Website data protection
Name and address of the data controller
The data controller according to the terms of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Hochland Natec GmbH
Further information can be found in the imprint.
2. General information on data processing
2.1. Scope of the processing of personal data
As a matter of principle, we process the personal data of our users only to the extent necessary to provide a functional website as well as our contents and services. The personal data of our users is only processed with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and where processing of the data is permitted by law.
2.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. Art. 6 para. 1 lit. b GDPR serves as the legal basis in the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
2.3 Data deletion and storage duration
The personal data of the person concerned will be erased or blocked as soon as the purpose of the storage no longer applies. Data storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. The data will also be blocked or erased when a storage period prescribed by the above standards expires, unless there is a need to store the data further for the purpose of concluding or fulfilling a contract.
3. Provision of the website and creation of log files
3.1.Description and scope of data processing
Whenever our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and version used
- The user's operating system
- The user’s internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are called up by the user's system via our website The log files contain IP addresses or other data that allow the assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user goes contains personal data. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
3.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is carried out in order to ensure the functionality of the website and to ward off attacks. The data also serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
3.4 Duration of storage
The data will be erased as soon as it is no longer necessary for the purpose for which it was collected. In the case data collection to ensure the provision of the website, this is the case when the respective session is ended. When data is stored in log files, this is the case after 14 days at the latest. Data storage beyond this period is possible. In this case, the IP addresses of the users are erased or altered/alienated so that a accessing client can no longer be assigned.
3.5 Possibility of objection and removal
The collection of data to ensure the provision of the website and the storage of the data in log files is mandatory for the proper operation of the website. There is therefore no possibility of objection on the part of the user.
4.1 Description and scope of data processing
4.2 Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given his consent to this.
4.3 Purpose of data processing
4.4 Duration of storage, possibility of objection and removal
5. Contact form and e-mail contact
5.1. Description and scope of data processing
On our website there is a contact form which can be used for contacting us electronically. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. This concerns the following data: The IP address of the user Entered data For the processing of the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration. Alternatively, it is possible to contact us using the provided e-mail address. In this case the personal data of the user transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.
5.2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Par. 1 letter f GDPR. If the e-mail contact is aimed towards the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
5.3 Purpose of data processing
The processing of the personal data from the input mask serves us only for the processing to establish the contact. In the case of contacting to us by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
5.4 Duration of storage
The data will be erased as soon as they are no longer required for the purpose of their collection and no further legal periods for storage exist.
5.5 Possibility of objection and removal
The user has the possibility to withdraw his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
6. Web analysis using JRealtime Analytics
6.1. Description and scope of data processing
We use the JRealtime Analytics tool to evaluate the number of visitors and collect statistics on the operating systems used, browser, country of origin, search keywords, entry and exit pages and pages linking to us. JRealtime Analytics runs completely on our server and no data is transferred to third parties. The IP address information is made anonymous. The data gets collected via the session cookie.
6.2 Legal basis for data processing
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
6.3 Purpose of data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on how the individual components of our website are used. This helps us to constantly improve our website as well as its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f GDPR. By making the IP address anonymous, the interest of the users in their protection of personal data is sufficiently taken into account.
6.4 Duration of storage
The recorded individual visits are deleted from our server after 30 days. Only the access figures are permanently stored beyond this period as a cumulative value, i.e. without the underlying individual data records.
6.5 Possibility of objection and removal
7. Newsletter services by MailChimp
7.1 Description and scope of data processing
7.2 Legal basis for data processing
Our use of the mailing service provider is based on our legitimate interest as per GDPR Art 6(1) lit. f, as well as a data processing contract as per the first sentence of GDPR Art. 28(3).
7.3 Purpose of data processing
The dispatch of the newsletter and the performance measurement carried out by us or our service provider is carried out with your consent (Art. 6 Para. 1 lit. a in conjunction with Art. 7 GDPR), the logging of the registration on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR). Our legitimate interests lie in proving that the legal requirements are met and in using a newsletter system that meets the wishes and expectations of subscribers and supports our business interests. A transfer of your personal data is only carried out for the purpose of sending out the newsletter to a processor (Mailchimp) commissioned by us for this purpose, with whom a corresponding data processing agreement has been concluded.
The mailing service provider may use the recipients’ data in a pseudonymized form, e.g. without reference to a user, for the optimization or improvement of their services, e.g. the technical optimization of the mailing or the presentation of the newsletters, or for statistical purposes. The mailing service provider will not disclose the data of our newsletter subscribers to third parties or use such data for its own mailings.
7.4 Duration of storage
The data gets erased as soon as it is no longer required for our recording purposes.
7.5 Possibility of objection and removal
You can revoke your consent at any time with effect for the future and thus cancel the newsletter. Each newsletter will offer you a corresponding option via a link. In the event of an objection, we will store your e-mail address for a further period of 2 years in order to fulfil our interests (proof of given consent), but otherwise we will restrict processing.
8. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the data controller:
8.1 Right of access to information
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. In the event of such processing, you may request the following information from the data controller:
- The purposes for which the personal data are processed;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- The envisaged period of storage of the personal data relating to you or, if not possible to give specific details, criteria used to determine that period;
- The existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the data controller or a right to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- any available information on the source of the data, if the personal data is not collected from the data subject; The existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
8.2 Right of rectification
You have the right to ask the data controller to rectify and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the rectification without delay.
8.3 Right to restrict processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
- If you contest the accuracy of the personal data concerning you for a period enabling the data controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data;
- The data controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims, or
- If you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate grounds given by the data controller override your grounds. Where the processing of personal data relating to you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence legal claims or for the protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction of processing is lifted.
8.4 Right of erasure
8.4.1 Obligation to erase
You may obtain from the data controller the erasure of the personal data concerning you without undue delay and the data controller has the obligation to erase such data without undue delay where one of the following grounds applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you has been unlawfully processed.
- your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject.
- The personal data concerning you have been collected in relation to the offer information society services referred to in Art. 8 para. 1 GDPR.
8.4.2 Information provision to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 para. 1 GDPR to erase it, he, taking account of available technology and the costs of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data, that you, as a data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right of erasure does not exist insofar as the processing is necessary
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 para. 2 GDPR as well as Art. 9 para. 3 GDPR;
- For the establishment, exercise or defence of legal claims.
8.5 Right to information
If you have asserted the right to rectify, erase or restrict the processing vis-à-vis the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the data controller.
8.6 Right to data transferability
You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to have this data communicated to another person in charge without interference from the data controller to whom the personal data has been made available, provided that The processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and The processing is carried out automated means. In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one data controller to another, as far as this is technically feasible. The freedoms and rights of other persons may not be impaired thereby. The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
8.7 Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. You may exercise your right of objection in context of the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
8.8 Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your data protection declaration of consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
8.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
- Is necessary for entering into, or performance of, a contract between you and the data controller,
- Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- Is based on you explicit consent. However, these decisions shall not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless point a or g of Art. 9 para. 2 GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. With regard to the former and the latter, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
8.10 Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
If you have any questions, please contact our data protection officer:
Hochland Natec GmbH
Data Protection Officer