Thank you for your interest in Hamberger Sanitary GmbH. The protection of your privacy is very important to us. In what follows, we set out in detail how we handle your data.
1. CONTROLLER AND CONTACT DETAILS
Hamberger Sanitary GmbH is the Controller and responsible for the processing of data. The data provided by the customer is processed in accordance with the General Data Protection Regulation (hereinafter referred to as the GDPR).
The contact details of the Controller are as follows:
Hamberger Sanitary GmbH, represented by the managing directors Dr. Peter M. Hamberger, Dipl.-Ing. (FH) Ralf Schwaighofer, Dipl. Wirtsch.-Ing. (FH) Michael Huck, Tyärk Dieckmann, MBA
Ph.: +49 8031 700-250
Fax: +49 8031 700-660
2. ACCESS DATA AND HOSTING
Each time you access our website, the web server automatically saves a so-called server log file, which contains the name of the requested file, your IP address, date and time of access, transferred data volume and the requesting provider (access data) and documents the access. These data are evaluated solely to improve our offering and to ensure that this website runs as smoothly as possible. The data cannot be traced back to you personally.
In accordance with Article 6 Paragraph 1 Sentence 1 Point (f) of the GDPR, this enables us to safeguard our justified interest in ensuring that our content is displayed properly – an interest which prevails when the interests of all parties are taken into account. All access data will be deleted at the latest seven days after your visit to the website ends.
Hosting services from a third-party provider
A third party provider, which we have commissioned for processing, provides us with hosting and display services for our website. This enables us to safeguard our justified interest in ensuring that our offering is displayed properly – an interest which prevails when the interests of all parties are taken into account. All data collected during your use of this website or in the contact form provided for this purpose, as described below, are processed on the third party’s servers. Data shall be processed on other servers only to the extent described here.
This service provider shall be based in Germany or within a country which is part of the European Union or the European Economic Area.
3. DATA COLLECTION, STORAGE AND USE FOR THE PROCESSING OF CONTRACTS
We collect personal data if you provide them voluntarily when contacting us or placing an order. Mandatory fields are mandatory because we require the data for the processing of contracts or your query, and without these data, we will not be able to process your order or respond when you contact us. The relevant entry forms indicate what data are collected. We use the data that you provide for processing contracts and your queries in accordance with Article 6 Paragraph 1 Sentence 1 Point (b) of the GDPR. Once we have finished processing the contract, access to your data for further processing will be restricted and your data will be deleted as soon as the retention periods required under fiscal and other laws expire, unless you have explicitly consented to further use of your data or we reserve the right to make further use of your data in a manner which is permitted by law as set out in this Data Protection Statement.
4. COOKIES AND WEB ANALYSIS
Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Opera™ : https://help.opera.com/en/latest/web-preferences/#cookies
If you do not accept cookies, the functionality of our website may be limited.
Use of Google (Universal) Analytics for web analyse
If you have given your consent in accordance with Article 6 Paragraph 1 Sentence 1 Point (a) of the GDPR, this website will use Google (Universal) Analytics, a web analysis service provided by Google LLC (www.google.de), for website analysis purposes. Google (Universal) Analytics uses methods, such as cookies, which allow your use of the website to be analysed. The automatically collected information regarding your use of this website will generally be transferred to and stored by Google on a server in the USA. Through the enabling of IP anonymisation on this website, the IP address is abbreviated within the member states of the European Union or in other European Economic Area member states before data are transferred. The full IP address is only transmitted to a Google server in the U.S. and abbreviated there in exceptional cases. The anonymised IP address provided by your browser for the purpose of Google Analytics shall not be merged with other data held by Google. If we stop using Google Analytics and there is no longer any reason to retain data, the data collected for this purpose shall be deleted.
Google LLC has its headquarters in the USA and is certified under the EU-US Privacy Shield. An up-to-date certificate can be found here. Because of this agreement between the USA and the European Commission, the latter has defined an appropriate data protection level for companies certified under the Privacy Shield.
You can revoke your consent for the future at any time by downloading and installing the browser plug-in which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. Doing this will prevent the data generated by the cookie regarding your use of the website (including your IP address) being collected and processed by Google.
5. YOUTUBE VIDEO PLUG-INS
Content from third-party providers is incorporated into this website. This content is provided by Google LLC (“provider”).
YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
For YouTube videos which are incorporated into our website, the advanced data protection setting is enabled. This means that YouTube will not collect and store information from website visitors unless they play back the video. In accordance with Article 6 Paragraph 1 Sentence 1 Point (f) of the GDPR, videos are incorporated into the website to enable us to safeguard our justified interest in ensuring that our offering is marketed in the optimum manner – an interest which prevails when the interests of all parties are taken into account.
Information regarding the purpose and scope of data collection, the further processing and use of data by the provider as well as your rights and the settings available to protect your privacy can be found in Google’s data protection statements http://www.google.com/intl/de/+/policy/+1button.html.
In order to prevent Google Analytics tracking cookies being placed, you may refuse the storage of cookies by selecting the appropriate settings in your browser software. Please note however that if you do this you may not be able to use the full functionality of this website.
You can also prevent Google from collecting and processing the data generated by the cookie regarding your use of this website (including your IP address) by downloading and installing the browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB
As an alternative to the browser plug-in, you can click on this link to prevent Google Analytics collecting data via this website in the future. An opt-out cookie will then be placed on your end device. If you delete your cookies, you will have to click on the link again.
6. FRIENDLY CAPTCHA (BOT/SPAM PROTECTION)
We use the "Friendly Captcha" service on our website (www.friendlycaptcha.com).
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called "bots") to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to Friendly Captcha's servers in order to receive a computational task from Friendly Captcha. The visitor's end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them.
The data is used exclusively for the protection against spam and bots as described above.
Friendly Captcha does not set or read cookies on the visitor's end device.
IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
If personal data is collected, it will be deleted after 30 days at the latest.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
7. CONTACT INFORMATION AND YOUR RIGHTS
As the Data Subject, you have the following rights:
in accordance with Article 15 of the GDPR, the right to request information about your personal data processed by us to the extent specified therein;
in accordance with Article 16 of the GDPR, the right to request the immediate correction of incorrect personal data or the completion of incomplete personal data stored by us;
in accordance with Article 17 of the GDPR, the right to request the erasure of your personal data stored by us unless further processing is necessary
- to exercise your rights as regards freedom of expression and information;
- to fulfil a legal obligation;
- for reasons of the public interest or
- to assert, exercise or defend legal claims;
in accordance with
Article 18 of the GDPR, the right to restrict the processing of your personal data where
- you dispute the accuracy of the data;
- the processing is not lawful but you decline to have the data erased;
- we no longer require the data but you require the data in order to assert, exercise or defend legal claims or
- you have objected to the processing of data in accordance with Article 21 of the GDPR;
in accordance with Article 20 of the GDPR, the right to obtain your personal data which you provide to us in a structured, standard and machine-readable format or to request that the data be transferred to another Controller;
in accordance with Article 77 of the GDPR, the right to lodge a complaint with a supervisory authority. Generally speaking, you can contact the supervisory authority at your usual place of residence, your workplace, or our company headquarters.
8. RETENTION PERIOD
Upon completion of the contract, including payment of the agreed amount in full, any customer data which must be retained for legal reasons will be blocked. These data will no longer be available for further use. These blocked data shall be deleted as soon as the legal requirement no longer applies.
In the event that the customer uses the contact form, the personal data will be used for as long as the query is being processed. Any data which must be retained for legal reasons will then be blocked. These data will no longer be available for further use. These blocked data shall be deleted as soon as the legal requirement no longer applies.
The Controller is subject to various legal retention and documentation requirements, especially those set out in the German Fiscal Code (AO). The retention and documentation periods stipulated therein are anywhere between two and ten years. Retention periods are also governed by the legal limitation periods. These are generally three years, especially in accordance with the German Civil Code (BGB), but in certain cases can be up to thirty years.
Apart from that, the personal data will be deleted unless the customer has explicitly consented to further processing and use of their data.
CONTACT PERSON FOR DATA PROTECTION
If you have any questions regarding the collection, processing or use of your personal data, if you require information about these data or wish to have them corrected, blocked or deleted, or if you wish to revoke any consent given, please contact our Data Protection Officer:
Dipl.-Inf.(FH) Tim Prinz, Prinz Service & Entwicklung GmbH
Liebigstr. 9, 91126 Schwabach; E-mail: firstname.lastname@example.org
RIGHT TO OBJECT
If we process personal data as described above to safeguard our justified interest – an interest which prevails when the interests of all parties are taken into account – you can object to this processing with effect for the future. If data are processed for direct marketing purposes, you can exercise this right as described above at any time. If data are processed for other purposes, you may object only if there are reasons for doing so resulting from your particular situation.
If you exercise your right to object, we shall no longer process your personal data for these purposes unless we can demonstrate compelling, legitimate grounds for such processing which outweigh your interests, rights and freedoms or if such processing is necessary to assert, exercise or defend legal claims.
This shall not apply if data are processed for direct marketing purposes. In this case, we shall not process your personal data further for this purpose.
Rohrdorf, the 24/05/2018