Responsible:

Last updated: 16.10.2018
 

1. Basic information on data processing and legal bases

1. This data protection declaration elucidates the purpose and the extent as to which personal data is processed in the course of running this website with all its content, functions, and services. This dec laration applies regardless of the domain, systems, platforms and devices (desktop or mobile) on which the website and its content is accessed.
2. The terminology used in this declaration refers to the definitions stated in Art. 4 GDPR.
3. In the course of running this website, we process inventory data (name, surname), contact data (E-Mail, phone number), as well as content data (entries in contact forms).
4. The term “user” includes users, website visitors, recipients for marketing measures, and other interested parties.
5. We process personal data in compliance with data protection legislation. Accordingly, legal permission (explicit consent) is necessary in order to process data, especially when data processing is a prerequisite for rendering contractual services and taking on business.

2. Security measures

1. We take organizational, contractual and technical state-of-the-art security measures to comply with data protection laws and to secure processed data against manipulation, loss, destruction, or the access of unauthorized persons. 
2. Security measures includes encrypted data transmission between your browser and our server.

3. Transmission of data to third parties

1. Data is only transmitted to third parties within the framework of existing legislation. We only transmit user data to third parties if it is crucial to fulfilling contractual obligations towards the users.
2. Whenever we use subcontractors to provide our services, we take legal precautions as well as technical and organizational measures to ensure the safety of personal data in accordance with the relevant provisions.
3. If, under this declaration, contents, tools, or other means from providers and suppliers other than HKS Systeme GmbH are used (third-party providers), and if these third-party providers are headquartered in a third country, it can be expected that data is transmitted there. Third countries are those where the GDPR is not applicable, which are generally countries outside the EU or the EEC. Data is only transmitted to third countries if the data subject has given consent to the processing of his or her personal data or if there is legal permission.

4. Making contact

1. Making contact with us via E-Mail or by using the contact form, user data will be processed in accordance with Art. 6 sec. 1 lit. b) GDPR in order to reply to any queries.
2. User details can be saved into our customer relationship management system ("CRM System") or any comparable system.
3. We use Microsoft Dynamics CRM, run by Microsoft Deutschland GmbH (Walter-Gropius-Straße 5, 80807 München), for an efficient and quick processing of user requests. We have concluded a contract with Microsoft containing standard contractual clauses, by which Microsoft undertakes to process user data according to our directives and to comply with EU data protection guidelines. Furthermore, Microsoft is privacy shield certified, ensuring the compliance with European data protection laws. (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active)

5. Collecting access data and logfiles

1. Based on our legitimate interests according to Art. 6 sec. 1 lit. f. GDPR, we collect data and create server logfiles that contain each access to the host server running this service, stating the name of the accessed website, as well as date and access time, the quantity of transmitted data, a report on the success of data retrieval, the browser type and version, the user’s operating system, the previously visited website, the IP address and the provider.
2. For safety reasons (e.g. to resolve fraudulent or improper use), logfile information is stored for the maximum of seven days before being deleted, except for data which serve as evidence and therefore must be stored until final clarification.

6. Cookies & range measurement

1. Cookies are files or pieces of information transmitted from our webserver or a third party webserver to the user’s web browser and stored on your computer for future retrieval.
2. This declaration informs users about the use of cookies for the purpose of pseudonymous range measurement.
3. Cookies we use:
   • fe_typo_user: This cookie allows for aggregation of user queries within one session, enabling users to stay logged-in and access all pages that require a login. The cookie is set by TYPO3 content management system.
   • PHPSESSID: This cookie saves your current session with regard to php-applications and thus ensures that all functions of the website that are based on the php programming language can be displayed in their entirety.
   • Matomo
4. If users do not want cookies to be stored on their computers, they are asked to deactivate the associated browser option. Saved cookies can be deleted from the computer via the web browser’s system settings. Disabling cookies can lead to functional limitations of this website and its content.

5. You can opt out from cookies that are meant for range measurement and promotional purposes on the following websites:
   http://optout.networkadvertising.org/
   http://www.aboutads.info/choices
   http://www.youronlinechoices.com/uk/your-ad-choices/

7. Social Media

1. The social media offerings on this website do not use mechanisms that transfer any personal data to social media providers automatically (social plugins).
   Data about your visit on this website (e.g. IP-address, time and date, URL) as well as data stored on your device (e.g. cookies) will only be transferred to the respective providers like YouTube or Facebook by following the links provided on this website.

9. Integration of third-party content and services

1. Based on our legitimate interests according to Art. 6 sec. 1 lit. f. GDPR, we use third-party content and services, such as videos or fonts, on our website. This requires these third parties to detect the user’s IP-address, which is a mandatory requirement for the display of this content on the user’s browser. We strive to only use content from third parties that use the IP-addresses solely to transmit their content to the user’s browser. Besides, third parties can use web-beacons for statistical or marketing purposes. By dint of those web-beacons, information such as the website traffic can be evaluated. Cookies can store the pseudonymous (technical) information about the browser and browser version, the operating system, referring websites, visit times, and other information related to the use of our website, on the user’s device. 
2. Below, you will find an overview of third-party providers and their contents, as well as links that lead to their privacy policies. These policies contain further information about the processing of data and opt-out possibilities
   • Maps from “Google Maps”, provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
   • External Code of the JavaScript-Frameworks “jQuery”, provided by jQuery Foundation, https://jquery.org.
3. We use Google web fonts on this website, which we store on our server in compliance with data protection. Therefore, the fonts are not retrieved from servers run by Google Inc. but from our own servers, which prevents Google from keeping track of your personal browser history.
4. This website contains hyperlinks that refer to the websites of other providers. Following such a hyperlink directs you to another website, indicated by a different URL. We do not have any influence on the data processing of third-party websites and thus cannot take responsibility. Please make sure to find out about the use of your personal data on the respective websites.

10. Users‘ rights

1. On request, users must be given information free of charge about their personal data that have been stored in the course of using our services and visiting our website.
2. Additionally, users have the right to have false data corrected, to restrict processing of their personal data or have it deleted, lay claim to their right of data portability, and to file a complaint with the regulatory authority when assuming illegitimate data processing.
3. Users can revoke consents; revocations have immediate effect.

11. Deletion of data

1. Stored data will be deleted as soon as they are not required any longer for fulfilling their original purpose and if no regulations (such as retention requirements) contradict the deletion. If user data cannot be deleted due to legal requirements (such as tax-based regulations), processing of these data will be restricted and thus not processed for any other purposes.

12. Right of objection

1. Users can opt out from the processing of personal data according to legislation, especially from the processing of these data for direct advertising.

13. Changes to this declaration

1. We reserve the right to change this data protection declaration in order to adapt it to changed legal situations or to changes in data processing. However, this only applies to declarations in terms of data processing. When user consent is mandatory or when parts of the data protection declaration contain provisions of the contractual relationship with the users, these changes can only be made upon users’ approval.
2. The users are kindly asked to acquaint themselves with the content of this data protection declaration on a regular basis.