Data Protection Policy
General and technical information
1. By using our website you agree with the collection, processing and use of data according to the specification below. In principle, our website can be accessed without registration. In this case, data, e.g. accessed pages or names of files retrieved, date and time are saved on the server for statistical reasons, without directly linking these data to your person. Personal data, in particular name, address or email address are, as far as possible collected on a voluntary basis. Without your consent, there will be no disclosure of data to third parties.
2. The controller, according to the General Data Protection Regulation and other national data protection regulations of membership states as well as other data protection provisions, is:
3. Legal Basis for the Processing of Personal Details
Insofar as we require the consent of the data subject for the processing operations, Article 6 (1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
The processing of personal data that are necessary for the fulfilment of a contract, where the data subject is the contractual party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies for processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary in compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
Where protecting the vital interests of the data subject or of another natural person make the processing of personal data necessary, Article 6(1)(d) GDPR serves as the legal basis.
Where the processing is for the purposes of safeguarding legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests, fundamental rights and freedoms of the data subject , Article 6 (1)(f) GDPR serves as the legal basis.
4. Data deletion and duration of storage
Personal data of the data subject are deleted or access is blocked as soon as the purpose of their storage no longer applies. Furthermore, storage can occur if provisions have been made by European or national legislative powers, in Union regulations, laws or other provisions that the controllers are subject to. Blocking or deletion of data also occurs if a mandatory retention period relating to the quoted standards lapses, except when the need for continued data storage is due to the conclusion or fulfilment of a contract.
5. Description and Scope of Data Processing when Visiting our Website
At every visit to our internet site, our system automatically records data of a general nature and information about the computer system of the visitor. This information comprises e.g. the type of browser, the operating system, the domain name of your internet service provider, i.e. such information containing exclusively such data that do not allow any reference to personal data. Personal data will only be captured on legitimate grounds. Processors may also be recipients of data, where applicable.These data are collected by using cookies. The data collection is mandatory on technical grounds in order to safeguard the following:
- stability of usage and connection set-up to our website
- defence against attacks (server logfiles)
- administrative purposes (where applicable, anonymous analysis for the optimisation of our website)
The temporary storage of the IP address by the system is necessary to facilitate the transfer of the website to the computer of the user. This requires the storage of the IP address of the user for the duration of the session.
Data will be deleted as soon as their storage is no longer required for the achieving the purpose of their collection.
Where data storage occurs within logfiles, this is accomplished within a maximum of seven days. Further storage is possible. In this case, however, the IP addresses of the user are deleted or altered so that a reference to the accessing client is made impossible.
The collection of data for the provision of the website and the storage of data within logfiles is absolutely essential for the operation of the internet site. Therefore, there is no option of opting-out on the p of the user. Article 6(1)(f) GDPR is the legal basis for the temporary storage of data and logfiles.
6. Google Analytics
7. Usage of Google Tag Manager
This website uses Google Tag Manager so that website tags can be managed by the site operator via an interface. The tool “Google Tag Manager” (implements the tags) is a cookie-free domain and does not collect personal data. The tool triggers other tags which in turn may collect data in certain instances. However, Google Tag Manager does not access these data. If a deactivation has taken place at the cookie level or domain level, it remains in place for all tracking tags implemented by Google Tag Manager.
Our website uses certain functions by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When accessing our pages with Twitter plug-ins, a connection will be established between your browser and Twitter servers to display, amongst others, tweets of the Hufschmied Twitter account. In this instance, data are transferred to Twitter. If you have a Twitter account, these data can be linked to it. If you do not wish to link these data to your Twitter account, please log out of your Twitter account before you visit our site. Interactions, such as clicking on the “Re-tweet” button are also sent to Twitter. For more information, please visit https:/twitter.com/privacy.
9. Google Maps
This page uses the map service Google Maps via an API. The service provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to use Google Map functions, it is necessary to store your IP address. These data are usually transferred to a Google server in the USA and stored there. The site operator has no influence over this data transfer. The usage of Google Maps is for the benefit of an appealing presentation of our online offers and to facilitate locating places referred to by us on our website. This constitutes a legitimate interest in the sense of Article 6(1)(f) GDPR. You can find more information on the treatment of user data in the data protection declaration of Google: https://www.google.de/intl/de/policies/privacy/.
10. SSL Encryption
For reasons of security and to protect the transmission of sensitive contents, e.g. enquiries that you send to us as the site operator, this site uses SSL encryption. You can recognise an encrypted connection by the address line of your browser changing from http:// to https:// and the padlock symbol in your browser line.
Once the SSL encryption is activated, data transmitted from you to us cannot be read by a third party.
11. Usage of Cookies
13. Usage of Google Web Fonts
This page uses so-called Web Fonts for the uniform display of fonts, a service provided by Google. When accessing a page, your browser loads the required Web Fonts into your browser cache, in order to display texts and fonts correctly.
For this purpose, the browser used by you has to establish a connection to Google servers. By this Google will be notified that our website is being accessed by your IP address. The usage of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest in the sense of Article 6(1)(f) GDPR.
If your browser does not support Web Fonts, a standard font is used by your computer.
Please find further information on Google Web Fonts under: https://developers.google.com/fonts/faq and within the data protection policy by Google: https://policies.google.com/privacy?hl=de
14. Usage of Matomo Analytics (formerly Piwik Analytics)
This website uses the web-analysing software Matomo (www.matomo.org), a service by the provider InnoCraft Ltd., 150 Willis St, 6011, Wellington, New Zealand (“Matomo”), on the basis of our legitimate interest in the statistical analysis of user behaviour for the purposes of optimisation and marketing according to Article 6(1)(f) GDPR, to collect and store data. For the same purpose, pseudonymised usage profiles can be generated and evaluated from these data. This can be accomplished via cookies. These cookies are small text files stored locally in the buffer of the site visitor’s browser. Among others, these cookies facilitate the recognition of the internet browser. Data recorded by using Matomo technology (including your pseudonymised IP address) are processed on our servers. Information within the pseudonymised user profile that are produced by cookies are not used to identify the user of this website and are not linked with personal data of the carrier of the pseudonym. If you do not agree with the storage and analysis of the data from your visit, you can decide whether an explicit web analysis cookie is allowed to be stored on your browser in order to allow the operator of the website to collect and analyse various statistical data. You can find further information on privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/ . Data are deleted as soon as they are no longer necessary for the purpose of our recording, at the latest, however, after 12 months.
15. Usage of LiveZilla
On our website, we use the analysis tool by LiveZilla GmbH (Byk-Gulden-Straße 18, D-78224 Singen) http://www.livezilla.net . This data processing serves the purpose of the analysis of this website and its visitors. To this end, data for the purposes of marketing and optimisation are collected and stored. From these data, user profiles can be created under a pseudonym. For this, cookies can be deployed. The cookies enable the recognition of the internet browser. Data captured by LiveZilla technologies are not used without the explicit agreement of the data subject to personally identify visitors of this website and to link personal data via the carrier of the pseudonym. The processing occurs on the basis of Article 6(1)(f) GDPR originating from a legitimate interest in a direct customer communication and a needs-orientated display of the website. You have the right, based on your specific situation, to appeal against this processing of your personal data in accordance with Article 6(1)(f) GDPR. You can opt out by preventing the storage of cookies on your browser by altering your browser set-up accordingly. However, we would like to point out that in this case you may not be able to make full use of the functions of this website.
16. Contact Form and Email Contact
Our internet site contains a contact form that can be used for electronic communication. If a user makes use of this facility, the data entered into the input mask are transmitted to us and stored. As an alternative, contact can be made using the email address provided. In this case, personal data of the user that are transmitted via the email are stored. In this context, there is no forwarding of data to a third party. Data will solely be used for the purpose of the communication.
The legal basis for processing operations with the consent of the data subject is outlined in Article 6 (1)(a) GDPR.
The legal basis for the processing of data that are transmitted within the scope of an email is outlined in Article 6(1)(f) GDPR. If the scope of the email concerns the conclusion of a contract, the additional legal basis is outlined in Article (1)(b) GDPR.
Processing personal data from the input mask solely serves the processing of the contact. In the case of a contact via email, herein also lies a necessary legitimate interest in the processing of the data. Other processed data used during the “send” process are in place to prevent the abuse of the contact form and to safeguard our information technology systems.
The data are deleted as soon as they are no longer necessary for the purpose of their collection. For personal data from the input mask of the contact form and those that have been transmitted by email, this is the case when the relevant conversation with the user has ended. The conversation is deemed to have ended, when the circumstances allow to deduce that the relevant circumstances have been conclusively clarified. At the latest, data are deleted six months after the enquiry.
The user shall have the ability to withdraw their consent for the processing of personal data at any time. Where the user contacts us via email, they can revoke their consent to the storage of personal data at any time. In such a case, the communication cannot be continued.You can email the revocation of your consent and appeal against data storage at any time to the following email address: firstname.lastname@example.org. In this case, all personal data that have been stored in the course of the establishment of contact will be deleted.
Data Subject Rights
1. Right of Access
You can demand a confirmation from the data controller whether personal data relating to you are being processed by us. If such processing is happening, you can demand information about the following data:
(1) the purposes of the processing;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipient respectively to whom the personal data have been or will be disclosed
(4) the envisaged period for which your personal data will be stored, or, if definitive details are not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or a right to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to Rectification
You shall have the right to obtain from the controller the rectification of inaccurate personal data and/or an amendment insofar as the processed personal details are inaccurate or incomplete. The controller has to execute the rectification without undue delay.
3. Right to Restriction of Processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:(1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
(4) you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.
Where the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where the restriction of processing is limited according to the above requirements, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to Erasure
a) Obligation to delete
You shall have the right to obtain from the controller the immediate erasure of personal data concerning you and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:(1) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to Article 6 (1)(a) or Article 9(2)(a) GDPR and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
(4) your personal data have been unlawfully processed;
(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Information to third parties
Where the controller has made public your personal data and is obliged to their erasure pursuant to Article 17(1) GDPR, he shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.
The right to erasure does not apply, to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in item a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to Notification
If you have asserted your right to rectification, erasure or processing restriction vis-à-vis the controller, he is obliged to notify each recipient to whom the personal data have been disclosed, of any rectification, erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort. 2The controller shall inform you about those recipients should you request it.
6. Right to Portability
You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR;
(2) the processing is carried out by automated means.
In exercising your right to data portability, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Those rights shall not adversely affect the rights and freedoms of others. 2That right of data portability shall not apply to processing of data that are necessary for the performance of a task that is carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Revoke Data Protection Declaration of Consent
You shall have the right to revoke your data protection declaration at any time. This revocation of consent does not affect the legitimacy of processing prior to the withdrawal.
9. Automated Individual Decision-making Including Profiling
You shall have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to you infringes the GDPR.The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
11. Data Protection Officer
Should you have further questions or concerns about our data protection, please contact our data protection officer: