Data protection statement
Version dated 20.04.2021
HSM GmbH + Co. KG (further legal information in the imprint) is the responsible data protection entity for this website. HSM GmbH + Co. KG (hereinafter referred to as "HSM") takes the protection of your personal data very seriously. This data protection statement is intended to inform you of the personal data we collect from you when using our website and the purposes for which we process and use it.
The data protection statement is structured in a modular way in order to help you search for information.
You can of course, visit our website, without giving any details about yourself. Even when using our website, data is collected and processed, but without reference to your person. For more information, see the web service, cookies and web analysis log files.
HSM reserves the right to adapt the data protection statement to changed legal provisions and regulations at any time.
Please keep up to date with changes to the data protection statement by clicking on the relevant link on our website.
For general queries about our website, please contact us directly: Tel: +49 7554 2100-0 or e-mail: firstname.lastname@example.org .
Our website uses different types of cookies. Some cookies are placed by third parties who display content on our site. A so-called cookie manager is implemented on our website; The cookie manager enables you to select which category of cookies you want to allow. It also informs you about the type and purpose of each cookie we use and helps you with your selection.
In accordance with data protection regulations, we may store cookies on your device if they are absolutely necessary for the operation of this website.
Cookies requiring consent
However, we need your consent for all other types of cookies:
- Cookies from the “preferences” category are designed to improve or facilitate your use of our website. For example, such a cookie can manage the settings for the best possible playing of videos on your device.
- Cookies from the “Statistics” category allow us to analyse your usage behaviour on our website and to summarise this data together with the usage data of other users of our website in statistics. It is at no time possible for us to link usage data to a specific person.
- Cookies from the “Marketing” category enable us to display targeted online advertising to selected groups of users of our website. At no time is a reference made to an identifiable person in doing so. If the advertising function is activated, Google Analytics collects further access data via Google cookies for ad preferences and identifiers in addition to the data collected for statistics in the standard implementation of Google Analytics.
- As the cookies in the “marketing” category require your user behaviour to be evaluated by means of cookies in the “statistics” category, our target-oriented online marketing can only take place if you have consented to the use of both categories. Accordingly, the so-called Google Tag Manager, Facebook Pixel and LinkedIn Insight Tag only become active if you consent to both categories.
You can change or revoke your consent at any time via the links below:
Click on this link for further information about how Google uses data when websites and apps of Google partners are used https://policies.google.com/privacy/partners?hl=de
Possibility to object by revoking your consent
Alternatively you can prevent Google from recording the cookie-generated data about how you use the website (including your IP address) and Google’s processing of this data, by clicking on the following link (http://tools.google.com/dlpage/gaoptout?hl=de) to download and install the browser plug-in.
5.1 Use of Google AdWords Conversion Tracking
Right of objection by withdrawal of consent
5.2 Use of Facebook Pixel
Facebook also processes your user data in its own business interest. Accordingly both we, HSM GmbH + Co. KG, and Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, are responsible for the processing of your data on our page.
If you are a registered Facebook user or are logged into your Facebook account but want to prevent Facebook from linking data collected when you visit our site to your account, you must deactivate Facebook’s “stay logged in” function or unsubscribe from your Facebook account.
https://de-de.facebook.com/full_data_use_policy. However, this document is available only if you have logged into your Facebook account.
Right of objection by withdrawal of consent
5.3 Use of LinkedIn Insight Tag
Right of objection by withdrawal of consent
5.4 Use of Leadinfo
We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.
You receive an electronic newsletter from us because when you sent us a newsletter subscription request form you gave us your consent pursuant to Art. 6 (1) (a) GDPR for the use of your e-mail address for this purpose and confirmed this subscription with a so-called double opt-in. Further information on the newsletter form is obligatory and will be used to address you personally.
Withdrawal of consent
Consent can be withdrawn at any time by unsubscribing from the newsletter. You will find a link to the cancellation at the end of each newsletter. You can also unsubscribe from the newsletter by contacting us directly.
To enable us to send you offers and information, your click behaviour in relation to the newsletter will be tracked. This includes which newsletter you have opened and how often, or how often you have clicked on links to our products or other information in a newsletter. Analysing click behaviour enables us to continually improve the newsletter and adapt it to the interests of our customers. For the analysis the usage data is anonymised by means of merging, so that it is no longer possible to establish a connection between the data collected and a particular e-mail address. Your personal click behaviour is therefore unknown to us.
Opt-out of analysis
However, you can opt out of the analysis by unsubscribing from the newsletter. The legal basis for our usage analysis of click behaviour is our legitimate interest [Art.6 (1) lit. f. GDPR] in making the newsletter content relevant to our readers.
In the following section we will explain the processing of data acquired by us through the website and, where applicable, processing in other systems. The legal bases for the processing of personal data differ between a private person, who enters or has a contractual relationship in their own interest (e.g. as the end customer, user), and a person who is acting on behalf of their company when entering or implementing a business relationship with us (e.g. as the contact person with particular responsibilities).
Processing of data on our website and in our systems concerns primarily contact persons of our commercial customers. In this case, the legal basis of the processing is our legitimate interest in communicating with you as the contact person of our customer. In order for private persons to use the corresponding web functions, the legal principles are stated explicitly below. See also the section Transparency Information on the processing of personal data by HSM GmbH + Co. KG.
General inquiries via our contact form
• Purpose of processing
We will record your name and address so that we know who is contacting us and the nature of the enquiry.
The e-mail address is mandatory, because we need it, depending on the subject matter of your enquiry, in order to process your request. Beyond this, there is no further use of the data.
The telephone number is obligatory because we use it, depending on the subject matter of your enquiry, in order to process your request, especially if you have provided information for a call back in the date and time boxes. Beyond this, there is no further use of the data.
The legal basis for processing your personal data is Art. 6 (1)(b) GDPR, “Contractual and pre-contractual purposes”.
• Storage, duration of storage
On the basis of our legitimate interest in having the best possible communication with our customers, your inquiries and your personal data will be stored in our CRM so that a reference can be created in case of further contact from you.
If you are not a customer of HSM and the subject matter of your contact is of a general nature (e.g. information about our products), your personal data will be deleted at the end of the calendar year after the last contact was made.
If you are not a customer of HSM and if your request may be used to initiate a business relationship (e.g. price information), your personal data will be deleted at the end of the second calendar year after the last contact was made.
If you and/or your company is already a customer of HSM, your information will be added to data about your company that we already hold.
• Usage for advertising
We will also use your address to send you documents at your request, as well as information about new products and services as well as promotions at HSM. The legal basis for this use is our legitimate interest in the commercial relationship with you. You can revoke the use of your address at any time e.g. via a contact form.
Support enquiry, complaint
When you make a support enquiry, the product details provided by you and your personal details are stored in our ERP system.
• Transmission of your data to authorised dealers
If your enquiry relates to a complaint, warranty or the like, we will, if necessary, transmit this data together with your personal data to the dealer from whom you purchased the device or to another dealer in your area so that your requirements can be met. If you are a private person, the legal basis for the communication is “fulfilment of contract” [Art. 6 (1) lit. b GDPR], if you are a representative of our business customer the legal basis for communication with our company is “legitimate interest” [Art.6 (1) lit. f GDPR].
• Storage, storage period
If HSM repairs or replaces a device, your data will be stored in our support, accounting and logistics systems up to the expiry of the statutory storage periods and then deleted. If you are a private person, the legal basis for storing information is “fulfilment of contract” [Art. 6 (1) lit. b GDPR], if you are a representative of our business customer the legal basis for communication with our company is “legitimate interest” [Art.6 (1) lit. f GDPR]. Another legal basis is the fulfilment of tax regulations.
We need your training enquiry details so that we can handle your training enquiry and organise your participation in our training courses. The legal basis for the processing is our legitimate interest in processing your data with regard to the contractual relationship with your company. We will use your details solely for handling your request and organising the training.
Within our company we will pass on your data to those involved in organising the training. If you provide details of your travel and accommodation wishes, we will pass on your name and your arrival date to hotels near us.
We will store your details until the training has been organised. Tax-relevant data for this procedure will be stored up to the end of the statutory storage periods.
In order to use our eXtraWeb you need a personal access. You can apply for this via a web form on which we request professional data (name, address, company, e-mail address) in order to be able to check whether you are entitled to receive access as a commercial market participant. If you do not receive access, your data will be deleted from our database.
We process the data from your eXtraWeb access on the legal basis of our legitimate interest [Art.6 (1) lit. f GDPR] to communicate with you as the representative of our customer, as well as the legitimate interest [Art. 6 (1) lit. f GDPR] of the company that you are representing in communication with us.
You can have your account deleted at any time to access eXtraWeb. For this you can reach us via the specified paths in the contact area.
Our website links to so-called social media (Facebook, YouTube, Xing and LinkedIn). The buttons of the links are designed in such a way that a connection of your PC to the respective network is only established when you follow the link by clicking on it. You will be directly connected to the respective server of the selected social media. Data protection in the social media networks is the responsibility of the respective operator.
This principle also applies to websites for which we provide links on our portal, but which are operated by other providers. Please inform yourself about the data protection on linked webpages in the data protection declarations of the respective operator.
The HSM product videos provided on our website constitute a special case, as it is not obvious that they are retrieved from servers of the operator YouTube/Google. These videos are made available on our website in the so-called “enhanced data protection mode”. The preview image of the videos is loaded from the YouTube server directly when our page is called up, which means that a connection to the YouTube server is already established when the preview image is displayed. However, the enhanced privacy mode is designed to ensure that YouTube only starts further data processing operations when you click on the video. The responsibility for these further processing operations under data protection law lies with the operator YouTube/Google; we have no influence on this.
Data protection responsibility, enquiries relating to data protection, data protection officer
Responsibility under data protection law
HSM GmbH + Co. KG (further legal information in the imprint) is the controller of data under data privacy law.
Enquiries relating to data protection
We have set up the email address email@example.com to answer your enquiries relating to data protection.
Alternatively, you can contact our data protection officer directly in the event of any questions relating to data protection.
Data Protection Officer
Our company data protection officer is
Reinhard M. Novak
DSB External Data Protection
Tel:+49 7633 9382298
Processing your data
Processing our business customer’s data
We process data from natural persons who belong to a company or represent it, with whom we are in a business relationship or with whom we would like to enter into a business relationship. This data includes your name, the name of your company, the address of your company, your business communication data such as e-mail address and telephone and your role in the company. This data is processed on the basis of our legitimate interest [Art. 6 (1) lit. f GDPR] in contacting you as a representative of our customer, as well as the legitimate interest [Art. 6 (1) lit. f GDPR] of the company that you represent in communicating with us. Your conflicting interests can then prevail, for example, if you leave your company.
As a data subject you naturally have privacy rights, e.g. the right to withdraw consent, the right to request information about the personal data that we hold about you, and other rights. Please see the section Your Rights regarding the processing of your personal data.
For promotional purposes we process your company’s data in our CRM. For contractual purposes we process your company’s data in our CRM and in the planning, production, logistics and finance modules of our ERP. In accordance with your role and responsibility in your company, this data may also include the above-mentioned data that relates directly to you. The purpose of processing this data does not however relate to you as a natural person, but rather to your company as our business partner. The data protection law does not apply to purely business data that does not relate to a natural person.
Direct delivery to a business customer, support services
It may be that a retailer gives us your name, you company and your address details so that we, as the manufacturer, can deliver directly to your business address. Likewise, if support is required, it may also be that a retailer gives us your name, your company, your business address, the type of device used by you and other details about it, so that we, via our service department, can take the steps required on-site. We then acquire and process your data regularly on the basis of our legitimate interest [Art. 6 (1) lit. f GDPR], on the one hand for communication with you as the representative of your company, on the other hand to fulfil our contract with the retailer. Another legal basis is the legitimate interest of your company [Art. 6 (1) lit. f GDPR] for communication with us for the purpose of delivery, where applicable by a logistical service provider or for the implementation of support services.
Processing personal data of private persons or end customers
It may of course be that you contact us via a web form or email as a potential customer or end customer. In this case, we will process the data you give us solely for the purpose of handling your enquiry, on the legal basis of a pre-contractual measure [Art. 6 (1) lit. b GDPR]. The data used in this operation will not be permanently stored.
Direct delivery to private persons or end customers
It may be that a retailer gives us your name and your address details so that we, as manufacturer, can deliver directly to your address. We will acquire and process this information solely for the purpose of delivery and in the legitimate interest [Art. 6 (1) lit. f GDPR] for fulfilment of the business agreement with the retailer. So that the goods can be delivered to you, we will pass on your name and address to a logistics service provider. Tax-relevant data for this procedure will be stored up to the end of the stipulated storage periods. We will not process your data in any other way. The legal basis for us to process your data is our legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil our contract with your retailer, as well as his legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil the contract with you.
Support for private person or end customer
If support is required, it may also be that a retailer gives us your name, your address, the type of device used by you and other details about it, so that we, via our service department, can take the steps required on-site. In this case we will process your data in our support systems as well as, if your device needs replacing, in our logistics and accounting systems. So that the replacement device can still be delivered to you in this case, we will pass on your name and address to a logistics service provider. Tax-relevant data for this procedure will be stored up to the end of the stipulated storage periods. We will not process your data in any other way. The legal basis for us to process your data is our legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil our contract with your retailer, as well as his legitimate interest to fulfil the contract with you.
As data subject you naturally have privacy rights, e.g. the right to request information about the personal data that we hold about you, and other rights.
Your other rights
As a data subject you have the right to receive information from us about data relating to you (Art. 15 GDPR). Pursuant to Art. 16 GDPR you can obtain the rectification and pursuant to Art. 17 GDPR, under certain conditions, the erasure of your data. Pursuant to Art. 18 GDPR you have a right to a restriction of processing, if you demonstrate compelling personal reasons, and pursuant to Art. 21 GDPR you have the right to opt out of the processing of your data in general or in part. For data that you have provided us with, you may request that it be published in an established, machine-readable format. You have the right to withdraw consent that you have given us for the processing of your data at any time with future effect. That means that your withdrawal can only relate to future processing operations and previous processing operations shall therefore continue to comply with data protection regulations.
To assert your rights, please contact firstname.lastname@example.org or contact us using the contact details provided in the legal notice,
you have the right to contact our internal data protection officer directly.
You have the right to address complaints about our processing of your data to a regulatory authority. The competent authority for us is the Data Protection and Freedom of Information office, postal address: PO Box 102932, 70025 Stuttgart, E-Mail email@example.com.