- the use of our website www.hugo-arens.de
- application procedures
- as part of a customer/vendor relationship
A. General Information
1. Name and contact details of the responsible party (controller)
The party responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is:
Hugo Arens GmbH & Co. KG
Hohler Weg 50-54
2. Data subject rights
You have the right:
- in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, envisaged period for which the personal data will be stored, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
- to request the immediately correction of incorrect personal data or to complete personal data stored by us in accordance with Art. 16 GDPR;
- to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- according to Art. 18 GDPR, to demand the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, but you oppose the erasure and we do no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- according to art. 7 para. 3 GDPR to withdraw your consent once given to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
- according to Art. 77 GDPR to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your habitual place of residence or workplace or our office.
The supervisory authority for our company is:
Landesbeauftragte für Datenschutz und Informationsfreiheit
Postfach 20 04 44
Telephone +49 211 384240
3. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this objection which arise from your particular situation or the objection is directed against measures of direct marketing. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to make use of your right of withdrawal of your consent or objection, an e-mail to email@example.com is sufficient.
B. Data processing on this website
1. Collection and storage of personal data as well as type and purpose of its usage
a) When visiting the website
When you visit our website www.hugo-arens.de, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. In this case the following information is send and recorded automatically without your active participation and stored until it is automatically deleted:
- browser type and version
- operating system used
- website from which access is made (referrer URL)
- Website you visit
- date and time of access,
- IP address of the requesting computer,
The aforementioned data will be processed by us for the following purposes:
- to ensure a smooth connection establishment of the website,
- to ensure a comfortable use of our website,
- evaluation of system security and stability as well as
- for other administrative purposes.
The legal basis for processing the data is Art. 6 Par. 1 S. 1 lit. f GDPR. Our legitimate interest results out of the aforementioned purposes for data collection. Under no circumstances are we using the collected data to draw conclusions about you personally.
b) By using our mailing address
It is possible to contact us via the e-mail address provided. In this case your personal data transferred with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will only be used for the processing of the conversation.
The data processing for the purpose of contacting us is carried out according to Art. 6 Par. 1 S. 1 lit. a GDPR on the basis of your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.
You have the possibility to withdraw your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.
An e-mail to us is sufficient to exercise your right of objection.
All personal data stored in the course of contacting us will be deleted in this case.
2. Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only transfer your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the transfer pursuant to Art. 6 para. 1 sentence 1 f GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data,
- in the event that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR as well as
- this is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR
The Information stored in the cookie is in each case linked with the specific terminal device. However, this does not mean that we will become directly aware of your identity.
In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimize user-friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
The data processed by these cookies is required for the above-mentioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to a situation in which you cannot use all functions of our website.
The tracking measures listed below and used by us are carried out on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. On the other hand, we use the tracking measures in order to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
aa) Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"), for the purpose of tailoring our pages to meet your needs and continually optimising them). In this context, pseudonymised user profiles are created and cookies (see section 3) are used. The data generated by the cookie about your use of this site such as
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
are transferred to a Google server in the USA and stored there. This information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for market research purposes and to tailor these internet pages to meet specific needs. If IP anonymisation is activated on this website, Google will, however, shorten your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. This information may also be transferred to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Under no circumstances will your IP address be merged with other Google data.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).
bb) Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface, for example to integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself does not process any personal data. With regard to the processing of your personal data, reference is made to the information on the other Google services.
Further information can be found in the Usage Policy: (https://www.google.com/intl/de/tagmanager/use-policy.html).
cc) Google Maps
dd) Google Doubleclick Ad Exchange Buyer
We use the online marketing method Google "Doubleclick" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Double Click is characterized by the fact that ads are displayed in real time based on users' suspected interests. This allows us to display ads for and within our online offering in a more targeted manner to present users only with ads that potentially match their interests.
If, for example, a user is shown ads for products in which he or she is interested on other online offers, this is referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active are accessed, a Google code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). In this file it is noted which websites the user visits, which contents he is interested in and which offers the user has clicked, furthermore technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer.
The IP address of the user is also recorded, whereby this is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases completely transmitted to a Google server in the USA and shortened there. Google may also link the above information to such information from other sources. If the user subsequently visits other websites, advertisements tailored to the user's profile may be displayed in accordance with the user's presumed interests.
User data is processed pseudonymously within the Google advertising network. I.e. Google does not store and process, for example, the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's point of view, the ads are not administered and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information Google Marketing Services collects about users is transmitted to Google and stored on Google's servers in the United States.
Further information on the use of data by Google, setting and objection options can be found in Google's data protection declaration (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).
On our website, we use content or service offers from third parties on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in order to integrate their content and services, such as videos.
This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. “Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit times and other information about the use of our online services, as well as may be linked to such information from other sources.
6. Data security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
7. Use of social media plug-ins
On the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, plug-ins, links and buttons to social media websites are used for advertising and information purposes. As soon as you visit such a site, personal data may be transmitted to the provider of the respective social network.
We draw your attention to the fact that user data is also transferred to a server in a third country and can therefore be processed outside the European Union. US providers who are certified under the Privacy Shield have undertaken to comply with EU data protection standards. Further information can be found at https://www.privacyshield.gov/Program-Overview.
It is possible that, in addition to the storage of the data you have specifically entered in this social medium, further information may also be processed by the provider of the social network.
In addition, the social network provider may process the most important data of the computer system from which you visit it - for example, your IP address, the type of processor used and the browser version including plug-ins.
If you are logged in with your personal user account of the respective network while visiting such a website, this network can assign the visit to this account.
The purpose and scope of the data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the respective provisions of the respective responsible party, e.g. below:
- Facebook (Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA):
- At Fanpages: Agreement on joint processing of personal data (Art. 26 para. 1 GDPR) https://www.facebook.com/legal/terms/page_controller_addendum
- Opt-out possibility: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com/,
- Privacy Shield Zertifizierung: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
C. Data processing in the context of application procedures
1. Collection and storage of personal data as well as type and purpose of its usage
We store all information made available to us by persons who apply for a job in our company. This applies both to applications for specific vacancies and to unsolicited applications. The storage period ends six months after completion of the application procedure. Within this period, the application is checked and the information is available until the end of the storage period, also in order to be able to answer subsequent inquiries (e.g. request for documents, rejections, etc.) in a qualified manner. Within the framework of application procedures, no data is collected from third parties unless the applicant has given his or her consent. No data will be transferred to third parties, in particular not to another country.
If the application leads to the establishment of an apprenticeship or employment relationship, the data will be stored for ten years, unless other regulations stipulate longer retention periods. Applicants are then obliged to supplement data to establish an employment relationship, e.g. social security data. As a result, data is transferred with social security institutions and the tax office.
The legal bases for data collection are Art. 6 Para. 1 lit.. f GDPR and § 26 Para. 1 BDSG-neu as well as other legal requirements, from which storage obligations arise in the case of employment relationships.
2. Additional information regarding data subject rights
A deletion request leads to a termination of the application procedure and subsequently no more information on the procedure can be provided.
Once an employment relationship has been established, the right to delete data or restrict processing is reduced. Legal and/or contractual regulations on documentation and archiving have priority over requests for deletion. In order to exercise their rights, data subjects can contact the above-mentioned responsible persons in the company or the supervisory authority.
D. Data Processing in the Context of a Customer/Vendor Relationship
1. Collection and storage of personal data as well as type and purpose of its usage
We collect the following information in connection with the business relationship:
- Company name / Name
- person in charge
- Order details
- Terms of delivery
- Terms of Payment
- Tax number
- Shipping method
- Delivery addresses
- Open items
- Incoming payments
- Bank details
- Terms and conditions
- Technical Drawings
- QM data
2. Transfer of data to third parties
We transfer your data to the following recipients or recipient categories: NAUST HUNECKE und Partner Wirtschafsprüfer vereidigter Buchprüfer Steuerberater Rechtsanwalt CPA mbB, Lange Straße 19, 58636 Iserlohn.
E. Up-to-dateness and amendments of this data protection declaration
This data protection declaration is currently valid and has the status September 2018. Due to the further development of our website and offers thereon or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.hugo-arens.de/datenschutz.