Data protection statement

Version dated 20.04.2021

0
1. Data protection on HSM websites

HSM GmbH + Co. KG (further legal information in the imprint) is the responsible data protection entity for this website. HSM GmbH + Co. KG (hereinafter referred to as "HSM") takes the protection of your personal data very seriously. This data protection statement is intended to inform you of the personal data we collect from you when using our website and the purposes for which we process and use it.

The data protection statement is structured in a modular way in order to help you search for information.

In our privacy policy we use terms and definitions of the European General Data Protection Regulation GDPR, in particular Article 4 GDPR. Pursuant to this regulation, we are the "controller" and you are the "data subject". Data that relates directly or indirectly to you is "personal data". When we talk about your "data" in the broader context of this privacy policy, we generally mean data that relates directly or indirectly to you as a natural person. This includes for example, name, address, telephone number, the company you work for, e-mail address, and any other information you enter in the forms on our website.

You can of course, visit our website, without giving any details about yourself. Even when using our website, data is collected and processed, but without reference to your person. For more information, see the web service, cookies and web analysis log files.

HSM reserves the right to adapt the data protection statement to changed legal provisions and regulations at any time.

Please keep up to date with changes to the data protection statement by clicking on the relevant link on our website.

For general queries about our website, please contact us directly: Tel: +49 7554 2100-0 or e-mail: webmaster@hsm.eu .

General information, in particular our transparency information regarding the processing of personal data by HSM GmbH + Co. KG is included in its own section within this Privacy Policy.

2. Web service log files

When you visit our web pages our servers store by default various access data in an electronic log file. This data includes the IP address used by you to access the site, the website from which you are visiting us, our webpages you visit, the date and time of your page view and the length of the visit. This data is captured fully automatically and only used for error analysis and the technical improvement of our web service. Recipients of this data are HSM IT and, where necessary, IT service providers representing HSM. The legal basis for this processing is our legitimate interest [Art.6 (1) lit. f. GDPR] in continuing to operate our web pages in accordance with standard procedures. The log file data is automatically overwritten after no more than one month. Other data processing operations performed when you access our website include our use of cookies and our analysis of usage data from your visit to our web pages. These processing operations are described in this privacy policy in separate sections.

3. Our use of cookies

Our website uses cookies. These are small text files that we (our web server) places on your computer. We use cookies to personalise content and ads, provide social media features and analyse the use of our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may amalgamate this information with other data that you have provided to them or that they have collected within the scope of your use of the services.

Our website uses different types of cookies. Some cookies are placed by third parties who display content on our site. A so-called cookie manager is implemented on our website; The cookie manager enables you to select which category of cookies you want to allow. It also informs you about the type and purpose of each cookie we use and helps you with your selection.

In accordance with data protection regulations, we may store cookies on your device if they are absolutely necessary for the operation of this website.

Cookies requiring consent

However, we need your consent for all other types of cookies:

  • Cookies from the “preferences” category are designed to improve or facilitate your use of our website. For example, such a cookie can manage the settings for the best possible playing of videos on your device.
  • Cookies from the “Statistics” category allow us to analyse your usage behaviour on our website and to summarise this data together with the usage data of other users of our website in statistics. It is at no time possible for us to link usage data to a specific person.
    For more information on this, see section 4 “Google Analytics” of this privacy policy.
  • Cookies from the “Marketing” category enable us to display targeted online advertising to selected groups of users of our website. At no time is a reference made to an identifiable person in doing so. If the advertising function is activated, Google Analytics collects further access data via Google cookies for ad preferences and identifiers in addition to the data collected for statistics in the standard implementation of Google Analytics.

Cookies in the marketing category enable us, via so-called “conversion tracking”, to determine whether you react to one of our pop-up ads, by clicking on it in order to be redirected to the appropriate product page. See section 5 of this privacy policy “Online marketing and conversion tracking”.

  • As the cookies in the “marketing” category require your user behaviour to be evaluated by means of cookies in the “statistics” category, our target-oriented online marketing can only take place if you have consented to the use of both categories. Accordingly, the so-called Google Tag Manager, Facebook Pixel and LinkedIn Insight Tag only become active if you consent to both categories.

If you have made specific cookie settings and then click on the “Allow cookies” button, your selection will be stored as corresponding cookies. If your selection includes the category “Statistics” and/or “Marketing”, you also consent to our use of tools for the creation of usage statistics and for target group-oriented online marketing. For more information on this, see sections 4 and 5 of this privacy policy.

You can change or revoke your consent at any time via the links below:

Change/revoke your consent

4. Analysis of the use of our web pages with Google Analytics

On the legal basis of your consent given in the Cookie Manager on the use of cookies for the analysis of the use of our web services for the creation of usage statistics, our website uses Google Analytics, a web analytics service of Google Inc. (“Google”). Google Analytics uses so-called "cookies", text files that are stored on your computer and help to analyse your use of the website. The information generated by the cookies _ga and _gid about your use of our website (including your IP address) is usually transmitted and saved on a Google server in the USA. However, if IP anonymisation is activated on this website, your Google IP address is abbreviated within Member States of the European Union or in other countries party to the agreement on the European Economic Area. Only in exceptional circumstances will the entire IP address be transmitted to a Google server in the USA and abbreviated there. The owner of this website will authorise Google to use this information to evaluate your use of the website, to compile reports about your website activities and to provide website-use and Internet-use-related services to the website owner. The IP address communicated by your browser while using Google Analytics will not be stored with other Google data.


Click on this link for further information about how Google uses data when websites and apps of Google partners are used https://policies.google.com/privacy/partners?hl=de

Possibility to object by revoking your consent

You can revoke your consent at any time by changing your cookie selection in the Cookie Manager. To do so, please use the links in section 3. “Our use of cookies” in this privacy policy.

Alternatively you can prevent Google from recording the cookie-generated data about how you use the website (including your IP address) and Google’s processing of this data, by clicking on the following link (http://tools.google.com/dlpage/gaoptout?hl=de) to download and install the browser plug-in.

5. Online Marketing and Conversion Tracking

5.1 Use of Google AdServices Conversion Tracking

On the legal basis of your consent given via the cookie-manager to the use of cookies for your participation in target group oriented online-marketing, we are using the online advertisement programme, “Google Ads“ and within Google Ads, the Enhanced Conversion-Tracking. These services are provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google“).

Google AdServices Conversion / Remarketing

Our website uses cookies. These are small text files which your web browser stores on your terminal device. Cookies help us to make our website more user friendly, more effective and more secure. We also use these to track your preferences and provide you with advertising and offers tailored to your interests. Analysis cookies are only used if you have consented to the activation of these cookies in accordance with Article 6 paragraph 1 a) GDPR.

When you click on an advertisement provided by Google, a Conversion-Tracking cookie is stored on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain internet pages on our website and the cookie is still valid, Google and we recognize that you have clicked on the advertisement and were re-directed to this page. Each Google Ads customer receives a different cookie. There is therefore no possibility that cookies can be tracked via the websites of Ads customers.

The information which is obtained using the conversion cookie serves to generate conversion statistics for AdWords customers who have elected to use conversion tracking. The customers are informed about the total number of users who clicked on their advertisement and were re-directed to a page containing a conversion tracking tag. They do not, however, receive any information which can personally identify the users.

During the use of Google AdServices, the following data are collected and transmitted to Google in the USA: data regarding the device and browser (hostname, browser type, referrer, language), IP-address as well as the respective user interaction on our website as well as other websites on which our advertisements are shown (e.g. which page a user calls up, which products a user selects and purchases, on which advertisement a user clicks. In addition, the cookie is used to give the user a random, pseudo-ID to which the previously mentioned information is assigned. 

 

Google Enhanced Conversion Tracking

The goal of the Enhanced Conversion Tracking is to use the information which you input into our website (after you have clicked on one of our advertisements and then bought something or requested information) for improved, targeted online-marketing. Enhanced Conversion Tracking only works if you are logged into your Google account whilst using our website.

We determine which of the information and data you have input are to be used for this. Currently, it is your e-mail address and the product in which you are interested. These data are captured by a so-called conversion tag, then hashed and sent to Google. The hashing of the initial supplier data before it is sent to Google Ads guarantees data protection, since personal data such as your email address (in this case) is converted into a hashed/pseudonymized (SHA256) character sequence. The hashed data are compared with the Google hashed user data. If they match, the conversion of your Google account is reported.

Opt-Out by withdrawing your Consent

You can withdraw your consent to Online-Marketing and Conversion Tracking at any time by changing your cookie options in the cookie manager. Please use the links given in Section 3 of this data protection agreement “Our use of Cookies”. 

Moreover, Google offers you the possibility of downloading and installing a browser add-on to deactivate Google Analytics. This can be found here: https://tools.google.com/dlpage/gaoptout?hl=en

Information on data protection in Google Ads can be found at: https://policies.google.com/privacy

 

5.2 Use of Facebook Pixel

As the legal basis for your consent to the use of cookies, given in the cookie manager, for your participation in target-group oriented online marketing, we use the tracking plugin “Facebook Pixel”. Tracking with Facebook Pixel is cross-platform, i.e. it enables us to determine whether you have accessed our portal via a Facebook page and which marketing-relevant activities you engage in on our page.

Facebook also processes your user data in its own business interest. Accordingly both we, HSM GmbH + Co. KG, and Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, are responsible for the processing of your data on our page.

If you are a registered Facebook user or are logged into your Facebook account but want to prevent Facebook from linking data collected when you visit our site to your account, you must deactivate Facebook’s “stay logged in” function or unsubscribe from your Facebook account.

Which information Facebook collects for its own purposes and how this is used is described in general form in its privacy policy. There you will find information about how to contact Facebook and how to place adverts. Facebook’s privacy policy contains further information about data processing and is available to every user under the following link:

https://de-de.facebook.com/about/privacy

You will find Facebook’s full privacy policy here:

https://de-de.facebook.com/full_data_use_policy. However, this document is available only if you have logged into your Facebook account.

Right of objection by withdrawal of consent

You can withdraw your consent to online marketing and conversion tracking at any time by changing your cookie preferences in the cookie manager. To do this, please use the links in section 3 of this privacy policy “Our use of cookies”.

 

5.3 Use of LinkedIn Insight Tag

As the legal basis for your consent to the use of cookies, given in the cookie manager, for your participation in target-oriented online marketing, we use the tracking plugin “LinkedIn Insight Tag. LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, uses this to record the effectiveness of adverts on its members. LinkedIn does not make any personal data available to us, but provides reports for statistical and market research purposes, summarised according to industry, job title, company size, career level and location. The members’ direct identifiers are anonymised by LinkedIn within seven days and the data is deleted by LinkedIn after 90 days.

You will find information about data protection at LinkedIn in LinkedIn’s privacy policy under https://www.linkedin.com/legal/privacy-policy


Right of objection by withdrawal of consent

You can withdraw your consent to online marketing and conversion tracking at any time by changing your cookie preferences in the cookie manager. To do this, please use the links in section 3 of this privacy policy “Our use of cookies”.

 

5.4 Use of Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.

6. Newsletter

You receive an electronic newsletter from us because when you sent us a newsletter subscription request form you gave us your consent pursuant to Art. 6 (1) (a) GDPR for the use of your e-mail address for this purpose and confirmed this subscription with a so-called double opt-in. Further information on the newsletter form is obligatory and will be used to address you personally.

Withdrawal of consent

Consent can be withdrawn at any time by unsubscribing from the newsletter. You will find a link to the cancellation at the end of each newsletter. You can also unsubscribe from the newsletter by contacting us directly.

To enable us to send you offers and information, your click behaviour in relation to the newsletter will be tracked. This includes which newsletter you have opened and how often, or how often you have clicked on links to our products or other information in a newsletter. Analysing click behaviour enables us to continually improve the newsletter and adapt it to the interests of our customers. For the analysis the usage data is anonymised by means of merging, so that it is no longer possible to establish a connection between the data collected and a particular e-mail address. Your personal click behaviour is therefore unknown to us.

Opt-out of analysis

However, you can opt out of the analysis by unsubscribing from the newsletter. The legal basis for our usage analysis of click behaviour is our legitimate interest [Art.6 (1) lit. f. GDPR] in making the newsletter content relevant to our readers.

7. Processing of personal data on our website and in HSM’s systems

In the following section we will explain the processing of data acquired by us through the website and, where applicable, processing in other systems. The legal bases for the processing of personal data differ between a private person, who enters or has a contractual relationship in their own interest (e.g. as the end customer, user), and a person who is acting on behalf of their company when entering or implementing a business relationship with us (e.g. as the contact person with particular responsibilities).

Processing of data on our website and in our systems concerns primarily contact persons of our commercial customers. In this case, the legal basis of the processing is our legitimate interest in communicating with you as the contact person of our customer. In order for private persons to use the corresponding web functions, the legal principles are stated explicitly below. See also the section Transparency Information on the processing of personal data by HSM GmbH + Co. KG.

General inquiries via our contact form

• Purpose of processing

We will record your name and address so that we know who is contacting us and the nature of the enquiry.

The e-mail address is mandatory, because we need it, depending on the subject matter of your enquiry, in order to process your request. Beyond this, there is no further use of the data.

The telephone number is obligatory because we use it, depending on the subject matter of your enquiry, in order to process your request, especially if you have provided information for a call back in the date and time boxes. Beyond this, there is no further use of the data.

The legal basis for processing your personal data is Art. 6 (1)(b) GDPR, “Contractual and pre-contractual purposes”.

• Storage, duration of storage

On the basis of our legitimate interest in having the best possible communication with our customers, your inquiries and your personal data will be stored in our CRM so that a reference can be created in case of further contact from you.

If you are not a customer of HSM and the subject matter of your contact is of a general nature (e.g. information about our products), your personal data will be deleted at the end of the calendar year after the last contact was made.

If you are not a customer of HSM and if your request may be used to initiate a business relationship (e.g. price information), your personal data will be deleted at the end of the second calendar year after the last contact was made.

If you and/or your company is already a customer of HSM, your information will be added to data about your company that we already hold.

• Usage for advertising

We will also use your address to send you documents at your request, as well as information about new products and services as well as promotions at HSM. The legal basis for this use is our legitimate interest in the commercial relationship with you. You can revoke the use of your address at any time e.g. via a contact form.

Support enquiry, complaint

When you make a support enquiry, the product details provided by you and your personal details are stored in our ERP system.

• Transmission of your data to authorised dealers

If your enquiry relates to a complaint, warranty or the like, we will, if necessary, transmit this data together with your personal data to the dealer from whom you purchased the device or to another dealer in your area so that your requirements can be met. If you are a private person, the legal basis for the communication is “fulfilment of contract” [Art. 6 (1) lit. b GDPR], if you are a representative of our business customer the legal basis for communication with our company is “legitimate interest” [Art.6 (1) lit. f GDPR].

• Storage, storage period

If HSM repairs or replaces a device, your data will be stored in our support, accounting and logistics systems up to the expiry of the statutory storage periods and then deleted. If you are a private person, the legal basis for storing information is “fulfilment of contract” [Art. 6 (1) lit. b GDPR], if you are a representative of our business customer the legal basis for communication with our company is “legitimate interest” [Art.6 (1) lit. f GDPR]. Another legal basis is the fulfilment of tax regulations.

Training enquiry

We need your training enquiry details so that we can handle your training enquiry and organise your participation in our training courses. The legal basis for the processing is our legitimate interest in processing your data with regard to the contractual relationship with your company. We will use your details solely for handling your request and organising the training.

Within our company we will pass on your data to those involved in organising the training. If you provide details of your travel and accommodation wishes, we will pass on your name and your arrival date to hotels near us.

We will store your details until the training has been organised. Tax-relevant data for this procedure will be stored up to the end of the statutory storage periods.

eXtraWeb

In order to use our eXtraWeb you need a personal access. You can apply for this via a web form on which we request professional data (name, address, company, e-mail address) in order to be able to check whether you are entitled to receive access as a commercial market participant. If you do not receive access, your data will be deleted from our database.

We process the data from your eXtraWeb access on the legal basis of our legitimate interest [Art.6 (1) lit. f GDPR] to communicate with you as the representative of our customer, as well as the legitimate interest [Art. 6 (1) lit. f GDPR] of the company that you are representing in communication with us.

You can have your account deleted at any time to access eXtraWeb. For this you can reach us via the specified paths in the contact area.

8. Social media, links to websites of other providers

Our website links to so-called social media (Facebook, YouTube, Xing and LinkedIn). The buttons of the links are designed in such a way that a connection of your PC to the respective network is only established when you follow the link by clicking on it. You will be directly connected to the respective server of the selected social media. Data protection in the social media networks is the responsibility of the respective operator.

The “facebook” button provides a link to the facebook page of our company, for which both facebook and we are jointly responsible under data protection regulations. A separate privacy policy has been issued for our facebook company page.

This principle also applies to websites for which we provide links on our portal, but which are operated by other providers. Please inform yourself about the data protection on linked webpages in the data protection declarations of the respective operator.

YouTube videos

The HSM product videos provided on our website constitute a special case, as it is not obvious that they are retrieved from servers of the operator YouTube/Google. These videos are made available on our website in the so-called “enhanced data protection mode”. The preview image of the videos is loaded from the YouTube server directly when our page is called up, which means that a connection to the YouTube server is already established when the preview image is displayed. However, the enhanced privacy mode is designed to ensure that YouTube only starts further data processing operations when you click on the video. The responsibility for these further processing operations under data protection law lies with the operator YouTube/Google; we have no influence on this.

Information on data protection at YouTube can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/.

9. Transparency information for processing personal data by HSM GmbH + Co. KG

Data protection responsibility, enquiries relating to data protection, data protection officer

Responsibility under data protection law
HSM GmbH + Co. KG (further legal information in the imprint) is the controller of data under data privacy law.

Enquiries relating to data protection
We have set up the email address dataprotection@hsm.eu to answer your enquiries relating to data protection.

Alternatively, you can contact our data protection officer directly in the event of any questions relating to data protection.

Data Protection Officer
Our company data protection officer is

Reinhard M. Novak
DSB External Data Protection
Ölegarten 3
79283 Bollschweil
Germany
Tel:+49 7633 9382298
www.dsb-ext.com

Processing your data
Processing our business customer’s data

We process data from natural persons who belong to a company or represent it, with whom we are in a business relationship or with whom we would like to enter into a business relationship. This data includes your name, the name of your company, the address of your company, your business communication data such as e-mail address and telephone and your role in the company. This data is processed on the basis of our legitimate interest [Art. 6 (1) lit. f GDPR] in contacting you as a representative of our customer, as well as the legitimate interest [Art. 6 (1) lit. f GDPR] of the company that you represent in communicating with us. Your conflicting interests can then prevail, for example, if you leave your company.

As a data subject you naturally have privacy rights, e.g. the right to withdraw consent, the right to request information about the personal data that we hold about you, and other rights. Please see the section Your Rights regarding the processing of your personal data.

For promotional purposes we process your company’s data in our CRM. For contractual purposes we process your company’s data in our CRM and in the planning, production, logistics and finance modules of our ERP. In accordance with your role and responsibility in your company, this data may also include the above-mentioned data that relates directly to you. The purpose of processing this data does not however relate to you as a natural person, but rather to your company as our business partner. The data protection law does not apply to purely business data that does not relate to a natural person.

Direct delivery to a business customer, support services

It may be that a retailer gives us your name, you company and your address details so that we, as the manufacturer, can deliver directly to your business address. Likewise, if support is required, it may also be that a retailer gives us your name, your company, your business address, the type of device used by you and other details about it, so that we, via our service department, can take the steps required on-site. We then acquire and process your data regularly on the basis of our legitimate interest [Art. 6 (1) lit. f GDPR], on the one hand for communication with you as the representative of your company, on the other hand to fulfil our contract with the retailer. Another legal basis is the legitimate interest of your company [Art. 6 (1) lit. f GDPR] for communication with us for the purpose of delivery, where applicable by a logistical service provider or for the implementation of support services.

Processing personal data of private persons or end customers

It may of course be that you contact us via a web form or email as a potential customer or end customer. In this case, we will process the data you give us solely for the purpose of handling your enquiry, on the legal basis of a pre-contractual measure [Art. 6 (1) lit. b GDPR]. The data used in this operation will not be permanently stored.

Direct delivery to private persons or end customers

It may be that a retailer gives us your name and your address details so that we, as manufacturer, can deliver directly to your address. We will acquire and process this information solely for the purpose of delivery and in the legitimate interest [Art. 6 (1) lit. f GDPR] for fulfilment of the business agreement with the retailer. So that the goods can be delivered to you, we will pass on your name and address to a logistics service provider. Tax-relevant data for this procedure will be stored up to the end of the stipulated storage periods. We will not process your data in any other way. The legal basis for us to process your data is our legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil our contract with your retailer, as well as his legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil the contract with you.

Support for private person or end customer

If support is required, it may also be that a retailer gives us your name, your address, the type of device used by you and other details about it, so that we, via our service department, can take the steps required on-site. In this case we will process your data in our support systems as well as, if your device needs replacing, in our logistics and accounting systems. So that the replacement device can still be delivered to you in this case, we will pass on your name and address to a logistics service provider. Tax-relevant data for this procedure will be stored up to the end of the stipulated storage periods. We will not process your data in any other way. The legal basis for us to process your data is our legitimate interest [Art. 6 (1) lit. f GDPR] to fulfil our contract with your retailer, as well as his legitimate interest to fulfil the contract with you.

If you yourself contact us in order to request help from our support team, please read the relevant section of this privacy policy.

As data subject you naturally have privacy rights, e.g. the right to request information about the personal data that we hold about you, and other rights.

Marketing opt-out

You have the right to opt out of the use of your data for marketing purposes. To opt out from mailshots or telemarketing, please use a contact form. You can opt out of electronic mail marketing to your e-mail address via the direct contact. In order to unsubscribe, please see the relevant section of this privacy policy.

Your other rights

As a data subject you have the right to receive information from us about data relating to you (Art. 15 GDPR). Pursuant to Art. 16 GDPR you can obtain the rectification and pursuant to Art. 17 GDPR, under certain conditions, the erasure of your data. Pursuant to Art. 18 GDPR you have a right to a restriction of processing, if you demonstrate compelling personal reasons, and pursuant to Art. 21 GDPR you have the right to opt out of the processing of your data in general or in part. For data that you have provided us with, you may request that it be published in an established, machine-readable format. You have the right to withdraw consent that you have given us for the processing of your data at any time with future effect. That means that your withdrawal can only relate to future processing operations and previous processing operations shall therefore continue to comply with data protection regulations.

To assert your rights, please contact dataprotection@hsm.eu or contact us using the contact details provided in the legal notice,
you have the right to contact our internal data protection officer directly.

You have the right to address complaints about our processing of your data to a regulatory authority. The competent authority for us is the Data Protection and Freedom of Information office, postal address: PO Box 102932, 70025 Stuttgart, E-Mail poststelle@lfdi.bwl.de.