Privacy Policy

1. Who is the controller for this website?
2. What is the issue?
3. How do we process your data when you visit this website?
4. Who will receive your data?
5. When will your data be deleted?
6. Will we transfer your data to a third country or to an international organisation?
7. Will we use your data for automated decision-making or profiling?
8. Privacy policy in the job application process
9. Which rights do you have regarding the processing of your data?
10. Amendments and updates to the Privacy Policy

1. Who is the controller for this website?
The controller within the meaning of the General Data Protection Regulation is:

Hänsch GmbH
Schützenstraße 21
D - 49770 Herzlake
E-Mail: info[at]fg-haensch.de
Imprint: https://www.fg-haensch.de/footer-unten/impressum/impressum.html
(henceforth also referred to as "Hänsch GmbH" or "we")
If you have any questions about this privacy policy or the protection of your data by Hänsch GmbH, please contact our data protection officer at any time:

Carla Holterhus
E Mail: datenschutz[at]fg-haensch.de

2. What is the issue?
By processing personal data, we mean gathering, storing, transmitting, deleting or otherwise dealing with it. Personal data means information on natural persons who use this website to obtain information on the offers and services of Hänsch GmbH.

If you are a customer, interested party, employee, supplier or candidate at Hänsch GmbH, we will also process your data within the scope of your business relationship with us or according to your legitimate interest in receiving feedback. For more information, please refer to the notes on handling your personal data.

An overview follows of which data Hänsch GmbH processes when you visit this website and for which purposes. Information about the treatment of your data on Hänsch GmbH's social media pages can be found in the Privacy Policy for Social Media.

3. How do we process your data when you visit this website?

3.1 Data necessary to display the website and to ensure its stability and security.
When using the website for information purposes only, the following technically necessary data is processed:

• User's IP address
• Browser used (type, version, language)
• Operating system used
• Internet service provider of the user
• Date and time of access to one of our web pages
• Files retrieved from our web pages
• The website from which the user accesses our website
• Website that the user accesses from our website.
  
  

The above-mentioned data is processed to carry out pre-contractual measures or to fulfil a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. Moreover, the data may also be processed to protect the legitimate interests of Hänsch GmbH on the bases of a balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. If this website is used unlawfully, this data is also used to clarify any infringements that may have occurred.

Hänsch GmbH also evaluates this information for statistical purposes and to improve this website without creating personal user profiles.

3.2 Use of Cookies?
This website uses cookies. Cookies are small chunks of information that are stored on your terminal device. This is done to make it easier for visitors to navigate the website and use certain functions and, most importantly, to be able to use this information again at a later date. Apart from these technically and functionally necessary cookies, cookies may also be used for other purposes, such as targeted advertising. For more detailed explanations, please see the notes below.

You can prevent the storage of cookies on your terminal device by setting your browser software accordingly. There you can also delete cookies that have already been stored. However, if technically necessary cookies are deactivated, the website can no longer be used entirely.

Necessary cookies:
We use cookies that are necessary for the execution of functions to make the use of this website secure and user-friendly. Only this way can users navigate the web pages and operate the modules or functions of the website. Without these cookies, the use of the website may be impossible or only possible to a limited extent. For some functions it is necessary to recognise the browser even after a page change.

The data collected through these necessary cookies will not be used to create user profiles. The following data is stored and transferred in the cookies:

• Current session ID
• Use of certain website content, such as frequency or volume of use
• Acknowledgement of certain website content, such as product information

Because websites do not have a memory, cookies inform the server which pages should be displayed to the visitor. This has the advantage that the visitor does not need to remember everything or to navigate through the entire page again.

Virtually all the technically and functionally necessary cookies used are session cookies. Session cookies and the stored data are automatically deleted after the end of your visit.

We use the following cookies on our website:
necessary
name   purpose   domain name   expiry   provider
Performance
name   purpose   domain name   expiry   provider
Advertising / Tracking
name   purpose   domain   name   expiry   provider

Data processing using technically and functionally necessary cookies is carried out based on Section 25 (2) TTDSG (Telecommunications and Telemedia Data Protection Act).

3.3 Contact form and email contact
Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transferred to us and stored:

• Name
• Email address
• Blank space for customised text
• User's IP address
• Date and time of submission

As an alternative, you can send us an email to one of the email addresses provided on the website. In this case, we will store the user's personal data transmitted with the email. The legal basis for processing the data is Art. 6 para. 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is the legal basis.

Your data will only be used to process your inquiry and the subsequent communication. In this context, personal data will not be passed on to third parties. The personal data entered in the input mask of the contact form and those sent by email are deleted when the related communication with the user has ended, i.e. as soon as it is clear from the circumstances that the matter in question has been conclusively clarified.

Any personal data additionally collected during the sending process will be deleted after a period of seven days at the latest.

3.4 Information tools provided by third parties

Microsoft Cloud Services
Microsoft's cloud and cloud software services (so-called software as a service, e.g. Microsoft Office) are used for document storage and management, calendar management, emailing, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing web pages, forms or other content and information, as well as chats and participation in audio and video conferences. This includes the processing of master data and contact data of users, data on transactions, contracts, other processes and their contents. Microsoft also processes usage data and metadata that it uses for security and service improvement purposes. For information on our privacy policy for video conferencing via Microsoft Teams, please click here.

As part of the use of publicly available documents, web pages or other content, Microsoft may store cookies on users' computers for purposes of web analytics or to remember users' preferences.

We use the Microsoft Cloud services in efficient and secure administration and collaboration processes for our legitimate interests pursuant to Art. 6 para. 1 lit. f of the GDPR. Where data is processed in the USA, we refer to processing based on standard contractual clauses with Microsoft as well as based on fall-back exceptions from Art. 49 para. 1 of the GDPR.

For more information, please see the Microsoft privacy policy (https://privacy.microsoft.com/en-gb/privacystatement) and the Microsoft Cloud Services Security Notice (https://www.microsoft.com/en/trust-center). You can object to the processing of your data in the Microsoft Cloud in accordance with the legal requirements. The deletion of data within Microsoft's cloud services is otherwise determined by the other data processing operations in this context (e.g. deletion of data no longer required for contractual purposes or storage of data required for taxation purposes).

Microsoft Cloud Services are provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.

Google Ads and conversion measurement
We use the online marketing tool "Google Ads" to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads (so-called "conversion"). Furthermore, we measure ad conversion. But we only learn the anonymous total number of users who clicked on our ad and were redirected to a page marked with a so-called "conversion tracking tag". But we do not receive any information that identifies users; service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Further information: Types of processing as well as data processed: https://privacy.google.com/businesses/adsservices; Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.

Google Maps
This website uses Google Maps to display maps. This allows the display of interactive maps directly in the website and the use of the map function. By visiting the sub-page where Google Maps is used on this website, Google receives the information that you have accessed the respective sub-page. The data mentioned under point 3. 1 will also be transmitted to Google. The collected data is used exclusively for the creation of the map. The data will not be linked to your Google user account data. Google does not log personal data of end users.

For more information on how and to what extent Google Maps collects and processes your data, please refer to the provider's privacy policy. There you will also receive further information about your rights in this respect and your settings options for protecting your privacy: https://policies.google.com/privacy?hl=en-uk.

The legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. b and f GDPR.

Newsletter
We send newsletters, emails and other electronic notifications ("newsletters") only with the recipients' consent or legal permission. Provided that the contents of the newsletter are specifically described during registration, they are decisive for the consent of the user. Furthermore, our newsletters contain information about our services and us.

To register for our newsletters, it is generally sufficient to enter your email address. We may ask you, however, to provide a name for the purpose of personal address in the newsletter, or further details if these are necessary for the purposes of the newsletter.

Double-Opt-In procedure: The registration for our newsletter always follows a so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can subscribe with third-party email addresses. Subscriptions to the newsletter are logged to prove the subscription process in accordance with legal requirements. This includes recording the time of registration and confirmation as well as the IP address. Likewise, changes of your data stored with the shipping service provider will be logged.

Erasure and restriction of the processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. Individual requests for erasure are possible at any time, provided that the former existence of consent is confirmed concurrently. We reserve the right to store the email address in a block list for this sole purpose if there are obligations to observe objections on a permanent basis.

We log the registration process based on our legitimate interests for the purposes of proving that it has been carried out properly. If we commission a service provider to send emails, we do so based on our legitimate interests in an efficient and secure sending system.

Notes on legal bases: The newsletter is sent based on the recipients' consent or, if consent is not required, based on our legitimate interests in direct marketing, if and insofar as this is permitted by law, such as in the case of existing customer advertising. If we commission a service provider to send emails, we do so based on our legitimate interests. The registration process is recorded based on our legitimate interests to demonstrate that it has been conducted in accordance with the law.

Analysis and performance measurement: The newsletters contain a so-called "web beacon", which is a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server. During this retrieval, technical information, such as browser and system information, as well as your IP address and the time of the retrieval, are initially gathered.

We use this information to technically improve our newsletter based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by IP address) or access times. This analysis also determines whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to the individual newsletter recipients for technical reasons. But neither we nor the shipping service provider, if used, endeavour to monitor individual users. Rather, the evaluations serve us to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Regrettably, a separate revocation of the performance measurement is impossible; in this case, the entire newsletter subscription must be cancelled or revoked.
We process the following types of data: Master data (e.g. names, addresses), contact data (e.g. email, phone numbers), meta/communication data (device information, IP addresses), usage data (visited websites, interest in content, access times). The data subjects in this process are our communication partners whose data we process for direct marketing purposes (e.g. by email or post). Our legal basis in this respect is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR as well as our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

Option to object (opt-out): You can unsubscribe from our newsletter at any time, i.e. revoke your consent or object to further receipt. A link to cancel the newsletter can be found either at the end of each newsletter or you can use one of the above contact options, preferably email, for this purpose.

Our service provider for newsletter dispatch is CleverReach: email marketing platform; service provider: CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany; Website: https://www.cleverreach.com; Privacy policy: https://www.cleverreach.com/en-de/privacy-and-security/.

Search function Findologic
Use of FINDOLOGIC for product discovery

For product discovery, notably search and navigation, we use the services of FINDOLOGIC GmbH, Jakob-Haringer-Str. 5a, 5020 Salzburg, a technology company that seeks to address personal needs and preferences through data analysis. This involves using cookies to store information about the website user and transmitting various data to the service provider, these include notably the IP address and browser identification of the user, as well as associated behavioural data such as search queries, categories visited, selected filters, products viewed and purchased. This helps us understand which products interest our users most and optimise the shopping experience for them.

This information will be transferred to third parties if required by law or if third parties process it on behalf of FINDOLOGIC.

We have concluded an order processing contract with FINDOLOGIC.

Please note that the stored IP addresses are anonymised after 6 months.

If you have further questions on this topic, simply send an email to the data protection coordinator at privacy@findologic.com. Additional information on data protection at FINDOLOGIC is available at the following link: www.findologic.com/datenschutz.

Push notifications
If you activate push notifications for this website through the "Signalize" service, it uses a function of your internet browser or mobile operating system to deliver the notifications to you. Only anonymous or pseudonymous data is transmitted for sending messages. Depending on the configuration of the website, these can be:

• Pseudonymous user ID: a random value (example: 108bf9a85547edb1108bf9a85547edb1), which is stored in a tracking cookie ID
• Pseudonymous digital fingerprints, pseudonymous mobile device IDs and, if applicable, pseudonymous cross-device IDs
  
  

Such data will only be processed for delivering the notifications to which you have subscribed and for making notification-related settings. We ask for your consent to store this data. The legal basis for data processing in this case is Art. 6 para. 1 lit. a GDPR. You can opt out of notifications at any time via your browser or mobile device settings. You can find information about unsubscribing from push notifications here.

We use the preferences collected based on a pseudonymous user profile via tracking pixels and, with consent, also using cookies, to design the push notifications for you in a way that makes sense regarding their content, and merge your notification ID with the user profile of the website solely for the purpose of personalised messaging. We also use the tracking technology for statistical analysis of the notifications on our behalf. In this way, we can determine whether a notification has been delivered and whether it has been clicked. The resulting data is processed and stored on our behalf by etracker GmbH in Hamburg, the provider of Signalize's service, exclusively in Germany and is thus subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and is entitled to bear the ePrivacyseal data protection seal of approval.

The data processing for statistical analysis of the notifications and for better adapting future notifications to the interests of the recipients is performed based on our legitimate interest in personalised direct advertising pursuant to Art. 6 para. 1 lit. f GDPR. As we place great importance on the privacy of our visitors, data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymised or pseudonymised as soon as possible. This excludes the possibility of direct personal references. There is no other use, consolidation with other data or transfer to third parties.

4. Who will receive your data?
Data will only be passed on to third parties if you have granted your consent or if there is a legal obligation to do so.

In these circumstances, recipients of personal data can be in particular:

•  Law enforcement authorities

• Other Hänsch GmbH companies

Mandated service providers may also receive such data if they meet Hänsch GmbH's special confidentiality requirements. This can especially be companies in the categories of IT services, consulting or sales and marketing. Suitable data protection agreements are drawn up with the service providers.

5. When will your data be deleted?
If the data mentioned in these indications are no longer required for the original purpose, they will be deleted. The only exception is if their further processing - for a limited duration - is necessary for other purposes.

If a different retention period is defined for certain services, you can find this in the description of the particular service.

6. Will we transfer your data to a third country or to an international organisation?
Any data obtained by Hänsch GmbH through visits to this website will not be transmitted to international organisations or third countries (countries outside the European Economic Area - EEA) as a matter of principle. Where Hänsch GmbH uses analytical services, you will find the explanations above under section 3.2 Use of cookies.

7. Will we use your data for automated decision-making or profiling?
No data from visits to this website will be used for automated decision-making within the meaning of Art. 22 of the GDPR.


8. Privacy policy in the job application process
We will only process the applicant data for the purpose of and as part of the application process in accordance with the legal requirements. We process the candidate data to fulfil our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR if the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, Section 26 BDSG also applies).

Our application procedure requires that candidates provide us with the applicant data. The essential applicant data are marked if we provide an online form, otherwise they result from the job descriptions and basically include personal details, postal and contact addresses and the pertinent documents for the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.

When submitting an application, candidates agree to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy. Where special categories of personal data within the meaning of Art. 9 para. 1 of the GDPR are voluntarily disclosed during the application process, they are also processed in accordance with Art. 9 para. 2 lit. b of the GDPR (e.g. health data, such as severely disabled status or ethnic origin). Where special categories of personal data within the meaning of Art. 9 para. 1 of the GDPR are requested during the application process, they are also processed in accordance with Art. 9 para. 2 lit. b of the GDPR (e.g. health data if this is necessary for the practice of a profession).

You may send us your application by email. Please note that emails are generally not encrypted and applicants must ensure the encryption themselves. Therefore, we cannot assume any responsibility for the transfer of the application between the sender and the reception on our server.

In case of a successful application, we may process the data provided by the applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the general statutory retention and deletion periods apply. We delete the data within the application procedure, barring a justified revocation by the applicants, in accordance with the relevant legal provisions after completion of the respective recruitment procedure. Our company will then no longer be able to access and use the personal data. Information on the processing and use of your application data is available here.

9. Which rights do you have regarding the processing of your data?
You have the following rights in relation to Hänsch GmbH regarding personal data that concerns you:

Right of access
Right to rectification or erasure
Right to restriction of processing
Right to data portability
Right to revoke granted consents

9.1 Information on your right to object according to Art. 21 GDPR

Individual right to object
You have the right to object at any time, on grounds relating to your particular situation, against the processing of personal data relating to you performed based on Art. 6 para. 1 sentence 1 lit. e of the GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 para. 4 of the GDPR.

If you object, Hänsch GmbH will no longer process your personal data. This is unless the latter can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Or if the processing serves the assertion, exercise or defence of legal claims.

Objection to the processing of your data for direct marketing purposes.
On occasion, Hänsch GmbH will process your personal data for direct marketing purposes. You have the right to object to the processing of personal data concerning you for such marketing at any time; this also applies to profiling, insofar as it is associated with said direct marketing.

Should you object to processing for the purposes of direct advertising, Hänsch GmbH will no longer process your personal data for these purposes.

Objections can be made without formalities and should be addressed to:

Hänsch GmbH
Schützenstraße 21
D - 49770 Herzlake
Email: datenschutz[at]fg-haensch.de

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover
Phone: +49 511 120-450
Email: poststelle@lfd.niedersachsen.de

10. Amendments and updates to the Privacy Policy
We kindly ask you to consult the content of our privacy policy regularly. We adapt the privacy policy as soon as it becomes necessary because of changes we make in our data processing operations. We will inform you whenever the changes require an act of cooperation on your part (such as consent) or any other individual notification.

Where we provide addresses and contact details of companies and organisations in this privacy policy, please note that the addresses may change over time and please check the details before you contacting them.

Status: 22/09/2022