1. Introduction
We appreciate your interest in the online offers of HANSA-FLEX AG (referred to below as “HANSA-FLEX”). The protection of your personal data is very important to us, and we wish to provide you with a positive feeling of security both when you visit our website and during all business and communication processes you share with us. We therefore take the protection of your data and the applicable statutory regulations very seriously.
The purpose of this privacy policy is to inform you in detail about how your personal data is treated.
This privacy policy supplements our general terms and conditions: www.hansa-flex.com/agb.html
You will find the latest version of our privacy policy on the HANSA-FLEX website under “Data protection”: www.hansa-flex.com/datenschutz.html.
HANSA-FLEX has and reserves the right to change the contents of this privacy policy. This may be necessary if HANSA-FLEX makes available new or modified services, or in the event of changes in the applicable legislation or legal precedents.
This will only happen if the legitimate interests of HANSA-FLEX take priority and the user can reasonably be expected to accept the change. HANSA-FLEX will inform customers in good time about changes to this privacy policy, both in the internal user service section and by email to the email address which the user has registered in the internal user service section.
2. Responsible party as defined by the General Data Protection Regulation (GDPR)
HANSA-FLEX AG
Zum Panrepel 44
28307 Bremen
Germany
Tel.: +49 421 48 90 70
Fax: +49 421 48 90 748
Email: info@hansa-flex.com
Internet: http://www.hansa-flex.com
Board of Management: Thomas Armerding (Chairman), Uwe Buschmann, Christian-Hans Bültemeier
Chairman of the Supervisory Board: Tim Hollweg
Bremen District Court HRB 26530 HB; registered location: Bremen
VAT No. DE170352164
Contact person for data protection (data protection officer)
Your trust is important to us. We are therefore ready to provide you at all times with information regarding the collection, processing and use of your personal data. For this purpose you can contact our data protection officer.
HANSA-FLEX AG Data Protection Officer
Max Danne
HANSA-FLEX AG
Zum Panrepel 44
28307 Bremen
Tel.: +49 421 48 90 7 221
Fax: +49 421 48 90 7 930
Email: datenschutz@hansa-flex.com
We collect, process and use your personal data in compliance with the relevant legal provisions on data protection of the Federal Republic of Germany, in particular the Telemedia Act (TMG), Interstate Agreement on Broadcasting (RStV), Data Protection Act (DSGVO), Telecommunications Act (TKG) and similar, as well as the data protection regulations of the European Union.
We only collect and process the personal data of our users to the extent that this is necessary for the provision of a functioning website together with our content and services (Art.6 Section 1 f GDPR). The section on “Data collected from website visitors” provide details of the collection of data by us.
Further personal data is only collected, processed and used by us with your consent if you provide this information voluntarily, for example in the context of an inquiry, search query, application or order via our email address, our contact form or via our Internet pages, when registering for the services subject to registration offered by HANSA-FLEX, when registering for our newsletter or for the establishment, content specification or amendment and processing of a contract on the use of the services subject to registration offered by HANSA-FLEX, or the purchase of the goods and services offered by HANSA-FLEX and for invoicing purposes (Art.6 Section 1 a GDPR).
Your personal data cannot be viewed by other users of the HANSA-FLEX website.
Legal basis for the processing of your data
If we obtain the consent for the processing of personal data from the person involved, the legal basis for the processing will be Art.6 Section 1 a GDPR.
In the processing of personal data which is required to fulfil a contract in which the person involved is a contracting party, the legal basis for the processing will be Art.6 Section 1 b GDPR. This also applies to processing operations which are required for the implementation of pre-contractual measures.
If the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject, the legal basis for the processing will be Art.6 Section 1 c GDPR.
In cases where the vital interests of the person involved or some other natural person make the processing of personal data necessary, the legal basis for the processing is Art.6 Section 1 d GDPR.
If the processing is necessary in order to safeguard the legitimate interest of our company or of a third party, and if the interests, fundamental rights and basic freedoms of the person involved do not outweigh the interests first mentioned, the legal basis for the processing will be Art.6 Section 1 f GDPR.
Legitimate interests can, in particular, be:
- answering enquiries,
- the implementation of direct marketing operations,
- the provision of services and/or information to a user,
- the processing and transmission of personal data for internal or administrative purposes,
- the operation and administration of our website,
- the technical support we provide for users,
- the avoidance and uncovering of cases of fraud and punishable offences,
- the protection against bad debts in relation to enquiries from users concerning the supply of products and services; and/or
- the safeguarding of network and data security, provided that these interests in each case are compatible with the applicable legislation and the rights and freedom of users.
We will not pass on your personal data to third parties for advertising or marketing purposes or for other purposes, particularly commercial and/or trade purposes, unless you have expressly consented to the transfer of your data for the above-mentioned purposes, or we have concluded an agreement for contract processing with a service provider commissioned by us, or the transfer of the data is expressly permitted or even prescribed by law.
Your rights as a data subject in relation to HANSA-FLEX are as follows.
You have the right
- to require us to provide you with confirmation on whether your personal data is processed by us. If this is the case, you have the right to be informed about this personal data and about the information which is detailed individually in Art. 15 GDPR.
- You can also require us to provide you with your personal data, subject to the restrictions of Art. 20 GDPR, in a standard electronic, machine-readable data format. This also covers transmission of the data (wherever possible) to a different responsible party nominated by you.
- You have the right to require us to correct your data if it is incorrect, not relevant and/or incomplete. Such correction also covers completion by declarations or notifications.
- In addition you have the right to require the immediate deletion of your personal data if any of the grounds listed in Art. 17 GDPR apply.
- We regret that we are not permitted to delete any data which is subject to a statutory retention period. We will be happy to include you in a blocking list if you wish us to discontinue the collection of your data for the future, or no longer wish to be contacted by us.
- You can also withdraw any consent you have provided us with, without this placing you at any disadvantage.
- If any of the preconditions listed in Art. 18 GDPR applies, you can require us to restrict the processing of your data.
- You can also – for reasons arising from your particular situation – object at any time to the processing of your personal data. We will then no longer process your personal data, unless we can prove that the interests we ourselves need to protect outweigh your interests, rights and freedoms, or if the processing serves the assertion, implementation or defence of legal claims (Art. 21 GDPR).
If you believe that the processing of your personal data conflicts with the provisions of the GDPR you can, without prejudice to other legal remedies, contact the following:
- by post to HANSA-FLEX (see Legal notice),
- by email to datenschutz@hansa-flex.com.
- the competent regulatory authorities in the EU member country of which you are resident, are employed or where the presumed breach occurred
4. Collection of the data of website visitors
In principle you can visit the website www.hansa-flex.com without providing any personal data. Every access to our website and its files is, however, recorded in a server logfile and saved there. In the process we automatically collect and save in our server logfiles only the information which your Internet browser provides us with. This includes:
- the browser type/version
- the operating system used
- the referrer URL (the previously visited website)
- the host name of the computer from which access is made (IP address)
- the date and time of the server query
- the name of the file access
- the transmitted data volume
- the report on successful access
Without this data it would in part not be technically possible to provide and display the content of the website. As a result the collection of the above data is absolutely necessary. We are unable to allocate the data to specific individuals. The data is not merged with other data sources. Subject to any applicable statutory retention requirements, after users terminate their use of the website their IP addresses are anonymised or deleted. In the case of anonymisation, the IP addresses are changed in such a way that the individual information about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionately large expenditure of time, cost and manpower.
The temporary storage and statistical evaluation of data that cannot be assigned to specific users serves exclusively to ensure system security and the security of user data (e.g. the detection of possible faulty links and programme errors as well as attacks on the system) and to improve our offer (e.g. by being able to determine which goods and services are particularly popular).
We reserve the right to use the data from the server logfiles if there is a well-founded suspicion due to certain specific facts that users are using our Internet pages in violation of the law or a contract, or with the intention of not or not completely paying any agreed fees and remuneration, insofar as this is necessary for the purposes of legal prosecution.
Further personal information is not collected unless you provide this information voluntarily, e.g. as part of an enquiry, search request or order via our email address.
The legal basis for the temporary storage of the data and the logfiles is Art.6 Section 1 f GDPR, together with the above legitimate interests.
5. Services and the personal data collected in their connection
On the HANSA-FLEX website we offer a range of services, the use of which requires the entry of some personal data.
- Registration with the HANSA-FLEX online shop “shop.hansa-flex.com”
- “My user account” with the HANSA-FLEX online shop “shop.hansa-flex.com”
- Saving of data and access to the contractual text
- Registration with the HANSA-FLEX customer portal “my.hansa-flex.com”
- “My profile” in the HANSA-FLEX customer portal “my.hansa-flex.com”
- Use of our X-CODE product identification database
- Information for the use of our configurator for the production of fittings
- Use of our call-back form
- Use of our contact form
- Use of our feedback form
- Use of our order form for the Practical Manual
- Use of our address book order form
- Use of our order form for the “HYDRAULIC PRESS” customer magazine
In order to enable you to use these services, some personal data is collected, which you enter yourself and thus also consent to the processing.
The legal basis for this type of processing is Art.6 Section 1 a GDPR. Please also refer to the “Your rights as a data subject” section of this privacy policy.
6. Applications
You can apply for advertised jobs, apprenticeships, pupil and student internships as well as positions for graduates of diploma / bachelor / master theses or on your own initiative.
We expressly draw your attention to the fact that applications, in particular CVs, certificates and other data and documents submitted by you to us, may contain particularly sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical convictions, membership of a trade union or political party or about sexual orientation. Please also note that the transmission of data by email is unencrypted and that the data may therefore be accessed or falsified by unauthorised persons. If you send us such data and documents in your application by email, you expressly agree that we may collect, process and use the data and documents for the purpose of processing your application. The recording, processing and use of this data and documentation is implemented in strict compliance with this privacy policy and the applicable statutory regulations.
For applications with a specific job reference (direct application), your data and documents will be made available to both the relevant specialist department and the responsible HR department. If you apply to us without a specific job reference (unsolicited application), your data and documents will be made available to both the central HR department and the decentralised HR departments of our company, provided that the vacancies there match your applicant profile. Your data and documents will not be passed on to third parties.
The data and documents transmitted will be deleted in the event of a rejection of your application at the earliest 3 months after the end of the application procedure. This does not apply if legal regulations prevent the deletion, or the further storage is necessary for the purpose of proof or if you have agreed to a longer storage period. After that the results are only saved for further statistical purposes in anonymised form, in other words without indicating any names. This statistical data set does not allow any conclusions to be drawn about a natural person and serves as a basis for statistical evaluations. If you agree to your application being included in our applicant database with the proviso that the data and documents submitted by you should also be taken into consideration when filling other vacancies in future, your data and documents will be stored in the applicant database for 12 months and then either automatically deleted or only stored in anonymous form, i.e. without stating your name, for further statistical evaluation. If your application is followed by the conclusion of a contract, your data may be stored and used for the purpose of the usual organisational and administrative processes in compliance with the relevant legal regulations.
You have the possibility at any time to withdraw your application as a whole or in part. You can also at any time require the deletion or modification of all or some of your data and files from our job applications database. However, certain data from your application has to be saved for a period of three months for statutory reasons, in particular the obligation on our part to provide proof of compliance with general regulations on equal treatment (AGG).
7. Use and disclosure of personal data
We do not pass on your personal data to third parties unless you have expressly consented to the transfer of your data for the above-mentioned purposes or the transfer is expressly permitted or prescribed by law.
Service partners involved in contract processing
HANSA-FLEX may, in accordance with Art.6 Section 1 b GDPR and Art.6 Section 1 f GDPR, transfer the collected data within the scope of the execution of a contract – insofar as this is necessary – to the branches, group companies and partner companies & agencies involved in the execution of the contract, as well as any other external service partners we use to fulfil the contract, provided that the purpose of the data processing is preserved. These include in particular the transport company commissioned to deliver the goods ordered and the payment institutions and payment service providers commissioned to process payments as well as the company branches commissioned to carry out maintenance, repair and other work and services. www.hansa-flex.com/niederlassungen.html, group companies www.hansa-flex.com/unternehmen/unternehmensgruppe.html and partner companies & representations www.hansa-flex.com/niederlassungen/partner.html and other external service providers. In these cases, we forward the data in accordance with the provisions of the relevant legal regulations on data protection (in particular the GDPR). The amount of data transmitted is limited to a minimum. These companies may only use your data for order processing and not for other purposes and have been provided with an agreement for order data processing in accordance with Art. 28 GDPR.
Use of the data for purposes of our own consulting, advertising and market research
In accordance with Art.6 Section 1 f GDPR we are permitted to collect, process and use your personal data for the purposes of our own consulting, advertising and market research, but above all for the demand-oriented design of the goods and services offered by us. Of course you can object to the collection, processing and use of your personal data for advertising purposes at any time with effect for the future or revoke your consent. We will then no longer send you advertising information.
Furthermore, we treat the data confidentially and in accordance with the relevant legal provisions on data protection. We will not forward this data or the content of your messages to third parties without your consent, unless you have expressly consented to the transfer of your data for the above-mentioned purposes or the transfer is expressly permitted or even prescribed by law.
However, this data transfer prohibition does not apply insofar as we are obliged by order of the competent authorities to provide information on inventory data to third parties, in particular state authorities, in individual cases, insofar as this is necessary for the purposes of criminal prosecution, to avert danger by the police authorities of the states, is necessary for the fulfilment of the legal tasks of the Federal and State Office for the Protection of the Constitution, the Federal Intelligence Service or the Military Counter-Intelligence Service or the Federal Criminal Police Department within the scope of its responsibility to avert the dangers of international terrorism or to enforce intellectual property rights and other statutory provisions applicable in this respect. This does not require your consent.
Any collection, processing or use of your personal data beyond the scope described here will only take place with your consent in accordance with Art.6 Section 1 a GDPR.
Export and processing of data in countries outside the European Economic Area
HANSA-FLEX is a company with global operations and operates numerous websites worldwide. The data of Internet pages for company branches and group companies located in Germany and the EU is stored exclusively on servers within Germany or the EU, as is data transmitted to us via these Internet pages. The data of Internet pages for company branches and group companies located in countries outside the European Economic Area may be stored on servers outside Germany and the EU, which also applies to data transmitted to us via these Internet pages.
We may also disclose the personal data provided by you voluntarily, for example as part of an enquiry, search query, application or order via our email address etc., to company branches located in countries outside the European Economic Area www.hansa-flex.com/niederlassungen.html, group companies www.hansa-flex.com/unternehmen/unternehmensgruppe.html and partner companies & representationswww.hansa-flex.com/niederlassungen/partner.html and other external service providers if there is a factual and local reference to them and if the transfer of data is necessary for the answering/processing of an enquiry, search query, application, registration for the services subject to registration offered by HANSA-FLEX, registration for our newsletter or for the establishment, content design or amendment and processing of a contract on the use of the services subject to registration offered by HANSA-FLEX, for the purchase of the goods and services offered by HANSA-FLEX and for invoicing purposes. In this case your personal data can also be stored on servers outside Germany or the EU.
If the data recipient is located in a member state of the European Union (EU) or a state party to the Agreement on the European Economic Area (EEA), it is automatically assumed under intra-Community law that an adequate level of data protection is ensured by the data recipient. In addition, the EU Commission has decided for some non-EU/EEA countries that their legal system as a whole ensures an adequate level of data protection, so that an adequate level of data protection may also be assumed for data recipients resident in these countries. This includes the following countries: Andorra, Argentina, Australia, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, Canada, New Zealand, Switzerland, Uruguay, USA (Safe Harbor) ec.europa.eu/justice/data-protection/document/international-transfers/adequacy/index_en.htm. If the data recipient is located in a country (third country) other than the countries mentioned above, we have either concluded a contract with the data recipient under EU standard contractual clauses, or the data recipient is subject to the safe harbor principles for companies in the USA or we have agreed company regulations on the handling of personal data (binding corporate rules) with the data recipient to ensure an appropriate level of data protection.
The user is aware that in countries outside the European Economic Area there may be a lower level of data protection than in countries of the European Union.
Cookies
Our Internet pages use so-called cookies in several places. A cookie is a small text file that a server stores on the hard disk of the user’s computer and is saved by the user’s Internet browser in order to store information that is required for the use of the corresponding server for a limited period of time. We use cookies for the purpose of recognising and controlling processes within the HANSA-FLEX website and for temporarily storing session data (in particular for registration and recognition of your identity). This cookie is absolutely necessary for the proper functioning of the services of the Internet portal which we offer and which require registration. You can set your Internet browser so that you are informed about the setting of cookies, decide on their acceptance on a case-by-case basis or generally exclude the acceptance of cookies. You can find a description of how to set the cookie function in your Internet browser in the help function of your Internet browser. You may refuse to accept this cookie, but it will inevitably lead to system errors that we cannot remove or correct. Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Our cookies do not damage your computer and do not contain viruses, Trojans or similar malware.
The legal basis for the processing of personal data using cookies is Art.6 Section 1 f GDPR. The legal basis for the processing of personal data using technically necessary cookies is Art.6 Section 1 f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 Section 1 a GDPR.
Newsletter
If you would like to receive the newsletter offered on our website, we need a valid email address from you. The registration is done by entering the email address in the newsletter registration form. In this case, we will send you an email with an activation link to the email address you have provided, which you can use to confirm your registration (double opt-in procedure). In this way we guarantee that you are the owner of the email address provided and agree to the receipt of the newsletter. When you register for the newsletter, we save your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses an email address and registers for receiving the newsletter without the knowledge of the authorised party. After registration, we will inform you at irregular intervals about our company and our range of goods and services.
A statistical evaluation of the reading behaviour of users only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked the links. This is a function that we only use to check on user activities and to optimise them accordingly. For this purpose, the newsletter contains a so-called “web-beacon”, a pixel-sized file that is retrieved by our server when the newsletter is opened.
The legal basis is Art.6 Section 1 f GDPR, together with the above legitimate interests.
Of course, you can object to the collection, processing and use of your email address for sending you our newsletter at any time with effect for the future or revoke your consent. The revocation can take place via a link in the newsletters themselves or via communication to the above-mentioned contact possibilities. We will then no longer send you our newsletter.
Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google Analytics uses ‘cookies’, text files that are stored on your computer and can be used to analyse your website usage. The information generated by the cookie about your usage of this website is normally transferred to a Google server in the USA, where it is saved. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Please note that IP anonymisation is active on this website. On this website Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure an anonymous collection of IP addresses (so-called IP masking). On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de or (in particular with mobile devices) by clicking on this link, which sets an opt-out cookie that prevents the future collection of your data when you visit this website:
www.webtrekk.com/index/datenschutzerklaerung/opt-out.html
For more information on the terms of use and data protection when using Google Analytics, please visit:
http://www.google.com/analytics/terms/de.html bzw. unter:
http://www.google.com/policies/privacy/
Social media plugins / advertising
Our website does not use social media plugins or advertisements from advertising partners who could use their own cookies.
Storage of bank data
If we offer direct debit authorisation as a payment method and do not use a payment service provider for this, users choosing this payment method undertake to grant HANSA-FLEX a valid direct debit authorisation for their bank account. Among other things, the user must provide the following information:
- account holder
- account number
- name of the bank
- bank code number
The bank details are never visible to other users at any time.
Internet payment systems
Please note that, in addition to other payment methods, Internet payment systems whose operators may be located outside the EU may also be offered for payment in relation to our Internet offers. These companies may also store the data of users placing orders on servers outside the EU. We have no influence on this.
8. Protection of children and young people
Protecting the privacy of children and young people is important to us. Persons under the age of 18 should not transmit any personal data to our website without the consent of their legal guardian. We will not collect, process or use any information from persons known to us to be under 16 years of age without first obtaining the verifiable consent of the legal guardian.
Your personal data is transmitted on the Internet in encrypted form using an SSL certificate (2048 bit) both when you register for the services we offer that require registration and when you log into the internal user service area of both our online shop at shop.hansa-flex.com and customer portal at my.hansa-flex.com. We protect our website and other systems by technical and organisational measures against the loss, destruction, access, modification or distribution of your data by unauthorised persons. Despite regular checks, however, complete protection against all risks is not possible. Access to your account in the internal user service area of both the online shop at shop.hansa-flex.com and the customer portal at my.hansa-flex.com is only possible after the entry of your password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
External links and outside content
The contents of our Internet pages have been prepared with the greatest care. Nevertheless, we do not assume any guarantee for topicality and completeness. We are only responsible for our own content, but not for external content. For further information, you may find links on our website that refer to third-party websites. We have checked all external links for illegal contents and at the time such contents were not recognisable. With regard to third-party content, there is no general monitoring and auditing obligation. If we become aware of illegal content, we check these links immediately and remove them if necessary. External links always open in a new browser window.
Date: November 2019