Data Protection Declaration

We are pleased by your visit to our Internet site www.hase.de and your interest in our company. The protection of your personal data is an important concern to us. Personal data are considered to be information about personal or factual circumstances of a designated or designatable natural person.

This shall include, among others, the actual name, the address, the telephone number and the birthdate, but also all other data which can refer to a designatable person. Because personal data enjoy special legal protection, we shall collect them only in the scope which is required for the supplying of our Internet site and the rendering of our services. In the following, we describe which personal information we collect during your visit to our Internet site and how we use them.
Our data protection practices are implemented in accordance with the statutory directives–particularly those of the Bundesdatenschutzgesetz [German Data Protection Act] (BDSG), the Telemediengesetz [German Telemedia Act] (TMG) and the EU General Data Protection Regulation (GDPR). We shall collect, process and store your personal data exclusively insofar as this is required for the functional supplying of this Internet site as well as of our content and the rendering of our services as well as for the processing of inquiries and, where applicable, for the implementation of orders / contractual agreements–however, this shall be respectively done only if a justified interest exists in accordance with Art. 6 Para. 1 Clause 1 lit. f GDPR or any other permission in this regard has been obtained. Only if you have specially issued your consent in advance shall your data also be used for more extensive purposes which have been precisely specified in the approval, e.g. for the sending of advertising information via a newsletter.


1. Responsible Party in accordance with Art. 4 Para. 7 GDPR

The responsible party in accordance with the GDPR and other national data protection laws of the member countries as well as other provisions under data protection law shall be:

HASE Kaminofenbau GmbH
Niederkircher Straße 14
54294 Trier

Email: info@hase.de
Tel.: +49 (0) 651 82 69-0
Fax: +49 (0) 651 82 69-118


2. Name and Address of the Data Protection Officer

Data Protection Auditor: Sandra Dury
DURY Compliance & Consulting GmbH
Obertorstraße 1, 66111 Saarbrücken
E-mail: office@datenschutz-compliance.de


3. Supplying of the Website and Creation of Log Files

During each accessing of our Internet site, our system shall automatically collect data and information about the computer system of the accessing computer. In this regard, the following data shall be collected:

Scope of the Processing of the Data

(1) Information regarding the browser model and the version used
(2) The operating system of the accessing device
(3) The IP address of the accessing device
(4) Date and time of day of the access
(5) Websites and resources (photos, files, additional webpage contents) which have been accessed on our Internet site
(6) Websites from which the user’s system reaches our Internet site (referrer tracking)

These data shall be stored in our system’s log files. The storage of these data together with the personal data of a concrete user shall not be undertaken so that an identification of individual website visitors is not undertaken.

  • Legal Basis for the Processing of Personal Data

    Art. 6 Para. 1 lit. f GDPR (entitled interest). Our entitled interest exists in ensuring the attainment of the purpose depicted below.

  • Purpose of the Data Processing

    The logging shall be undertaken in order to preserve the compatibility of our Internet site for as many visitors as possible and in order to prevent misuse and eliminate disruptions. In this regard, it is necessary to log the technical data of the retrieving computer in order to respond as early as possible to display errors, attacks made against our IT systems and/or defects in the functionality of our Internet site. In addition, the data enables us to optimise the website and for the general safeguarding of the security of our information technology systems.

  • Duration of the Storage

    The deletion of the aforementioned technical data shall be undertaken as soon as they are no longer needed in order to ensure the compatibility of the Internet site for all visitors, but nonetheless by no later than three months after the accessing of our Internet site.

  • Rights of Objection and Deletion

    The options of lodging an objection and requesting deletion shall be based upon the following general provisions regarding the right of objection and right of deletion under data protection law which are depicted in this Data Protection Declaration.


4. Special Functions of Our Internet Site

Our Internet site offers you various functions, during the usage of which your personal data shall be collected, processed and stored by us. In the following, we explain what happens with your data:

  • Contact Form(s):
     
    • Scope of the Processing of Personal Data

      The data inputted by you on our contact forms.

    • Legal Basis for the Processing of Personal Data

      Art. 6 Para. 1 lit. a GDPR (tacit approval)

    • Purpose of the Data Processing

      We shall use the data collected via our contact form and/or via our contact forms only for the processing of the concrete contact inquiry which is received via the contact form.

    • Duration of the Storage

      After processing your inquiry, the collected data shall be promptly deleted insofar as no statutory retention timeframes oppose this.

    • Rights of Objection and Deletion

      The options of lodging an objection and requesting deletion shall be based upon the following general provisions regarding the right of objection and right of deletion under data protection law which are depicted in this Data Protection Declaration.

  • Catalogue Order Form:
     
    • Scope of the Processing of Personal Data

      The data that you enter in the form’s fields.

    • Legal Basis for the Processing of Personal Data

      Art. 6 Para. 1 lit. b GDPR (implementation of pre-contractual measures).

    • Purpose of the Data Processing

      The purpose of the data processing shall encompass the processing of your catalogue order and, insofar as consent has been obtained in this regard, the related forwarding of your contact data to the locally-competent HASE partner for the purpose of the downstream contacting via letter post and, insofar as they have been provided, e-mail and telephone.

    • Duration of the Storage

      The data shall be deleted by us as soon as they are no longer needed for the processing of the catalogue order and insofar as no statutory retention obligations oppose this deletion.

    • Rights of Objection and Deletion

      The rights of objection and deletion shall be based upon the following general provisions for rights of objection and deletion under data protection law which are depicted in this Data Protection Declaration.


5. Statistical Analysis of the Visits to This Internet Site – Web Trackers

During the accessing of this Internet site or individual files of the Internet site, we shall collect, process and store the following data: IP address, website from which the file was retrieved, name of the file, date and time of day of the retrieval, transferred data quantity and recording the success of the retrieval (so-called web log). We shall use these access data exclusively in non-personalised form for the on-going improvement of our Internet site and for statistical purposes. In addition, in order to analyse the visits for this Internet site, we shall use the following web trackers:

Google Tag Manager

  • Scope of the Processing of Personal Data

    On our website, we use the service from the Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (hereafter, “Google Tag Manager”). Google Tag Manager offers a technical platform for being able to run other web services and web-tracking programmes and control them in a bundled manner via so-called “tags”. In this context, Google Tag Manager stores cookies on your computer and analyses–insofar as web-tracking tools have been run via Google Tag Manager–your surfing behaviour (so-called “tracking”). These data that are sent by individual tags integrated into Google Tag Manager are compiled, stored and processed by Google Tag Manager under one uniform user interface. All integrated “tags” shall be once again separately indicated in this Data Protection Declaration. You can find detailed information regarding the data protection for the tools that have been integrated into Google Tag Manager in the respective section of this Data Protection Declaration. During the usage of our website with the activated integration of tags from Google Tag Manager, data–such as particularly your IP address and your user activities–shall be transmitted to servers of the Google LLC Company and processed and stored outside of the European Union, e.g. in the USA.
    The EU Commission has determined that an appropriate data protection level can exist in the USA if the data processing company subjects itself to the US-EU Privacy Shield Convention and the data export has been reliably designed in this manner to the USA. This is indeed the case with Google LLC. With regards to the web services integrated via Google Tag Manager, the provisions in the respective section of this Data Protection Declaration shall be valid. If tracking tools are used in Google Tag Manager, they shall ensure, through an IP anonymisation of the source code, that the IP address is anonymised by Google Tag Manager before transmission is made. In this regard, Google Tag Manager shall enable only the anonymised collection of IP addresses (so-called IP masking).

  • Legal Basis for the Processing of Personal Data

    Art. 6 Para. 1 lit. a GDPR (Consent), either during the registration on Google (opening of a Google account and acceptance of the Data Protection Guidelines implemented therein) or, if you have not registered on Google, upon the basis of a rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. The rightful interest shall lie in the guaranteeing of the flawless functioning and administrability of our Internet site. Insofar as tracking functions are also used via Google Tag Manager, the rightful interest shall lie in the enabling of the usage of the updated online marketing functions and the evaluation of the usage streams on our Internet site.

  • Purpose of the Data Processing

    By our mandate, Google shall use the information acquired via Google Tag Manager in order to evaluate your visit to this Internet site, to compile reports regarding the website activities and to render additional services associated with the usage of the website and the Internet to us.

  • Duration of the Storage

    Google shall store the data that are relevant for the function of Google Tag Manager as long as it is necessary in order to fulfil the booked web service. The data collection and storage shall be done in anonymised fashion. However, insofar as personal correlations should be created, the data shall be promptly deleted insofar as no statutory retention obligations oppose this. In any case, the deletion shall be undertaken after the retention obligation lapses.

  • Right of Objection and Right of Deletion

    You can prevent the collection and dissemination of the personal data to Google (particularly your IP address) as well as the processing of these data by Google by deactivating the implementation of the script code in your browser, installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com) or activating your browser’s “do not track” setting. Moreover, you can prevent the collection of the data (including your IP address) that are generated by the Google cookie and make reference to your usage of the website from being transmitted to Google as well as the processing of these data by Google by downloading and installing the browser plug-in that is available by clicking on the following link (http://tools.google.com/dlpage/gaoptout?hl=en). You can find Google Analytics’ Security and Data Protection Guidelines at http://www.google.com/intl/en/analytics/learn/privacy.html.

Google-Analytics

  • Scope of the Processing of Personal Data

    On our website, we use the web-tracking service from the Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (hereafter, “Google Analytics”). During the web-tracking, Google Analytics uses cookies which are stored on your computer and enables an analysis of the usage of our website and your surfing behaviour (so-called tracking). We shall implement this analysis upon the basis of the tracking service from Google Analytics in order to constantly optimise our Internet site and improve its availability. During your usage of our website, data–e.g. particularly your IP address and your user activities–are transmitted to servers of the Google LLC Company and processed and stored outside of the European Union, e.g. in the USA.
    The EU Commission has determined that an appropriate data protection level can exist in the USA if the data processing company subjects itself to the US-EU Privacy Shield Convention and the data export to the USA in this manner has been reliably designed. Through the activation of IP anonymisation within the Google Analytics tracking code for this Internet site, your IP address shall be anonymised by Google Analytics before its transmission. This website uses a Google Analytics tracking code which has been expanded by the operator gat._anonymizeIp(); in order to enable only an anonymised collection of IP addresses (so-called IP masking).

  • Legal Basis for the Processing of Personal Data

    Art. 6 Para. 1 lit. a GDPR (Consent), either during the registration on Google (opening of a Google Account and acceptance of the Data Protection Guidelines implemented therein) or, if you have not registered on Google, upon the basis of a rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. The rightful interest shall lie in the enabling of the usage of the updated online marketing functions and the evaluation of the usage streams on our Internet site.

  • Purpose of the Data Processing

    In accordance with our mandate, Google shall use this information in order to analyse your visit to this Internet site, compile reports regarding the website activities and in order to render additional services associated with the usage of the website and the Internet for us. The IP address transmitted during the Google Analytics by your browser shall not be commingled with other data by Google LLC.

  • Duration of the Storage

    Google shall store the data relevant for the providing of the web-tracking as long as it is necessary in order to fulfil the web service that has been booked. The data collection and data storage shall be done in anonymised fashion. Insofar as a personal reference should nonetheless exist, the data shall be promptly deleted insofar as they are not subject to statutory retention obligations. In all cases, the deletion shall be undertaken after the lapsing of the retention obligation.

  • Rights of Objection and Deletion

    You can prevent the collection and dissemination of the personal data to Google (particularly of your IP address) as well as the processing of these data by Google by deactivating the execution of the script code in your browser, installing a script blocker in your browser (you can find this, for example, on www.noscript.net or www.ghostery.com ) or activating the “Do Not Track” settings of your browser. Moreover, you can prevent the collection of the data (including of your IP address) generated by the Google cookie and which makes reference to your usage of the website from being sent to Google as well as the processing of these data by Google by downloading and installing the browser plug-in which is available by clicking on the following link http://tools.google.com/dlpage/gaoptout?hl=en . You can find the fundamental security and data protection principles of Google-Analytics at http://www.google.com/intl/en/analytics/learn/privacy.html


6. Integration of External Web Services and Processing Data Outside of the EU

On our Internet site, we use active Java Script contents from external providers, so-called web services. By accessing our Internet site, where applicable, these external providers receive personal information regarding your visit to our Internet site. In this regard. In this regard, as required, it is possible to process data outside of the EU. You can prevent this by installing a Java script blocker such as, for example, the 'NoScript' browser plug-in ( www.noscript.net ) or deactivating the Java script in your browser. By so doing, however, this may result in functional restrictions on the Internet sites which you visit. We use the following external web services:

  • CloudFlare

    A web service from the CloudFlare Inc. Company, 101 Townsend St, 94107 San Francisco (hereafter: “CloudFlare”) has been downloaded onto our website. We shall use these data in order to guarantee the full functionality of our website. In this context, as required, your browser shall transmit personal data to CloudFlare. The legal basis for the data processing shall be Art. 6 Para. 1 lit. f GDPR. The rightful interest shall lie in the flawless functioning of the Internet site. CloudFlare itself has been certified in accordance with the EU-US Privacy Shield Convention (cf. https://www.privacyshield.gov/list ). The data shall be deleted as soon as the purpose for their collection has been fulfilled. You can find additional information regarding the handling of the transmitted data in CloudFare’s Data Protection Declaration: https://www.cloudflare.com/security-policy/?utm_referrer=https://www.google.de/ . You can prevent the collection as well as the processing of your data by CloudFlare by deactivating the running of the script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com).

  • Google

    A web service from the Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (hereafter: “Google”) has been downloaded onto our website. We use these data in order to guarantee the full functionality of our website. In this context, as required, your browser shall transmit personal data to Google. The legal basis for the data processing shall be Art. 6 Para. 1 lit. f GDPR. The rightful interest shall lie in the flawless functioning of the Internet site. Google itself has been certified in accordance with the EU-US Privacy Shield Convention (cf. https://www.privacyshield.gov/list ). The data shall be deleted as soon as the purpose for their collection has been fulfilled. You can find additional information regarding the handling of the transmitted data in Google’s Data Protection Declaration: https://policies.google.com/privacy?hl=en. You can prevent the collection as well as the processing of your data by Google by deactivating the running of the script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com).

  • Google Apis

    On our website, a web service from the Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (hereafter, “Google Apis”) has been downloaded. We shall use these data in order to ensure the full functionality of our website. In this context, as required, your browser shall transmit personal data to Google Apis. The legal basis for the data processing shall be Art. 6 Para. 1 lit. f GDPR. The entitled interest encompasses the flawless functioning of the Internet site. Google Apis has received a certification in accordance with the EU-US Privacy Shield Convention (cf. https://www.privacyshield.gov/list). The deletion of the data shall be undertaken as soon as the purpose of their collection has been fulfilled. You can find additional information regarding the handling of the transmitted data in Google Apis’ Data Protection Declaration: (https://policies.google.com/privacy?hl=en). You can prevent the collection as well as the processing of your data by Google Apis by deactivating the execution of the script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com).

  • gstatic

    A web service from the Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (hereafter: “gstatic”) has been downloaded onto our website. We shall use these data in order to guarantee the full functionality of our website. In this context, as required, your browser shall transmit personal data to gstatic. The legal basis for the data processing shall be Art. 6 Para. 1 lit. f GDPR. The rightful interest shall lie in the flawless functioning of the Internet site. gstatic itself has been certified in accordance with the EU-US Privacy Shield Convention (cf. https://www.privacyshield.gov/list ). The data shall be deleted as soon as the purpose for their collection has been fulfilled. You can find additional information regarding the handling of the transmitted data in gstatic’s Data Protection Declaration: https://policies.google.com/privacy?hl=en. You can prevent the collection as well as the processing of your data by gstatic by deactivating the running of the script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com ).

  • Twitter Advertising

    A web service from the Twitter International Company, One Cumberland Place, Fenian Street, D02 AX07 Dublin 2 (hereafter: “Twitter Advertising”) has been downloaded onto our website. We shall use these data in order to guarantee the full functionality of our website. In this context, as required, your browser shall transmit personal data to Twitter Advertising. The legal basis for the data processing shall be Art. 6 Para. 1 lit. f GDPR. The rightful interest shall lie in the flawless functioning of the Internet site. The data shall be deleted as soon as the purpose for their collection has been fulfilled. You can find additional information regarding the handling of the transmitted data in Twitter Advertising’s Data Protection Declaration: https://twitter.com/en/privacy . You can prevent the collection as well as the processing of your data by Twitter Advertising by deactivating the running of the script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com ).

  • Doubleclick

    On our website, a web service from the Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (hereafter, “Doubleclick”) has been downloaded. We shall use these data in order to ensure the full functionality of our website. In this context, as required, your browser shall transmit personal data to Doubleclick. The legal basis for the data processing shall be Art. 6 Para. 1 lit. f GDPR. The entitled interest encompasses the flawless functioning of the Internet site. Doubleclick has received a certification in accordance with the EU-US Privacy Shield Convention (cf. https://www.privacyshield.gov/list). The deletion of the data shall be undertaken as soon as the purpose of their collection has been fulfilled. You can find additional information regarding the handling of the transmitted data in Doubleclick’s Data Protection Declaration: https://policies.google.com/privacy?hl=en. You can prevent the collection as well as the processing of your data by Doubleclick by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com).

  • Knightlab.com

    A web service from the Northwestern University Knight Lab Company, 1845 Sheridan Road, 60208 Evanston (hereafter, “Knightlab.com”) has been downloaded onto our website. If you have activated Java Script in your browser and have installed no Java script blocker, as required, your browser shall transmit personal data to: Knightlab.com. You can find additional information regarding the handling of the transmitted data in the Data Protection Declaration of Knightlab.com: No DPD. You can prevent the collection as well as the processing of your data by Knightlab.com by deactivating the running of the script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com ). 

  • GA Audience

    A web service from the Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland (hereafter, “GA Audience”) has been downloaded onto our website. We shall use these data in order to guarantee the full functionality of our website. In this context, your browser shall, as required, transmit personal data to GA Audience. The legal basis for the data processing is Art. 6 Para. 1 lit. f GDPR. There is a rightful interest that exists to have the Internet site function flawlessly. GA Audience has been certified in accordance with the EU-US Privacy Shield Convention (cf. https://www.privacyshield.gov/list ). The deletion of the data shall be done as soon as the purpose for the collection of the data has been fulfilled. You can find additional information regarding the handling of the transmitted data in GA Audience’s Data Protection Declaration: https://policies.google.com/privacy?hl=en. You can prevent the collection as well as the processing of your data by GA Audience by deactivating the execution of the script code in your browser or installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com ).


7. Information regarding the Use of Cookies

  • Scope of the Processing of Personal Data

    On various webpages, we shall use cookies in order to enable the usage of certain functions of our website. The so-called 'cookies' are small text files which your browser can store on your computer. These text files contain a characteristic sequence of characters which enables a clear identification of the browser during your next visit to our website. The process of storing a cookie file is also termed 'placing a cookie'.

  • The Legal Basis for the Processing of Personal Data

    Art. 6 Para. 1 lit. f GDPR (entitled interest). Our entitled interest encompasses the preservation of the full functionality of our Internet site, the improvement of usability as well as the enabling of customer contacts which are more individualised. It is possible for us to identify individual website visitors via the cookie technology only if the website visitor has provided us with the corresponding personal data beforehand upon the basis of a special approval.

  • Purpose of Data Processing

    The cookies shall be placed by our website in order to preserve the full functionality of our Internet site and to improve usability. In addition, the cookie technology enables us to recognise individual visitors by means of pseudonyms, e.g. an individual ID of one’s own choosing, so that it is possible for us to offer services which are more individualised.

  • Duration of the Storage

    The storage of our cookies shall be undertaken until they are deleted in your browser or, if it is a session cookie, until the session has ended.

  • Rights of Objection and Deletion

    You yourself can adjust the settings on your browser based upon your wishes so that you can generally prevent the placement of cookies, only be notified upon a case-by-case basis in order to decide whether to accept cookies or not or fundamentally agree to the acceptance of cookies. Cookies can be used for various purposes, e.g. in order to recognise that your PC has already had a connection to our website (permanent cookies) or to store the offerings which were most recently visited (session cookies). We use cookies in order to offer you a higher level of user comfort. In order to use our comfort function, we recommend that you allow the acceptance of cookies for our website.

    Otherwise, the rights of objection and deletion shall be based upon the following general provisions regarding the rights of objection and deletion under data protection law which are depicted in this Data Protection Declaration.


8. Data Security and Data Protection, Communication via E-Mail

Your personal data shall be protected in such a manner by means of technical and organisational measures during their collection, storage and processing that they are not accessible to third parties. In the event of unencrypted communication via e-mail, the complete data security along the transmission route to our IT systems cannot be guaranteed by us so that we recommend encrypted communication or using the postal service for information which is highly confidential.


9. Revocation of Approvals – Requests for Data Information and Changes – Deletion & Blocking of Data

Once per year, you shall have a right to receive free-of-charge information regarding your stored data as well as, at any time, a right to the correction, blocking or deletion of your data. Upon the initial request, your data shall be deleted by us if the statutory provisions do not oppose this. Thus, you may at any time revoke an approval, which you had previously granted us, to use your personal data. You may at any time feel free to submit requests for information regarding, the deletion and correction of your data as well as to submit feedback in this regard by using the following address:

HASE Kaminofenbau GmbH
Niederkircher Straße 14
54294 Trier

E-mail: info@hase.de
Tel.: +49 (0) 651 82 69-0
Fax: +49 (0) 651 82 69-118


10. Right of Data Portability

You shall have the right to request that we provide you with your personal data, which you have made available to us, in a structured, standard and machine-readable format. You can also demand that we promptly transmit these data to a third party upon your initial request to do so insofar as the processing is based upon a consent granted in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or is based upon a contractual agreement in accordance with Art. 6 Para. 1 lit. b GDPR and we undertake the processing within the parameters of automated data processing. Furthermore, when exercising this right, you shall also have the right to request that your personal data be transmitted directly by one responsible party to another responsible party insofar as this is technically feasible. Freedoms and rights of other persons may not be restricted by so doing. The right of data portability shall not be valid for any processing of personal data which is required for the fulfilment of a task which lies in the public interest or in the exercising of public authority which has been conferred to the responsible party.


11. Right to File a Complaint with the Government Supervisory Authority in accordance with Art. 77 I GDPR

Insofar as you suspect that your data are being illegally processed on our website, you may naturally at any time seek a legal clarification of the respective issue. Regardless of this, you shall have the option of contacting a government supervisory authority. You shall be entitled to a right to file a complaint in the EU member country of your place of residence, your work location and/or the location of the purported violation, i.e. you may select the government supervisory authority which you contact from the aforementioned locations. The government supervisory authority to which you submit the complaint shall then notify you of the status and the results of your submitted complaint including the option of seeking legal remedial action in court in accordance with Art. 78 GDPR.

Drafted by:
© DURY IT Law Firm – www.dury.de