1. General
At Harro Höfliger Verpackungsmaschinen GmbH, we take the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in compliance with the relevant applicable legal data protection requirements for the purposes listed below. Personal data within the meaning of this Privacy Notice is any information relating to you.
In the following, you will learn how we handle this data. For reasons of clarity, we have divided our Privacy Notice into different sections.
2. Data controller and contact details for the data protection officer
The controller responsible for processing your personal data is:
Harro Höfliger Verpackungsmaschinen GmbH
Helmholtzstr. 4
71573 Allmersbach im Tal
Germany
If you have any questions on data protection or would like to make a comment (for instance, regarding accessing or updating your personal data), you may also contact our data protection officer.
Deutsche Datenschutzkanzlei
Stefan Fischerkeller
Richard-Wagner-Str. 2
88094 Oberteuringen
Tel.: 07544 904 96 91
E-Mail: fischerkeller(at)ddsk.de
3. Source of data collection
We process personal data collected directly from you.
Where required for the provision of our services, we will process personal data legitimately obtained from other organizations or other third parties (such as credit bureaus, mailing list brokers). We also process personal data which we have legitimately taken, received, or acquired from publicly accessible sources (such as telephone directories, commercial registers, registers of association, population registers, debtors lists, real estate registers, the press, the Internet, and other media) and which we are allowed to process.
4. Purposes with a legal basis
We process personal data in compliance with the provisions of the General Data Protection Regulation
(GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and other applicable data protection regulations (see details below). The answer to the questions of what specific data is processed and how it is used will largely depend on the services requested or agreed. Please consult the relevant contract documents, forms, a declaration of consent, and/or any other information provided to you (e.g., when you use our website or in our general terms and conditions) for further details or additional information on the purposes of data processing.
Purposes relating to the performance of a contract or to steps taken prior to entering into a contract (Article 6 (1) (b) GDPR)
Personal data is processed in order to perform our contracts with you and execute your orders, or to take steps and actions in the context of pre-contractual relationships, e.g., with prospective clients. This primarily includes the following: contract related communication with you, relevant billing and associated payment transactions, the ability to provide evidence of orders and other agreements, and quality control through the relevant documentation, goodwill procedures, measures to manage and optimize business processes and to comply with our general duties of care, management and control through affiliated companies; statistical analyses of corporate management, cost recording and controlling, reporting, internal and external
communication, emergency management, billing and tax evaluation of operational services, risk management, assertion of legal claims and defense in case of legal disputes; ensuring IT security (including system or plausibility tests) and general security, ensuring compliance with and exercising house rules (e.g., through access controls); safeguarding the integrity, authenticity, and availability of data, preventing and solving criminal offenses, and control through supervisory boards and other control bodies (e.g., internal auditing).
Purposes in the context of our legitimate interests or those of third parties (Article 6 (1) (f) GDPR)
We may process your data for other purposes than those relating to the actual performance of the contract or to steps taken prior to entering into a contract if such processing is necessary in order to safeguard our legitimate interests or those of third parties, in particular for the purposes of
Purposes for which you have given your consent (Article 6 (1) (a) GDPR)
Your personal data may also be processed where you have given your consent to the processing for specific purposes (e.g., using your email address for marketing). You are generally entitled to withdraw your consent at any time. This also applies to the withdrawal of declarations of consent that you made to us before the application of the GDPR, i.e., before May 25, 2018. Information on the purposes of the processing and on the consequences of withdrawing or refusing your consent is provided separately in the relevant text of the consent form. A general rule is that the withdrawal of consent applies only to the future. Processing that took place before the withdrawal will not be affected and will remain lawful.
Purposes of compliance with legal requirements (Article 6 (1) (c) GDPR) or performance of a task carried out in the public interest (Article 6 (1) (e) GDPR)
As any person or entity involved in economic activities, we, too, are subject to a range of legal obligations. These are primarily legal requirements (e.g., commercial and fiscal laws), but may also be of a supervisory or other official nature. The purposes of data processing may also include the fulfillment of inspection and notification obligations and the archiving of data for data protection and data security purposes, as well as audits carried out by fiscal and other authorities. In addition, the disclosure of personal data may become necessary in the context of measures taken by authorities or courts in order to gather evidence or enforce civil law claims or for criminal prosecution.
Scope of your duties to provide data to us
You only have to provide us with data that is required to enter into and implement a business relationship with us or to establish a pre-contractual relationship with us or data that we are required by law to collect. Without this data, we will usually not be able to sign or perform a contract with you. This may also refer to data required later on in the course of the business relationship. If we are asking you for any data beyond this scope, we will indicate this to be information provided on a voluntary basis.
5. Source and categories of data not collected directly from you
Where required for the provision of our services, we will process personal data legitimately obtained from other organizations or other third parties. We also process personal data which we have legitimately taken, received, or acquired from publicly accessible sources (such as telephone directories, commercial registers, registers of association, population registers, debtors lists, real estate registers, the press, the Internet, and other media) and which we are allowed to process. Relevant personal data categories may be the following:
6. Recipients or categories of recipients of your data
Within our company, only those internal offices or organizational units will receive your data which require such data to enable us to comply with our contractual and legal duties or which require such data in order to deal with and implement our legitimate interest.
Your data will be transferred to external bodies only
We will not transfer your data to any third parties other than in the cases set out above. If we contract service providers to process data on our behalf, your data will be subject to the same security standards as if it was processed by us. In all other cases, the recipients of the data may not use it for any other purposes than those for which the data was transferred to them.
7. Period for which your data is stored
We process and store your data for the duration of our business relationship with you. That includes the period during which steps are taken to enter into a contract (pre-contractual legal relationship) as well as the execution of a contract.
Moreover, we are subject to various duties of retention and documentation, some of which arise from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The periods of retention or documentation specified thereunder are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
There may also be special legal provisions that require us to store the data for longer, such as the need to retain evidence within the scope of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), the standard limitation period is three years; however, limitation periods of up to 30 years may be applicable in some cases.
If the data is no longer needed for the purposes of fulfilling contractual or legal obligations and rights, it will be erased on a regular basis unless the processing has to be continued – for a limited period – for the purposes arising from an overriding legitimate interest. Such an overriding legitimate interest exists also, for instance, where erasing the data is impossible or would involve a disproportionate effort and where appropriate technical and organizational measures ensure that the data cannot be processed for other purposes.
8. Your rights
Under certain circumstances, you may exercise your data protection rights against us.
Special notice regarding your right to object under Article 21 GDPR
You have the right to object to the processing of your data at any time, where it is carried out on the basis of Article 6 (1) (f) GDPR (data processing on the basis of a balancing of interests) or Article 6 (1) (e) GDPR (data processing in the public interest), if you have reasons to do so that arise from your particular situation.
This applies also to profiling as defined in Article 4 (4) GDPR based on this provision. If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing is carried out for the establishment, exercise or defense of legal claims.
We may also process your personal data for the purposes of direct marketing. If you do not wish your personal data to be used for marketing, you have the right to object to it at any time; this applies also to profiling to the extent that it is related to such direct marketing. We will respect such objection in the future. We will no longer use your data for direct marketing purposes if you object to the processing for such purposes.
There are no particular requirements as to the format of the objection, but it should be addressed, if possible, to
Harro Höfliger Verpackungsmaschinen GmbH, Helmholtzstr. 4, 71573 Allmersbach im Tal, Germany
datenschutz@hoefliger.de
Do you have questions for us? Get in touch!