Data Protection Policy

Information obligations of the person responsible according to Articles 12 and 13 EU-DSGVO

1. Data protection at a glance

General notes

The following notes provide a basic overview of what happens to your personal data when you visit our website. Personal data shall be understood to be all data with which you can be identified personally. You can find detailed information about data protection in our Data Protection Policy.

 

Data collection on our website

Who is responsible for data collection on this website?

The entity responsible for the data processing on this website is:

HSR GmbH

Oderstraße 3

47506 Neukirchen-Vluyn

Phone: +49 (0) 2845 / 2950 - 170

E-Mail: info@hsr.de

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

 

How do we collect your data?

Some of your data is collected by means of you sharing it with us. This may, for example, be data that you enter into a contact form.

Other data is collected automatically when you visit the website by our IT systems. This is primarily technical data (e.g. internet browser, operating system or time the website is accessed). The collection of this data takes place automatically as soon as you enter our website.

 

What do we use your data for?

Some of the data is collected in order to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour. A detailed description of use is provided later in this Data Protection Policy.

 

What rights do you have with regard to your data?

You have the right to receive information about the origin, recipients and purpose of your personal data that is stored at any time. You also have the right to require this data to be rectified, blocked or deleted. In order to do this and if you have any further questions about data protection, you can contact us at the address provided above at any time. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority.

 

Analysis tools and tools from third-party providers

When you visit our website, your online activities may be statistically evaluated. This is carried out primarily with cookies and so-called analysis programmes. Your online activities are generally analysed on an anonymous basis; the online activities cannot be traced back to you. Insofar as you have provided your consent, your preferred products may also be evaluated after you have registered as a customer. You may object to this analysis or prevent it by refraining from using certain tools. You can obtain information on this from Section 5 of our Data Protection Policy. Analysis tools and advertising.

You may object to this analysis. We will provide you with information about the opportunities to object in this Data Protection Policy.

2. General notes and mandatory information

Data protection

The topic of data protection is important in all areas of HSR GmbH. Data protection protects the people behind the data that is stored or processed at the company. The task of data protection and the primary goal of HSR GmbH is to manage personal data such that no one is disadvantaged in terms of their personal rights.

The European General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG) specify a whole range of obligations for the individuals responsible for processing the personal data.

Personal data may only be collected and processed if this is expressly permitted by the GDPR. Significant basic principles of the GDPR are:

  • Lawfulness of processing, processing in good faith, transparency
  • Purpose limitation
  • Minimisation of data
  • Correctness of data processing
  • Storage limitation and deletion concepts
  • Integrity and confidentiality

Responsible actions when dealing with personal data and the risk-aware use of IT systems and applications are also key goals for HSR GmbH.

Various personal data is collected when you use this website. Personal data is data with which you can be personally identified. This Data Protection Policy clarifies which data we collect and why we use it. It also explains how and for which purposes this takes place.

We would refer to the fact that online data transmission (e.g. email communication) may be associated with security risks. Complete protection of the data against access by third parties is not possible.

 

Information duties of the person responsible and rights of the data subject

Name and contact details of the controller and, where available, his/her deputy

The controller for the data processing on this website is:

HSR GmbH

Oderstraße 3

47506 Neukirchen-Vluyn

Phone: +49 (0) 2845 / 2950 - 170

E-Mail: info@hsr.de

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Contact details of the data protection officer

privacyhsrde

 

Purpose of the data collection, processing or use

HSR is an innovative and expanding company in the hydraulics industry with branches throughout the whole of Germany. The core business of HSR is the servicing of high-pressure connections for technical systems in industry and construction.

The collection, processing or use of personal data takes place in order to fulfil the purpose of our business or supporting ancillary purposes, for example advising customers.

The company collects, processes and uses personal data exclusively to prepare and perform contracts, on the basis of legitimate interests, in order to comply with statutory obligations or with the consent of the data subject.

Categories of data subjects and related data or categories of data

The data subject categories are

  • current employees,
  • former employees,
  • applicants,
  • potential customers,
  • customers,
  • suppliers,
  • service providers and
  • other business partners.

Related data comprises all personal data necessary to fulfil the respective purpose.

HSR GmbH does not aim its websites and mobile applications at children as a target group.

 

Legal basis

Processing of personal data is only lawful when it is permitted by a law, i.e. there is a legal basis for this.

However, other possibilities are defined in the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Processing of personal data only takes place at our company in accordance with the legal provisions. These include, for example, 

cases in which consent has been given to the processing of the personal data (Article 6 (1) lit. a GDPR),

or

cases in which personal data must be processed in order to perform a contract or take steps prior to entering into a contract (Article 6 (1) lit. b GDPR),

or

when we are obliged to process the personal data in order to comply with a legal obligation (Article 6 (1) lit. c GDPR),

or

when we process personal data on the basis of a legitimate interest or on the basis of the legitimate interest of a third-party (Article 6 (1) lit. f GDPR).

When balancing the interests of the data subjects and the contracting parties, a strict standard is always applied in favour of the data subject.

 

Potential recipients of transmitted data

The potential recipients of transmitted personal data are

public authorities, provided that a statutory obligation exists,

service providers and other business partners, insofar as the transmission of data is necessary for fulfilling the respective purpose and is permitted or required on grounds of a statutory provision, or the data subject has given his/her consent.

 

Intent to transfer data to third countries

Where it is necessary to transfer data to third countries, this is done solely for concluding or performing contracts – except where such interests are overridden by the legitimate interests of the data subject – taking into account all data protection requirements. Where there is any intent to transfer personal data to a third country or an international organisation, the data transmission is carried out on the basis of an adequacy decision. However, should data be transferred, please note that suitable safeguards or binding in-house data protection regulations are in place or, respectively, when weighing up the interests of the data subjects and the contracting parties, strict standards in favour of the data subject are applied at all times. The documents that constitute the suitable guarantees may be requested from the data protection officer at privacy@hsr.de.

 

Standard limitation periods for the deletion of data

Personal data is deleted in accordance with the relevant statutory or contractual regulations on data deletion, taking into account any statutory or contractual retention obligations.

Personal data that is not subject to any statutory or contractual retention or deletion obligations is deleted as soon as such is no longer required to fulfil the specific purpose.

 

Your rights in terms of data protection

The data subject has various rights in terms of data protection. These rights are explained below. The above-mentioned contact details can be used to exercise these rights.

 

Right of access, rectification and deletion

Each data subject has the right to request from the controller access to the personal data relating to him/her, the right to rectification, deletion or restricted processing of the data, the right to object to the processing, and the right to data portability.

 

Right to withdraw consent

Each data subject has the right to withdraw his/her consent at any time. This does not affect the lawfulness of the processing that has taken place up to the point in time of the withdrawal of consent.

 

Right to object

Each data subject has the right to lodge a complaint with a data protection supervisory authority if he/she believes his/her rights have been breached with regard to data protection.

 

Right to information

Each data subject has the right to be informed whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to conclude a contract, and whether the data subject is obligated to provide the personal data, and what the consequences of failing to provide such data might be.

 

Automated decision-making including profiling

We use automated decision-making including profiling. Profiling is any form of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person using algorithms. An automated individual decision occurs where the decision is based solely on algorithms without being additionally checked by a person. Within the company, this is performed on the basis of Art. 22 GDPR and, where necessary, the data subject may assert his/her rights under Art. 22 (1) GDPR.

 

Withdrawal of consent to data processing

Many data processing steps are only possible with your express consent. You may withdraw consent that you have already given at any time. In order to do so, it is sufficient to send us an email to this effect without there being any particular formal requirements. The withdrawal shall not affect the lawfulness of the data processing that has taken place up to the point in time of the withdrawal.

 

Right to lodge a complaint with the responsible supervisory authority

In the event of any data protection breaches, the data subject has the right to lodge a complaint with the responsible supervisory authority. The responsible supervisory authority in data protection matters is the state data protection officer of the federal state in which our company has its headquarters. A list of the data protection officers and their contact details can be obtained using the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Right to data portability

You have the right to receive the data that we process on an automated basis on the basis of your consent or in performance of a contract or to have it forwarded to a third-party in a commonly used, machine-readable format. Insofar as you require the data to be transmitted directly to another controller, this shall only take place insofar as it is technically feasible.

 

SSL and/or TLS encryption

This website uses SSL and TLS encryption for security purposes and in order to protect confidential content, for example orders or enquiries that you send to us as the website operator. You can recognise an encrypted connection because the address line of the browser switches from “http://” to “https://” and a padlock symbol appears in your browser line.

If you have activated SSL or TLS encryption, the data that you transmit to us cannot be read by third parties.

 

Information, blocking, deletion

Within the framework of the valid statutory provisions, you have the right to receive information about your personal data that is stored at any time free of charge, as well as the origin, recipients and the purpose of data processing and, if applicable, the right to the rectification, blocking or deletion of this data. You can contact us at any time using the address provided in the Legal Notice (Impressum) if you have any questions about the topic of personal data.

 

3. Data protection officer

We have appointed a data protection officer for our company.

Please feel free to contact our data protection officer at privacy@hsr.de.

 

4. Data collection on our website

 

Cookies

The pages of our website use so-called cookies in part. Cookies do not damage your computer in any way and do not contain any viruses. Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies that we use are “session cookies”. These are automatically deleted after your visit. Other cookies are stored on your end device until you delete them. These cookies enable us to recognise your browser the next time you visit our website."
You can change the settings on your browser so that you are informed when cookies are placed and only authorise cookies in individual cases, block the acceptance of cookies for certain cases or in general or activate the automatic deletion of cookies when you close the browser. Deactivating cookies may restrict the functionality of this website.

Cookies that are required to carry out the electronic communication process or to provide certain functions you wish to use (e.g. shopping basket function), are stored on the basis of Article 6 (1) lit. b GDPR. HSR GmbH primarily uses these cookies to process your orders in the online shop. Insofar as other cookies (e.g. cookies to analyse your online activities) are saved, these are covered separately in this Data Protection Policy.

 

Server log files

We automatically collect and save information in sever log files that your browser automatically transmits to us. This information includes:

  • Browser type and browser version
  • Operating system in use
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP-Adress

This data is not collated with other data sources.

The basis for the data processing is Article 6 (1) lit. f GDPR, i.e. the legitimate interest of a website operator in displaying the website correctly and ensuring secure operation of the website.

 

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, as well as the contact details you entered there, are saved by us for the purpose of processing the enquiry and for any follow-up questions.

The processing of the data entered on the contact form takes place on the basis of our legitimate interest in having contact with you as our customer and improving the quality of our advice (Article 6 (1) lit f GDPR). If the contact is aimed at taking steps towards entering into a contract, the additional legal basis for the processing shall be Article 6 (1) lit. b GDPR.

The data you enter on the contact form will be stored by us until you ask us to delete it or the purpose for the data storage expires (e.g. after completion of the processing of your enquiry). The statutory retention periods may constitute an exception to this.

 

Processing of data (customer and contract data)

We collect, process and use personal data only insofar as this is necessary to form the basis of a contract, design the content of a contract or amend a contract (inventory data). This takes place on the basis of Article 6 (1) lit. b GDPR which authorises the processing of data for the performance of a contract or pre-contractual measures. We only collect, process and use personal data relating to the use of our website (usage data) insofar as this is necessary to enable the user to use the service or to invoice the user for this.

The customer data that is collected is deleted after completion of the order or termination of the business relationship. Statutory retention periods shall remain unaffected.

 

5. Analysis tools and advertising

 

Google Analytics

"This website uses functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable the analysis of your use of the website. The information created by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there."

The storage of Google Analytics cookies takes place on the basis of Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to be able to optimise its website and its advertising.

 

IP anonymization

We have activated the IP anonymisation function on this website. This means that your IP address is abbreviated by Google in member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports about the website activities and to provide the website operator with additional services associated with website use and internet use. The IP address transmitted by your browser within the framework of Google Analytics will not be collated with other data by Google.

 

Browser plugin

You may prevent the storage of cookies by changing the settings of your browser software accordingly. However, we would like to point out that, if you do so, you may not be able to use all the functions of this website. You may also prevent the transmission of the data created by the cookie that relates to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in that is available at the following link: tools.google.com/dlpage/gaoptout.

 

Objection to data collection

You may prevent the collection of your data by Google Analytics by clicking on the following link. This sets an opt-out cookie that deactivates the collection of your data for future visits to this website by Google Analytics.

For more information on how Google Analytics uses user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

 

Order data processing

We have concluded a contract with Google regarding order data processing and implement the strict requirements of the German data protection authorities in full when using Google Analytics.

 

Demographic features with Google Analytics

This website uses the “demographic features” function provided by Google Analytics. This enables reports to be compiled that contain statements about the age, gender and interests of the website visitors. This data is obtained from interest-based Google advertising, as well as visitor data from third-party providers. This data cannot be assigned to any particular individual. You may deactivate this function at any time using the display settings in your Google account or you may generally prohibit the collection of your data by Google Analytics, as set out in the “Objection to data collection” point.

 

Google Analytics Remarketing

"Our websites use the functions of Google Analytics Remarketing in connection with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This function enables the advertising target groups created with Google Analytics Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. In this manner, interest-based, personalised advertising messages can be displayed that are tailored to you and based on your previous use and browsing behaviour on one device (e.g. phone) on another of your devices too (e.g. tablet or PC)."

If you provide Google with the necessary consent, Google links your web and app browser history with your Google account for this purpose. This means that you can log into your Google account on any device and be shown the same personalised advertising messages.

In order to support this function, Google Analytics collects Google-authenticated IDs from users which are temporarily linked with our Google Analytic data in order to define and create target groups for cross-device advertising.

You may permanently object to remarketing/targeting by deactivating personalised advertising in your Google account. Follow this link in order to do so. 
The data that is collected in your Google account is summarised exclusively on the basis of your consent that you may give Google or withdraw (Article 6 (1) lit. a GDPR). In the case of data collection processes that are not summarised in your Google account (e.g. because you do not have a Google account or have objected to the data being summarised), data collection takes place on the basis of Article 6 (1) lit. f GDPR. The legitimate interest results from the website operator having an interest in anonymous analysis of website visitors for advertising purposes.

Further information and the privacy policy can be found in Google's privacy policy:

https://www.google.com/policies/technologies/ads/.

 

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of using reCAPTCHA is to review whether data entry on our websites (e.g. on a contact form) is carried out by a human or an automated programme. In order to ascertain this, reCAPTCHA analyses the behaviour of the website visitor using a variety of characteristics. This analysis starts automatically when the website visitor enters the website. In order to carry out the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, time spent on the website by the website visitor or mouse movements carried out by the user). The data that is collected during the analysis is passed on to Google.

"The reCAPTCHA analyses take place entirely in the background. Website visitors are not notified that analysis is taking place.

The data processing takes place on the basis of Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website against misuse in terms of automated spying and spam."

You can find more information about Google reCAPTCHA and the Google Data Protection Policy using the following links:
www.google.com/intl/de/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.

 

Google Optimize

Our website uses the web analysis and optimization service "Google Optimize" provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google Optimize"). We use the Google Optimize service to increase the attractiveness, content and functionality of our website by playing new features and content to a percentage of our users and statistically evaluating the usage change. Google Optimize is a sub-service of Google Analytics (see section Google Analytics).

Google Optimize uses cookies, which enable us to optimize and analyze your use of our website. The information generated by these cookies about your use of our website is usually transferred to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymisation, so that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on optimisation tests and related website activity and providing other services relating to website activity and internet usage.

You can prevent the storage of cookies by setting your Internet browser accordingly. In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of our website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout. For more information on data collection and processing by Google, please refer to Google's privacy policy, which can be found at http://www.google.com/policies/privacy.

 

Bing Ads

We use Bing Ads, a programme by the Microsoft Corporation (“Microsoft”), using Universal Event Tracking (UET) to realise remarketing and follow up users. In order to do this, a cookie is set on your computer if you access our website via Bing or Yahoo. This text file is used by Bing Ads to save information about the use of our website, i.e. the pages you access, for 180 days and then deleted. This information includes, for example, the URL of the pages you visited, the URL of the referrer site and your IP address. By using the remarketing function, we are able to provide you with specially tailored offers if you search on one of the above-mentioned search machines at a later date.

If you do not consent to the collection of information, you may deactivate the placement of cookies using the settings in the browser that you use. In some circumstances, this may restrict the functionality of the website. Furthermore, Microsoft may track your user behaviour across several of your electronic devices using so-called Cross-Device Tracking and is therefore able to display personalised advertising to you in Microsoft websites and apps. You may deactivate this at choice.microsoft.com/de-de/opt-out.

You can find out more about Bing analysis services on the Bing Ads website (help.bingads.microsoft.com). You can view the Microsoft data protection conditions that relate to the data that is collection using the following link: privacy.microsoft.com/de-de/privacystatement/.

 

Facebook Pixel

For conversion tracking of user actions, our website uses Pixel by Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
This means that the behaviour of the website visitors may be tracked if the visitors access the provider’s website by clicking on a Facebook advert. This enables the effectiveness of Facebook advertising to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data that is collected is anonymous for us as the operator of this website and we cannot trace this back to the identity of the users. However, the data is saved and processed by Facebook in a manner in which it is possible to make a connection with the respective user profile and Facebook may use the data for its own advertising purposes in accordance with the Facebook data usage guidelines. This means that Facebook may enable advertising on Facebook sites, as well as outside of Facebook. The use of the data cannot be influenced by us as the site operator.
You will find more information about protecting your privacy in the Facebook Data Protection Policy: www.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the advertising settings at www.facebook.com/ads/preferences/. You must be logged into Facebook in order to do so.

If you do not have a Facebook account, you may deactivate use-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: www.youronlinechoices.com/de/praferenzmanagement/.

 

LinkedIn Conversion-Tracking

Our website uses conversion tracking by LinkedIn for conversion tracking purposes. LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (“LinkedIn”).

Via the LinkedIn Insight Tag, the behaviour of the website visitors may be tracked if the visitors access the provider’s website by clicking on a LinkedIn advert. This enables the effectiveness of LinkedIn advertising to be evaluated for statistical and market research purposes, and for future advertising measures to be optimised.

We use LinkedIn Conversion Tracking to analyse the use of our website and improve it on a regular basis. We can use the statistics that are obtained to improve our website and make it more interesting for you as a user. The legal basis for the use of LinkedIn Conversion Tracking is Article 6 (1) S. 1 lit. f EU GDPR.

The data that is collected is anonymous for us as the operator of this website and we cannot trace this back to the identity of the users. However, the data is saved and processed by LinkedIn in a manner in which it is possible to make a connection with the respective user profile and LinkedIn may use the data for its own advertising purposes in accordance with the LinkedIn data usage guidelines [https://www.linkedin.com/legal/privacy-policy]. This means that LinkedIn may enable advertising on LinkedIn sites, as well as outside of LinkedIn. The use of the data cannot be influenced by us as the site operator.

You can find more information about protecting your privacy in the LinkedIn Data Protection Policy: www.linkedin.com/legal/privacy-policy.

LinkedIn members have the option of deciding against LinkedIn Conversion Tracking and blocking and deleting cookies at www.linkedin.com/psettings/advertising/ Cookies, as well as deactivating demographic features.

For more information on LinkedIn's marketing and tracking solutions, please visit the LinkedIn website:
https://www.linkedin.com/help/linkedin/answer/87150/linkedin-marketinglosungen-und-die-datenschutz-grundverordnung-dsgvo-?lang=de

 

Google Tag Manager

We use the Google Tag Manager. This service is used to manage website tags via an interface. The Google Tag Manager only implements tags. It does not set any cookies nor collect any personal data. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data.

More information about the Google Tag Manager can be found at the following link: http://www.google.de/tagmanager/use-policy.html

 

Use of SalesViewer® technology:

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

6. Newsletter

 

Newsletter data

If you wish to receive the newsletter that is offered on the website, we require your email address and information that enables us to confirm that you are the owner of the email address that is provided and that you consent to receiving the newsletter. Additional data is either not collected or only collected on a voluntary basis. We exclusively use this data to send the information that has been requested and do not pass this data on to third parties.

The processing of the data that is entered on the newsletter registration form takes place exclusively on the basis of your consent (Article 6 (1) lit. a GDPR). You may withdraw your consent that has been provided to store the data, the email address and use this data to send the newsletter at any time, for example using the “Unsubscribe” link in the newsletter. The lawfulness of the data processing steps that have already taken place shall not be affected by the withdrawal.

The data which you provide us with in order to receive the newsletter is stored by us until you cancel the newsletter and is deleted after you unsubscribe. Data that is saved with us for other purposes (e.g. email addresses for registration) remain unaffected by this.

 

Newsletter2Go

In terms of newsletter software, we use Newsletter2Go (“Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin). Your data will be transmitted to Newsletter2Go in this context.

The newsletter service provider is used on the basis of our legitimate interest in accordance with Article 6 (1) lit. f GDPR and an order processing contract in accordance with Article 28 (3) S. 1 GDPR.

Newsletter2Go is prohibited from selling your data and for using it for purposes other than sending newsletters. Newsletter2Go is a German, certified provider that was selected in accordance with the requirements of the General Data Protection Regulation and the German Federal Data Protection Act.

Further information can be found here: www.newsletter2go.de/informationen-newsletter-empfaenger/

Newsletter2Go is a service with which, for example, the sending of newsletters can be organised and analysed. The data you enter in order to subscribe to the newsletter is saved and processed on Newsletter2Go servers in Germany. The data is not transmitted to any other countries. All the distribution severs also have dedicated IPs.

Newsletter2Go has also been awarded the TÜV Rheinland certificate as a “servicer provider with audited data protection management”. The implementation of the certified data protection is regularly reviewed by TÜV Rheinland. In addition to the requirements catalogue by TÜV Rheinland, the bases for testing also included the German Federal Data Protection Act (BDSG), the Telecommunications Act (TKG) and the Telemedia Act (TMG).

Storage period

The data you save with us for the purposes of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter. After you unsubscribe from the newsletter, it will be deleted from both our servers and the Newsletter2Go servers. Data that we have saved for other purposes (e.g. email address for the members area) remains unaffected by this.

You can find out more from the Newsletter2Go data protection provisions at: www.newsletter2go.de/features/datenschutz-2/.

Conclusion of an order data processing contract

We have concluded a contract with Newsletter2Go in which Newsletter2Go is obliged to protect the data of our customers and refrain from passing it on to third parties. This contract can be viewed here.

Data analysis through Newsletter2Go

Newsletter2Go provides comprehensive analysis tools and uses, for example, Google Analytics in order to do this. With the help of Newsletter2Go, it is possible to analyse our newsletter campaigns. This means that we can see, for example, whether a newsletter email has been opened and which links have been clicked if applicable. This means, for example, that we can ascertain how often which links have been clicked.

We can also identify whether certain pre-defined actions have been carried out after opening/clicking on the links (conversion rate). This means, for example, that we can ascertain whether you made a purchase after clicking on the newsletter.

Newsletter2Go also enables us to group the newsletter recipients using various categories (clustering). This means that the newsletter recipients can be grouped, for example, by age, gender or place of residence. In this manner, the newsletter can be better adapted to the respective target groups.

However, we cannot influence which additional data is collected and, if applicable, saved by Newsletter2Go.

You can find out more, for example in the description of the features and data protection conditions by Newsletter2Go.

You can access detailed information about the functions of Newsletter2Go using the following link:

https://www.newsletter2go.de/features/newsletter-software/

 

7. Plugins and tools

YouTube

Integration of YouTube videos

We have integrated YouTube videos on our website, which are stored on www.youtube.com and can be played directly on our website. These are all included in the “extended data protection mode”, meaning that no data about you as a user is passed on to YouTube if you do not play the videos. Data is only transmitted if you play the videos. We have no influence on this data transmission. This takes place regardless of whether YouTube provides a user account which you are logged into or whether there is no user account. If you are logged into Google, your data will be assigned to your account directly.
If you do not wish to be linked to your YouTube profile, you must log out of YouTube before playing the video. YouTube saves your data as a user profile and uses it for the purposes of advertising, market research and/or designing its website according to requirements. You have the right to object to the creation of this user profile, whereby you must direct this to YouTube to exercise this right.

The use of YouTube takes place in the interest of making our website visually appealing. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR.

You can find more information about the purpose and scope of data collection and processing by YouTube in the Data Protection Policy. You can also find out more about your rights there and settings options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

 

Google Maps

We use the Google Maps service on this website. This enables us to display interactive maps to you directly on the website and this allows you to use the map function in a convenient manner.

When you visit this website, Google is informed that you have accessed the respective sub-page of our website. This takes place regardless of whether you have a Google user account and are logged into this or whether you do not have a user account. If you are logged into Google, you data is directly assigned to your account. If you do not wish this to be assigned to your Google profile, you must log out before using a map. Google saves your data as a user profile and uses this for the purposes of advertising, market research and/or tailoring the design of its website to requirements.
An evaluation of this kind takes place in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, whereby you must direct your objection to Google in order to exercise this right.

The use of Google Maps takes place in the interest of making our website appealing and making it easy to locate the places to which we refer on the website. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR.

You can find more information about the purpose and scope of data collection and processing by Google Maps in the Data Protection Policies. You can also find out more about your rights in this regard there and settings options to protect your privacy: www.google.de/intl/de/policies/privacy/. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

 

Vimeo

We integrate videos from the platform “Vimeo” by the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA into our website. Privacy policy: vimeo.com/privacy. We would refer to the fact that Vimeo may use Google Analytics and make reference to the Data Protection Policy in this regard (https://policies.google.com/privacy), as well as the opt-out options for Google-Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or the Google settings for data use for marketing purposes (https://adssettings.google.com/).

 

8. Disclaimer

The Data Protection Policy of HSR GmbH does not apply to applications, products, services, websites or social media functions by third-party providers which are accessed via links and which we provide for information purposes. When you use the links, you leave the HSR GmbH website, meaning that there is the possibility that information about you may be collected or passed on by third-parties. HSR GmbH has no influence on third-party websites and does not issue any recommendations or assurances with regard to these websites and/or their data protection practices. We would therefore advise you to read through and review the data protection guidelines of all the websites that you may interact with in detail before you authorise the collection, processing and use of your personal data by these websites.