Data protection

As a controller in accordance with the GDPR, Hennecke GmbH is aware that the protection of your privacy is an important concern for you when using our websites. We take the protection of your personal data very seriously. Therefore, we would like you to know when we process which personal data, in which framework and under which conditions. We would therefore like to inform you with this data privacy policy in accordance with the provisions of the General Data Protection Regulation (GDPR).

Controller

As per Art. 4 No. 7 GDPR, the Controller is

Hennecke GmbH
Birlinghovener Str. 30
53757 Sankt Augustin
Phone.: 0049 (0) 22 41 33 9-0
Fax: 0049 (0) 2241 339 204
info@hennecke.com
www.hennecke.com

Data protection officer

The data protection officer of Hennecke GmbH is to be contacted via the above address of Hennecke GmbH and by email privacy@hennecke.com.

Explanations

Personal data is collected by the controller from you (hereinafter also referred to as: "Data subject") and processed only to the extent necessary, expedient and lawful; in the context of this website, data is collected primarily in order to guarantee the functionality of the website and the services offered. More information on the relevant collection and processing can be found below.

In connection with the structure of this website, it must be made clear that the controller not only decides on the purposes and the basic features of the processing of personal data in connection with its own appearance, but is also the controller for Hennecke Inc Polyurethane Technology, Hennecke Machinery Shanghai Ltd, Hennecke México S. der R. l. de C. V., Hennecke Asia Pte. Ltd, OOO Hennecke Polyurethane Technology Russia, Hennecke do Brasil, Hennecke GmbH Korea Branch Office and Hennecke S.R.O. (hereinafter: "the companies").

In practice, this means that the websites of the respective companies differ in terms of content and individual design, but are managed by the same Content Management System. Accordingly, the influence on the content design as well as the administrative arrangement and access authorizations lies with the controller. This means that the following explanations apply in principle, irrespective of whether the actual website of the controller or one of the companies mentioned is accessed; in due course, minor differences will be presented separately.

As a rule, data are deleted as soon as the purpose of data processing/storage has ceased to exist. Data may also be stored if European or German lawmakers specify longer storage periods. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. You will find more information on this in the following.

The host of the Content Management System is Strato AG, Pascalstr. 10, 10587 Berlin, Tel.: 030-300 1460, email impressum@strato.de. In addition, reference is made below to the point Storage in the Content Management System of the controller.

Collection and processing of data

Operation of website; log files

When you visit www.hennecke.com or other sites of the above companies at www. Hennecke.com, the following personal data of the data subject will be collected and stored in a log file:

Information about the browser type and version used
The operating system of the data subject
The Internet service provider of the data subject
The IP address of the data subject
Date and time of access
Websites from which the system of the data subject reaches our website
Websites accessed by the data subject\'s system via our website

The data is processed or stored in log files in order to ensure the functionality of the website and its convenient usage. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. Administrative aspects are also a basis for processing. An evaluation of the data only takes place in connection with statistical evaluations, whereby the individual user remains anonymous

The legal basis for data processing is Art. 6 par. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection and/or for ensuring the functionality of the website. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If data has been collected for the provision of the website, this occurs after seven days in any case. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the client is no longer possible.

As a rule, there is no legal or contractual obligation to provide this data. If the data are not provided, the provision of a functional website is not possible.

Contact forms; email contact; registration

Description and scope of data processing

Within the framework of our website (and on the websites of the individual companies), several contact forms are available which can be used to make contact electronically. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved. Furthermore, the IP address as well as the date and time of transmission are stored. The data are then transmitted to the respective company which is actually to be contacted. There the further processing of your request takes place. The nature of the data transmitted depends on the information required from the controller, and also on the scope of information decided by the data subject.

In addition, we offer various ways to contact employees or departments of the controller or company by clicking on various e-mail addresses. IP addresses, email addresses, date and time are also transmitted here. In addition, any information you provide will be transmitted.

The data is collected and processed in order to deal with the data subject\'s request.

In addition, your request and/or your personal data is stored in the context of the use of a contact form or the establishment of contact by e-mail in the Content Management System.

The legal basis for the processing of this data is lawful based either on a contract with the data subject as a party to the contract pursuant to Art. 6 par. 1 sentence 1 lit. b) 1st alt. GDPR or based on the implementation of pre-contractual measures with the data subject pursuant to Art. 6 par. 1 sentence 1 lit. b) 2nd alt. GDPR. Processing may also be carried out on the basis of Art. 6 par. 1 sentence 1 lit. f) GDPR if there is a legitimate interest of the controller, for example in the context of customer loyalty. In the context of their economic activity, it is necessary for the controller to engage in customer contact and/or to be available for the customer/interested party.

In any case, the legal basis for storage in the Content Management System is lawful pursuant to Art. 6 par. 1 sentence 1 lit. f) GDPR. The storage is necessary to ensure the infrastructure and functionality of the website and also to secure the website against data breaches etc..

If the processing of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise the data will be deleted when the purpose of processing has been achieved; this may be when a matter has been conclusively settled. In individual cases, legal storage periods must be observed.

As a rule (excluding exceptions), there will be no legal or contractual obligation to provide the relevant data in this way. If you do not provide the data, your eventual request can not be processed electronically.

Establishing contact within the scope of an application

When submitting an application, the application contact form must primarily contain the following personal data:

Title
Name and surname
Street, house number
Postcode, place of residence
Email address
Telephone/mobile phone number
Attachment uploads for the application process - application documents, CV, similar documents

In addition, the IP address, date and time of sending the documents are stored when the documents are sent.

Note on sensitive data: We expressly draw your attention to the fact that applications, in particular CVs, certificates and other data you submit to us, may contain special categories of personal data on racial or ethnic origin, political opinions, religious or ideological beliefs, membership in a trade union, the processing of genetic or biometric data, health data or on sex life or sexual orientation. However, we would like to point out that we do not need this information in order to process your application. If you nevertheless provide us with such information in your online application, you must give your separate consent for Hennecke GmbH to collect, process and use this data for the purpose of processing your application. Such data will be processed in accordance with this privacy policy and other relevant legislation.

This information is processed in order to assess and process your application. There is in any case no legal or contractual obligation to transmit such data when the application documents are initially sent. Failure to provide the relevant data may result in your application not being considered or being considered in a manner that produces a different result than that which would have been the case if the requested data had been provided.

Your data will be processed by a data processor, namely Talent Soft GmbH, Spichernstr. 6, 50672 Cologne, Tel. 0221 1688030, Email contact.de@talentsoft.com and/or stored and partially processed in the Content Management System. For the Content Management System we refer to storage in the Content Management System of the controller. This processing together with the data processor is necessary as the controller must make use of management systems and host services offered by third parties due to the company structure. The controller maintains data processing contracts in each individual case in order to comply with the provisions of the GDPR. In all other respects, the processing is carried out by the company addressed in each case.

In addition, the legal basis for the processing of data is Art. 6 par. 1 sentence 1 lit. b) in conjunction with Art. 88 GDPR in conjunction with Art. 26 par. 1 (if applicable in conjunction with par. 8 p. 2) BDSG new. In all other respects, the legal basis for consent is Art. 9 par. 2 lit. a) in conjunction with Art. 6 par. 1 sentence 1 lit. a) in conjunction with Art. 7 in conjunction with Art. 88 GDPR in conjunction with Section 26 par. 2 BDSG new.

In accordance with Art. 7 par. 3 sentence 1 GDPR in conjunction with Section 26 par. 2 sentence 4 BDSG new may be revoked at any time. The legality of the data received until revocation is not affected by this. The revocation can be made at the above address or under privacy@hennecke.com.

The data is stored during the application process, depending on the duration of the application process or its outcome. If the application process is successful, the data for the implementation of an employment relationship will continue to be stored. After termination of an employment relationship, the data will continue to be stored in accordance with the statutory retention periods. If the application procedure has a negative outcome, the data will be deleted 5 months after notification of the application result. This storage period follows from a justified interest of the controller to be able to defend himself against legal action by the data subject under labour law, if necessary, Art. 6 par. 1 sentence 1 lit. f) GDPR.

Contact TechCenter

When contacting us through the contact form in the TechCenter, the following information is required

Company
Last name
Country
Email
Telephone number

The following can be optionally provided

Name
Street address
Message

This personal data is collected in order to enable an answer for the data subject. In addition, the IP address and the date and time of contact are stored.

The legal basis for the processing of this data will be determined in accordance with Art. 6 par. 1 sentence 1 lit. b) 1st alt. GDPR in order to fulfil a contract with the data subject as a party to the contract, or for the implementation of pre-contractual measures with the data subject pursuant to Art. 6 par. 1 sentence 1 lit. b) 2nd alt. GDPR. In addition, processing may take place on the basis of Art. 6 par. 1 sentence 1 lit. f) GDPR if the controller has a legitimate interest, for example in the context of customer loyalty or orderly business operations.

If the processing of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise, the data will be deleted when the purpose of the processing has been achieved; in individual cases, legal storage periods must be observed.

Registration TechCenter

The following information must be provided when registering for the TechCenter:

Company
Name and surname
Country
Email
Phone/mobile phone
Task or end product concerned
Aim of the experiments
Information on raw material system and manufacturer
Sending additional data sheets, if necessary

In addition, the IP address and the date and time of dispatch are also stored. These data are processed on the basis of the respective request and/or to enable the best possible response to the data subject\'s request.

If the processing of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise, the data will be deleted when the purpose of the processing has finally been achieved; in individual cases, legal deadlines must be observed.

Contact 360° Service

As part of the 360° service, the following information must be provided, among other things:

Company
Last name
Country
Email
Telephone number

The following can also be optionally provided:

Name
Address
Message

In addition, the IP address and the date and time of dispatch are also stored. This personal data is collected to enable the best possible response to the data subject\'s request.

If the processing of the concern of the data subject\'s request is related to an existing contract with the data subject, the storage period will normally be based on this existing contract. Otherwise, the data will be deleted when the purpose of the processing has finally been achieved; in individual cases, legal deadlines must be observed.

Registration/use of 360° service portal

Individual beneficiaries are given the opportunity to log in to 360° and take advantage of the benefits and information available there. For this purpose, the data subject must be provided with a login ID and a password must be generated by the data subject. The data is stored so that the data subject can log on to the service portal at any time. Further data from the data subject must be stored there.

During use, the IP address and time/date of the login and logout are also recorded in a log file.

The data will be deleted once the data subject ceases to use the portal by deregistering. In individual cases, statutory storage periods may conflict with this.

Registration for events

In individual cases, registration for events is offered. In this context, personal data is requested from the data subject individually. The data requested will only have the scope necessary to enable the data subject to participate in the event. If the relevant data are not provided, participation in the event may be denied by the organizer. In addition to this data, the IP address and the date and time of registration are stored.

The data are to be passed on regularly by the controller or a company to the respective organizer. The data may be transferred to a third country. Even if there may not be an adequate level of security in this state, a corresponding transmission of data is permissible pursuant to Art. 49 par. 1 sentence 1 lit. c) GDPR.

In all other respects, the collection and processing of data is based on the consent of the data subject pursuant to Art. 6 par. 1 sentence 1 lit. a) in conjunction with. Art. 7 GDPR.

The data will only be stored until the event is over.

Storage in the Content Management System of the controller

The controller uses a Content Management System, which in turn is hosted and maintained by a contract processor (see also Explanations). In other words, this Content Management System is a management program for operating and maintaining the website and the websites of the companies, the contact forms, the services, etc. All of the above-mentioned and represented personal processing procedures are additionally transferred into this Content Management System and stored there. This storage and/or the processing operations associated with the Content Management System serve the purpose, among other things, of ensuring the security of your personal data and acting as a backup. Within the scope of data processing, there is an order processing contract which specifies, among other things, sufficient technical and organizational measures.

Furthermore, the storage of personal data in the Content Management System is also technically necessary in order to operate the online content and the services offered.

Accordingly, processing in connection with the Content Management System is based on Art. 6 par. 1 sentence 1 lit. f) GDPR in order to guarantee the functionality of the web services and to be able to offer the services to the data subject. A corresponding order processing contract exists with the data processor pursuant to Art. 28 par. 3 sentence 1 GDPR.

Personal data is stored in the Content Management System for 5 weeks. A backup of the data is then made, which is stored securely and encrypted. This backup exists for another 5 weeks until a new backup is pulled from the Content Management System. For the preparation of the backup Art. 6 par. 1 sentence 1 f) GDPR is decisive for the reasons mentioned above.

There is no legal obligation to provide personal data. In individual cases, contractual obligations may exist, so that the data subject could suffer economic and/or legal disadvantages if they are not made available. This must be assessed on a case-by-case basis. Failure to provide personal data in the Content Management System could mean that your requests may not be processed and/or the use of the website may be disrupted.

Analysis tools

Matomo

This website uses the open-source web analysis service Matomo.

Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

IP anonymization

For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.

Analysis without cookies

We have configured Matomo in such a way that Matomo will not store cookies in your browser.

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

Rights of the data subject

You have the following rights under the GDPR: You can

request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information on
- the processing purposes,
- the category of personal data,
- the categories of recipients to whom your information has been or will be disclosed,
- the planned storage period,
- the existence of a right to rectification, erasure, restriction of processing or the right to object,
- the existence of a right of appeal,
- the origin of your data, unless it was collected by us,
- and the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details
immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR;
request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
pursuant to Art. 18 GDPR, request the restriction of the processing of your personal data if you dispute the accuracy of the data, or if the processing is unlawful and you oppose erasure of the data, if we no longer require the data, but you require them to assert, exercise or defend legal claims or if you have filed an objection to the processing pursuant to Art. 21 GDPR;
obtain your personal data, which you have provided to us, in a structured, current and machine-readable format in accordance with Art. 20 GDPR or request its transfer to another controller;
as per Art. 7 par. 3 GDPR, withdraw at any time the consent given to us once, with the consequence that we may not continue with the data processing, which was based on this consent, in the future;
complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office.
withdraw your consent at any time, e.g. as per Art. 7 par. 1, 9 par. 2 lit. a) GDPR or Section 26 par. 2 sentence 1 BDSG pursuant to Art. 7 par. 3 sentence 1 GDPR.

Right to object of the data subject

If your data are processed on the basis of legitimate interests pursuant to Art. 6 par. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing for reasons arising from the particular situation pursuant to Art. 21 par. 1 sentence 1 GDPR. Your personal data will no longer be processed in such a case, unless the data controller can provide compelling reasons to protect the processing, which outweigh your interests, rights and freedoms; the same applies if the processing serves to assert, exercise or defend legal claims, Art. 21 par. 1 sentence 2 GDPR.

Please make contact using the above addresses.

Safety

Hennecke uses technical and organizational security measures to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. In the case of the collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments. Currently we use an SSL procedure during the website visit, which is secured by an RSA encryption with 2048 bits.

Validity

This data privacy policy is valid from 25th May 2018.