We attach great importance to the protection of your personal data which you provide to us when you visit and use our website. Your personal data, e.g. name, address, e-mail address or telephone number, will always be processed in accordance with the General Data Protection Regulation and the country-specific data protection regulations which apply to HERMA. If there is legal basis for this processing, we will normally obtain your consent. The HERMA website can normally be used without providing any personal data. However, if you want to make use of special services via our website, it may be necessary to process personal data. Through this Data Protection Declaration we would like to inform you, as a visitor to our website, about the nature, extent and purpose of the personal data which we collect, use and process. Your rights are also explained.
Table of contents
- Responsibility for data processing
- Contact with the Data Protection Officer
- Definitions of terms
- Recording of general data and information
- Data security
- Use of Google Analytics (with an anonymisation function)
- Legal or contractual regulations relating to the supply of personal data
- Storage period, erasure and blocking of personal data
- Rights of website visitors
- Existence of automated decision-making
1. Responsibility for data processing
HERMA GmbH is responsible for data processing. HERMA GmbH Fabrikstraße 16, 70794 DE-Filderstadt Tel.: +49 711 / 7702 0 | Fax: +49 711 / 7702 700 | E-mail: mail(at)herma.de
2. Contact with the Data Protection Officer
If you have any questions or suggestions relating to data protection, you may directly contact at any time our Data Protection Officer. You may contact the Data Protection Officer of HERMA GmbH as follows:
HERMA GmbH, Fabrikstraße 16, 70794 Filderstadt, Germany
To: The Data Protection Officer
3. Definitions of terms
Our Data Protection Declaration should be easy to read and comprehensible both for the general public and our customers and business partners. The following terms from our Data Protection Declaration originate from the GDPR.
a) Personal data
Personal data’ means any information relating to an identified or identifiable natural person (hereinafter called ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is every identified or identifiable natural person whose personal data are processed by the controller.
Processing of personal data includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Means any form of automated processing of personal data consisting of the use of these personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
j) Third party
A third party means a natural or legal person, public authority, agency or body other than the data subject. controller, processor and persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4. Recording of general data and information
Every time a data subject visits an individual website, the web pages of HERMA collect a range of general data and information which are stored in the server's log files. The following data and information may be collected: (1) Utilised browser types and versions, (2) The operating system used by the accessing system, (3) The website from which an accessing system reaches our website (so-called "referrer"), (4) The sub-websites which are controlled via an accessing system on our website, (5) The date and time of access to the website, (6) An Internet protocol address (IP address), (7) The Internet service provider of the accessing system and (8) Other similar data and information which are used to avert danger in the case of attacks on our computer systems.
This involves information which does not make your person identifiable. This information is used instead to (1) correctly show the contents of our website, (2) optimise the contents of our website and advertising for the website, (3) ensure permanent operability of our computer systems and the technology used on our website, and (4) provide prosecution authorities with the information required for criminal proceedings in the event of a cyber attack.
These anonymously recorded data and information are therefore evaluated by HERMA for statistical purposes and also to increase data protection and data security in our companies so that an optimum protection level is ultimately attained for the personal data which we process. The anonymous data in the server log files are stored separately from all personal data provided by you.
5. Data security
If you transmit your personal data to HERMA via our website (e.g. via the application form, contact form, etc.), they are transmitted in encrypted form (with 128/256 Bit). We have implemented technical and organisational measures to protect our website and other systems against loss, destruction, access to, amendment or dissemination of your data by unauthorised persons. Would you please only enter your data directly via our website. If you receive unsolicited e-mails in which you are requested to provide or confirm personal information or payment details, plesae ignore these letters and inform your HERMA team at the following e-mail address: ecommerce(at)herma.de.
A cookie can be used to optimise the information and offers on our website for the benefit of the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to utilise our website. For example, the user of a website utilising cookies need not re-enter his/her access data during every visit to the website since this task is performed by the website and the cookie stored on the user's computer system. Another example is the cookie of a goods basket in the online shop. The online shop notes via a cookie the product which a customer has placed in the virtual goods basket.
You can prevent the placement of cookies by our website at any time through a corresponding setting in the utilised Internet browser and therefore permanently reject the placement of cookies. Cookies which have already been placed can also be erased at any time by means of an Internet browser or other software programs. This is possible in all current Internet browsers. If you deactivate the placement of cookies in the utilised Internet browser, it may be impossible to use all the functions of our website.
7. Use of Google Analytics (with an anonymisation function)
HERMA has integrated the component of the Web analysis service Google Analytics (with an anonymisation function) on this website.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. HERMA uses the suffix "_gat._anonymizeIp" for Web analysis via Google Analytics. Using this suffix, the IP address of your Internet connection is truncated and anonymised by Google if our web pages are accessed from within any Member State of the European Union or another Contracting State of the Treaty on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website (contract data processing). As a contract data processor, Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that highlight the activities on our web pages, and to provide us with further services connected with the use of our website.
Google Analytics places a cookie on your IT system. We already explained above what cookies are. Placement of the cookie enables Google to analyse the use of our website. Every time you access one of the individual pages of this website into which a Google Analytics component has been integrated, the Internet web browser on your IT system is automatically induced by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. Within the context of this technical procedure, Google becomes aware of personal data such as your IP address which Google uses, for example, to comprehend the origin of the visitors and clicks.
Personal information, e.g. the time of access, the location from which this access originated and the frequency of the visits to our website, is saved using the cookie. During every visit to our web pages this personal data, including the IP address of the utilised Internet connection, is transmitted to Google in the USA. These personal data are saved by Google in the USA. In certain circumstances, Google passes these personal data, which were collected via the specific technical procedure, on to third parties.
As already described above in § 10, you may permanently oppose the placement of cookies.
You can prevent recording by Google Analytics by clicking on the following link. An opt-out cookie is placed that prevents future recording of your data when you visit this website.
Deactivate Google Analytics
You have to make this setting for each browser and device individually. If your browser's cookies are deleted, the setting will be lost and you will need to click the link again. Further information and the valid data protection provisions of Google can be accessed at www.google.de/intl/en/policies/privacy and www.google.com/analytics/terms/us.html. Google Analytics is explained in more detail under this link: www.google.com/intl/en_uk/analytics/.
8. Legal or contractual regulations relating to the supply of personal data
We hereby wish to inform you that the supply of personal data is legally prescribed at times or may also arise due to contractual regulations. Failure to supply personal data could result in a contract not being concluded with you or HERMA being unable to furnish the requested service such as delivery of the newsletter or the provision of product information.
9. Storage period, erasure and blocking of personal data
HERMA will only process and store your personal data for as long as is necessary to attain the storage purpose or if provision was made for this in a law or regulation to which each HERMA controller is subject – e.g. statutory retention periods.
If the storage purpose ceases to apply or a legally prescribed storage period expires, the personal data will be routinely blocked or erased according to legal regulations.
10. Rights of website visitors
If you want to make use of the rights described below, you may also contact our Data Protection Officers or another employee of HERMA for this purpose at any time.
a) Right to receive information
You are entitled to receive information from HERMA free of charge at any time about your stored personal information and a copy of this information. The legislature allows you to receive the following information:
Reasons for processing personal data
Categories of personal data which are processed
The recipients or categories of recipients to whom personal data were or will still be disclosed, especially recipients in third countries or in international organisations
If possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining this period
The existence of a right to rectification or erasure of your personal data or to restriction of processing by the controller or a right to object to this processing The existence of a right to complain to a supervisory authority
If the personal data of a data subject are not recorded: All the available information regarding the origin of the data
The existence of automated decision-making, including profiling according to Article 22 (1) and (4) of the GDPR and — at least in these cases — meaningful information about the involved logic, the extent and the intended effects of this processing for the data subject
You are also entitled to receive information on whether personal data were transmitted to a third country or an international organisation.
b) Right to rectification
You have the right to request immediate rectification of inaccurate data concerning you. Taking into account the purposes of processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c) Right to erasure (right to be forgotten)
You have the right to request HERMA to immediately erase personal data concerning you if one of the following reasons applies and processing is not necessary: The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. You withdraw your consent on which the processing was based according to Article 6 (1) a of the GDPR or Article 9 (2) a of the GDPR, and where there are no other legal grounds for the processing. You object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR. The personal data have been illegally processed.
The personal data have to be erased in order to comply with a legal obligation under European Union law or member state law to which the controller is subject. The personal data were collected in relation to services offered by HERMA according to Article 8 (1) of the GDPR. If we have made your personal data public, we will implement suitable measures after taking account of available technology and the cost of implementation in order to inform other controllers who process your published person data that you requested the erasure of all links to your personal data or copies or replications of these personal data if the processing is not required.
d) Right to restriction of processing
You have the right to request HERMA to restrict processing if one of the following conditions applies:
The accuracy of the personal data is contested by you, i.e. for a period which enables HERMA to verify the accuracy of the personal data.
The processing is illegal, you oppose the erasure of the personal data and request the restriction of their use instead.
HERMA no longer needs the personal data for the purposes of processing, but you require them for the enforcement, exercise or defence of legal claims.
You objected to processing pursuant to Article 21 (1) of the GDPR and it has not been determined whether the legitimate grounds of HERMA override your interests.
e) Right to data portability
You have the right to receive your personal data, which you provided to HERMA, in a structured, commonly used and machine-readable format. You are also entitled to transmit these data to another controller without interference by HERMA if processing is based on consent according to Article 6 (1) a of the GDPR or Article 9 (2) a of the GDPR, or on a contract pursuant to Article 6 (1) b of the GDPR and processing is carried out using automated methods, unless processing is required for a task which is in the public interest or in the exercise of public authority vested in HERMA.
In exercising your right to data portability pursuant to Article 20 (1) of the GDPR, you are entitled to have the personal data transmitted directly from one controller to another where this is technically feasible and if the rights and freedoms of other persons are not hereby adversely affected.
f) Right to object
You have the right to object, for reasons relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) e or f of the GDPR. This also include profiling based on these provisions.
HERMA will stop processing your personal data in the event of objection, unless we demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or processing is used to enforce, exercise or defend legal claims.
If HERMA processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data for the purpose of this marketing. This also applies to profiling if it relates to this direct marketing. If you inform HERMA that you object to processing for direct marketing purposes, HERMA will no longer process personal data for these purposes.
You also have the right to object, for reasons relating to your particular situation, to processing of your personal data which is carried out by HERMA for scientific, historical research or statistical purposes according to Article 89 (1) of the GDPR, unless this processing is necessary to perform a task for reasons of public interest.
g) Right to revoke consent to data processing
You have the right to revoke at any time consent to processing of your personal data.
h) Right to complain to supervisory authorities
If you have a problem relating to data protection, you may make use of your right to complain to the responsible national supervisory authorities.
11. Existence of automated decision-making
We have waived automated decision-making, unless we have expressly made reference thereto.
Die Erstellung der Datenschutzerklärung wurde unterstützt durch die DGD Deutsche Gesellschaft für Datenschutz GmbH, die als externer Datenschutzbeauftragter tätig ist, in Kooperation mit der RC GmbH, die gebrauchte Computer wiederverwertet und der Kanzlei WILDE BEUGER SOLMECKE | Rechtsanwälte erstellt.