Data privacy policy

1. Data privacy policy

Introduction

We are pleased to welcome you to our website. Hymer-Leichtmetallbau GmbH & Co. KG (hereinafter “Hymer-Leichtmetallbau”, “we” or “us”) places great value on users’ data security, as well as on compliance with data protection regulations. We are keen that this document should provide you with information concerning how your personal data is processed.

Data Controller and Data Protection Officer

Data Controller:
Hymer-Leichtmetallbau GmbH & Co. KG
Käferhofen 10
88239 Wangen
Tel.: + 49 (0) 75 22 700 - 0
E-Mail: info@hymer-alu.de Externer

External Data Protection Officer:
DDSK GmbH
Herr David Kuhn
Tel.: 07542 949 21 - 08
E-Mail: datenschutz@hymer-alu.de

Terminology

The specialist terms used in this privacy policy are to be interpreted in accordance with the legally defined terminology specified in Art. 4, GDPR.

 

Notes on Data Processing

Automated Data Processing (Log-Files etc.)

It is possible to visit our site without the user actively giving personal data details. However, we automatically save access data (server log files) with every visit to the website, such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as, for security reasons, for example, to detect attacks on our website, the IP address of the computer used, for a period of 7 days. These data are evaluated exclusively to improve our offer and do not enable any conclusions to be drawn about the user's person. This data is not merged with other data sources. The legal basis for the processing of the data is Art. 6 para. 1, f) GDPR. We process and use the data for the following purposes: 1. making the website available, 2. improving our websites and 3. preventing and detecting errors/malfunctions and misuse of the website. The processing is carried out in pursuit of legitimate interests in ensuring the functionality and the error-free and secure operation of the website, as well to adapt this website to the requirements of the users.

 

Use of Cookies (General, Functioning, Opt-Out Links etc.)

In order to make our website more attractive and to enable the use of certain functions, we use what are known as cookies on our website. The use of cookies helps us achieve our legitimate interest of making the use of our website as pleasant as possible and is based on Art. 6 para. 1. f) GDPR. Cookies are part of standard internet technology for the storage and retrieval of log-in and other user information for all users of the website. Cookies are small text files that are stored on the end device. They make it possible for us, inter alia, to store user settings so that our website can be displayed in a format tailored to the user device. Some of the cookies we use are deleted at the end of the browser session, that is to say when the browser is closed (these are called session cookies). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser at the next visit (these are called persistent cookies).
The browser can be set so that the user is informed about the setting of cookies and can decide in individual cases whether to accept or exclude the acceptance of cookies in certain cases or in general. Furthermore, the cookies can be deleted retrospectively in order to remove data that the website has stored on the user’s computer. The deactivation of cookies (known as “opt-out”) may lead to some restrictions in the functionality of our site.

 

Subject data categories:
Website visitors, users of on-line services

Opt-out:
Internet Explorer: support.microsoft.com/de-de/help/17442
Firefox: support.mozilla.org/de/kb/wie-verhindere-ich-dass-websitesmich-verfolgen
Google Chrome: support.google.com/chrome/answer/95647
Safari support.apple.com/de-de/HT201265

Legal bases:
Consent (Art. 6 para. 1. a) GDPR); Legitimate interests (Art. 6 para. 1. f) GDPR) The applicable legal basis for each case is identified specifically in the corresponding tool.

Legitimate interests:
Storage of opt-in preferences, presentation of the website, ensuring functionality of the website, preserving user status across the entire website, recognition for the next website visitors, a user-friendly online offer, guaranteeing the chat function.

 

Online marketing

With a view to constantly increasing our reach and the degree of awareness of our online offering, we process personal data as part of our online marketing, in particular in respect of potentially interested parties and evaluation of the effectiveness of our marketing activities. For the purpose of evaluating the effectiveness of our marketing activities and the identifying potential interest groups, relevant information is stored in cookies or via similar processes. Data stored in cookies can include content viewed, online sites visited, settings, and functions and systems used. However, no user data which clearly identify the user’s identity are processed on a regular basis for the purposes described. The data are then modified in such cases such that the actual identity of the user is not known to either us or the provider of the tools used. Data modified in this way are frequently stored in user profiles. If user profiles are stored, the data can be read, supplemented and added to on the server of the online marketing provider when visiting other online offers which use the same on-line marketing procedure. We can determine the success of our advertising (known as conversion rate measurement) using summarised data supplied to us by the provider of the online marketing procedure. As part of this conversion measurement, we can follow whether a marketing activity has led to a decision to purchase by the person visiting our online offering. This evaluation is a tool for analysing the success of our online marketing.

Categories of data subject:
Website visitors, online service users, interested parties, communication partners, business and contract partners

Categories of data:
User data (e.g., websites visited, interest in content, access times), meta and communication data (e.g., device information, IP-addresses), location data, contact data, content data

Purposes of processing:
Marketing (in some cases, both interest-based and behaviour-based), conversion rates, target group formation, click-tracking, development of marketing strategies and increasing the effectiveness of campaigns

Legal bases:
Consent (Art. 6 para. 1. a) GDPR); legitimate interests (Art. 6 para. 1. f) GDPR)

Legitimate interests:
Optimisation and further development of the website, increasing profit, customer loyalty and acquisition

 

Google Analytics

Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:
policies.google.com/privacy

Opt-out link:
tools.google.com/dlpage/gaoptout or myaccount.google.com

Legal basis:
Consent (Art. 6 para. 1. a) GDPR)

 

Social Media Presence

We maintain an online presence on social networks and career platforms in order to exchange information with users registered there and to come into contact in a simple way. Data from users on social networks is sometimes used to carry out market research and thereby pursue commercial objectives. With the help of users’ usage behaviour, for example details about interests, user profiles can be set up and applied to adapt advertising to the interests of the target groups. To this end, cookies are regularly stored on the end devices of users, in some cases irrespective of whether they are registered users of the social network.

Irrespective of where the social network is operated, this may lead to processing of the user data outside of the European Union or outside of the European Economic Area. This may lead to risks for the user since, as a result, for example, enforcement of your rights may be made more difficult.

Data subject categories:
Registered and non-registered users of social networks

Data categories:
Master data (e.g., name, address), contact data (e.g., e-mail address, telephone number), content data (e.g., text, photographs, videos), usage data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP-address)

Purposes of processing:
Extending reach, networking

Legal bases:
Legitimate interests (Art. 6 para. 1. f) GDPR), Consent (Art. 6 para. 1. a) GDPR)

Legitimate interests:
Interaction and communication on social media sites, increase of profit, knowledge of target groups


YouTube

Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:
policies.google.com/privacy

Opt-out-Link:
tools.google.com/dlpage/gaoptout or myaccount.google.com


Xing

Service used:
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Data protection:
https://privacy.xing.com/de/datenschutzerklaerung

 

Plug-ins and integrated third party content

Integrated into our on-line offer are functions and content which are obtained from third parties. In this way, for example, it is possible to integrate videos, presentations, function buttons or contributions (hereinafter referred to as content)

So that content can be displayed to visitors of our online offer, the respective third-party provider processes, inter alia, the IP-address of the user so that the content can be transmitted and displayed on the browser. Without this processing operation, the display of third-party content is not possible.

In some cases, additional information is collected by what are known as pixel tags or web beacons, whereby the third party provider receives information about the use of the content or the visitor traffic on our online offer, technical information about the user's browser or operating system, the time of the visit or the linking websites. The data obtained in this way are stored in cookies on the user’s end device.

To protect the personal data of visitors to our website, we have taken certain safety precautions to prevent the automatic transmission of such data. This data can only be transmitted when you use the function button or click on the third-party content.

Data subject categories:
Users of the plug-ins or integrated third party content

Data categories:
Usage data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP-address), contact data (e.g., e-mail address, telephone number), master data (e.g., name, address)

Purposes of processing:
Creation of our online offer, increasing the reach of our advertising on social media, sharing of contributions and content, interest-based and behaviour-based marketing, cross-device tracking

Legal bases:
Consent (Art. 6 para. 1. a) GDPR)
 

Google Maps

Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection:
https://policies.google.com/privacy?hl=de&gl=de

Opt-out-Link:
tools.google.com/dlpage/gaoptout or https://myaccount.google.com/

Legal basis:
Consent (Art. 6 para. 1. a) GDPR)

 

Newsletter and broadcast communications

As part of our online offer, users have the option to subscribe to our newsletter or to potential notifications via various channels (hereinafter Newsletter). We send the newsletter in line with legal provisions only to recipients who have consented to receive it. We employ a selected service provider to send out the newsletter.

To subscribe to a newsletter from us, it is necessary to supply an e-mail address. In this case, we collect additional information, such as names, so that we can address the newsletter personally.

Our newsletter is only sent following completion of the double-opt-in process. If visitors to our online offer decide to receive the newsletter, they receive a confirmation mail which serves to prevent and exclude the misuse of false e-mail addresses and prevents the sending of the newsletter being triggered by a simple, possibly accidental click. Subscription to our newsletter can be terminated at any time with future effect. An unsubscribe link (opt-out link) can be found at the end of each newsletter.

In addition, we are obliged to provide evidence that our subscribers actually wished to receive the newsletter. For this purpose, we collect and store the IP address and the time of the registration and deregistration.

Our newsletters are designed such that we are able to gain insights into improvements, target groups or the reading behaviour of our subscribers. This enables us to use what is known as a web beacon or a counting pixel which reacts to interactions with the newsletter, for example, whether links are clicked on, whether the newsletter is opened at all or at what time the newsletter is read. We may assign this information to individual subscribers for technical reasons.

Data subject categories:
Newsletter subscribers

Data categories:
Master data (e.g., name, address), contact data (e.g., e-mail address, telephone number), meta and communication data (e.g., device information, IP-address), usage data (e.g., interests, access times)

Purposes of processing:
Marketing, customer loyalty and acquisition, analysis and evaluation of the success of the campaign

Legal basis:
Consent (Art. 6 para. 1. a) GDPR)


CleverReach

Service used:
CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany

Data protection:
https://www.cleverreach.com/de/datenschutz/

 

Advertising communications

We also use the data provided to us for advertising purposes, particularly to inform you about news from us or from our product portfolio, using various channels. Any promotional approaches on our part are made within the framework of legal requirements, and if required, after having obtained consent.

Should those receiving our advertising not wish to receive it, they can inform us at any time. We will be pleased to comply their wishes accordingly.

Data subject categories:
Communication partners

Data categories:
Master data (e.g., name, address), contact data (e.g., e-mail address, telephone number)

Purposes of processing:
Direct marketing

Legal basis:
Consent (Art. 6 para. 1. a) GDPR), legitimate interests (Art. 6 para. 1. f) GDPR)

Legitimate interests:
Securing the loyalty of existing contacts and gaining new ones, as well as contractual partners

 

Establishing contact

Our online offer provides the option of contacting us directly or getting information about various ways of contacting us.

If we are contacted, we process the data of the persons contacting us to the extent that is required to answer or process the request. Which data is processed may vary, depending upon the way in which contact with us is established.

Data subject categories:
Persons making request

Data categories:
Master data (e.g., name, address), contact data (e.g., e-mail address, telephone number) content data (e.g., texts, photographs, videos), usage data (e.g., interests, access times), meta and communication data (e.g., device information, IP-address).

Purposes of processing:
Processing of requests

Legal bases:
Consent (Art. 6 para. 1. a) GDPR), contract fulfilment or contract initiation (Art. 6 para. 1. b) GDPR)

 

Data transmission

We process the personal data of visitors of our online offer for internal purposes (e.g., for internal administration or to forward to the personnel department in order to fulfil legal or contractual obligations). Internal data transmission or disclosure of data only occurs to the extent it is required with due regard to the relevant data protection regulations.

We may be obliged to pass on personal data for the fulfilment of contracts or for the discharge of a legal obligation. If we are not provided with the necessary data, it may not be possible to conclude the contract with the data subject.

We transmit data in countries outside of the EWR (known as Third Countries). This is on account of the purposes stated above (transmission within the group and/or other recipients). The transmission only takes place to fulfil our contractual and legal obligations or on the basis of consent given in advance by the data subject. In addition, this transmission occurs in compliance with the applicable data protection laws, in particular taking into account Art. 44 ff. GDPR, for example on the basis of adequacy decisions adopted by the European Commission or other appropriate guarantees (for example, standard data protection clauses, etc.).

 

Storage period

In principle, we store the data of persons visiting our online offer for as long as is required to deliver our service or to the extent provided for by European directives and regulations or other legislation in laws or regulations to which we are subject. In all other instances, we delete personal data once the purpose has been fulfilled, with the exception of such data we are obliged to continue to store for the fulfilment of legal obligations (for example, we are bound by tax and commercial law retention periods to retain documents such as contracts and invoices for a defined period of time).

 

Automated decision-making

We abstain from automated decision-making or profiling in accordance with Art. 22 GDPR.

 

Legal bases

The applicable legal bases stem primarily from the GDPR. These are supplemented by national laws of the Member States and may be applicable together with or in addition to the GDPR.

Consent:
Art. 6 para.1. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a defined processing purpose.

Contract fulfilment:
Art. 6 para. 1. b) GDPR serves as the legal basis for processing operations necessary for the fulfilment of a contract to which the data subject is party or for carrying out pre-contractual measures taken at the request of the data subject

Legal obligations:
Art. 6 para. 1. c) GDPR serves as the legal basis for processing operations necessary for the fulfilment of a legal obligation.

Vital interests:
Art. 6 para. 1. d) GDPR serves as the legal basis if the processing operation is necessary for the protection of the vital interests of the data subject or of another natural person.

Public interest:
Art. 6 para. 1. e) GDPR serves as the legal basis for processing operations necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest:
Art. 6 para. 1. f) GDPR serves as the legal basis for processing that is necessary for the safeguarding of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects requiring the protection of personal data, in particular where the data subject is a child

 

Rights of the data subject

Right of information:
According to Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They can request information about this data as well as the other information listed in Art. 15, para 1, GDPR and a copy of their data.

Right to rectification:
Pursuant to Art. 16 GDPR, data subjects have the right to request the correction or completion of the data concerning them and processed by us.

Right to erasure:
In accordance with Art. 17 GDPR, data subjects have the right to demand immediate deletion of the data concerning them. Alternatively, they can demand that we restrict the processing of their data in accordance with Art. 18 GDPR.

Right to data portability:
Pursuant to Art. 20 GDPR, data subjects have the right to request that the data they provide us with is made available and to request that it is transferred to another responsible party.

Right of appeal:
Furthermore, data subjects have the right to appeal to the competent supervisory authority in accordance with Art. 77 GDPR.

Right of objection:
If personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1, sentence 1.f) GDPR, data subjects have the right in accordance with Art. 21 GDPR to object to the processing of their personal data if there are reasons for doing so arising from their particular situation or if the objection concerns direct advertising. In the latter case, data subjects have a general right of objection which shall be implemented by us without the need to specify a particular situation.

 

Revocation

Some data processing operations are only possible with the express consent of the data subject. They have the possibility at any time of revoking consent that has previously been given. All you need to do is send us an informal message or e-mail to datenschutz@hymer-alu.de. The legality of data processing carried out up to the time of revocation remains unaffected.
 

External links

Our website contains links to the websites of other providers. We would point out that we have no influence on the content of linked online offers or compliance with data protection regulations on the part of their operators.
 

Modifications

We reserve the right to amend this data protection information at any time if there are changes to our online offer and in compliance with the applicable data protection regulations so that it complies with legal requirements

 

This privacy policy was created by
DDSK GmbH

Download Privacy Poilcy



Cookie declaration