PRIVACY POLICY of

 

Hoesch Design GmbH, Schneidhausen, 52372 Kreuzau, Germany 

 

Controller within the meaning of the EU General Data Protection Regulation [EU GDPR]

Thank you for your interest in our company and our services. We want you to feel safe when visiting our website, also with regard to the protection of your personal data.

 

We take the protection of personal data very seriously. Compliance with the provisions of the EU General Data Protection Regulation (EU-GDPR) and other relevant data protection laws is therefore a matter of course for us. We would like you to know what data we collect, when we collect them and how we make use of them. We have taken technical and organisational precautions to ensure that the data protection regulations are observed both by ourselves and by external service providers.

 What personal data do we collect and why?

 Below we will show you what data we collect on this website and for which different purposes:

 1. Processing of data using cookies

 Our website makes use of cookies. These are text files that are stored on your computer in order to track visitors' preferences and to optimize our website accordingly.

 On the one hand, we use transient cookies. These are automatically deleted when you close the browser. These transient cookies primarily include session cookies. They store a so-called session ID, which allows different requests from your browser to be assigned to the particular session, thus enabling your computer to be recognised when you return to the website. Session cookies are deleted when you log out or close your browser.

 In addition, we also use persistent cookies. These are automatically deleted after two months.

 To prevent cookies from being stored, you must select "Do not accept cookies" in the browser settings. If cookies are not accepted by the browser, the scope of functions available on the website may be limited.

 These items of information are stored separately from any other data supplied to us. In particular, the data of the cookies are not linked to your other data.

 The legal basis for data processing is Article 6, Para. 1, lit. f of EU GDPR. The legitimate interest pursued is to facilitate and improve the use of the site and thus to better present our offer.

 

2. Data processing for using our general contact form

If you contact us via our website, we will process the following information in order to respond to your request accordingly:

 - date and time of request

- your first and last name

- your e-mail address

- request text.

 Without this data we cannot process your request.

 You can provide the following additional data voluntarily:

           - your telephone number and address.

 If this data is missing, we cannot contact you via the appropriate route, but only via your email address.

 The data will be deleted as soon as they are no longer needed to process your request.

 The legal basis for data processing is Article 6, Para. 1, lit. f of EU GDPR, insofar as your request is processed to explain our services and our company. Should your request be made in preparation for a contract, the legal basis is Article 6, Para. 1, lit. b of EU GDPR.

 3. Data processing for login and registration

Due to your registration and/or registration for a service offered, we process other data that you voluntarily provide to us.

The processing of data is pursuant to Article 6, Para. 1, lit. b of EU GDPR for the provision and use of services commissioned by you.

The data concerned shall be deleted when they are no longer necessary for the purposes for which they were stored. This is the case if the data is no longer required for the performance of the offered service. Even after the provision and conclusion of the services, there may be a need to continue to store your personal data in order to comply with contractual or legal obligations.

 4. Data processing for newsletter registration 

We also like to keep you regularly informed by e-mail For this purpose, you can subscribe to our newsletter. With your registration, you accept the use of your personal data for the generation and distribution of the newsletter (Article 6, Para. 1, lit. a of EU GDPR). We record your IP address to confirm your registration and your e-mail address to distribute the newsletter. In order to verify that an application is actually made by the owner of an e-mail address, we use the "double opt-in" procedure. This means we record the registration to the newsletter, the sending of the notification email and receipt of the requested reply.

The data will only be used for sending the newsletter. Your data will of course not be passed on to third parties. If you have expressly agreed to it, your behaviour regarding the use of the newsletter will be recorded in order to improve the newsletter.

You can withdraw your permission at any time with effect for the future. A link is provided in every newsletter enabling you to withdraw your permission. The data stored on you will then be deleted. If you do not confirm the registration, your data will be deleted after seven days at the latest, which means that a new registration is required.

5. Data processing for the job application procedure  

You have the opportunity to find out about advertised positions via our career website and to apply to us. For this purpose, you provide us with personal data that we process exclusively for the application process.

We process your data if they are required for a decision on the establishment of an employment relationship , pursuant to § 26 Para. 1 of the German Federal Data Protection Act (BDSG). Insofar as the data is used to propose to you jobs, we process data on the basis of Art. 6 Para. 1 lit. a of GDPR. Further information can be found in the relevant declarations of consent. You can revoke your consent at any time with effect for the future.

6. Online shop

Within the scope of the operation of our online shop, personal data is collected and processed, for example for the registration and processing of orders. This is inventory data, such as a person’s name and address and user data (e.g. password).
The processing of the data is necessary for the establishment, execution and execution of the contracts as well as for the purpose of future customer support and customer care. The processing is based on Article 6, Para. 1, Section 1 b) of EU GDPR for the initiation and fulfilment of a contractual relationship with the data subject.

 7. Data processing for electronic methods of payment 

For a transaction via our online shop, you may need to have payment data available in order to perform the transaction. When paying by credit card, your card and payment details must be transferred to third parties in order to process the payment.

The processing of your personal data is used for the processing of the cashless payment and is necessary for this purpose. The data processing is based on Art. 6 Para. 1 lit. b of GDPR.

The card data is stored for two weeks in order to be able to prove missing payments and make subsequent bookings in case of technical problems that may arise. The signed payment receipts are kept for a period of six months.

8. Data processing for using mapping services

For the presentation of certain services, we use the interactive mapping services of third-party providers:

In this context, HOESCH does not process any personal data.

When using these services, personal data will be transferred to the third-party card providers and processed exclusively by them on their own responsibility. Third-party data processing includes at least the following types of data:

  • information about the use of our website
  • your IP address.

You can disable the interactive map service and prevent data from being transferred to the third party. For this purpose, disable Java Script in your browser. In this case, you can no longer make use of the interactive mapping service.

Information on the processing of your personal data by third-party providers can be found in their data protection notices.

We analyse this technical data anonymously and only for statistical purposes, in order to continue to optimise our Internet presence and to make our online services even more attractive. This anonymous data is stored separately from personal information on protected systems and does not allow identification of an individual.

 

What applies generally for all cases of data processing?

No data will be passed on to third parties.

Should a statutory retention obligation exist, we must point out that we will be unable to delete your data before the end of the retention period. The same applies to any retention obligation arising out of a contract with you.

 

How do we safeguard your data?

We have taken technical and organisational security measures in order to protect your data processed by us against accidental or deliberate manipulation, loss, destruction, or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

Our employees and any third parties entrusted with data processing have been obliged by us to maintain confidentiality.

 

How long do we store your data?

We will only store your information as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. After that your personal data will be deleted, blocked or anonymised, as stated by the applicable law.

 In particular:

  • If you terminate your user account, your personal data will be marked for deletion, except to the extent that legal provisions or other overriding legitimate reasons require prolonged storage. 
  • Please note that HOESCH is required to retain certain transactional data under statutory commercial and tax law for a period of up to ten (10) years. 
  • If you withdraw your consent, on which the processing of your personal data or the personal data of your child is based, we will immediately delete your personal data, insofar as the collection and processing of the personal data was based on the withdrawn consent. 
  • If you exercise a right of objection to the processing of your personal data, we will review your objection and immediately delete your personal data that we have processed for the purpose you objected to, unless there is another legal basis for the processing and storage of such data or if applicable law requires us to retain the data.

Your rights

According to the EU GDPR, you have the right at any time to demand information from us as to whether data relating to your person are stored by us. With regard to these stored data you also have the following rights:

- the right to access stored data (Article 15 EU GDPR),

- the right to rectification of inaccurate data (Article 16 EU GDPR),

- the right to erasure of data (Article 17 EU GDPR),

- the right to restriction of processing of data (Article 18 EU GDPR),

- the right to object to unacceptable processing of data (Article 21 EU GDPR) and

- the right to data portability (Article 20 EU GDPR).

If you have given your consent to the use of data, you can revoke it at any time with effect for the future.

Please direct all requests for information, enquiries or objections to the processing of data by e-mail to [email protected] or to the postal address provided at the start of this information.

In addition, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data infringes the EU GDPR (Article 77 EU GDPR).

 

Children and youths

 Persons under the age of 18 are not allowed to submit any personal data to us without the consent of their parents or guardians. We do not request, collect or share personal data with children and adolescents.

 

Additional information

Contact data of our data protection officer:

OHA – Gesellschaft für Arbeitsschutz und Arbeitssicherheit mbH

Paul – Klinger – Straße 1

45127 Essen, Germany

E-mail: [email protected]

Information in accordance with Article 13 Para. 2 lit. e EU GDPR:  The providing of personal data is neither legally nor contractually compulsory or required for a contract. You are not obligated to provide the personal data. Please refer to the section “What personal data do we collect and why?” for information on any consequences of not providing personal data for the respective data processing.

 

Changes to our privacy policy

We reserve the right to change our privacy policies to the extent necessary due to technical developments or changes in legislation or jurisdiction. In these cases, we will also adjust our privacy policy accordingly. Therefore, please take note of the current version of our privacy policy.