Data protection statement

Version dated 24.05.2019


1. Data protection on HSM websites

HSM GmbH + Co. KG (further legal information in the imprint) is the responsible data protection entity for this website. HSM GmbH + Co. KG (hereinafter referred to as "HSM") takes the protection of your personal data very seriously. This data protection statement is intended to inform you of the personal data we collect from you when using our website and the purposes for which we process and use it.

The data protection statement is structured in a modular way in order to help you search for information.

In our privacy policy we use terms and definitions of the European General Data Protection Regulation GDPR, in particular Article 4 GDPR. Pursuant to this regulation, we are the "controller" and you are the "data subject". Data that relates directly or indirectly to you is "personal data". When we talk about your "data" in the broader context of this privacy policy, we generally mean data that relates directly or indirectly to you as a natural person. This includes for example, name, address, telephone number, the company you work for, e-mail address, and any other information you enter in the forms on our website.

You can contact our internal data protection officer at datenschutz@hsm.eu

You can of course, visit our website, without giving any details about yourself. Even when using our website, data is collected and processed, but without reference to your person. For more information, see the web service, cookies and web analysis log files.

HSM reserves the right to adapt the data protection statement to changed legal provisions and regulations at any time.

Please keep up to date with changes to the data protection statement by clicking on the relevant link on our website.

For general queries about our website, please contact us directly: Tel: +49 7554 2100-0 or e-mail: webmaster(at)hsm.eu .

General information, in particular our transparency information regarding the processing of personal data by HSM GmbH + Co. KG is included in its own section within this Privacy Policy.


2. Web service log files

When you visit our web pages our servers store by default various access data in an electronic log file. This data includes the IP address used by you to access the site, the website from which you are visiting us, our webpages you visit, the date and time of your page view and the length of the visit. This data is captured fully automatically and only used for error analysis and the technical improvement of our web service. Recipients of this data are HSM IT and, where necessary, IT service providers representing HSM. The legal basis for this processing is our legitimate interest [Art.6 (1) lit. f. GDPR] in continuing to operate our web pages in accordance with standard procedures. The log file data is automatically overwritten after no more than one month. Other data processing operations performed when you access our website include our use of cookies and our analysis of usage data from your visit to our web pages. These processing operations are described in this privacy policy in separate sections.


3. Our use of cookies

Our website uses cookies. These are small text files that our web server places on your computer. These files are used to track your activity on our portal’s web pages. Some cookies are distinguished according to the duration of their storage. So-called session cookies are automatically deleted when you close your browser. A session cookie can, for example, be used to ensure the communication of our web server with your computer. Permanent cookies, however, remain stored on your PC. Your browser is able to provide information about the storage period. A permanent cookie can be re-read on your next visit to our website. In order to prevent this, you can delete the permanent cookie after visiting our website. Permanent cookies can, for example, be used to analyse your use of our website.

Other cookies are distinguished according to their origin. So-called first-party cookies always come from the website which is indicated in the address bar of your browser. So-called third-party cookies come from web pages that you have not viewed directly but have been embedded into the first party’s web page via photos or advertisements. Your browser can also tell you about which sources the cookies stored on your PC come from.

Our website uses the following cookies for tracking purposes:

_gat, _gid and _ga. These cookies are set by Google Analytics and by Google Adwords Conversion Tracking. Please see the separate sections in this privacy policy.

Opting out of our use of cookies

Most browsers are set up to accept cookies. To disable them, please change the appropriate settings on your browser. If your browser does not enable cookies, you may not be able to use all the pages on our website without interference. In order to fill in a contact form, it is essential that you adjust your browser to enable session cookies. Session cookies are automatically deleted when you close your browser.


4. Analysis of the use of our web pages with Google Analytics

On the legal basis of a legitimate interest [Art.6 (1) lit. f. GDPR] in improving our website, our website uses Google Analytics, a website analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and help to analyse your use of the website. The information generated by the cookies _ga and _gid about your use of our website (including your IP address) is usually transmitted and saved on a Google server in the USA. However, if IP anonymisation is activated on this website, your Google IP address is abbreviated within Member States of the European Union or in other countries party to the agreement on the European Economic Area. Only in exceptional circumstances will the entire IP address be transmitted to a Google server in the USA and abbreviated there. The owner of this website will authorise Google to use this information to evaluate your use of the website, to compile reports about your website activities and to provide website-use and Internet-use-related services to the website owner. The IP address communicated by your browser while using Google Analytics will not be stored with other Google data.

Click on this link for further information about how Google uses data when websites and apps of Google partners are used https://policies.google.com/privacy/partners?hl=de

Opt-out option

You can prevent cookies from being saved by selecting the appropriate settings on your browser software. Please note, however, that if you do this you may not be able to fully enjoy all of our website’s functionalities.

Alternatively you can prevent Google from recording the cookie-generated data about how you use the website (including your IP address) and Google’s processing of this data, by clicking on the following link (http://tools.google.com/dlpage/gaoptout?hl=de) to download and install the browser plug-in.


5. Use of Google Adwords Conversion Tracking

On the legal basis of a legitimate interest [Art.6 (1) lit. f. GDPR] in assessing the effectiveness of our advertising in the Internet we use the online advertising programme "Google AdWords" and conversion tracking within the scope of Google AdWords. Google Conversion Tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you click on an advertisement run by Google, a cookie (_gat) for the conversion tracking is saved on your computer. These cookies have limited validity, contain no personal data and are therefore not used in personal identification. If you visit specific web pages on our website and the cookie has not yet expired, Google and we can identify that you have clicked on the advertisement and have been forwarded to this page. Every Google AdWords customer receives a different cookie. Thus, there is no possibility of cookies being tracked via the websites of AdWords customers. The information that is obtained with the help of the conversion cookie is used to generate conversion statistics for AdWords customers who have decided in favour of conversion tracking. Here the customers can see the total number of users who have clicked on their advertisement and were forwarded to a site provided with a conversion tracking tag. However, they will not receive any information that can be used to identify users personally.

Opt-out option

If you do not wish to take part in the tracking, you can opt out by setting your browser software to prevent the installation of cookies (deactivation option). You will not then be included in the conversion tracking statistics. For further information as well Google’s privacy policy, go to http://www.google.de/policies/privacy/

If you have made your profile public in the Google Plus settings, your Google "+1" can appear as a notice together with your profile name and your photo in Google services, such as in search results or in your Google profile, or elsewhere on websites and advertisements on the Internet. If you do not want Google to assign the information collected directly to your Google Plus profile, you must log out of Google Plus before visiting our site. You will find further information about Google’s collection and use of data, your rights in this respect as well as your privacy protection options in Google’s data protection notice: http://www.google.com/intl/de/+/policy/+1button.html. You can also prevent the loading of Google plug-ins by installing the relevant add-ons in your browser.


6. Newsletter

You receive an electronic newsletter from us because when you sent us a newsletter subscription request form you gave us your consent pursuant to Art. 6 (1) (a) GDPR for the use of your e-mail address for this purpose and confirmed this subscription with a so-called double opt-in. Further information on the newsletter form is obligatory and will be used to address you personally.

Withdrawal of consent

Consent can be withdrawn at any time by unsubscribing from the newsletter. You will find a link to the cancellation at the end of each newsletter. You can also unsubscribe from the newsletter by contacting us directly.

To enable us to send you offers and information, your click behaviour in relation to the newsletter will be tracked. This includes which newsletter you have opened and how often, or how often you have clicked on links to our products or other information in a newsletter. Analysing click behaviour enables us to continually improve the newsletter and adapt it to the interests of our customers. For the analysis the usage data is anonymised by means of merging, so that it is no longer possible to establish a connection between the data collected and a particular e-mail address. Your personal click behaviour is therefore unknown to us.

Opt-out of analysis

However, you can opt out of the analysis by unsubscribing from the newsletter. The legal basis for our usage analysis of click behaviour is our legitimate interest [Art.6 (1) lit. f. GDPR] in making the newsletter content relevant to our readers.


7. Processing of personal data on our website and in HSM’s systems

In the following section we will explain the processing of data acquired by us through the website and, where applicable, processing in other systems. The legal bases for the processing of personal data differ between a private person, who enters or has a contractual relationship in their own interest (e.g. as the end customer, user), and a person who is acting on behalf of their company when entering or implementing a business relationship with us (e.g. as the contact person with particular responsibilities).

Processing of data on our website and in our systems concerns primarily contact persons of our commercial customers. In this case, the legal basis of the processing is our legitimate interest in communicating with you as the contact person of our customer. In order for private persons to use the corresponding web functions, the legal principles are stated explicitly below. See also the section Transparency Information on the processing of personal data by HSM GmbH + Co. KG.

General inquiries via our contact form

Purpose of processing

We will record your name and address so that we know who is contacting us and the nature of the enquiry.

The e-mail address is mandatory, because we need it, depending on the subject matter of your enquiry, in order to process your request. Beyond this, there is no further use of the data.

The telephone number is obligatory because we use it, depending on the subject matter of your enquiry, in order to process your request, especially if you have provided information for a call back in the date and time boxes. Beyond this, there is no further use of the data.

The legal basis for processing your personal data is Art. 6 (1)(b) GDPR, “Contractual and pre-contractual purposes”.

Storage, duration of storage

On the basis of our legitimate interest in having the best possible communication with our customers, your inquiries and your personal data will be stored in our CRM so that a reference can be created in case of further contact from you.

If you are not a customer of HSM and the subject matter of your contact is of a general nature (e.g. information about our products), your personal data will be deleted at the end of the calendar year after the last contact was made.

If you are not a customer of HSM and if your request may be used to initiate a business relationship (e.g. price information), your personal data will be deleted at the end of the second calendar year after the last contact was made.

If you and/or your company is already a customer of HSM, your information will be added to data about your company that we already hold.

Usage for advertising

We will also use your address to send you documents at your request, as well as information about new products and services as well as promotions at HSM. The legal basis for this use is our legitimate interest in the commercial relationship with you. You can revoke the use of your address at any time e.g. via a contact form.

Support enquiry, complaint

When you make a support enquiry, the product details provided by you and your personal details are stored in our ERP system.

Transmission of your data to authorised dealers

If your enquiry relates to a complaint, warranty or the like, we will, if necessary, transmit this data together with your personal data to the dealer from whom you purchased the device or to another dealer in your area so that your requirements can be met. If you are a private person, the legal basis for the communication is “fulfilment of contract” [Art. 6 (1) lit. b GDPR], if you are a representative of our business customer the legal basis for communication with our company is “legitimate interest” [Art.6 (1) lit. f GDPR].

Storage, storage period

If HSM repairs or replaces a device, your data will be stored in our support, accounting and logistics systems up to the expiry of the statutory storage periods and then deleted. If you are a private person, the legal basis for storing information is “fulfilment of contract” [Art. 6 (1) lit. b GDPR], if you are a representative of our business customer the legal basis for communication with our company is “legitimate interest” [Art.6 (1) lit. f GDPR]. Another legal basis is the fulfilment of tax regulations.

Training enquiry

We need your training enquiry details so that we can handle your training enquiry and organise your participation in our training courses. The legal basis for the processing is our legitimate interest in processing your data with regard to the contractual relationship with your company. We will use your details solely for handling your request and organising the training.

Within our company we will pass on your data to those involved in organising the training. If you provide details of your travel and accommodation wishes, we will pass on your name and your arrival date to hotels near us.

We will store your details until the training has been organised. Tax-relevant data for this procedure will be stored up to the end of the statutory storage periods.

eXtraWeb

In order to use our eXtraWeb you need a personal access. You can apply for this via a web form on which we request professional data (name, address, company, e-mail address) in order to be able to check whether you are entitled to receive access as a commercial market participant. If you do not receive access, your data will be deleted from our database.

We process the data from your eXtraWeb access on the legal basis of our legitimate interest [Art.6 (1) lit. f GDPR] to communicate with you as the representative of our customer, as well as the legitimate interest [Art. 6 (1) lit. f GDPR] of the company that you are representing in communication with us.

You can have your account deleted at any time to access eXtraWeb. For this you can reach us via the specified paths in the contact area.


8. Social media, links to websites of other providers

Our website links to so-called social media (Facebook, YouTube, Xing and LinkedIn). The buttons of the links are designed in such a way that a connection of your PC to the respective network is only established when you follow the link by clicking on it. You will be directly connected to the respective server of the selected social media. Data protection in the social media networks is the responsibility of the respective operator.

This also applies to websites which we link from our portal, but which are operated by other providers. An example of such a link are the videos on our main page which are accessed via YouTube®. On the linked pages in the data protection statements of the respective operator, please inform yourself about data protection.


9. Transparency information for processing personal data by HSM GmbH + Co. KG

Data protection responsibility, data protection officer

HSM GmbH + Co. KG (further legal information in the imprint) is the controller of data under data privacy law. If you have any queries concerning data protection, please do not hesitate to contact our data protection officer directly:

Reinhard M. Novak

DSB External Data Protection

Dorfstrasse 15

79249 Merzhausen

Germany

Tel:+49 761 58539335

www.dsb-ext.com

Processing your data

Processing our business customer’s data

We process data from natural persons who belong to a company or represent it, with whom we are in a business relationship or with whom we would like to enter into a business relationship. This data includes your name, the name of your company, the address of your company, your business communication data such as e-mail address and telephone and your role in the company. This data is processed on the basis of our legitimate interest [Art. 6 (1) lit. f GDPR] in contacting you as a representative of our customer, as well as the legitimate interest [Art. 6 (1) lit. f GDPR] of the company that you represent in communicating with us. Your conflicting interests can then prevail, for example, if you leave your company.

As a data subject you naturally have privacy rights, e.g. the right to withdraw consent, the right to request information about the personal data that we hold about you, and other rights. Please see the section Your Rights regarding the processing of your personal data.

For promotional purposes we process your company’s data in our CRM. For contractual purposes we process your company’s data in our CRM and in the planning, production, logistics and finance modules of our ERP. In accordance with your role and responsibility in your company, this data may also include the above-mentioned data that relates directly to you. The purpose of processing this data does not however relate to you as a natural person, but rather to your company as our business partner. The data protection law does not apply to purely business data that does not relate to a natural person.

Direct delivery to a business customer, support services

It may be that a retailer gives us your name, you company and your address details so that we, as the manufacturer, can deliver directly to your business address. Likewise, if support is required, it may also be that a retailer gives us your name, your company, your business address, the type of device used by you and other details about it, so that we, via our service department, can take the steps required on-site. We then acquire and process your data regularly on the basis of our legitimate interest [Art. 6 (1) lit. f GDPR], on the one hand for communication with you as the representative of your company, on the other hand to fulfil our contract with the retailer. Another legal basis is the legitimate interest of your company [Art. 6 (1) lit. f GDPR] for communication with us for the purpose of delivery, where applicable by a logistical service provider or for the implementation of support services.

Processing personal data of private persons or end customers

It may of course be that you contact us via a web form or email as a potential customer or end customer. In this case, we will process the data you give us solely for the purpose of handling your enquiry, on the legal basis of a pre-contractual measure [Art. 6 (1) lit. b GDPR]. The data used in this operation will not be permanently stored.

Direct delivery to private persons or end customers

It may be that a retailer gives us your name and your address details so that we, as manufacturer, can deliver directly to your address. We will acquire and process this information solely for the purpose of delivery and in the legitimate interest [Art. 6 (1) lit. f GDPR] for fulfilment of the business agreement with the retailer. So that the goods can be delivered to you, we will pass on your name and address to a logistics service provider. Tax-relevant data for this procedure will be stored up to the end of the stipulated storage periods. We will not process your data in any other way. The legal basis for us to process your data is our legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil our contract with your retailer, as well as his legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil the contract with you.

Support for private person or end customer

If support is required, it may also be that a retailer gives us your name, your address, the type of device used by you and other details about it, so that we, via our service department, can take the steps required on-site. In this case we will process your data in our support systems as well as, if your device needs replacing, in our logistics and accounting systems. So that the replacement device can still be delivered to you in this case, we will pass on your name and address to a logistics service provider. Tax-relevant data for this procedure will be stored up to the end of the stipulated storage periods. We will not process your data in any other way. The legal basis for us to process your data is our legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil our contract with your retailer, as well as his legitimate interest to fulfil the contract with you.

If you yourself contact us in order to request help from our support team, please read the relevant section of this privacy policy.

As data subject you naturally have privacy rights, e.g. the right to request information about the personal data that we hold about you, and other rights.

Marketing opt-out

You have the right to opt out of the use of your data for marketing purposes. To opt out from mailshots or telemarketing, please use a contact form. You can opt out of electronic mail marketing to your e-mail address via the direct contact (link to the contact area of the website). In order to unsubscribe, please see the relevant section of this privacy policy.

Your other rights

As a data subject you have the right to receive information from us about data relating to you (Art. 15 GDPR). Pursuant to Art. 16 GDPR you can obtain the rectification and pursuant to Art. 17 GDPR, under certain conditions, the erasure of your data. Pursuant to Art. 18 GDPR you have a right to a restriction of processing, if you demonstrate compelling personal reasons, and pursuant to Art. 21 GDPR you have the right to opt out of the processing of your data in general or in part. For data that you have provided us with, you may request that it be published in an established, machine-readable format. You have the right to withdraw consent that you have given us for the processing of your data at any time with future effect. That means that your withdrawal can only relate to future processing operations and previous processing operations shall therefore continue to comply with data protection regulations.

To assert your rights, please contact datenschutz@hsm.eu or contact us using the contact details provided in the legal notice,

you have the right to contact our internal data protection officer directly.

You have the right to address complaints about our processing of your data to a regulatory authority. The competent authority for us is the Data Protection and Freedom of Information office, postal address: PO Box 102932, 70025 Stuttgart, E-Mail poststelle@lfdi.bwl.de.