We take Privacy Seriously
The protection of your privacy when processing personal data is important to us. When you visit our website, our web servers store the IP address of your internet service provider, the website from which you visit us, the websites you visit, the date and duration of the visit. This information is required to ensure the necessary technical transmission between websites and secure server operation. There is no further analysis and processing of this data.
If you send us data via an enquiry form, this data will be stored as part of the backup on our servers. Your data will only be used by us to process your request. Your data will be treated confidentially. We do not pass any data on to third parties.
Personal data is data about you. This includes your name, address and email address. You do not have to divulge any personal information in order to visit our website. In some cases we may need your name and address so that we can provide you with the correct information about our products and services, and/or respond to your request or enquiry. We will inform you in such cases and, in addition, we will only store the data that you have sent to us automatically or voluntarily.
The same applies if we supply you with information material upon your request or answer your questions. In these cases, we will always advise you accordingly. Furthermore, we store only those data you have transmitted automatically or disclosed voluntarily.
If you make use of one of our services, we normally collect only those data we need to offer you our service. In some case, you may be asked to provide further information, however on a voluntary basis. Whenever we process personal data, we do this to be able to offer you our service or to pursue our commercial objectives.
Automatically stored Data
Server log files
The provider of the pages automatically collects and stores information in so-called server log files your browser transmits to us automatically. Such information includes:
- Date and time of inquiry
- Name of requested file
- Page from which the file was inquired
- Access status (file transmitted, file not found, etc.)
- Web browser and operating system used
- Complete IP address of inquiring computer
- Transmitted data volume
We do not fuse these data with other data sources. The data are processed in compliance with Article 6 Paragraph 1 Point f General Data Protection Regulation (GDPR) on the basis of our legitimate interest in improving the stability and functionality of our web page.
For reasons of technical safety, particularly to prevent attack attempts on our web server, we store the data temporarily. These data do not allow to identify individual persons. We make the data anonymous after seven days at the latest by shortening the IP address on the domain level so that it is not possible anymore to identify the individual user. For statistical purposes, the data are processed by us in anonymized form. We do neither synchronize the data with other databases nor transfer any data to third parties, not even in part.
Use of web analysis service Matomo
The information generated by cookies, such as the time, place and frequency of your website visit, including your IP address, is transmitted to our PIWIK server and stored there. Your IP address will be immediately anonymised during this process so that you remain anonymous to us as a user. The information generated by the cookie about your use of this website will not be disclosed to third parties. You can prevent the installation of cookies by setting your browser software accordingly; however, in such cases you may not be able to fully use all areas of our website.
If you do not agree with the storage and analysis of this data about your visit, you can object to the storage and use of this at any time by clicking the mouse here. As a result, a so-called opt-out cookie is stored in your browser, which means that PIWIK no longer collects any data about your visit. Please note that if you delete the cookies in your browser settings, this may result in the opt-out cookie being deleted by PIWIK and possibly re-activated by you.
We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees as well as service providers working for us are obliged to comply with the relevant data protection laws.
Whenever we collect and process personal information, it will be encrypted before being transferred. This means that your data can not be misused by third parties. Our security is subject to on-going review and improvement and our privacy statements are updated to reflect the latest requirements and technologies used.
Your Right to Access and to Object to Information
Please contact us at any time if you would like to find out what personal data we store about you. In addition, you may at any time withdraw your permission for us to collect and process your personal information. In either cases, please contact us directly.
Hereby we want to comprehensively inform you about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with of Art 13. General Data Protection Regulation (GDPR).
1. Who is responsible for data processing and who can you contact
|Responsible Companies: ||The Company Data Protection Officer:|
| HUBER SE|
Industriepark Erasbach A1
+49 8462 201-0
Industriepark Erasbach A1
+49 8462 201-700
| Christian Volkmer|
Project 29 GmbH & Co. KG
2. What data is processed and where does the data come from?
We process the data that we have received from you in relation to contract initiation or contract agreement on the basis of consent or as part of your application to us as well as within the framework of your employment.
Personal data includes:
- Your main contact details, in relation to customers for example first and last name, address, contact details (e-mail address, telephone number, fax number), bank details.
- For applicants and employees, this includes e.g. first name and surname, address, contact details (e-mail address, telephone number, fax number), date of birth, data from CV and employment references, bank details, religious affiliation, photos.
- For business partners, this includes e.g. the name of the legal representative, company, company registration number, VAT number, address, contact details (e-mail address, telephone number, fax number), bank details.
- For trade fair visitors we record the name, address, contact details (e-mail address, telephone number, fax number)
- For visitors to our company we record the name and signature.
- For journalists we record the first and last name, e-mail address, fax number.
- For raffle participants we record name, address and e-mail address.
In addition, we also process the following personal data:
- Information on the type and content of contract data, order data, sales and receipt data, customer and supplier history and advisory documents
- Advertising and sales data
- Information from electronic communication with us (e.g. IP address, log-in data)
- Other data that we have received from you as part of our business relationship (for example, from customer meetings)
- Data that we generate ourselves from master / contact data as well as other data, e.g. such as using customer needs and customer potential analysis
- The record of your consent to receive e.g. newsletters
- Photographs of events
3. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, in its current version:
- For the fulfillment of (pre) contractual obligations (Art. 6 para. 1lit.b GDPR):
The data will be processed in particular at business initiation and during the execution of contracts with you.
- To fulfill legal obligations (Art. 6 para. 1lit.c GDPR):
Processing of your data is for the purpose of meeting various legal obligations, e.g. required by trading or tax legislation
- For the protection of legitimate interests (Art. 6 (1) lit.f GDPR):
Due to a balancing of interests, data processing beyond the actual fulfillment of the contract may be carried out to safeguard legitimate interests of us or third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
- advertising or marketing (see point 4)
- business management and development of services and products
- Maintain a group-wide customer database to improve customer service
- In relation to legal disputes
- Sending non-promotional information and press releases
- In relation to your consent (Art. 6 (1) (a) GDPR):
Where you have given us consent to process your data, e.g. for sending our newsletter, publishing photos, competitions, etc.
4. Processing of personal data for advertising purposes
You may object to the use of your personal data for advertising purposes at any time for all or for specific situations without incurring costs other than the transmission costs at basic rates.
Under the legal requirements of Art. 7 (3) UWG (Act Against Unfair Competition), we are permitted to use the e-mail address you provided, when entering the contract, for marketing purposes of similar goods or services. We will provide you with product recommendations regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations by e-mail from us, you may object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs at basic rates. Communication by a SMS message is sufficient. Every e-mail we send to you will always include a link for you to opt-out.
5. Who receives my data?
If we use a third party service provider for order processing, we will still be responsible for protecting your data. All third parties are contractually obliged to treat your data confidentially and to process it only as part of the provision of their services. The third parties appointed by us will only receive the data necessary to carry out their required services. These are e.g. IT service providers that we need for operation and security of our IT system as well as advertising and mailing list providers for our own advertising campaigns.
Your data will be processed in our customer database. The customer database improves the data quality of existing customer data (duplicate cleanup, address unknown / deceased, address changes), and allows enrichment with data from public sources.
This data is provided to the companies within the Group if necessary for the execution of the contract. Customer data is stored separately for each company, whereby we as parent company acts as a service provider for the individual participating companies.
Where there is a legal obligation to do so, data may be released to authorities and courts as well as external auditors.
In addition, for the purpose of contract initiation and fulfillment, insurances, banks, credit bureaus and service providers may be recipients of your data.
6. How long will my data be stored?
We process your data until the termination of the business relationship or until expiry of the applicable statutory retention periods (for example, in line with commercial law, the tax law, or the Working Hours Directive); in addition, until the termination of any legal disputes in which the data is required as evidence.
7. Is personal data transmitted to a third country?
In principle, we do not transmit any data to a third country. Transmission in individual cases will only take place in accordance with the agreement by the European Commission, standard contractual clauses, appropriate guarantees or where you have given your specific consent.
8. What privacy rights do I have?
You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to a complaint in accordance with the requirements of data protection law.
Right to information:
You can ask us for information as to whether and to what extent we process your data.
Right of rectification:
If we process your data that is incomplete or incorrect, you may at any time ask for correction or completion.
Right of erasure:
You may request deletion of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons where we cannot delete your data immediately e.g. in the case of legally regulated storage requirements.
Regardless of you exercising your right to delete data, we will erase your data promptly and completely, as far as there is no legal or statutory retention obligation in this regard.
Right to restrict processing:
You may require us to restrict the processing of your data if
- You dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- The processing of the data is unlawful, but you reject a deletion and instead require a restriction of data usage,
- We no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- You have objected to the processing of the data.
Right to data portability:
You may require that we provide you with the information you have submitted to us in a structured, common and electronic format and that you may transfer that information to another person without hindrance, provided that
- We process this data based on your consent which may be revocable, or for the performance of a contract between us, and
- processing is done using automated procedures.
Where technically feasible, you can request from us a direct transfer of your data to another responsible person.
Right to object:
Where we process your data for legitimate interest, you can object to the data processing at any time; this would also apply to profiling based on these regulations. In such case we will no longer process your data unless we can demonstrate compelling legitimate grounds which outweigh your interests, rights and freedom, or where required for the purposes of asserting, exercising or defending legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reason.
Right of appeal:
If you believe that we violate German or European data protection laws when processing your data, we ask you to contact us for clarification. You also have the right to contact the relevant regulatory authority, the regional authority supervising Data Protection.
If you wish to exercise one of the above mentioned rights, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
The processing of your data is required to complete or fulfill your contract with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or may be unable to complete an existing contract and consequently need to terminate it. However, you are not obliged to give your consent for data processing with regard to data that is not relevant or legally required for the fulfillment of the contract.