1. IntroductionWe appreciate your interest in the offers of HANSA-FLEX AG (referred to below as "HANSA-FLEX"). The protection of your personal data is very important to us, and we wish to provide you with a positive feeling of security both when you visit our website and during all business and communication processes you share with us. We therefore take the protection of your data and the applicable statutory regulations very seriously.
2. Responsible party as defined by the General Data Protection Regulation (GDPR)HANSA-FLEX AG
Zum Panrepel 44
Tel.: +49 421 48 90 7 0
Fax: +49 421 48 90 748
Management board: Thomas Armerding (Chairman), Uwe Buschmann, Christian-Hans Bültemeier
Chairman of the Supervisory Board: Tim Hollweg
Bremen District Court HRB 26530 HB; registered location: Bremen
VAT No. DE170352164
Contact person for data protection (data protection officer)
Your trust is important to us. We are therefore ready to provide you at all times with information regarding the collection, processing and use of your personal data. For this purpose you can contact our data protection officer.
HANSA-FLEX AG Data Protection Officer
Zum Panrepel 44
Tel.: +49 421 48 90 7 221
Fax: +49 421 48 90 7 930
3. General principlesWe process your personal data in compliance with the relevant legal provisions, in particular the Telemedia Act (TMG), Interstate Agreement on Broadcasting (RStV), the General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG).
We only process your personal data of our users to the extent that this is necessary for the provision of a functioning website together with our content and services. In addition, we process your personal data only with your consent, i.e. if you provide the information voluntarily. You will be informed about the processing in detail in the following sections.
Your personal data cannot be viewed by other users of the HANSA-FLEX website.
Legal bases for the processing of your data:
If we obtain the consent of the data subject for the processing of personal data, the legal basis for the processing is Art.6 Section 1 a GDPR.
In the processing of personal data which is required to fulfil a contract in which the person involved is a contracting party, the legal basis for the processing will be Art.6 Section 1 b GDPR. This also applies to processing operations which are required for the implementation of pre-contractual measures.
If the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject, the legal basis for the processing is Art.6 Section 1 c GDPR.
In cases where the vital interests of the person involved or some other natural person make the processing of personal data necessary, the legal basis for the processing is Art.6 Section 1 d GDPR.
If the processing is necessary in order to safeguard the legitimate interest of our company or of a third party, and if the interests, fundamental rights and basic freedoms of the person involved do not outweigh the interests first mentioned, the legal basis for the processing is Art.6 Section 1 f GDPR.
Legitimate interests can, in particular, be:
- answering enquiries;
- the implementation of direct marketing operations;
- the provision of services and/or information specifically for you;
- the processing and transmission of personal data for internal or administrative purposes;
- the operation and administration of our website;
- technical support for users;
- the avoidance and uncovering of cases of fraud and punishable offences;
- protection against bad debts in relation to enquiries from users concerning the supply of products and services; and/or
- the safeguarding of network and data security, provided that these interests in each case are compatible with the applicable legislation and the rights and freedom of users;
Your rights as a data subject
Your rights as a data subject in relation to HANSA-FLEX are as follows.
You have the right
- to require us to provide you with confirmation on whether your personal data is processed by us. If this is the case, you have the right to be informed about this personal data and about the information which is detailed individually in Art. 15 GDPR.
- to require us to provide you with your personal data, subject to the restrictions of Art. 20 GDPR, in a standard electronic, machine-readable data format. This also covers transmission of the data (wherever possible) to a different responsible party nominated by you.
- to require us to correct your data if it is incorrect, not relevant and/or incomplete. Such correction also covers completion by declarations or notifications.
- to require the immediate deletion of your personal data if any of the grounds listed in Art. 17 GDPR apply.
- We regret that we are not permitted to delete any data which is subject to a statutory retention period. We will be happy to include you in a blocking list if you wish us to discontinue the collection of your data for the future, or no longer wish to be contacted by us.
- You can also withdraw any consent you have provided us with, without this placing you at any disadvantage.
- If any of the preconditions listed in Art. 18 GDPR applies, you can require us to restrict the processing of your data.
- You can also – for reasons arising from your particular situation – object at any time to the processing of your personal data. We will then no longer process your personal data, unless we can prove that the interests we ourselves need to protect outweigh your interests, rights and freedoms, or if the processing serves the assertion, implementation or defence of legal claims (Art. 21 GDPR).
- By post to HANSA-FLEX AG; Attn: The data protection officer, Zum Panrepel 44; 28307 Bremen (see "Data protection contact person")
- By email to firstname.lastname@example.org.
- To the competent regulatory authorities in the EU member country of which you are resident, are employed or where the presumed breach occurred
In principle you can visit our website without providing any personal data. Every access to our website and its files is, however, recorded in a server logfile and saved there. In the process we automatically collect and save in our server logfiles only the information which your Internet browser provides us with. This includes:
4. Collection of the data of website visitors
- the browser type/version
- the operating system used
- the referrer URL (the previously visited website)
- the host name of the computer from which access is made (IP address)
- the date and time of the server query
- the name of the file access
- the transmitted data volume
- the report on successful access
The temporary storage and statistical evaluation of data that cannot be assigned to specific users serves exclusively to ensure system security and the security of user data (e.g. the detection of possible faulty links and programme errors as well as attacks on the system) and to improve our offer (e.g. by being able to determine which goods and services are particularly popular).
Further personal information is not collected unless you provide this information voluntarily, e.g. as part of an enquiry, search request or order via our email address.
The legal basis for the temporary storage of the data and the logfiles is Art.6 Section 1 f GDPR (legitimate interest: provision of a functioning website).
5. Services and the personal data collected in connection with themOn the HANSA-FLEX website we offer a range of services. These include:
- Registration with the HANSA-FLEX online shop "shop.hansa-flex.com"
- "My user account" with the HANSA-FLEX online shop "shop.hansa-flex.com"
- Saving of data and access to the contractual text
- Registration with the HANSA-FLEX customer portal "my.hansa-flex.com"
- "My profile" in the HANSA-FLEX customer portal "my.hansa-flex.com"
- Use of our X-CODE product identification database
- Information for the use of our configurator for the production of fittings
- Use of our call-back form
- Use of our contact form
- Use of our feedback form
- Use of our order form for the Practical Manual
- Use of our address book order form
- Use of our order form for the "HYDRAULIC PRESS" customer magazine
6. ApplicationsYou can apply for advertised jobs, apprenticeships, pupil and student internships as well as positions for graduates of diploma / bachelor / master theses or on your own initiative.
For applications with a specific job reference (direct application), your data and documents will be made available to both the relevant specialist department and the responsible HR department. If you apply to us without a specific job reference (unsolicited application), your data and documents will be made available to both the central HR department and the decentralised HR departments of our company, provided that the vacancies there match your applicant profile. Your data and documents will not be passed on to third parties.
The data and documents transmitted will be deleted in the event of a rejection of your application at the earliest 3 months after the end of the application procedure. This does not apply if legal regulations prevent the deletion, or the further storage is necessary for the purpose of proof or if you have agreed to a longer storage period. After that the results are only saved for further statistical purposes in anonymised form, in other words without indicating any names. This statistical data set does not allow any conclusions to be drawn about a natural person and serves as a basis for statistical evaluations. If you agree to your application being included in our applicant database with the proviso that the data and documents submitted by you should also be taken into consideration when filling other vacancies in future, your data and documents will be stored in the applicant database for 12 months and then either automatically deleted or only stored in anonymous form, i.e. without stating your name, for further statistical evaluation. If your application is followed by the conclusion of a contract, your data may be stored and used for the purpose of the usual organisational and administrative processes in compliance with the relevant legal regulations.
You have the possibility at any time to withdraw your application as a whole or in part. You can also at any time require the deletion or modification of all or some of your data and files from our job applications database. However, certain data from your application has to be saved for a period of three months for statutory reasons, in particular the obligation on our part to provide proof of compliance with general regulations on equal treatment (AGG).
The legal basis for the processing of applicants’ data is § 26 BDSG (2017) in conjunction with Art. 6 Section 1 B GDPR (preparations for a contract of employment) and Art. 88 GDPR. Information provided voluntarily within the context of your application is processed on the basis of § 26 Section 2 BDSG (2017) in conjunction with Art. 6 Section 1 aand Art. 88 GDPR. Insofar as processing is carried out on the basis of the existing obligations to provide evidence, the legal basis is Art. 6 Section 1 c GDPR.
7. Use and disclosure of personal dataWe do not pass on your personal data to third parties unless you have expressly consented to the transfer of your data for the above-mentioned purposes or the transfer is expressly permitted or prescribed by law, e.g. for purposes of general security, law enforcement or the enforcement of intellectual property rights.
Service partners involved in contract processing
HANSA-FLEX may, in accordance with Art.6 Section 1 b GDPR and Art.6 Section 1 f GDPR, transfer the collected data within the scope of the execution of a contract - insofar as this is necessary - to the branches, group companies and partner companies & agencies involved in the execution of the contract, as well as any other external service partners we use to fulfil the contract, provided that the purpose of the data processing is preserved. These include in particular the transport company commissioned to deliver the goods ordered and the payment institutions and payment service providers commissioned to process payments as well as the company branches commissioned to carry out maintenance, repair and other work and services. http://www.hansa-flex.com/niederlassungen.html, group companies http://www.hansa-flex.com/unternehmen/unternehmensgruppe.html and partner companies & representations http://www.hansa-flex.com/niederlassungen/partner.html and other external service providers. In these cases, we forward the data in accordance with the provisions of the relevant legal regulations on data protection (in particular the GDPR). The amount of data transmitted is limited to a minimum. These companies may only use your data for order processing and not for other purposes and have been provided with an agreement for order data processing in accordance with Art. 28 GDPR.
Use of the data for purposes of our own consulting, advertising and market research
In accordance with Art.6 Section 1 f GDPR we are permitted to collect, process and use your personal data for the purposes of our own consulting, advertising and market research, but above all for the demand-oriented design of the goods and services offered by us. Of course you can object to the processing of your personal data for advertising purposes at any time with effect for the future. We will then no longer send you advertising information.
Any processing of your personal data beyond the scope described here will only take place with your consent in accordance with Art.6 Section 1 a GDPR.
Export and processing of data in countries outside the European Economic Area
HANSA-FLEX is a company with global operations and operates numerous websites worldwide. The data of Internet pages for company branches and group companies located in Germany and the EU is stored exclusively on servers within Germany or the EU, as is data transmitted to us via these Internet pages. The data of the websites for company branches and group companies located in countries outside the European Economic Area may be stored on servers outside Germany and the EU, which also applies to data transmitted to us via these websites.
The processing of the personal data made available by you within the scope of our services takes place in principle on servers within Germany or the European Union.
If the data recipient is located in a member state of the European Union (EU) or a state party to the Agreement on the European Economic Area (EEA), it is automatically assumed under intra-Community law that an adequate level of data protection is ensured by the data recipient. In addition, the EU Commission has decided for some non-EU/EEA countries that their legal system as a whole ensures an adequate level of data protection, so that an adequate level of data protection may also be assumed for data recipients resident in these countries. This includes the following countries: Andorra, Argentina, Australia, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, Canada, New Zealand, Switzerland, Uruguay, USA (Safe Harbor) http://ec.europa.eu/justice/data-protection/document/international-transfers/adequacy/index_en.htm. Your personal data will only be transferred to data recipients in a non-EU country other than the above-mentioned countries if this is necessary in individual cases or if we are legally obliged to do so. We would like to point out that in cases where there is no level of protection for personal data in non-EU countries comparable to that in the EU, we take protective measures and provide guarantees in accordance with Art. 45 ff. GDPR. In particular, we use the standard EU contract clauses of the European Commission for this purpose.
The legal basis for the processing of personal data for the operation of a website as well as its needs-based design using cookies is Art.6 Section 1 f GDPR.
Our newsletter and product information within the scope of an ongoing business relationship
If you would like to receive the newsletter offered on our website, we need a valid email address from you. The registration is done by entering the email address in the newsletter registration form. In this case, we will send you an email with an activation link to the email address you have provided, which you can use to confirm your registration (double opt-in procedure). In this way we guarantee that you are the owner of the email address provided and agree to the receipt of the newsletter. When you register for the newsletter, we save your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses an email address and registers for receiving the newsletter without the knowledge of the authorised party. After registration, we will inform you at irregular intervals about our company and our range of goods and services. If you do not confirm your registration within 24 hours, your information will be deleted.
If you are already in business contact with us, we reserve the right to use the email address you provide to send you information on similar products/services from us at the end of an individual business transaction, even without an explicit request. You can object to the use of the contact data at any time with effect for the future without incurring any costs other than the transmission costs according to the basic tariffs.
A statistical evaluation of the reading behaviour of users only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked the links. This is a function that we only use to check on user activities and to optimise them accordingly. For this purpose, the newsletter contains a so-called "web-beacon", a pixel-sized file that is retrieved by our server when the newsletter is opened.
The legal basis is your consent in accordance with Art.6 Section 1 a GDPR. If you receive product information as part of an ongoing business relationship, the legal basis is Art. 6 Section 1 lit. f GDPR with the above legitimate interests, namely to keep you informed about similar products / services. The legal basis for the double opt-in procedure is Art. 6 Section 1 c GDPR.
Of course, you can object to the processing of your email address to send you our newsletter / product information at any time with effect for the future or revoke your consent. The revocation can take place via a link in the newsletters themselves or via communication to the above-mentioned contact possibilities. We will then no longer send you our newsletter.
This website uses Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google Analytics uses ‘cookies’, text files that are stored on your computer and can be used to analyse your website usage. The information generated by the cookie about your usage of this website is normally transferred to a Google server in the USA, where it is saved. However, if IP anonymisation is activated on this website, Google will beforehand reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Please note that IP anonymisation is active on this website. On this website Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure an anonymous collection of IP addresses (so-called IP masking). On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
Opposing data collation
You can prevent Google Analytics from collating your data by clicking the link below. This enables an opt-out cookie that prevents your data from being collated during future visits to this website: Disable Google Analytics
http://www.google.com/analytics/terms/de.html or rather:
Google Tag Manager
Google Tag Manager is a solution that enables us to manage ‘website tags’ via an interface (and therefore integrate, for example, Google Analytics and other Google marketing services into our website). Tag Manager itself (which implements the tags) does not process users’ personal data. For details of how users’ personal data is processed, please see the following information about the Google services.
Use policy: https://www.google.co.uk/analytics/tag-manager/use-policy.
Our websites use ‘Google reCAPTCHA’ (hereinafter ‘reCAPTCHA’), a service provided by Google Ireland Limited; Gordon House, Barrow Street; Dublin 4; Ireland (‘Google’).
reCAPTCHA checks whether the data entries on our websites (e.g. in a contact form) are made by a human or an automated program. To this end, reCAPTCHA analyses the website visitor’s behaviour on the basis of several characteristics. This analysis starts automatically as soon as the visitor accesses the website. To conduct the analysis, reCAPTCHA evaluates several pieces of information (e.g. IP address, visit length or mouse movements made by the visitor). The data recorded during the analysis is forwarded to Google.
reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is occurring.
Data processing takes place in accordance with Article 6, paragraph 1, letter f of the GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated spying and spam.
On this website we use the Google Maps service. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.
When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account that you are logged into or whether there is no user account. If you are logged into Google, your information will be directly associated with your account. If you do not wish this to be assigned to your profile on Google, you must log out before calling up a map. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.
The use of Google Maps is in the interests of an attractive presentation of our online offering and the easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 Section 1 f GDPR.
Further information on the purpose and scope of data collection and processing by Google Maps can be found in the privacy policies. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy/. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
On this website we use so-called plugins of the social network Facebook. The Facebook plugins can be recognised by the Facebook logo or by the “Like” button. When the user visits this page, the plugin establishes a direct connection between his/her browser and the Facebook server. Facebook receives the information that the user has visited this website with his/her IP address. If the user clicks the Facebook “Like button” while logged into his/her Facebook account, he/she can link the contents of these pages to his/her Facebook profile. This allows Facebook to associate the visit to this website with the user account of the user.
We would like to point out that, as the provider of the website, we do not have any knowledge of the content of the data transmitted or its use by Facebook. If the user does not want Facebook to be able to assign the visit of these pages to his/her Facebook user account, he/she must first log out of his/her Facebook user account.
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
We have included YouTube videos in our online offering, which are stored on www.youtube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will data be transferred. We have no influence on this data transmission. This occurs regardless of whether YouTube provides a user account that you are logged into, or whether no user account exists. When you are logged into Google, your information will be directly associated with your account.
If you do not wish your profile to be associated with YouTube, you must log out of YouTube before playing the video. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website to meet your needs. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.
YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Storage of bank data
If we offer direct debit authorisation as a payment method and do not use a payment service provider for this, users choosing this payment method undertake to grant HANSA-FLEX a valid direct debit authorisation for their bank account. Among other things, the user must provide the following information:
- account holder
- account number
- name of the bank
- bank code number
Internet payment systems
Please note that, in addition to other payment methods, Internet payment systems whose operators may be located outside the EU may also be offered for payment in relation to our Internet offers. These companies may also store the data of users placing orders on servers outside the EU. We have no influence on this.
8. Data securityYour personal data is transmitted on the Internet in encrypted form using an SSL certificate (2048 bit) both when you register for the services we offer that require registration and when you log into the internal user service area of both our online shop at https://shop.hansa-flex.com and customer portal at https://my.hansa-flex.com. We protect our website and other systems by technical and organisational measures against the loss, destruction, access, modification or distribution of your data by unauthorised persons. Despite regular checks, however, complete protection against all risks is not possible. Access to your account in the internal user service area of both the online shop at https://shop.hansa-flex.com and the customer portal at https://my.hansa-flex.com is only possible after the entry of your password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
External links and outside content
The contents of our Internet pages have been prepared with the greatest care. Nevertheless, we do not assume any guarantee for topicality and completeness. We are only responsible for our own content, but not for external content. For further information, you may find links on our website that refer to third-party websites. We have checked all external links for illegal contents and at the time such contents were not recognisable. With regard to third-party content, there is no general monitoring and auditing obligation. If we become aware of illegal content, we check these links immediately and remove them if necessary. External links always open in a new browser window.
Valid from: September 2019