Data protection is a particular concern of HL-Technik Engineering GmbH. Our efforts to meet, in particular, the requirements of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act in its new version are primarily aimed at respecting your private and personal sphere.
For modern companies such as HL-Technik Engineering GmbH, the use of electronic data processing systems (EDP) has become essential. In using them, we will, of course, do our utmost to comply with the legal regulations.
It is perfectly possible to use the HL-Technik Engineering GmbH website without providing any personal data. However, if a data subject wishes to make use of specific company services through our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, it is our standard practice to obtain consent from the data subject.
Under no circumstances will we sell or rent out your personal information to third parties for marketing or other purposes. If you do not agree to the provisions of the data protection regulations, please do not send us any personal data.
1. GENERAL / TERMINOLOGY
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or otherwise making available, comparison or linking, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Data controller
The data controller is the natural or legal person, public authority, agency, or other body that determines alone or jointly the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by either Union or Member State law, either the data controller or the specific criteria for their appointment may be provided for in accordance with Union or Member State law.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to which the personal data is disclosed, regardless of whether they are a third party. Public authorities which may receive personal data as part of a specific enquiry in accordance with Union or Member State law will not, however, be regarded as recipients.
j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any statement of intent given voluntarily by the data subject in an informed and unambiguous manner in the form of a statement or other clear affirmative action which indicates that the data subject has consented to the processing of their personal data.
2. INFORMATION REGARDING THE COLLECTION OF PERSONAL DATA
(1) Below, we provide information on how we collect your personal data when you use our website. Personal data is any data that refers to you personally, for example, name, address, email addresses, user behaviour, etc.
(2) The Data Controller according to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
HL-Technik Engineering GmbH
vertr. d. Daniel Matschinsky
Aschauer Straße 32a
HL-Technik Engineering GmbH
represented by the MD Prof. em. DrIng. E.h Klaus Daniels, Daniel Matschinsky
Aschauer Strasse 32a
Tel.: +49 89 992910-0
Fax: +49 89 992910-28
(3) Our Data Protection Officer is:
Mr Sascha Weller (lawyer), IDR (Institute for Data Protection Law)
Tel.: +49 841 88516715
(4) When you contact us via email or using a contact form, the data you provide (your email address and, if applicable, your name and phone number) will be stored by us in order to answer your questions. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. We will delete the data thus collected as soon as storage is no longer necessary, or alternatively, if any obligation of statutory retention exists, we will limit its processing.
(5) If we use contracted service providers for individual functions within the scope of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes. We will also specify the criteria for determining how long your data will be stored.
(6) As the data controller, we have implemented numerous technical and organisational measures to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmissions may have security gaps and, as a result, absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
(7) As a responsible company, we do not use automatic decision-making or profiling.
3. YOUR RIGHTS
(1) You have the following rights with regard to your personal data:
– The right to information:
Any data subject whose personal data is processed shall have the right granted by the GDPR to obtain, at any time and free of charge, information from the data controller concerning the stored personal data relating to them and a copy of that information. Furthermore, the European regulator has granted the data subject access to the following information:
A. the purposes of the processing B. the categories of personal data being processed C. the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations D. where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period E. the existence of the right to correct or delete the personal data concerning the data subject or to restrict its processing by the data controller or to object to such processing F. the existence of the right to lodge a complaint with a supervisory authority G. where the personal data is not collected from the data subject, any available information as to its source H. the existence of any automated decision-making processes, including profiling, as defined in Art. 22 para.1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
- the purposes of the processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period
- the existence of the right to correct or delete the personal data concerning the data subject or to restrict its processing by the data controller or to object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data is not collected from the data subject, any available information as to its source
- the existence of any automated decision-making processes, including profiling, as defined in Art. 22 para.1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, the data subject has a right of access to information about whether their personal data has been transferred to a third party or to an international organisation. If this is the case, the data subject has the right to obtain information about the appropriate guarantees made in connection with the transfer.
If a data subject wishes to exercise this right of access to information, they may contact an employee of the data controller at any time.
– Right to revoke consent to the storage and processing of data:
Any data subject whose personal data is processed shall have the right to revoke their consent to the processing of their personal data at any time.
If a data subject wishes to exercise this right to revoke consent, they may contact an employee of the data controller at any time, using any means of communication.
Right to correction:
The data subject has the right to request that the data controller immediately correct any incorrect personal data. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
If a data subject wishes to exercise this right of access to information, they may contact an employee of the data controller at any time.
– The right to deletion/"right to be forgotten":
The data subject has the right to request that the data controller immediately delete their personal data, and the data controller shall be obliged to immediately delete the personal data if any of the following reasons apply:
- The personal data is no longer needed for the purposes for which it was collected or otherwise processed.
- The data subject revokes the consent on which the processing referred to in Article 6 (1) (a) or Article 9 (2) (a) was based and there is no other legal basis for processing.
- The data subject opposes processing in accordance with Article 21 para. 1 and there are no overriding legitimate grounds for processing, or the data subject opposes processing in accordance with Article 21 para 2.
- The personal data has been unlawfully processed.
- The personal data must be deleted to comply with a legal obligation under Union or Member State law to which the data controller is subject.
- The personal data has been collected in relation to information society services provided in accordance with Article 8 para. 1.
If a data subject wishes to exercise this right to deletion/"right to be forgotten", they may contact an employee of the data controller at any time.
If we have made the personal data public and are obliged to delete it in accordance with Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the technology available and the implementation costs, to inform data processors of the personal data which a data subject has requested them to delete, including all links to such personal data or copies or replications of such personal data. Our employees will arrange for the necessary measures.
– The right to restrict processing:
The data subject has the right to request that the data controller restrict processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject until such time that the data controller can verify the accuracy of the personal data,
- The processing is unlawful and the data subject refuses to delete the personal data and instead requests a restriction on the use of the personal data,
- The data controller no longer needs the personal data for the purposes of processing, but it is needed by the data subject to establish, exercise or defend legal claims, or
- The data subject has lodged an objection to the processing referred to in Article 21 para. 1, pending determination of whether the data controller's legitimate reasons outweigh those of the data subject.
If a data subject wishes to exercise this right to restrict processing, they may contact an employee of the data controller at any time.
– The right to object to the processing:
Any data subject whose personal data is processed has the right granted by the GDPR, for reasons arising from their particular situation, to at any time object to the processing of personal data relating to them which is undertaken on the basis of Art. 6 (1) (e) or (f) of the GDPR. This also applies to profiling based on these provisions.
We will stop processing personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to carry out direct advertising, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If the data subject objects to our processing the data for direct advertising purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from their particular situation, to object to our processing of their personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
In order to exercise the right to object, the data subject may contact any employee of the company directly. The data subject is also entitled, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right to object by means of automated procedures using technical specifications.
– The right to data portability:
The data subject has the right to receive the personal data that they have provided to a data controller in a structured, current and machine-readable format and to transmit this data to another data controller without interference by the data controller to whom the personal data has been provided, provided that
- the processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or on a contract in accordance with Article 6 (1) (b) and
- the processing is carried out using automated procedures.
When exercising their right to data transferability in accordance with Art. 20 para. 1 GDPR, the data subject has the right to have their personal data transmitted directly from one data controller to another, insofar as this is technically feasible and the rights and freedoms of other persons are not impaired.
If a data subject wishes to exercise this right to data portability, they may contact an employee of the data controller at any time.
– Automated decisions in individual cases, including profiling:
Any data subject affected by the processing of personal data has the right granted by the GDPR not to be subject to a decision based exclusively on automated processing – including profiling – which has a legal effect on them or significantly affects them in a similar manner, provided that the decision
(1) is not necessary for entering into, or for the performance of, a contract between the data subject and the data controller, or
(2) is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject or
(3) is made with the express consent of the data subject.
If the decision is necessary for the conclusion or performance of a contract between the data subject and the data controller or is made with the express consent of the data subject, we will take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on behalf of the data controller, to state their own position and to challenge the decision.
If the data subject wishes to exercise their rights concerning automated decision-making, they may contact an employee of the data controller at any time.
(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The supervisory authority responsible for our company is:
Bayerisches Landesamt für Datenschutzaufsicht
Tel.: +49 981 180093-0
Fax: +49 981 180093-800
4. PERSONAL DATA COLLECTION WHEN VISITING OUR WEBSITE / COOKIES
(1) If you use the website solely for information purposes, that is, if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data which is technically necessary to enable us to display our website to you and to guarantee stability and security (legal basis is Art. 6 (1) (1) (f) GDPR):
– IP address
– The date and time of the request
– Time zone difference from GMT
– The Internet service provider of the accessing system.
– The content of the request (actual page)
– Access status/HTTP status code
– Amount of data transferred
– Website from which the request comes (the referrer)
– Your browser
– Your operating system and device
– Language and version of browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in association with the browser you are using and by which the party which sets the cookie (in this case, us) receives certain information. Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet more user-friendly and effective overall.
- A distinction is made between the following types of cookies/functions:
- Transient cookies are automatically deleted when you close the browser. These include session cookies, in particular. These store a "session ID" which assigns the various requests made by your browser during the joint session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
- Persistent cookies are automatically deleted after a specified period which may vary depending on the particular cookie. You can delete the cookies in your browser's security settings at any time.
- Necessary cookies are those which are absolutely necessary for the operation of a website.
- You can configure your browser settings as desired and refuse to accept, for example, third-party cookies or all cookies. However, please note that, if you do so, you may not be able to use all the functions of this website.
5. FURTHER FUNCTIONS AND FEATURES OF OUR WEBSITE
(1) In addition to the purely informational use of our website, we offer a variety of services that you can use if you are interested. For this purpose, you generally have to provide further personal data that we will use to provide the service in question and to which the aforementioned data processing principles apply.
(2) In some cases, we will use external service providers to process your data. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services which we use for the purpose of operating this website.
In this regard, either we or our hosting service process the inventory data, contact data, content data, contract data, usage data, as well as the meta and communication data of customers, potential customers and visitors to this website based on our legitimate interests in the efficient and secure provision of this website, in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR.
(4) Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contracts or similar services in conjunction with our partners. For more information, please provide your personal data or see the description of the offer below.
(5) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the offer.
6. DATA PROTECTION FOR APPLICATIONS
The data controller collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing may also be carried out electronically. This applies particularly if an applicant sends application documents to the data controller by electronic means, for example by email or via a contact form on the website. If the data controller concludes an employment contract with an applicant, the data transmitted shall be stored for the purpose of processing the employment contract in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted, provided that no other legitimate interests on the part of the data controller preclude deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
The processing of the applicant's data takes place in order to fulfil our (pre)contractual obligations as part of the application procedure within the meaning of Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR, provided data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany, § 26 Federal Data Protection Act (BDSG) also applies).
7. OBJECTION OR REVOCATION OF CONSENT TO THE PROCESSING OF YOUR DATA
1) If you have given consent for the processing of your data, you may revoke it at any time, using any means of communication. If you revoke your consent, it will affect the legitimacy of our processing your personal data.
(2) Insofar as the processing of your personal data is based on the balancing of interests, you may object to it being processed. This is particularly the case if processing is not necessary to fulfil a contract with you, which is described by us in the following description of functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done hitherto. In the event of you making a justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing the data.
(3) You may, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can contact us about your objection with regard to advertising at the address given in point 2.(2).
8. PROVISION OF PERSONAL DATA AS A STATUTORY OR CONTRACTUAL REQUIREMENT/ITS NECESSITY FOR CONCLUSION OF A CONTRACT/ CONSEQUENCES IN THE EVENT OF FAILURE TO PROVIDE/DELETE SUCH DATA
(1) We would like to inform you that the provision of personal data is partially required by law. However, it may also be the case that a data subject has to provide us with personal data so that a contract can be entered into. Failure to provide it would mean that the contract could not be entered into. Our employees are happy to answer any questions relating to individual cases.
In accordance with legal requirements, storage lasts, in particular, for 10 years pursuant to §§ 147 para. 1 AO, 257 para. 1 (1 and 4), para. 1 HGB (German Commercial Code) (books, records, status reports, accounting records, commercial books, documents relevant for taxation, etc.) and for 6 years pursuant to § 257 para. 1 (2 and 3), para. 4 HGB (business correspondence).
9. SOCIAL MEDIA
1. Integration of YouTube videos
(1) We have included YouTube videos in our online service that are stored on http://www.youtube.com and are playable directly from our website. These are all embedded in the "extended privacy mode", i.e. no data about you as the user is transferred to Youtube if you do not play the videos. Only when you play the videos will the data referred to in Paragraph 2 be transmitted. We have no control over this data transfer.
(2) When you visit the website, YouTube is notified that you have accessed the corresponding subpage of our website. In addition, the data referred to in section 4 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in, or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not wish to be associated with your YouTube profile, you must log out before clicking the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or customised design of its website. Such evaluation takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.
(3) The legal basis is Art. 6 (1) (1) (f) GDPR (legitimate interests) and Art. 6 (1) (1) (a) GDPR (consent).
2. Integration of Vimeo videos
(1) Videos from Vimeo.com are integrated into this website. This is a service provided by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as "Vimeo"). A connection to Vimeo's servers in the USA is established when you access videos via Vimeo. This transfers certain information to Vimeo. Vimeo may also place cookies on your device. Vimeo also allows you to use certain other features, such as rating or sharing videos. For this, you may be required to log in to Vimeo or certain third-party providers (such as Facebook or Twitter) with your account so that they can associate the information you submit with your account. These functions are offered exclusively by Vimeo and the respective third-party providers, and you should carefully check their data protection regulations before using the respective functions. We have no knowledge of the content of the data collected by Vimeo or third-party providers and we have no control over its use. Because of this integration, Vimeo is also notified that your browser has accessed the corresponding page of this website, even if you do not have a Vimeo user account or are not currently logged into Vimeo.
The legal basis for use is consent in accordance with Art. 6 (1) (1) (f) GDPR or our legitimate interest in accordance with Art. 6 (1) (1) (a) GDPR.
3. Integration of Google Maps
(1) We use Google Maps on this website. This allows us to display interactive maps directly on the website, and it enables you to make convenient use of the map function.
(2) When you visit the website, Google is notified that you have accessed the corresponding subpage of our website. In addition, the data referred to in section 4 of this declaration will be transmitted. This occurs, regardless of whether Google provides a user account, via which you are logged in, or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not wish to be associated with your Google profile, you must first log out before clicking the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or customised design of its website. Such evaluation takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles. In order to exercise this right, you must contact Google.
The legal basis is Art. 6 (1) (1) (f) GDPR (legitimate interests) and Art. 6 (1) (1) (a) GDPR (consent).
(4) You have the option of opting out at: https://adssettings.google.com/authenticated.
10. PLUGINS AND TOOLS
1. Google Web Fonts
(1) This site uses "web fonts" provided by Google for the uniform displaying of fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. To do this, the browser you use must connect to Google's servers. This will notify Google that our website has been accessed via your IP address. Google Web Fonts is used in the interests of presenting our website in a consistent and attractive way. This constitutes a legitimate interest in accordance with Art. 6 (1) (f) GDPR.
(2) If your browser does not support Web Fonts, a default font will be used by your computer.
2. Use of ajax.googleapis.com and jQuery
(1) On this page we use Ajax and jQuery technologies which optimise loading speeds. This involves accessing program libraries from Google servers. Google's content delivery network (CDN) is used. If you have previously used jQuery on another page from the Google CDN, your browser will use the copy stored in the cache. If this is not the case, it will need to be downloaded, which will result in the transfer of data from your browser to GoogleInc. ("Google"). Your data will be transferred to servers in the USA. You can find out more on the providers' websites.
(2) The legal basis for processing your data is Art. 6 (1) (1) (f) GDPR.
3. Cookie Consent Tool: Privacy Manager
(1) We use the cookie consent tool "Privacy Manager" from SEASIDE MEDIA LTD on our website. (Carpenter Court, 1 Maple Road, Bramhall, Stockport, Cheshire SK7 2DH, Great Britain; "Privacy Manager").
(2) The tool enables you to give consent to data processing via the website, in particular the setting of cookies, and to make use of your right of revocation for consent that has already been given.
(3) The data processing serves the purpose of obtaining and documenting the necessary consent for data processing, thereby complying with legal obligations. Cookies can be used to do this. Information, including the following, can be collected and transmitted to Privacy Manager: date and time of the page view, information about the browser and device you are using, anonymised IP address, opt-in and opt-out data. This data will not be transferred to third parties.
(4) The data processing is carried out to fulfil a legal obligation based on Art. 6 (1) (c) GDPR and our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
(5) You can find more information on Privacy Manager data protection at: https://www.premium-contao-themes.com/datenschutz.html