Hydrive Engineering GmbH, Dresdner Strasse 172 / Eingang B, 01705 Freital, Germany, Tel.: +49 (0)351 850731 0, Fax: +49 (0)351 850731 19, Email: firstname.lastname@example.org.
1. Scope and legal basis
(2) With regard to the terminology used, such as “personal data” and “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
(3) The term “user” covers all categories of people who are the subject of data processing. These include our business partners, clients, potential clients and any other visitors to our website.
(4) The personal data of users which is processed within the context of this website includes:
- contractual data (e.g. names and addresses of clients or potential clients),
- contact details (e.g. email address, telephone number),
- usage data (e.g. the pages of our website which are visited, interest in our services and products),
- content data (e.g. information given in emails) and
- technical data (e.g. IP addresses, device information).
(5) Users’ personal data is processed in particular for the following purposes:
- to provide the website, its content and its functions,
- to provide contractually agreed services,
- to provide customer service,
- to answer enquiries and communicate with users,
- to carry out marketing, and
- to maintain the website’s security.
(6) We process personal data solely in compliance with the relevant data protection provisions. This means that users’ data will only be processed when it is legally permitted to do so. This is the case in particular when the data processing is required or prescribed by law for the performance of our contractual services (e.g. for the processing of commissions and orders) and of our online services, when the user has given their consent or on the grounds of our legitimate interests. Legitimate interests include the analysis, optimisation, security and cost-effective operation of our website.
(7) Please note that the legal basis for consent is Article 6(1) Sentence 1 (a) and Article 7 GDPR; the legal basis for processing for the performance of our services and the execution of contractual provisions is Article 6(1) Sentence 1 (b) GDPR; the legal basis for processing for the performance of our legal obligations is Article 6(1) Sentence 1 (c) GDPR; and the legal basis for processing on the grounds of our legitimate interests is Article 6(1) Sentence 1 (f) GDPR.
2. Security measures
(1) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. This serves to protect the data processed by us from, in particular, accidental or intentional manipulation, loss or erasure or unauthorised access by third parties. The security measures also include the encrypted transfer of data between your browser and our server.
(2) We have also established processes which guarantee the protection of data subjects’ rights, the erasure of data and a reaction to any threats to the data.
3. Transfer of data to third parties and third-party service providers
(1) Insofar as we disclose or transfer data or otherwise make data accessible to other persons and businesses (processors or third parties) in the context of our processing work, this is only done on the basis of legal permission. This is the case, for example, if the data is transferred to third parties when this is required for performance of a contract in accordance with Article 6(1) Sentence 1 (b) GDPR, when you have given your consent, when we are legally obliged to do so or on the grounds of our legitimate interests (e.g. for use by authorised representatives, web hosts etc.). Insofar as we commission third parties with the processing of data on the basis of a “processing agreement”, this is done on the basis of Article 28 GDPR.
(2) Insofar as we process data in a third country (i.e. outside of the European Union or European Economic Area), or such processing is performed in connection with the use of third-party services or the disclosure or transfer of data to third parties, this occurs only when the particular conditions set out in Articles 44 et seq. GDPR are also met. That is, such processing will take place on the basis of particular guarantees, such as official recognition of a level of data protection corresponding to that ensured within the EU (e.g. via the Privacy Shield Framework for the USA), for example, or in compliance with special, officially recognised contractual obligations (“standard contract provisions”).
4. Collection of access data and log files
(1) We collect data concerning every instance of access to the server on which this service is located (known as server log files), on the grounds of our legitimate interests within the meaning of Article 6(1)(f) GDPR. This data is required for technical purposes, in order to display the website to you and to guarantee its stability and security. The access data includes the date and time of access, the name and URL of the file retrieved, the website from which access takes place (referrer URL), the browser used and possibly the operating system of the user’s computer as well as the name of the access provider making the request. As IP anonymisation is activated, the user’s IP address is only collected in a shortened form.
(2) The log file information is stored for a maximum of seven days, in order to evaluate the security and stability of the system, and subsequently erased. Data which must be stored for a longer period for the purposes of evidence is exempted from erasure until the incident in question has been fully resolved.
5. Contacting us
If users contact us via email, we will process the information which they provide (email address, name, message and any other voluntarily provided data such as telephone number or address) in order to handle their enquiry, in accordance with Article 6(1) Sentence 1 (b) GDPR.
(3) You can erase cookies at any time via the security settings of your browser. You can also change your browser settings as desired, for example to reject third-party provider cookies or reject all cookies. However, please note that if you do this, you may not be able to use the full functionality of this website.
7. Google Analytics
(2) Google will use this information on our behalf in order to evaluate users’ interactions with our website, compile reports on website activities and provide us with other services relating to the use of this website and internet usage. Pseudonymous use profiles may be created for users on the basis of the data which is processed.
(3) We only use Google Analytics with IP anonymisation activated. This means that Google will anonymise users’ IP addresses within member states of the European Union and in other states party to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases.
(4) The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent cookies from being stored by changing their browser settings; they can also prevent Google from collecting and processing the data generated by the cookie relating to their use of the website by downloading and installing the browser plug-in available here:
(5) Further information on the use of data by Google, as well as the different settings available and ways to make an objection, can be found on Google’s websites: https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“Advertising”), https://adssettings.google.com/authenticated (“Ad personalisation”).
(1) This section explains the content of our newsletter, the subscription and delivery process, the statistical evaluation used and your right to object. By subscribing to our newsletter, you consent to receive it and to the processes described here.
(2) We send email newsletters with advertising information solely with the consent of the recipients or when legally permitted. Our newsletters contain information on our products and services and on our company.
(3) Subscription to our newsletter takes the form of a double opt-in process. This means that, after you sign up, you will receive an email asking you to confirm your subscription. This confirmation is needed to prevent people from signing up with email addresses which do not belong to them. Newsletter subscriptions are recorded in order to create proof of the subscription process as required by law. This involves storing the time of subscription and of confirmation as well as the IP address used. The purpose of the process is to create proof of your subscription and to be able to resolve any incidents of misuse of your personal data. This is done on the basis of Article 6(1)(f) GDPR.
(5) To subscribe to the newsletter, you must give your email address and your name. We store this data for the purpose of sending the newsletter and addressing you personally.
(6) The newsletters contain a “web beacon” — a single-pixel file that is retrieved by the service provider’s server when the newsletter is opened. When the web beacon is retrieved, technical information such as information on your browser and system will be collected, as well as your IP address and the time of retrieval. This information is used to make technical improvements to our services, based on the technical data or target groups and their reading behaviour, on the location from which the beacon is retrieved (which can be determined from the IP address) or on the times of access. Other statistical information which is collected includes whether and, if so, when the newsletters are opened as well as which links are clicked on. It is technically possible to associate this information with individual users. However, neither we nor our service provider have any desire to monitor individual users. Rather, this information is evaluated in order to identify our users’ reading habits and adapt our content to these or send different content according to our users’ interests. If you would like to object to the analysis of your data for statistical evaluation purposes, you have to unsubscribe from the newsletter. It is unfortunately not possible to object to this analysis without ending your subscription.
(7) The newsletter is sent and its performance is measured on the basis of consent in accordance with Article 6(1)(a) and Article 7 GDPR in conjunction with Section 7(2)(3) of the German Act Against Unfair Competition (UWG).
(8) You can withdraw your consent to receive our newsletter at any time. At the end of every newsletter, you will find a link allowing you to exercise your right to withdraw consent. If users have only subscribed to the newsletter and subsequently unsubscribed, their personal data will be erased. However, we may store deregistered email addresses for up to three years before erasing them, on the basis of our legitimate interests in accordance with Article 6(1)(f) GDPR, in order to have proof of previously given consent. This data may only be processed for the purpose of defending against potential claims.
Information on data protection, evaluation of reading behaviour and your right to withdraw consent
9. Online presence on social networks
(1) We maintain an online presence within the social networks Facebook, Pinterest and Instagram in order to communicate with our clients and potential clients as well as to present our products and services.
(2) As the providers of these social networks are headquartered in the USA, users’ data may be processed outside of the European Union, which can create risks affecting, for example, the enforcement of users’ rights. However, the abovementioned social network providers are certified under the Privacy Shield Framework (https://www.privacyshield.gov/EU-US-Framework) and are therefore obliged to uphold the European Union’s data protection standards.
(3) Users’ data may be processed for analysis and marketing purposes via our online presence on the social networks named. User behaviour and the interests that this reveals can be used to create anonymous user profiles, which are then used, for example, to display advertisements within and outside of the social networks that correspond to users’ probable interests. This is generally done using cookies, which are stored on users’ devices and contain information on users’ behaviour and interests. Device-independent data may also be stored in the user profiles. This applies in particular to users who are members of the social network in question and are logged into their account.
(5) We maintain an online presence on the social networks named, and process data in connection with this social media presence, on the basis of our legitimate interests (in providing interesting information outside of our website and in having additional channels for communication with our clients and potential clients) in accordance with Article 6(1) Sentence 1 (f) GDPR. If a provider asks you to consent to data processing, the legal basis for this processing is Article 6(1) Sentence 1 (a) in conjunction with Article 7 GDPR.
(6) Providers and further information:
(a) Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) — Data Policy: https://www.facebook.com/about/privacy/, opting out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
(7) “Social plugins” connected to the abovementioned providers are used on our website. However, the icons or buttons which we use for this purpose function solely as external links, which means that no information can be transferred to these providers if you do not click on one of the icons. When a user clicks on one of the icons, they will be transferred to the website of the provider in question. The URL of the current website will be transmitted as part of this process. We have no influence over whether or how the providers use this information for the purposes of evaluation. For more information, please consult the providers’ privacy policies, which are linked above
10. Use of Google Fonts
(1) On our website, on the basis of our legitimate interest (i.e. interest in the optimisation and economic management of our website within the meaning of article 6(1)(f) GDPR), we employ external fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”), see https://www.google.com/fonts (“Google Fonts”).
(2) These fonts are integrated as a result of server access at Google (generally in the USA). This always requires Google to recognise the IP address of users, since the contents cannot be sent to the browser without the IP address. The IP address is therefore required for the presentation of these contents.
11. Use of Google Maps
(1) On our website, on the basis of our legitimate interest (i.e. interest in the optimisation and economic management of our website within the meaning of article 6(1)(f) GDPR), we employ Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
(2) Google Maps is integrated as a result of server access at Google (generally in the USA). This always requires Google to recognise the IP address of users, since the contents cannot be sent to the browser without the IP address. The IP address is therefore required for the presentation of maps.
12. Your rights
(1) Users have the right to obtain information about how we process their personal data upon request and free of charge.
(2) Additionally, users have the right to rectification of inaccurate data, restriction of processing und erasure of their personal data, the right to data portability, if applicable, and, in the case of assumed unlawful data processing, the right to file a complaint with a supervisory authority.
(3) Likewise, users can revoke consent for future cases.
13. Erasure of data
Data stored by us will be erased if it is no longer required for its intended purpose and if its storage is no longer legally required. Provided that the users’ data is not erased because it is required for other legally admissible purposes, its processing will be limited. In this case, access to the data will be blocked and it will not be processed for other purposes. This applies, for instance, to user data that must be stored for reasons of commercial or fiscal law. The storage period for commercial and business letters, for instance, is 6 years according to section 257(1) of the German Commercial Code (HGB).
14. Right to object
Users can object to future processing of their personal data at any time in accordance with legal standards. Objection can be made in particular to data processing for the purposes of direct marketing.
15. Provision of personal data
The provision of personal data for use on our website is neither legally, nor contractually stipulated nor is it required for entering a contract. You are also not obliged to provide us with personal data within the scope of this website.
16. Automated decision-making
We do not employ automated decision-making or profiling in accordance with Article 22 GDPR.