Data protection
As a controller in accordance with the GDPR, Hennecke GmbH is aware that the protection of your privacy is an important concern for you when using our websites. We take the protection of your personal data very seriously. Therefore, we would like you to know when we process which personal data, in which framework and under which conditions. We would therefore like to inform you with this data privacy policy in accordance with the provisions of the General Data Protection Regulation (GDPR).
Controller
As per Art. 4 No. 7 GDPR, the Controller is
Hennecke GmbH
Birlinghovener Str. 30
53757 Sankt Augustin
Phone.:
0049 (0) 22 41 33 9-0
Fax: 0049 (0) 2241 339 204
info@hennecke.com
www.hennecke.com
Data protection officer
The data protection officer of Hennecke GmbH is to be contacted via the above
address of Hennecke GmbH and by email
privacy@hennecke.com.
Explanations
Personal data is collected by the controller from you (hereinafter also referred to as: "Data subject") and processed only to the extent necessary, expedient and lawful; in the context of this website, data is collected primarily in order to guarantee the functionality of the website and the services offered. More information on the relevant collection and processing can be found below.
In connection with the structure of this website, it must be made clear that the controller not only decides on the purposes and the basic features of the processing of personal data in connection with its own appearance, but is also the controller for Hennecke Inc Polyurethane Technology, Hennecke Machinery Shanghai Ltd, Hennecke México S. der R. l. de C. V., Hennecke Asia Pte. Ltd, OOO Hennecke Polyurethane Technology Russia, Hennecke do Brasil, Hennecke GmbH Korea Branch Office and Hennecke S.R.O. (hereinafter: "the companies").
In practice, this means that the websites of the respective companies differ in terms of content and individual design, but are managed by the same Content Management System. Accordingly, the influence on the content design as well as the administrative arrangement and access authorizations lies with the controller. This means that the following explanations apply in principle, irrespective of whether the actual website of the controller or one of the companies mentioned is accessed; in due course, minor differences will be presented separately.
As a rule, data are deleted as soon as the purpose of data processing/storage has ceased to exist. Data may also be stored if European or German lawmakers specify longer storage periods. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. You will find more information on this in the following.
The host of the Content Management System is Strato AG, Pascalstr. 10, 10587
Berlin, Tel.: 030-300 1460, email
impressum@strato.de. In addition,
reference is made below to the point Storage in the Content Management System
of the controller.
Collection and processing of data
Operation of website; log files
When you visit www.hennecke.com or other sites of the above companies at www. Hennecke.com, the following personal data of the data subject will be collected and stored in a log file:
- Information about the browser type and version used
- The operating system of the data subject
- The Internet service provider of the data subject
- The IP address of the data subject
- Date and time of access
- Websites from which the system of the data subject reaches our website
- Websites accessed by the data subject\'s system via our website
The data is processed or stored in log files in order to ensure the functionality of the website and its convenient usage. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. Administrative aspects are also a basis for processing. An evaluation of the data only takes place in connection with statistical evaluations, whereby the individual user remains anonymous
The legal basis for data processing is Art. 6 par. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection and/or for ensuring the functionality of the website. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If data has been collected for the provision of the website, this occurs after seven days in any case. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the client is no longer possible.
As a rule, there is no legal or contractual obligation to provide this data. If the data are not provided, the provision of a functional website is not possible.
Contact forms; email contact; registration
Description and scope of data processing
Within the framework of our website (and on the websites of the individual companies), several contact forms are available which can be used to make contact electronically. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved. Furthermore, the IP address as well as the date and time of transmission are stored. The data are then transmitted to the respective company which is actually to be contacted. There the further processing of your request takes place. The nature of the data transmitted depends on the information required from the controller, and also on the scope of information decided by the data subject.
In addition, we offer various ways to contact employees or departments of the controller or company by clicking on various e-mail addresses. IP addresses, email addresses, date and time are also transmitted here. In addition, any information you provide will be transmitted.
The data is collected and processed in order to deal with the data subject\'s request.
In addition, your request and/or your personal data is stored in the context of the use of a contact form or the establishment of contact by e-mail in the Content Management System.
The legal basis for the processing of this data is lawful based either on a contract with the data subject as a party to the contract pursuant to Art. 6 par. 1 sentence 1 lit. b) 1st alt. GDPR or based on the implementation of pre-contractual measures with the data subject pursuant to Art. 6 par. 1 sentence 1 lit. b) 2nd alt. GDPR. Processing may also be carried out on the basis of Art. 6 par. 1 sentence 1 lit. f) GDPR if there is a legitimate interest of the controller, for example in the context of customer loyalty. In the context of their economic activity, it is necessary for the controller to engage in customer contact and/or to be available for the customer/interested party.
In any case, the legal basis for storage in the Content Management System is lawful pursuant to Art. 6 par. 1 sentence 1 lit. f) GDPR. The storage is necessary to ensure the infrastructure and functionality of the website and also to secure the website against data breaches etc..
If the processing of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise the data will be deleted when the purpose of processing has been achieved; this may be when a matter has been conclusively settled. In individual cases, legal storage periods must be observed.
As a rule (excluding exceptions), there will be no legal or contractual obligation to provide the relevant data in this way. If you do not provide the data, your eventual request can not be processed electronically.
Establishing contact within the scope of an application
When submitting an application, the application contact form must primarily contain the following personal data:
- Title
- Name and surname
- Street, house number
- Postcode, place of residence
- Email address
- Telephone/mobile phone number
- Attachment uploads for the application process - application documents, CV, similar documents
In addition, the IP address, date and time of sending the documents are stored when the documents are sent.
Note on sensitive data: We expressly draw your attention to the fact that applications, in particular CVs, certificates and other data you submit to us, may contain special categories of personal data on racial or ethnic origin, political opinions, religious or ideological beliefs, membership in a trade union, the processing of genetic or biometric data, health data or on sex life or sexual orientation. However, we would like to point out that we do not need this information in order to process your application. If you nevertheless provide us with such information in your online application, you must give your separate consent for Hennecke GmbH to collect, process and use this data for the purpose of processing your application. Such data will be processed in accordance with this privacy policy and other relevant legislation.
This information is processed in order to assess and process your application. There is in any case no legal or contractual obligation to transmit such data when the application documents are initially sent. Failure to provide the relevant data may result in your application not being considered or being considered in a manner that produces a different result than that which would have been the case if the requested data had been provided.
Your data will be processed by a data processor, namely Talent Soft GmbH, Spichernstr. 6, 50672 Cologne, Tel. 0221 1688030, Email contact.de@talentsoft.com and/or stored and partially processed in the Content Management System. For the Content Management System we refer to storage in the Content Management System of the controller. This processing together with the data processor is necessary as the controller must make use of management systems and host services offered by third parties due to the company structure. The controller maintains data processing contracts in each individual case in order to comply with the provisions of the GDPR. In all other respects, the processing is carried out by the company addressed in each case.
In addition, the legal basis for the processing of data is Art. 6 par. 1 sentence 1 lit. b) in conjunction with Art. 88 GDPR in conjunction with Art. 26 par. 1 (if applicable in conjunction with par. 8 p. 2) BDSG new. In all other respects, the legal basis for consent is Art. 9 par. 2 lit. a) in conjunction with Art. 6 par. 1 sentence 1 lit. a) in conjunction with Art. 7 in conjunction with Art. 88 GDPR in conjunction with Section 26 par. 2 BDSG new.
In accordance with Art. 7 par. 3 sentence 1 GDPR in conjunction with Section 26 par. 2 sentence 4 BDSG new may be revoked at any time. The legality of the data received until revocation is not affected by this. The revocation can be made at the above address or under privacy@hennecke.com.
The data is stored during the application process, depending on the duration of the application process or its outcome. If the application process is successful, the data for the implementation of an employment relationship will continue to be stored. After termination of an employment relationship, the data will continue to be stored in accordance with the statutory retention periods. If the application procedure has a negative outcome, the data will be deleted 5 months after notification of the application result. This storage period follows from a justified interest of the controller to be able to defend himself against legal action by the data subject under labour law, if necessary, Art. 6 par. 1 sentence 1 lit. f) GDPR.
Contact TechCenter
When contacting us through the contact form in the TechCenter, the following information is required
- Company
- Last name
- Country
- Telephone number
The following can be optionally provided
- Name
- Street address
- Message
This personal data is collected in order to enable an answer for the data subject. In addition, the IP address and the date and time of contact are stored.
The legal basis for the processing of this data will be determined in accordance with Art. 6 par. 1 sentence 1 lit. b) 1st alt. GDPR in order to fulfil a contract with the data subject as a party to the contract, or for the implementation of pre-contractual measures with the data subject pursuant to Art. 6 par. 1 sentence 1 lit. b) 2nd alt. GDPR. In addition, processing may take place on the basis of Art. 6 par. 1 sentence 1 lit. f) GDPR if the controller has a legitimate interest, for example in the context of customer loyalty or orderly business operations.
If the processing of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise, the data will be deleted when the purpose of the processing has been achieved; in individual cases, legal storage periods must be observed.
There is no legal obligation to provide personal data. In individual cases, contractual obligations may exist, so that the data subject could suffer economic and/or legal disadvantages if they are not made available. This must be assessed on a case-by-case basis.
Registration TechCenter
The following information must be provided when registering for the TechCenter:
- Company
- Name and surname
- Country
- Phone/mobile phone
- Task or end product concerned
- Aim of the experiments
- Information on raw material system and manufacturer
- Sending additional data sheets, if necessary
In addition, the IP address and the date and time of dispatch are also stored. These data are processed on the basis of the respective request and/or to enable the best possible response to the data subject\'s request.
The legal basis for the processing of this data will be determined in accordance with Art. 6 par. 1 sentence 1 lit. b) 1st alt. GDPR in order to fulfil a contract with the data subject as a party to the contract, or for the implementation of pre-contractual measures with the data subject pursuant to Art. 6 par. 1 sentence 1 lit. b) 2nd alt. GDPR. In addition, processing may take place on the basis of Art. 6 par. 1 sentence 1 lit. f) GDPR if the controller has a legitimate interest, for example in the context of customer loyalty or for reasons of goodwill.
If the processing of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise, the data will be deleted when the purpose of the processing has finally been achieved; in individual cases, legal deadlines must be observed.
There is no legal obligation to provide personal data. In individual cases, contractual obligations may exist, so that the data subject could suffer economic and/or legal disadvantages if they are not made available. This must be assessed on a case-by-case basis.
Contact 360° Service
As part of the 360° service, the following information must be provided, among other things:
- Company
- Last name
- Country
- Telephone number
The following can also be optionally provided:
- Name
- Address
- Message
In addition, the IP address and the date and time of dispatch are also stored. This personal data is collected to enable the best possible response to the data subject\'s request.
The legal basis for the processing of this data will be determined in accordance with Art. 6 par. 1 sentence 1 lit. b) 1st alt. GDPR in order to fulfil a contract with the data subject as a party to the contract, or for the implementation of pre-contractual measures with the data subject pursuant to Art. 6 par. 1 sentence 1 lit. b) 2nd alt. GDPR. In addition, processing may take place on the basis of Art. 6 par. 1 sentence 1 lit. f) GDPR if the controller has a legitimate interest, for example in the context of customer loyalty or for reasons of goodwill.
If the processing of the concern of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise, the data will be deleted when the purpose of the processing has finally been achieved; in individual cases, legal deadlines must be observed.
There is no legal obligation to provide personal data. In individual cases, contractual obligations may exist, so that the data subject could suffer economic and/or legal disadvantages if they are not made available. This must be assessed on a case-by-case basis.
Registration/use of 360° service portal
Individual beneficiaries are given the opportunity to log in to 360° and take advantage of the benefits and information available there. For this purpose, the data subject must be provided with a login ID and a password must be generated by the data subject. The data is stored so that the data subject can log on to the service portal at any time. Further data from the data subject must be stored there.
During use, the IP address and time/date of the login and logout are also recorded in a log file.
The legal basis for the processing of this data will be determined in accordance with Art. 6 par. 1 sentence 1 lit. b) 1st alt. GDPR in order to fulfil a contract with the data subject as a party to the contract, or for the implementation of pre-contractual measures with the data subject pursuant to Art. 6 par. 1 sentence 1 lit. b) 2nd alt. GDPR. In addition, processing may take place on the basis of Art. 6 par. 1 sentence 1 lit. f) GDPR if the controller has a legitimate interest, for example in the context of customer loyalty or for issues of goodwill/service.
The data will be deleted once the data subject ceases to use the portal by deregistering. In individual cases, statutory storage periods may conflict with this.
There is no legal obligation to provide personal data. In individual cases, contractual obligations may exist, so that the data subject could suffer economic and/or legal disadvantages if they are not made available. This must be discussed on a case-by-case basis.
Registration for events
In individual cases, registration for events is offered. In this context, personal data is requested from the data subject individually. The data requested will only have the scope necessary to enable the data subject to participate in the event. If the relevant data are not provided, participation in the event may be denied by the organizer. In addition to this data, the IP address and the date and time of registration are stored.
The data are to be passed on regularly by the controller or a company to the respective organizer. The data may be transferred to a third country. Even if there may not be an adequate level of security in this state, a corresponding transmission of data is permissible pursuant to Art. 49 par. 1 sentence 1 lit. c) GDPR.
In all other respects, the collection and processing of data is based on the consent of the data subject pursuant to Art. 6 par. 1 sentence 1 lit. a) in conjunction with. Art. 7 GDPR.
The data will only be stored until the event is over.
Storage in the Content Management System of the controller
The controller uses a Content Management System, which in turn is hosted and maintained by a contract processor (see also Explanations). In other words, this Content Management System is a management program for operating and maintaining the website and the websites of the companies, the contact forms, the services, etc. All of the above-mentioned and represented personal processing procedures are additionally transferred into this Content Management System and stored there. This storage and/or the processing operations associated with the Content Management System serve the purpose, among other things, of ensuring the security of your personal data and acting as a backup. Within the scope of data processing, there is an order processing contract which specifies, among other things, sufficient technical and organizational measures.
Furthermore, the storage of personal data in the Content Management System is also technically necessary in order to operate the online content and the services offered.
Accordingly, processing in connection with the Content Management System is based on Art. 6 par. 1 sentence 1 lit. f) GDPR in order to guarantee the functionality of the web services and to be able to offer the services to the data subject. A corresponding order processing contract exists with the data processor pursuant to Art. 28 par. 3 sentence 1 GDPR.
Personal data is stored in the Content Management System for 5 weeks. A backup of the data is then made, which is stored securely and encrypted. This backup exists for another 5 weeks until a new backup is pulled from the Content Management System. For the preparation of the backup Art. 6 par. 1 sentence 1 f) GDPR is decisive for the reasons mentioned above.
There is no legal obligation to provide personal data. In individual cases,
contractual obligations may exist, so that the data subject could suffer
economic and/or legal disadvantages if they are not made available. This must
be assessed on a case-by-case basis. Failure to provide personal data in the
Content Management System could mean that your requests may not be processed
and/or the use of the website may be disrupted.
Analysis tools
Matomo
This website uses the open-source web analysis service Matomo.
Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
IP anonymization
For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.
Analysis without cookies
We have configured Matomo in such a way that Matomo will not store cookies in your browser.
Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
Rights of the data subject
You have the following rights under the GDPR: You can
-
request information about your personal data processed by us in accordance
with Art. 15 GDPR. In particular, you can request information on
- the processing purposes,
- the category of personal data,
- the categories of recipients to whom your information has been or will be disclosed,
- the planned storage period,
- the existence of a right to rectification, erasure, restriction of processing or the right to object,
- the existence of a right of appeal,
- the origin of your data, unless it was collected by us,
- and the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details
- immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR;
- request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, request the restriction of the processing of your personal data if you dispute the accuracy of the data, or if the processing is unlawful and you oppose erasure of the data, if we no longer require the data, but you require them to assert, exercise or defend legal claims or if you have filed an objection to the processing pursuant to Art. 21 GDPR;
- obtain your personal data, which you have provided to us, in a structured, current and machine-readable format in accordance with Art. 20 GDPR or request its transfer to another controller;
- as per Art. 7 par. 3 GDPR, withdraw at any time the consent given to us once, with the consequence that we may not continue with the data processing, which was based on this consent, in the future;
- complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office.
- withdraw your consent at any time, e.g. as per Art. 7 par. 1, 9 par. 2 lit. a) GDPR or Section 26 par. 2 sentence 1 BDSG pursuant to Art. 7 par. 3 sentence 1 GDPR.
Right to object of the data subject
If your data are processed on the basis of legitimate interests pursuant to Art. 6 par. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing for reasons arising from the particular situation pursuant to Art. 21 par. 1 sentence 1 GDPR. Your personal data will no longer be processed in such a case, unless the data controller can provide compelling reasons to protect the processing, which outweigh your interests, rights and freedoms; the same applies if the processing serves to assert, exercise or defend legal claims, Art. 21 par. 1 sentence 2 GDPR.
Please make contact using the above addresses.
Safety
Hennecke uses technical and organizational security measures to protect your
data from accidental or intentional manipulation, loss, destruction or access
by unauthorized persons. In the case of the collection and processing of
personal data, the information is transmitted in encrypted form to prevent
misuse of the data by third parties. Our security measures are continuously
revised in line with technological developments. Currently we use an SSL
procedure during the website visit, which is secured by an RSA encryption with
2048 bits.
Validity
This data privacy policy is valid from 25th May 2018.