Privacy - HAGES

DATA PRIVACY STATEMENT

As the operator of the website www.hages.com, we place great value on the protection of your private and personal sphere.

We collect and use the personal data of visitors to our website only insofar as this is necessary in order to provide our website as well as our content and services in a functional way and to make them comfortably usable for visitors.

The processing of personal data is normally performed only with the consent of the visitor. In addition, processing can also be carried out if it was not possible to obtain your prior consent for practical reasons and the data processing is permitted through statutory provisions – in particular through the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG 2018).

In accordance with Article 4(1) of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as a ‘data subject’). This includes things such as the data subject’s name, address, birth date, email address and telephone number.

In accordance with Article 4(2) of the GDPR, ‘processing’ means any operation or set of operations which is performed upon personal data, whether or not by automated means (e.g. collection, storage, use or disclosure).

In accordance with Article 4(7) of the GDPR, the ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

With this Data Privacy Statement we will first inform you of how you can contact us as the controller or our Data Protection Officer (see point 1).

Furthermore, we will explain what data is processed when you visit or use our website, for what purposes and on what legal basis this is carried out, whether there is an obligation to provide data and how long the data will be stored (point 2).

We will also explain the extent to which data transmission is carried out, what security measures are in place and whether automated decision-making is carried out (points 3 to 6).

Finally, we will inform you of your rights regarding the processing of your personal data (point 7).

1. Name and contact information of the data controller, contact information of the Data Protection Officer

The data controller for the visit to and use of this website is:

HAGES Hans G.E. Sievers GmbH & Co. KG
Ferdinandstraße 6
20095 Hamburg

Phone: +49 (0)40 – 32 33 42-0
E-Mail: contact@hages.com

Our Data Protection Officer can be reached at:

Gaby Schütz
Ferdinandstraße 6
20095 Hamburg
Phone: +49 (0)40 – 32 33 42-23
E-Mail: schuetz@hages.com

2. Data processing for the visit to and use of our website

2.1 Storage of access data in log files

In principle, it is possible to visit and make use of our website without providing any of your personal data. The web browser you use when visiting our website automatically sends certain access data to our server. This involves the following data:

the IP address of the requesting computer
the browser software being used as well as its version and language
the operating system of the requesting computer
the date and time of the access
the name and URL of the accessed page or file
the website from which the access originates
the access status/HTTP status code
the respective data volume transferred

Type and purpose of the data processing:

These data are stored temporarily in their own log file. This first serves the purpose of permanently ensuring system security and stability and enabling technical administration in order to thereby ensure the establishment of a trouble-free connection and operation of our website as well as its comfortable use. These data are also evaluated for internal administrative and statistical purposes in order to improve our online offerings. These data will not be merged with other data or data sources that would enable conclusions to be drawn about you.

Legal basis:

The legal basis for this processing is Article 6(1) sentence 1(f) of the General Data Protection Regulation (GDPR). With this data processing we are pursuing the legitimate interest of upholding the operating security of our web pages in order to be able to provide these web pages as well as the information contained there in a way that is trouble-free and comfortable.

Period of storage:

The data will be deleted as soon as they are no longer necessary for the purposes specified above for which the data are collected. In the case of the collection of data for the provision of our website, the data will therefore be deleted when the respective session is ended. Apart from that, the data is regularly deleted after seven days at the latest. Storage beyond this period is possible; however, in this case the IP addresses will be deleted or anonymised so that it is no longer possible to attribute them to a natural person.

2.2. Cookies

We use cookies on our site. These are small files that are automatically created by your browser and temporarily stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

The cookies do not provide us with any information about your identity. The use serves to make our offer more user-friendly.

Most browsers accept cookies automatically. However, you can configure your browser that no cookies are stored on your computer or a notice appears before a new one is created. However, complete deactivation may mean that you cannot use all the functions of our website.

2.3. Data processing for the use of the contact form

Type and purpose of the data processing:

You can send us queries and request information using the contact form provided on our website. The data that is requested from you for this include your email address. These data are required so that we can process your query and contact you. You also have the option to voluntarily provide your telephone number. If we should require further information from you in order to respond to your query then we will contact you separately for this.

The IP address of the user as well as the date and time of the use of the contact form will also be saved when the query is sent. This serves to prevent misuse of our services or the specified data and to log the contact for the purposes of evidence.

We will use the data entrusted to us through the contact form or within the context of other contact exclusively in order to respond to your query. We will not disclose these data to third parties, whether or not for a consideration. If you have not given consent to the further storage and use of your personal data then these data will only be stored as long as necessary for the fulfilment of the purpose pursued by its transmission or as prescribed by statutory provisions (in particular the periods of storage prescribed under tax law and commercial law).

Legal basis:

The legal basis for this processing is Article 6(1) sentence 1(f) of the General Data Protection Regulation (GDPR). Our legitimate interest lies in enabling our users to contact us comfortably and processing the data necessary for responding to such a query.

The legal basis for the storage of the IP address as well as the date and time of registration is Article 6(1) sentence 1(f) of the GDPR. The data processing is necessary in order to safeguard our legitimate interests in the trouble-free use of our services and, if necessary, to assert, exercise and defend against legal claims in the event of misuse. In the event of the improper entry of third-party data, this data processing may also be necessary in order to safeguard the legitimate interests of a third party, namely the owner of the entered data.

Period of storage:

This data will be stored as long as necessary in order to resolve the query concerned. It may be necessary to store data for a longer period due to legal obligations, in particular due to obligations under commercial law or tax law to preserve data derived from the German Commercial Code (HGB) or the German Tax Code (AO), which provide for a period of storage of up to ten years. Apart from that, the data will be store for a longer period only if this is necessary for the performance of a contract.

The data additionally stored during the use of the contact form will be deleted after a period of seven days at the latest.

3. Obligation to provide data,necessity of the provision of data for a conclusion of a contract, possible consequences of the failure to provide data

If you wish to use the provided contact form (see point 2.3), you must provide us with the personal data specified there as required which are required for the processing of your query. We cannot process your query without the provision of the data required for this.

4. Data transfer and data recipients

Your personal data will be transferred to third parties exclusively for the purposes listed below.

We will only transfer your personal data to third partie

if you have given us your consent in accordance with Article 6(1) sentence 1(a) of the GDPR or
if the transfer in accordance with Article 6(1) sentence 1(f) of the GDPR is necessary to assert, exercise or defend against legal claims and there is no reason to assume that you have an overriding interest requiring protection in the non-disclosure of your data or
if there is a legal obligation for the transfer in accordance with Article 6(1) sentence 1(c) of the GDPR or
if it is legally permissible and the transfer is necessary for the performance of a contract with you in accordance with Article 6(1) sentence 1(b) of the GDPR.

5. Data security

We strive to ensure the security of your data. In order to prevent the loss, misuse or alteration of personal data, we have set up corresponding physical, electronic and administrative procedures and adapt these to the current state of technology accordingly. This includes the training of staff with access to the personal data. This website is transmitted using SSL/TLS encryption. Data which you convey to us, e.g. through the contact form, thereby cannot be seen by third parties.

6. No use of automated decision-making including profiling

We do not use profiling or other decision-making processes which are based exclusively on automated data processing and have a legal impact on you or negatively impact you significantly in a similar way.

7. Your rights as a data subject

You have the following rights regarding the processing of your personal data:

Right of access (Article 15 of the GDPR)
You have the right to obtain access to information about the personal data processed by us about you. In particular, you can obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom the personal data have been or will be disclosed, the planned period of storage, the existence of a right to the rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and any meaningful information regarding their details.
Right to rectification (Article 16 of the GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data stored by us concerning you or to obtain its completion if it is incomplete.
Right to erasure (Article 17 of the GDPR)
You have the right to obtain the deletion of the personal data being stored by us about you, unless the processing is necessary to exercise the right to free information and expression of opinion, to fulfil a obligation, for reasons of public interest or to assert, exercise or defend against legal claims.
Right to restriction of processing (Article 18 of the GDPR)
You have the right to obtain the restriction of the processing of your personal data if you dispute the correctness of the data, if the processing is illegal but you reject the deletion of the data and we no longer require the data but you need the data to assert, exercise or defend against legal claims or if you have lodged an objection against the processing under Article 21 of the GDPR.
Right to data portability (Article 20 of the GDPR)
You have the right to obtain in a structured, current and machine-readable format the personal data concerning you which you have provided to us or to obtain the transfer of the data to another controller.
Right to the withdrawal of granted consent (Article 7(3) in connection with Article 6(1) sentence 1(a) or Article 9(2)(a) of the GDPR)
You have the right to withdraw any consent granted to us at any time. The consequence of this will be that we will no longer be allowed to continue the data processing in the future on the basis of that consent unless it can be based on a different legal basis.
Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR in connection with Section 19 of the Federal Data Protection Act 2018 (BDSG 2018))
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to him or her infringes the GDPR. You can normally contact the supervisory authority of your usual place of residence, your place of work, or the location of our office.

You also have a

Right to objection (Article 21 of the GDPR)
If we process data concerning you on the basis of legitimate interests, you can object to this on grounds relating to your particular situation.

You can also object to data processing if we perform it for the purposes of direct marketing.

To exercise your rights, please use the contact data of our Data Protection Officer provided under point 1. You can also contact us through all of the other contact information provided under point 1.