regulation (GDPR) applies if the processing of personal data is necessary to fulfill a contract and the contracting party is the  person concerned. This also applies for all processing necessary to carry out pre-contractual measures .

Article 6 paragraph 1 S. (1)(c) of the General Data Protection Regulation (GDPR) serves as a legal basis if data processing is necessary to fulfill any legal obligations of our company.

Article 6 paragraph 1 S. (1)(d) of the General Data Protection Regulation (GDPR) serves as a legal basis if data processing is necessary to fulfill vital interests of the person concerned or any natural person.

Article 6 paragraph 1 S. (1)(d) of the General Data Protection Regulation (GDPR) serves as a legal basis for the processing if it is necessary for safeguarding the justified interest of our company or a third party and outweigh the interests, basic rights and fundamental freedoms

3. Data deletion and storage time

Personal data of the person concerned will be deleted or made inaccessible as soon as there is no reason for the storage. However data storage is possible if required by European or national laws, Union law regulations or other laws or regulations the responsible person is amenable to. Deleting or making them inaccessible is possible when the regulated storage time runs out except when storing the data is necessary to settle or fulfill a contract.

IV. Rights of the person concerned

If personal data is processed you are the person concerned in compliance with the GDPR and are therefore entitled to the following rights towards those responsible

1. Right to information

You may ask those responsible for a confirmation if personal data about you has been processed by us.

If your data has been processed you may ask the responsible about information concerning the following:

1. 1. the reasons for processing personal data;
   2. the categories of personal data which is processed;
   3. the recipients respectively categories of recipients personal data has been disclosed to or will be disclosed to;
   4. the planned duration of the storage of the personal data or if specific information is not possible, the criteria for the duration of the storage.
   5. the existence of the right  of rectification or deletion of the respective personal data, a right to limit the processing  by the responsible or a right of objection to the processing.
   6. the existence of the right of appeal with the regulating authorities;
   7. all available information about the origin of the data, if the personal data wasn’t collected from the person concerned;
   8. the existence of an automatic decision-making including profiling according to article 22 paragraph 1 and 4 GDPR and – at least in these cases – significant information about the logic involved as well as the consequences and the acquired impact of such processing for the person concerned.

You have the right to information about exchange of the concerned personal data to a third country or to an international organization. In this regard you may request the suitable guarantees according to article 46 GDPR relating the exchange.

2. Right to rectification

You have a right to rectification and/or completion to the person responsible provided that the processed personal data which concerns you is untrue or incomplete. The person responsible has to correct the data immediately.

3. Right to limitation of processing

You can request a limitation of processing of the concerned personal data under these conditions:

1. • if you contest the accuracy of the concerned personal data for a certain period that enables the responsible to verify the accuracy of this personal data.;
   • if the processing is unrightfully and you object to the deletion of the personal data but rather demand the restriction of the use of the personal data.
   • if the responsible doesn’t require the personal data for reasons of processing any longer but you need them  for the establishment, exercise or defense of legal claims   or
   • if you’ve objected to the processing according to article 21 paragraph 1 GDPR and it is unclear if the legitimate reasons of the responsible outweigh your reasons.

If the processing of the respective personal data was restricted, this data may – apart from its storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the union or one of its members.

You will be informed by the responsible prior to a lifting of the restriction if the processing had been restricted according to the above mentioned restrictions.

4. Right to data deletion
5. a) Obligation of deletion

You may request that your personal data is deleted immediately and the responsible is obliged to delete it immediately if one of the following reasons applies:

1. 1. The concerned personal data is no longer necessary for the purpose for which it was collected, or otherwise processed.
   2. You revoke your consent regarding the processing according to article 6 paragraph 1 S. (1)(a) or article 9 paragraph (2)(a) GDPR and there is no other legal basis for the processing.
   3. You object to the processing according to article 21 paragraph 1 GDPR and there are no primary proper reasons according to article 21 paragraph 2 GDPR or you oppose to the processing.
   4. The concerned personal data has been collected unlawfully.
   5. The deletion of the respective personal data is necessary to fulfill the lawful obligations according union right or that of the member states the responsible is subject to.
   6. Your concerned personal data was collected with reference to the information society service according to article 8 paragraph 1 GDPR.

1. b) Information for a third party

If the responsible made the concerning personal data public and if they are obligated to delete them according to article 17 paragraph 1 GDPR, they will take the appropriate measures also regarding available technologies and implementing costs also of the technical kind in order to inform the people responsible for the processing of personal data that they as the responsible have been asked to delete all links to the personal data as well as copies and replications.

1. c) Exceptions

The right to deletion does not exist if the processing of the data is necessary

1. 1. to practice the right of freedom of speech and information;
   2. to fulfill legal obligations that require the processing in accordance with the right of the union or of the member states, or duties based on public interest or to exercise public authority transferred to the responsible;
   3. due to reasons of public interest of public health according to article 9 paragraph 2 (h) and (i) as well as article 9 paragraph 3 GDPR;
   4. for archiving purposes with public interest, scientific or historical research purposes or statistical purposes according to article 89 paragraph 1 GDPR, as far as the under section a) mentioned right is expected to make the achievement of the goals of the processing impossible or seriously affect it or,
   5. for the establishment, exercising or defense of legal claims.

5. Right to information

If you exercised your right to correction, deletion or limitation of processing towards the responsible, they are obligated to inform all recipients to whom personal data was disclosed to rectify or delete or limit the processing unless this proves impossible or entails an unreasonable effort.

You have the right towards the responsible to be notified about the recipients.

6. Right to data portability

You have the right to receive the personal data which you provided for the responsible in a structured common and machine-readable format. Furthermore you have the right to transfer the data to another responsible without obstruction by the responsible.

1. 1. the processing is due to the consent in accordance with article 6 paragraph 1 S. (1)(a) GDPR or article 9 paragraph (2)( a) GDPR or is based on a contract according to article 6 paragraph 1 S. (1) (b) GDPR and
   2. the data is processed with the aid of automated procedures.

Exercising this right you are entitled to obtain the concerning personal data directly from one responsible to another responsible if it is technically possible. Liberties and rights of other people may not be affected thereof.

The right of data transfer is not valid for the processing of personal data which is necessary for the performance of the task which has public interest or to exercise official authority assigned to the responsible

7. Right to object

Data processing of your personal data according to article 6 paragraph 1 S (1) (e) or (f) can be objected for reasons resulting from your special situation. This also applies to protected profiling by this provision.

The responsible won’t process the respective personal data unless he can prove that there are compelling legitimate reasons for the processing of the data that outweighs the interest, rights and liberties or if the processing serves the establishment, exercise or defense of legal claims

If the concerned personal data is processed to practice direct advertising you have the right to object to the processing of the personal data concerning you for such advertising purposes. This also applies to profiling if it is connected to direct advertising.

If you object to the processing for direct advertising your respective personal data will not be processed for such purposes.

You can use your right to withdraw your consent in coherence with the use of the information society service – regardless of the directive 2002/58/EG – by using the automatized procedure, based on technical specifications.

8. Right to withdraw the consent to the privacy statement

You have the right to withdraw your consent to the privacy statement at any time. By withdrawing the consent the lawful processing up to the withdrawal of the consent shall not be infringed.

9. Automatized decisions made in single cases including profiling

You have the right to a decision not solely being subject to an automatized processing – including profiling – that has a legal effect on you or may have an impact on you. This doesn’t apply if the decision

1. 1. in necessary to settle a contract between you and the responsible,
   2. due to legal regulations of the union or one of its member states, the responsible is subject to, is permitted and these regulations include suitable measures safeguarding the rights and liberties as well as the legitimate interest or
   3. happens with their explicit consent.

However these decisions may not be based on special categories of personal data according to article 9 paragraph 1 GDPR, as far as article 9 paragraph 2 (a) or (g) GDPR is not applicable and adequate measures to protect the rights and liberties as well as the legitimate interests have been taken.

In hindsight of the cases mentioned in (1) and (3) the responsible takes suitable measures to ensure the rights and liberties as well as their legitimate interest that consists of at least the right to interference of a person on the side of the responsible on the explanation of the own viewpoint and contesting the decision.

10. Right to compain to the regulatory authority

Regardless of any other administrative or judicial remedy you have the right to complain to the regulatory authority, especially in the member state of your present residence, your place of work or the place of the alleged violation if that the processing of the concerning personal data violates the GDPR.

The regulatory authority where the complaint was lodged informs the appellant about the state and the results of the complaint including the possibility of judicial remedy according to article 78 GDPR.

V. Providing the website and creating of log files

1. Description and extent of data processing

With each connection to our webpage our system automatizes data and information from the computer system of the calling computer.

the following data is collected

1. • information about the type of browser and its version
   • the operating system of the users
   • the internet service provider of the users
   • date and time of the data access
   • web pages from which the system of the user can get to our internet page
   • web pages which can be called up via our web page by the system of the users

The data will also be filed in the log files of our systems. The IP-address of the user and other data which enable an assignment of the data to a user are not affected. There is no storage of this data together with other personal data of the user.

2. Legal basis for data processing

The legal basis for a temporary storage of data is article 6 paragraph 1 S. (1)(f) GDPR.

3. Reason for data processing

The temporary storage of the IP-address by the system is necessary to ensure a delivery of the webpage to the computer of the user. The IP address of the user needs to be stored for the duration of session.

These purposes are in our rightful interest of data processing in accordance with article 6 paragraph 1 S. (1)( f) GDPR.

4. Period of storage

The data is deleted as soon as there is no reason for the purpose of collection. In the case of collection of data for the provision of a website it ends when the respective session is over.

5. Objection and disposal possibilities

The collection of data to provide the webpage and the storage of the data in log files is mandatory to insure the operation of the webpage. Therefore it is not possible for the user to object.

VI. Contact form and email contact

1.Description and extent of data processing

On our homepage you can find a contact form which you can use to contact us electronically. If a user chooses this possibility and types in data on the input screen this data will be transmitted and stored.

At the time of sending the following data is stored:

1. • email address
   • name

During the dispatch process you may provide your consent for the processing of the data and you are referred to this privacy statement

You can alternatively contact us via the offered email address. In this case the transmitted personal data of the user is saved.

There is no disclosure of data to a third party. The data is solely used for the processing of the conversation.

2. Legal basis for the data processing

Legal basis for the processing of the data is the user’s consent according to article 6 paragraph 1 S.(1)(a) GDPR.

Legal basis for the preparation of the data transmitted when sending an email is article 6 paragraph 1 S.(1)( f) GDPR. If the email contact aims for the execution of a contract the legal basis for the processing is article 6 paragraph 1 S.(1)(b) GDPR.

3. Purpose of the data processing

The processing of personal data collected in the entry mask serves solely for the act of contact. Contacting us by email implies the interest in the processing of the necessary data.

Additional personal data processed during sending help to prevent misuse of the contact form and to secure the safety of our information system.

4. Period of the storage

All data will be deleted as soon as the purpose is fulfilled and it is no longer necessary. For personal data entered in the entry form of the contact page and the ones sent by email it ist he case when the conversation with the user is over. The conversation is over when the circumstances imply that the concerned matter is finally settled.

The personal data collected during the sending process will be deleted after seven days at the latest.

5. Objection and disposal possibilities

The users can revoke their consent to the processing of personal data at any time. The users may object to storage of personal data when contacting us by email at any time. However the conversation will be discontinued.

Email to: datenschutz@hensle-zufuehrtechnik.de

All personal data saved during contacting will be deleted in this case.

VII. Used Plugins

Use of Google Analytics

1. Scope of processing of personal data

We use Google Analytics,on our website a web analyzing service of Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States.(“Google”). Google Analytics uses so called. “cookies”, text files saved on your computer that help to analyze the use of the website by you. The information generated by cookies while using our website are transmitted to the Google server in the USA and also stored there. In case of you activating the IP anonymization on the website, your IP address is priorly shortened by Google within the European Union or other countries of the agreement of the European Economy. The full IP address is only saved and transmitted to the Google server in the USA and shorted there in exceptional cases. The IP anonymization is active on this website. On behalf of the provider of this website Google will use the information to evaluate your use oft he website to issue reports about the website activities and to offer further website usage and services connected to the website use.  Google Analytics transmits the IP address from your browser. However it doesn’t join it with other Google data. You can prevent the storage of cookies by applying the corresponding settings in your browser-software, although it may also prevent you from using the full extent of services offered on our website.

2. Legal basis for the processing of personal data

The legal basis for the processing is article 6 paragraph 1 S.(1)( f) GDPR.

3. Purpose of the data processing

The purpose of the processing of personal data is based on the targeted address of the target group which showed a first interest by visiting the webpage.

4. Period of the storage

Advertising data in the server protocol is anonymized by Google. According to the company’s statement the cookie information and parts of the IP address are deleted after 9 respectively. 18 months.

5. Objection and disposal possibilities

By downloading and installing the link below you can download the available browser plugin. With that you can prevent the collection of data when using the webpage via cookies (including your IP address) as well as the processing by Google: http://tools.google.com/dlpage/gaoptout?hl=de. Please go to https://www.google.com/intl/de/policies/privacyfor further information.

Use of Google Maps plugin

1. Scope of procession of personal data

We use the services of Google Maps of Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States. on our webpage. Therefore information about your IP address and the address entered in the route function is transmitted and stored on the Google-Server in the USA. When using our webpage you agree with the processing of the data by Google Maps.

2. Legal basis for the processing of personal data

The legal basis for the processing is article 6 paragraph1 S.(1)(f) GDPR.

3. Purpose of the data processing

We neither know about the purpose of the data collection nor about its use by Google..

4. Period of the storage

We have no information about the period of the storage.

5. Objection and disposal possibilities

For further information go to : https://www.google.com/intl/de/policies/privacy/ .

Use of Google Webfonts

1. Scope of processing of personal data

To optically improve the presentation of information on our website we use Google web fonts (http://www.google.com/webfonts/).The web fonts are transmitted to the cache of the browser to use them for the presentation. If the browser does not support the Google web fonts or denies access, the text is shown in standard font.

No cookies are filled when calling up the website. Data transferred during the call up are sent to resource specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not joined or used with data connected with a parallel use of authenticated Google services such as Gmail.

Also the IP address of the browser of the terminal device of the visitor of the webpage is stored by Google.

2. Legal basis for the processing of personal data

The legal basis for data processing is article 6 paragraph (1)( f) GDPR. There is a legitimate interest in the correct functioning of the webpage.

3. Purpose of the data processing

It is necessary for your browser to show an optically improved image of our texts. If your browser doesn’t support this feature, the standard font of your computer will be used for display.

4. Period of the storage

We are not informed about the period of the storage with our contracting entities.

5. Objection and disposal possibilities

You can set your browser in a way that the fonts are not loaded from the google-server. (for example by installation of Add-Ons such as NoScript or Ghostery für Firefox.) If your browser doesn’t support Google fonts or denies access, the text will be displayed in the standard font of the system.

Use of Wordfence Security

1. Scope of processing

Our webpage uses features of Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA (called Defiant in the following).

If you visit a page with plugins a direct connection between your computer and the Defiant Server is made.

In order to distinguish if the visitor is a human or a robot the plugin sets cookies. For the purpose of protection against Brute-Force- and DDoS-attacks or comment spam the IP-addresses are saved on the Wordfence servers.IP addresses classified as harmless are put on a white list.  Wordfence Security secures our webpage and protects our webpage and also our visitors of the webpage against viruses and malware.

1. 1. Legal basis for the processing of personal data

Legal basis for the data processing is article 6 paragraph1 S.(1)( f) GDPR. The legitimate interest is a correct functioning of the webpage and the protection of its visitors against viruses and malware.

1. 1. Purpose of the data processing

The webpage uses the plugin to protect against viruses or malware or protect against cyber- attacks.

1. 1. Period of the storage

There is no information regarding the period of the storage with Defiant

Objection and disposal posibilities

You can prevent the collection and processing of your data by using Defiant. You need to deactivate the Script-Code in your browser or install a script-blocker (you may find one for example under www.noscript.net or www.ghostery.com).

The German version of this privacy statement was issued with the help of DataGuard.

The German version is legally binding.