Privacy statement of the Hermes Hansecontrol Group
Date of last revision: 07.22.19
Since 25 May 2018, the uniform privacy requirements of the EU General Data Protection Regulation (GDPR) have been in force throughout Europe. The purpose of the following privacy statement is to inform you about the processing of personal data carried out by the test institute Hansecontrol GmbH (“Hansecontrol“ and/or “We” and/or “Data Controller”) in accordance with the GDPR and the German Federal Data Protection Act (BDSG 2018).
Please read our data protection information carefully. If you have any questions or comments about our data protection information, please feel free to contact us at datenschutzbeauftragter@hansecontrol.com.
Content
1. Name and contact details of the data controller
2. Contact details of the data protection officer
3.1. Accessing our websites/applications
3.2. Cookies, tracking, social media plug-ins
3.3. Data processing for dispatch of the newsletter
1. Name and contact details of the data controller
This data protection information applies to data processing by
Prüfinstitut Hansecontrol GmbH and Hansecontrol Zertifizierungsgesellschaft mbH
Schleidenstrasse 1
22083 Hamburg
Germany
Represented by CEO Matschke, Mathias
+49 (0)40 600 202 778
info@hansecontrol.com
Website: www.hansecontrol.com
for the following websites:www.hansecontrol.com
2. Contact details of the data protection officer
The data protection officer(s) of the Data Controller can be contacted at
Prüfinstitut Hansecontrol GmbH
Schleidenstrasse 1
22083 Hamburg
Germany
datenschutzbeauftragter@hansecontrol.com
3. Purpose of data processing, legal bases and legitimate interests pursued by the data controller or a third party, along with categories of recipient
3.1. Accessing our websites/applications
3.1.1. Log files
Every time you access websites/applications, information is sent to the server of our website/application by the Internet browser of your end device and temporarily stored in what are known as log files. The records stored contain the following data, which are stored until they are automatically deleted: Date and time of access; name of the page accessed; IP address of the requesting device; referrer URL (the URL from which you accessed our websites); the amount of data transferred; loading time; and the product and version information of the browser you have used along with the name of your access provider. The IP addresses are stored in anonymized form. To render them anonymous, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are anonymized in the same way.
The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest arises from the need
- to ensure that you can connect to the site without difficulty,
- to ensure that your use of our website/application is as easy as possible,
- to evaluate system security and stability.
It is impossible to directly infer your identity from the information, nor do we make any attempt to do so
The data will be stored and automatically deleted once the aforementioned purposes have been achieved. The time limits for deletion are based on the criterion of necessity.
3.1.2. Google Web Fonts
This page uses web fonts provided by Google to display fonts in a consistent way. When you visit a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This will make Google aware that our website has been accessed via your IP address. The use of Google web fonts allows us to present our websites in a uniform and attractive way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.
If your browser does not support web fonts, your computer will use a default font.
You can find out more about Google web fonts at https://developers.google.com/fonts/faq and in the Google privacy policy: https://policies.google.com/privacy?hl=de.
3.2. Cookies, tracking, social media plug-ins
We use cookies, tracking tools, targeting procedures, and social media plug-ins for our website/application. The exact methods involved and how your data are used for this purpose are explained in detail below.
3.3. Data processing for dispatch of the newsletter
On our websites/applications, you have the option to sign up for our newsletters. To avoid mistakes when you enter your email address, we use what is known as the double-opt-in procedure (DOI procedure): After you have entered your email address in the registration field, we will send a confirmation link to the address provided. Only when you have clicked on this confirmation link will your email address be included in our newsletter mailing list. The legal basis for this data processing is Article 6(1)(a) GDPR.
Information on your right of revocation
You can revoke your consent at any time with permanent effect by mailing us at info@hansecontrol.com; you also have the option to unsubscribe at the end of every newsletter.
3.4. Contacting us
You have various options for contacting us. By email, by phone, through the contact form, and by mail. If you contact us, we will use the personal data that you voluntarily provide to us in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is Article 6(1)(a), Art. 6(1)(b), Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.
4. Your rights
In addition to the right to revoke any consent you have granted to us, you are also entitled, if the relevant legal requirements are met, to the following additional rights:
- The right to information on your personal data stored by us (Art. 15 GDPR); you can in particular require information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or are to be disclosed, or the planned storage period, and – unless they were obtained directly from you – the origin of your data;
- The right to rectification of incorrect data or completion of correct data (Art. 16 GDPR);
- The right to erasure of any data on your person stored by us (Art. 17 GDPR),, insofar as we are not obliged to comply with statutory or contractual retention periods or other legal obligations or rights to extended storage;
- The right to restrict the processing of your data (Art. 18 GDPR), insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you nonetheless decline to have the data deleted, the Controller no longer needs the data, but you need it to assert, exercise or defend legal claims, or you have objected to the processing in accordance with Article 21 GDPR;
- The right to data portability in accordance with Article 20 GDPR, i.e. the right to the transfer of selected data on your person that are stored by us in a common, machine-readable format or to demand their transmission to another controller;
- The right to lodge a complaint with a supervisory authority.. As a rule, you can contact the competent supervisory authority for your usual place of residence or workplace or our registered office.
You can exercise the aforementioned rights to which you are entitled by writing to datenschutzbeauftragter@hansecontrol.com. You can exercise the right to data portability by writing to datenschutzbeauftragter@hansecontrol.com.
5. Right to object
Under the conditions of Article 21(1) GDPR, you may object to data processing for reasons arising from your particular situation as data subject.
The aforementioned general right to object applies to all processing purposes based on Article 6(1)(f) GDPR that are described in this data protection information. Unlike the special right to object that is directed at data processing for advertising purposes (see 3.3. Data processing for dispatch of the newsletter above), we are obliged under the GDPR to implement such a general objection only if you give us reasons of overriding importance to do so (e.g. a possible danger to life or health).
6. Right of revocation
Insofar as we process data on the basis of your consent, you have the right to revoke that consent at any time. The revocation of consent does not mean that the data processing carried out on the basis of that consent up to the point of revocation will become ineffective.