Privacy Notice

Privacy Notice

With this Privacy Notice our organisation wishes to inform you how we process personal data (hereinafter “data”) in connection with this website and our social media profiles (hereinafter together our “online services”), particularly the type of data processed, the scope and purpose of processing. The definitions of art. 4 General Data Protection Regulation (GDPR), e.g. „personal data“, „processing“ apply.

Controller:

Michael Hörauf Maschinenfabrik GmbH & Co. KG
Mozartstr. 39-41
73072 Donzdorf, Germany
Registry Court: Amtsgericht Ulm HRA 540798
Managing directors: Werner Stahlecker, Holger Aubele
Phone: +49 7162 942-0
Email: info@hoerauf.com

How to contact our Data Protection Officer:

You can reach our Data Protection Officer at the above address and the following email address: ds@hoerauf.com

Types of processed data:

  • inventory data (e.g. names, addresses).
  • contact data (e.g. email, phone numbers).
  • content data (e.g. text entered, photos, videos).
  • usage data (e.g, websites visited, content interested in, duration of visit).
  • Meta and communication data (e.g. device information, IP addresses).

Processing of special categories of Data (art. 9 (1) GDPR):

We generally do not process special categories of Data unless they are provided voluntarily by the user, e.g. entered in online forms or submitted via email as part of a job application (cf. chapter 18 of this Privacy Notice for more detail).

Categories of data subjects:

  • Customers / potential customers / suppliers.
  • Visitors and users of our web services.
  • job applicants.

Hereafter we refer to all affected persons as „Users“.

Purpose of processing:

  • Maintaining our web services, its contents and functionalities.
  • Performance of contractual obligations, service, customer care.
  • Responding to inquiries, communication with users.
  • Marketing, advertisement and market research.
  • Security measures.

Last updated: 20.07.2018

1. Legal basis of processing

As required by art. 13 GDPR we inform you about the legal basis for our data processing. Unless a more specific legal basis is named in this Privacy Notice in connection with a processing, the following applies: If we ask for your consent, the legal basis for the processing is art. 6 (1) 1 lit. a. and art. 7 GDPR. If we process data to perform a contract or to respond to an inquiry the legal basis is art. 6 (1) lit. b. GDPR. If we process data to comply with legal requirements the legal basis is art. 6 (1) lit. c. GDPR. If we process data to pursue our legitimate interest or the legitimate interest of a third party the legal basis is art. 6 (1) lit. f. GDPR.

2. Changes and updates to this Privacy Notice

Please check the content of this Privacy Notice regularly. We amend this Privacy Notice as soon as changes to our data processing make changes necessary. We will inform you if such changes require you to take action or if an individual information is necessary.

3. Security measures

3.1. We take technical and organisational measures in accordance with art. 32 GDPR taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for rights and freedoms of natural persons to ensure a level of security appropriate to the risk. Among those measures are in particular the ensuring of ongoing confidentiality, integrity, availability of processing systems though controlling physical access to Data as well as access, entering, transfer, ensuring availability as well as segregation. In addition, we have established processes ensuring that data subjects can invoke their rights, Data is deleted and reactions to threats to Data are appropriate. We take into account the protection of data during development and selection of hardware, software and processes in accordance with the principles of privacy by design and privacy by default (art. 25 GDPR).

3.2. The data transmission between your browser and our server is encrypted.

4. Cooperation with data processors and third parties

4.1. We only disclose, transfer or grant access to the Data other persons and enterprises (data processors or third parties) in connection with our processing where a legal basis exists (for example where the transfer to third parties is necessary for the performance of a contract pursuant to art. 6 (1) lit b. GDPR), if you have given us consent, if we are required by law or if we have a legitimate interest to do so (e.g. webhosting by third party providers).

4.2. Where we engage third parties to process data on our behalf we conclude data processing agreement pursuant to art. 28 GDPR.

5. Data transfer to third countries

If we process data in a third country (i.e. outside of the European Union or the European Economic Area) ourselves or by engaging a service provider or through disclosure or transfer to third parties we will only do so to perform a contract, based on consent, if required by law or to pursue a legitimate interest. Unless otherwise permitted by law or by contract we process Data or have data processed on our behalf only if the requirements of art. 44 et seqq. GDPR are met. This means that special safeguards like an official assessment that the level of data protection in a specific country is equivalent to that in the EU (e.g. for the USA the „Privacy Shield“) are in place or the processor or third party has agreed to observe officially sanctioned special contractual obligations („standard contractual clauses“).

6. Rights of the data subject

6.1. You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data in accordance with art. 15 GDPR.

6.2. You have the right to obtain from the controller without undue delay the rectification of inaccurate and the completion of incomplete personal data concerning you in accordance with art. 16 GDPR.

6.3. Subject to the requirements of art. 17 GDPR you have the right to obtain from the controller the erasure of personal data concerning you without undue delay, alternatively to obtain restriction of processing subject to the requirements of art. 18 GDPR.

6.4. You have the right to receive the personal data concerning you, which you have provided to us and to transmit those data to another controller subject to the requirements of art. 20 GDPR.

6.5. You also have the right to lodge a complaint with a competent supervisory authority pursuant to art. 77 GDPR.

7. Right to withdraw consent

You have the right to withdraw consent for the future pursuant to art. 7 (3) GDPR.

8. Right to object

If we process Data based on a legitimate interest pursuant to art. 6 (1) lit f. GDPR you have the right object to future processing in accordance with art. 21 GDPR, particularly to processing for the purpose of direct marketing.

9. Cookies and right to object in the case of direct marketing

We use temporary and permanent cookies. Cookies are small files which are stored on the device of the use (for additional information please refer to chapter 15 of this Privacy Notice. These cookies enable us increase security of our online services, are necessary to provide the online services or document the User decision with regard to the cookie banner. In addition, our technology partners use cookies for marketing purposes and for internet audience measurement as explained in this Privacy Notice.

You can generally object to the use of cookies for marketing and interest-based advertising purposes by many services and tracking in particular by visiting the US website http://www.aboutads.info/choices/ or EU website http://www.youronlinechoices.com/ .

10. Data retention and deletion

10.1. We delete or restrict data processed in accordance with art. 17 and 18 GDPR. Unless explicitly stated otherwise in this Privacy Notice we delete personal data when it is no longer necessary for the purpose of the processing and no legal retention periods require storage. The processing will be restricted if the data are not deleted because they are necessary for other and lawful purposes. This means that data will be restricted and not processed for other purposes. This applies for example to data stored to comply with retention periods under commercial or tax law.

10.2. We are legally required to retain commercial records for 6 years pursuant to § 257 (1) German Commercial Code (trading books, inventories, opening balance sheets, annual accounts, commercial letters, accounting records, etc.) and for 10 years pursuant to § 147 (1) German Tax Code (books, records, management reports, accounting records, commercial letters, documents relevant for tax assessment, etc.).

11. Performance of contractual obligations

11.1. We process inventory data (such as names and addresses as well as contact information of uses), contract data (goods and services purchased, contact person, payment information) for the purpose of performing our contractual obligations, art. 6 (1) lit. b. GDPR.

11.2. We delete this data after statutory or contractual warranty periods have lapsed. The necessity of the data for this purpose is evaluated every three years. Where legal data retention periods apply the data will be deleted after those have lapsed (six years for retention periods under commercial law, 10 years for retention periods under tax law).

12. Contacting us

12.1. If you contact us by email or via our contact form, the data you provide will be processed to handle your inquiry pursuant to art. 6 (1) lit. b. GDPR.

12.2. The data you provide may be entered into a Customer-Relationship-Management System ("CRM System") or request management system.

12.3. We delete your request and the data provided therein once they are no longer necessary. We evaluate the necessity every two years. Where legal data retention periods apply the data will be deleted after those have lapsed (six years for retention periods under commercial law, 10 years for retention periods under tax law).

13. Hosting

This website is hosted by a hosting provider. Our hosting provider processes inventory, contact, content, usage and meta and communication data (e.g. device information, IP address) of website users. The legal basis for this processing is art. 6 (1) 1 lit. f. GDPR. Our legitimate interest is to provide our online services efficiently and in a secure manner.

14. Collection of access data and log files

14.1. Our hosting provider collects data (server log files) on the basis of our legitimate interest pursuant to art. 6 (1) lit. f. GDPR each time you connect to the server on which the online service is hosted. The logged data contains website visited, name of the file, date and time of request, data volume transmitted, notification on successful request, web browser including version, operating system of user, referrer URL (the website previously visited), IP address and access provider making the request.

14.2. The data is stored in the log files for security purposes (e.g. to investigate misuse and fraud) for a maximum period of 12 days and are then deleted. Not deleted are data whose retention is necessary for evidentiary purposes. Such data will be stored until the issue under investigation has been resolved and are then deleted.

15. Cookies & internet audience measurement

15.1. Cookies are information transmitted to your device’s web browser by our webserver or by the webserver of a third party to be accessed later. Cookies can have the form of small text files or other forms of stored information.

15.2. This Privacy Notice informs you about the use of cookies for the purpose of pseudonymized internet audience measurement.

15.3. If you do not want cookies to be stored on your device, we ask you to disable cookies in your browser settings. Stored cookies can be deleted via the browser settings. Disabling cookies in your browser can affect the usability of this website.

15.4. You can object to the use of cookies for marketing and interest-based advertising purposes via the website of the Network Advertising Initiative ( http://optout.networkadvertising.org/ ) and in addition via the US website ( http://www.aboutads.info/choices ) or the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).

16. Google Analytics

16.1. We use Google Analytics, a service provided by Google LLC („Google“) on the basis of our legitimate interest in analysing and optimizing the operation of our online services ( art. 6 (1) 1 lit. f. GDPR) Google uses Cookies. The information contained in the cookie about the usage of our online services by the user are usually transmitted to and stored on servers located in the USA.

16.2. Google is certified under the Privacy Shield and guarantees adherence to EU data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

16.3. Google will use this information on our behalf to evaluate usage of our online services, to create reports on the activities within the online services and to render other services related to the usage of our online services. It is possible to create pseudonymized user profiles based on the data processed.

16.4. We use Google Analytics only with activated IP Anonymisation. This means the User’s IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area is shortened. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.

16.5. According to Google the IP address transmitted by your browser is not combined with other data from Google. You can disable the storing of cookies by changing the relevant settings in your browser; In addition, you can prevent Google from collecting the data stored in cookie and relating to your usage of the online services by downloading and installing the browser add-on available under this link: https://tools.google.com/dlpage/gaoptout?hl=en-GB .

16.6. Further information on how Google uses information from websites and on the available settings and objection options can be found on Google’s website: https://policies.google.com/technologies/partner-sites?hl=en-GB  („ How Google uses information from sites or apps that use our services“), https://policies.google.com/technologies/ads („How Google uses cookies in advertising“), https://adssettings.google.com/authenticated („Manage information used by Google to display ads”“).

17. Google Maps

17.1. We use the web service for displaying interactive maps Google Maps (API) by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to show Users our location and help them navigate to us.

17.2. When you visit a sub page of our website where a map from Google Maps is embedded, information relating to your use of our website (e.g. you IP address) is transmitted a Google server in the USA. This happens whether you are logged on to a Google user account or not and also if you do not have a Google account. If you are logged in, your data will be combine with your Google account. If you do not want your usage data to be combined with your Google profile you need to log out of your account before visiting the sub page of our website with an embedded map. Google will store your usage data, create a usage profile (even if you are not logged in) and analyses the data. Google LLC with registered seat in the USA is certified for the „Privacy Shield“ and guarantees adherence to European data protection law.

17.3. If you do not agree with future transfers of your data to Google in connection with the use of Google Maps, you can also deactivate Google Maps completely by disabling JavaScript in your browser. You can then no longer use Google Maps on this website and embedded map will not be displayed.

17.4. You can review the terms of service of Google here http://www.google.de/intl/de/policies/terms/regional.html, the additional terms for Google Maps here: https://www.google.com/intl/de_US/help/terms_maps.html  

17.5. Detailed information on privacy in connection with the use of Google Maps can be found on Google’s website („Google Privacy Policy“): http://www.google.de/intl/de/policies/privacy/

18. Social Media Profiles

18.1. We maintain online presences in social media networks and platforms in order to be able to communicate with and to inform customers, potential customers and users in general who are members of these networks and platforms of our products and services.

18.2. User data can be processed outside the European Union. As a consequence, it can for example be more difficult for users to assert their rights. US service providers who are certified under the EU-US Privacy Shield have committed themselves to maintaining the data protection standards of the EU.

18.3. User data is also likely used for marketing and market research. It is possible e.g. to create usage profiles based on user behaviour and interests derived from it. Such usage profiles can then be used to show advertisements which presumably interest within as well as outside of the social media platforms. For this purpose, cookies are usually created on the user’s device in which user behaviour and interest are stored. Usage profiles can also contain data which is independent of the device used by the user (in particular when Users are members of the social media platform and are logged in).

18.4. We process your personal data based on a legitimate interest in informing our users and communicating with our users (art. 6 (1) 1 lit. f. GDPR. If users are asked by the respective service provider to consent to the processing (e.g. by requiring checking a box or click a button) the legal basis for the processing is art. 6 (1) lit. a., art. 7 GDPR.

18.5. For detailed information on the processing and ways to object to processing (Opt-Out), please visit the below linked to information provided by the service provider.

18.6. We note that data subject access requests and other data subject rights are best directed at the service provider. Only the service provider has access to a user’s data and can take action and respond to requests for information. If you are unable to address you issue successfully, you can turn to us for support.

18.7. We maintain a social media profile at Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Notice: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

19. Job applicant data

19.1. We process data relating to job applicants only for the purpose and during the recruitment in accordance with legal requirements. We process the data to fulfil our pre-contractual obligations during the recruitment process. The legal basis for this processing is art. 6 (1) 1 lit. b., art. 6 (1) 1 lit. f. GDPR and § 26 German Federal Data Protection Act.

19.2. The provision of job applicant data is necessary for conducting the recruitment process. If we offer submitting job applications via web form, necessary data will be indicated. Otherwise, the job posting will inform on the necessity of data. In general, information about the person, mail and contact addresses and the documents belonging to an application such cover letter, CV, certificates and references are necessary. Applicants may provide additional information voluntarily.

19.3. Where during the recruitment process special categories of personal data pursuant to art. 9 (1) GDPR (e.g. data concerning health, disability status or ethnic origin) are provided voluntarily, the legal basis for the processing of such data is art. 9 (2) lit. b. GDPR. Where we request special categories of personal data pursuant to art. 9 (1) GDPR during the recruitment process (e.g. data concerning health to the extent necessary to assess the ability to exercise a profession) the legal basis is art. 9 (2) lit. a. GDPR.

19.4. If available on our website, applicants can submit applications through an online form. The data transmission will be encrypted using state of the art encryption methods.

19.5. Applicants can submit applications via email or post. Email are generally not encrypted. It is the applicant‘s responsibility to ensure proper encryption. We are not responsible for the transport of an email between the sender and our receipt on our server. We therefore recommend using an online form or sending applications by post.

19.6. We may continue using the data provided by the applicant for the purpose of an employment in case the application is successful. Otherwise, if the application was not successful, the applicant’s data will be deleted. An applicant’s data will also be deleted if the applicant withdraws his or her application, which may be done at any time.

19.7. The data will be deleted, a justified withdrawal of consent by the applicant notwithstanding, after a period of six months after the decision on the application. This allows us to answer follow-up questions regarding the application and document compliance with the German Equal Protection Act. Documentation regarding potential reimbursement of travel expenses will be archived in accordance with retention periods under German tax law.