data privacy statement
How do we treat your personal data We take the protection of your data very seriously and strictly comply with the applicable rules of data privacy laws. On this website, personal data will only be collected to the extent required from a technical and organizational point of view. Your data will never be shared with any third parties. The following statement gives you an overview on how we ensure the protection of your personal data and which data will be collected for a specific purpose.
We also employ SSL/TLS encryption processes in accordance with the latest technological standards to ensure the security of your data during the transfer process.
Data controller, data protection officer
The data controller within the meaning of the General Data Protection Regulation and other national data privacy laws of the member states as well as other data protection regulations is:
HEMA Schraubenfabrik und Befestigungstechnik GmbH
72355 Schömberg – Schörzingen
Telefon +49 (0) 7427 94 76-0
Telefax +49 (0) 7427 94 76-80
Represented by the managing director: Dipl. Kfm. Erwin Hermann
The data protection officer of the data controller is:
Data subjects may contact our data protection officer directly at any time if they have any questions regarding data privacy.
We principally process personal data only insofar as this is required for providing a functional website as well as our contents and services. The processing of our users’ personal data will only be carried out with the user’s consent, with the exception of cases in which obtaining the prior consent is not possible due to factual reasons and the processing of the data is permitted by legal provisions.
Insofar as we obtain a data subject’s consent for the processing of personal data, Art. 6 (1) (a) of the EU General Data Processing Regulation (GDPR) serves as a legal basis.
In the case of processing personal data which is required for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) serves as a legal basis. The same applies to processing operations which are required for the implementation of pre-contractual measures.
Insofar as the processing of personal data is required for the compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as a legal basis.
In the event that vital interests of the data subject or another individual require the processing of personal data, Art. 6 (1) (d) GDPR serves as a legal basis.
If the processing is required for the protection of a legitimate interest of our company or any third party, and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR serves as a legal basis for the processing.
The data subject’s personal data will be deleted or blocked as soon as the purpose for storage is no longer applicable. Storage can also take place if this has been provided in Union regulations, laws or other rules by European or national legislators to which the data controller is subject. The data will also be blocked or deleted if a storage period prescribed by the above-mentioned rules expires, unless there is a requirement for the further storage of the data with regard to the conclusion or performance of a contract.
Each time our website is accessed, our system collects automated data and information from the computer system of the accessing PC.
On this occasion, the following data will be collected:
- browser type and version
- the operating system used
- the user’s Internet service provider
- the preset resolution and colour depth
- the referrer URL (the previously visited website, if applicable)
- the host name / IP address of the accessing computer
- time and date of the server request
This data will not be stored together with other personal data of the user.
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.
The storage of the IP address in log files occurs to ensure the functionality of the website. Furthermore, the data serves for optimizing the website and for protecting the security of our IT systems. In this context, the data will not be processed for marketing purposes.
Our legitimate interest in the data processing is also based on these purposes pursuant to Art. 6 (1) (f) GDPR.
If IP addresses are stored in log files, this happens after seven days at the latest. A storage beyond that is possible. In this case, the users’ IP addresses will be deleted or encrypted, so that any association with the accessing client is no longer possible.
The data collection for the provision of the website and the storage of the data in log files is absolutely required for the operation of the website. Therefore, the user has not opportunity to opt out.
Our website contains a contact form which can be used to contact us electronically. If a user takes this opportunity, the data entered in the input mask will be transmitted to us and stored. This data includes:
Mandatory fields: Name/Company, Postcode/City, Street/No., E-Mail, Phone
Optional: Drawing number, Dimensions, Quality, Surface, Quantity
Your consent for processing your data will be requested during the transmission process; you will also be referred to this privacy statement.
Alternatively, you can contact us using the email address provided. In this case, the personal data of the user transmitted with the email will be stored. Please note, however, that the confidentiality of emails or other electronic forms of communication cannot be guaranteed on the Internet. Therefore, we recommend you to send any confidential information by post.
We will not share the data collected in that respect with any third parties. The data will be used exclusively for processing the conversation.
The legal basis for data processing with the user’s consent is Art. 6 (1) (a) GDPR.
The legal basis for processing data transmitted by sending an email is Art. 6 (1) (f) GDPR. If the email contact is targeted at the conclusion of a contract, another legal basis for the processing is Art. 6 (1) (b) GDPR.
The processing of personal data from the input mask exclusively serves for the handling of the establishment of contact. If this is done by email, this also represents the required legitimate interest in the processing of the data.
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. Regarding the personal data from the input mask of the contact form and the data transmitted by email, this is the case when the relevant conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the relevant situation has been conclusively clarified.
The user has the possibility to withdraw his consent regarding the processing of personal data at any time. If the user contacts us by email, he may object to the storage of his personal data at any time. In this case, the conversation may not be continued.
The user has also the possibility to object to the storage of his personal data by post.
All personal data which has been stored during the establishment of contact will be deleted in these cases.
§ Google reCaptcha
The reCAPTCHA service of Google Inc. (Google) is used for the protection of your orders via an Internet form. The query serves for distinguishing if the entry was made by a human or occurred improperly by automated machine processing. The query includes sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service. For this purpose, your entry will be transmitted to and further used by Google. By using reCaptcha you agree that the identification performed by you will be incorporated in the digitisation of old works. In the case of the IP anonymization activated on this website, your IP address will be previously abbreviated by Google within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to assess your use of the website. The IP address transmitted from your browser within reCaptcha will not be amalgamated with other data from Google. Such data is subject to the deviating data protection regulations of Google. For further information regarding the data protection regulations of Google please see:
· Website analysis with Google Analytics
This website uses Google Analytics, a web analysis service of Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). The use includes the Universal Analytics mode. This makes it possible to allocate data, sessions and interactions across several devices to a pseudonym user ID, thus analysing the activities of a user across multiple devices.
Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable an analysis of your use of the website. The information about your use of this website generated by the cookie is usually transmitted to a Google server in the USA and is stored there.
In the case of the IP anonymization activated on this website, your IP address will be previously abbreviated by Google within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. The IP address transmitted from your browser within Google Analytics will not be amalgamated with other data from Google. On behalf of the operator of this website, Google will use this information to assess your use of the website, to compile reports regarding the website activities and to perform other services connected to the website and Internet use for the website operator. These purposes also represent our legitimate interest in the data processing.
The legal basis for the use of Google Analytics is § 15 (3) TMG (German Telemedia Act) or, respectively, Art. 6 (1) (f) GDPR. The data sent by us and linked to cookies, username (e. g. user ID) or marketing IDs will be automatically deleted after 14 months. The deletion of data whose storage period has expired occurs automatically once a month.
You may prevent the storage of cookies by selecting the appropriate settings of your browser software; please note, however, that if you do so, you may not be able to make full use of all features of this website. Furthermore, you may prevent the collection of the data (including your IP address) generated by the cookie that is related to your use of the website by Google, as well as the processing of this data by Google, by downloading and installing the “Google Analytics opt-out browser add-on“ (https://tools.google.com/dlpage/gaoptout?hl=de) provided by Google.
Rights of the data subject
You may request a confirmation from the data controller as to if personal data relating to you is processed by us.
If such a processing occurs, you may request information from the data controller regarding the following data:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or, respectively, the categories of recipients, to whom the personal data relating to you have been disclosed or will be disclosed;
(4) the planned storage period of the personal data relating to you, or, if concrete specifications cannot be given, the criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of the personal data relating to you, a right to restriction of processing by the data controller or a right to object against this processing;
(6) the existence of a right of complaint to a supervisory authority;
(7) all available information regarding the origin of the data, if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling pursuant to Art. 22 (1 ) and 4 GDPR and – at least in these cases – meaningful information regarding the logic involved as well as the scope and the intended effects of such a processing on the data subject.
You have the right to request information on if the personal data relating to you is being transmitted to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
· Right to rectification
You have the right to rectification and/or completion towards the data controller if the processed personal data relating to you is incorrect or incomplete. The data controller shall carry out the rectification immediately.
· Right to restriction of processing
You may request the restriction of processing the personal data relating to you under the following conditions:
(1) if you contest the correctness of the personal data relating to you during a period of time that enables the data controller to review the correctness of the personal data;
(2) if the processing is unlawful and you refuse the deletion of the personal data and request the restriction of use of the personal data instead;
(3) if the data controller does no longer require the personal data for the purpose of processing, but you need them for the assertion, exercise or defence of legal claims; or
(4) if you have objected against the processing pursuant to Art. 21 (1) GDPR and it is uncertain if the legitimate reasons of the data controller override your reasons.
If the processing of the personal data relating to you has been restricted, this data may only be processed (except for its storage) with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the European Union or a member state.
If the restriction of processing has been carried out according to the above-mentioned conditions, you will be informed by the data controller before the restriction is removed.
· Right to deletion
You may request from the data controller that the personal data relating to you is immediately deleted, and the data controller is obligated to immediately delete such data, if one of the following reasons applies:
(1) The personal data relating to you is no longer required for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent, on which the processing pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR was based, and there is no other legal basis for the processing.
(3) You object pursuant to Art. 21 (1) GDPR to the processing, and there are no primary legitimate reasons for the processing, or you object pursuant to Art. 21 (2) GDPR to the processing.
(4) The personal data relating to you has been unlawfully processed.
(5) The deletion of the personal data relating to you is required for a legal obligation pursuant to Union law or the law of the member states, to which the data controller is subject.
(6) The personal data relating to you has been collected with regard to offered services of the information society pursuant to Art. 8 (1) GDPR.
§ Information to third parties
If the data controller has disclosed the personal data relating to you and if he is obligated to delete them pursuant to Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the technology available and the cost of implementation, to inform data controllers responsible for the data processing who process the personal data about the fact that you as the data subject requested from them the deletion of all links to this personal data or of copies or replications of this personal data.
The right to deletion shall not apply, if the processing is required
(1) to exercise the right to freedom of speech and information;
(2) to fulfil a legal obligation which requires the processing pursuant to Union law or the law of the member states, to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 (h) and (i) as well as Art. 9 (3) GDPR;
(4) for archiving purposes, scientific or historical research purposes or for statistical purposes in the public interest pursuant to Art. 89 (1) GDPR, insofar as the right mentioned under para. a) probably renders the realization of the purposes of this processing impossible or affects them seriously, or
(5) for the assertion, exercise or defence of legal claims.
If you have exercised the rights to rectification, deletion or restriction of processing against the data controller, the data controller is obligated to inform all recipients, to whom the personal data relating to you has been disclosed, about this rectification, deletion of the data or restriction of processing, unless this proves to be impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the data controller.
· Right to data portability
You have the right to receive the personal data relating to you, which you provided to the data controller, in a structured, common and machine-readable format. You have also the right to transmit this data to another data controller without any hindrance by the data controller to whom the personal data has been provided, as far as
(1) the processing is based on a consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
(2) the processing takes place by means of automated processes.
When exercising this right, you also have the right to effect that the personal data relating to you is transmitted directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected thereby.
The right to data portability does not apply to the processing of personal data which is required for the performance of a task in the public interest or in the exercise of official authority vested in the data controller.
You have the right to object to the processing of personal data relating to you pursuant to Art. 6 (1) (e) or (f) GDPR at any time for reasons resulting from your specific situation; this also applies to any profiling based on these provisions.
The data controller may no longer process the personal data relating to you, unless he is able to prove compelling legitimate reasons for the processing that override your interests, rights and freedoms, or the processing serves for the assertion, exercise or defence of legal claims.
If the personal data relating to you is processed to undertake direct marketing you have the right to object to the processing of the personal data relating to you for the purpose of such direct marketing at any time; this also applies to profiling, insofar as this is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
You have the possibility to exercise your right to object in connection with the use of information society services – regardless of directive 2002/58/EC – by means of automated processes which use technical specifications.
· Right to withdrawal of the declaration of consent
You have the right to withdraw your data protection declaration of consent at any time. Withdrawing the consent will not affect the lawfulness of the processing that has taken place until the withdrawal due to the consent.
You have the right not to be subjected to a decision based exclusively on automated processing – including profiling -, which has legal effects on you or significantly affects you in a similar way. This will not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the data controller,
(2) is permitted pursuant to legal provisions of the Union or of the member states, to which the data controller is subject, and these legal provisions contain appropriate measures for the protection of your rights and freedoms as well as your legitimate interests or
(3) is taken with your explicit consent.
However, such decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures for the protection of the rights and freedoms as well as your legitimate interests have been taken.
With regard to the cases mentioned under (1) and (3), the data controller takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, to which pertain at least the data controller’s right to obtain the intervention of a person, to express the own point of view and to contest the decision.
· Right to complaint to a supervisory authority
Notwithstanding any other administrative or legal remedy, you have the right to complaint to a supervisory authority, in particular in the member state of your residence, your workplace or the place of the alleged violation, if you are of the opinion that the processing of the personal data relating to you violates the GDPR.
The supervisory authority with which the complaint was filed will inform the complainant about the status and the results of the complaint including the possibility of a legal remedy pursuant to Art. 78 DSGVO.
Updating of data protection information
This data protection information will be regularly adapted to the current functions, technologies and applicable law. This will occur at irregular intervals. The data privacy statement provided on the website at any one time shall be applicable.