We take the protection and security of your personal data entrusted to us seriously. It is our claim that you feel as well informed and safe as possible when visiting our internet pages and using our offers with regard to data protection.
Find out below what personal data is collected when you use our offers and services and how we use it.
1.
Data processing on this website
Data protection information (Version: GDPR [DSGVO] 2.0 from 26.10.2020)
Data protection
Hohenstein Laboratories GmbH & Co. KG and Hohenstein Innovations gGmbH are jointly responsible for this website within the meaning of Art. 26 GDPR.
We attach great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the currently applicable European and national laws. With the following data protection information, we would like to show you how we handle your personal data and how you can contact us:
Hohenstein Laboratories GmbH & Co. KG
Register court AG Stuttgart HRA 724658
Personally liable partner:
Hohenstein Verwaltungs GmbH (Register Court AG Stuttgart HRB 752904)
Authorized to represent:
Dr. Stefan Droste, Dr. Timo Hammer
Hohenstein Innovations gGmbH
Register court AG Stuttgart HRB 738836
Authorized to represent:
Dr. Timo Hammer
Address and contact of all responsible persons:
Schlosssteige 1
74357 Bönnigheim
GERMANY
Phone: +49 7143 271-0
Fax: +49 7143 271-51
E-mail: datenschutz@hohenstein.de
Our data protection officer:
Sven Lenz – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten
GERMANY
If you have any questions about data protection or other data protection-related concerns, please feel free to send an e-mail to the following e-mail address: datenschutz@hohenstein.de.
A. General notes
For better comprehensibility, we refrain from differentiating between the genders. In the interest of equal treatment, the corresponding terms apply to all genders. The meaning of the terms used, such as "personal data" or "processing", can be found in Article 4 of the GDPR.
Personal data processed within the framework of this website include the following:
- Inventory data (e.g. name and addresses of customers)
- Contract data (e.g. services used, payment information)
- Usage data (e.g. pages visited on our website) and
- Content data (e.g. entries in our contact forms, application forms or registration for our newsletter)
B. Specific notes
Privacy policy
We ensure that we process your data only in connection with the processing of your inquiries and for internal purposes as well as to provide services requested by you or to make content available.
Basics of data processing
We process your personal data only in compliance with the relevant data protection regulations. Legal bases are:
- Provision of our contractual services
- Processing is a legal requirement
- Existence of your electronic consent (e.g. registration for the newsletter)
- Enforcement of our legitimate interests
We are happy to show you where the above legal bases are regulated:
- Processing for the fulfillment of our services and implementation of contractual measures:
Art. 6 para. 1 lit. b) GDPR - Processing for the fulfillment of our legal obligations:
Art. 6 para. 1 lit. c) GDPR - Consent:
Art. 6 para. 1 lit. a) and Art. 7 GDPR - Processing for the protection of our legitimate interests:
Art. 6 para. 1 lit. f) GDPR
Data transfer to third parties
We would like to point out that a data transfer may take place when using our website.
Data transfer to a third country or an international organization
Third countries are countries in which the GDPR is not directly applicable law. This basically includes all countries outside the EU or the European Economic Area.
In certain cases, we also transfer data to third countries or to international organizations. If a third country transfer takes place, we ensure that appropriate safeguards are in place so that you can enforce your rights and remedies even then.
Storage period of your personal data
We adhere to the principles of data economy and data minimization. This means that we store your data only as long as necessary to fulfill the aforementioned purposes or as specified by the various storage periods provided by law. If the respective purpose ceases to apply, or after expiry of the corresponding periods, your data will be routinely blocked or deleted in accordance with the statutory provisions.
Contact us
If you contact us via the website, you agree to electronic communication. Personal data is processed when you contact us electronically. The information you provide will be stored exclusively for the purpose of processing the request and for possible follow-up questions.
We would like to give you the legal basis for this:
- Processing for the fulfillment of our services and implementation of contractual measures:
Art. 6 para. 1 lit. b) GDPR
We would like to point out that e-mails can be read or changed on the transmission path without authorization or being noticed. Furthermore, we draw your attention to the fact that we use software to filter unwanted e-mails (spam filter). The spam filter can reject e-mails if they have been falsely identified as spam by certain characteristics.
Incoming messages sent through our contact form or emailed to us are stored and processed in our system using a service provider. This is the service Pardot (also known as Marketing Cloud Account Engagement) of the provider Salesforce: Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. For more information about Salesforce’s privacy policy, please visit: https://www.salesforce.com/company/privacy/. We also concluded a Data Processing Agreement (DPA) with Salesforce. In this contract, Salesforce obligates itself to process our users' personal data only according to our instructions, to protect the data adequately, and not to share it to third parties.
What rights do you have?
a) Right to information
You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.
b) Right to rectification
You have the right to have your data stored by us corrected if it is incorrect. In doing so, you can demand a restriction of processing, e.g. if you dispute the accuracy of your personal data.
c) Right to block
Furthermore, you can have your data blocked. To ensure that a blocking of your data can be taken into account at any time, this data must be kept in a blocking file for control purposes.
d) Right to deletion
You may request the deletion of your personal data, unless there is a legal obligation to retain it. If such an obligation exists, we will block your data upon request. If the relevant legal requirements exist, we will also delete your personal data without your request.
e) Right to data portability
You are entitled to request that we provide the personal data transmitted to us in a format that allows it to be transferred to another entity.
f) Right to complain to a supervisory authority
You have the option of submitting a complaint to one of the data protection supervisory authorities.
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Postal address: Postfach 10 29 32, 70025 Stuttgart, GERMANY
Home address: Lautenschlagerstraße 20, 70173 Stuttgart, GERMANY
Phone: +49 711 615541-0
Fax: +49 711 615541-15
E-mail: poststelle@lfdi.bwl.de
Web: https://www.baden-wuerttemberg.datenschutz.de
Note: A complaint can also be made to any data protection supervisory authority within the EU.
g) Right of objection
You have the possibility at any time, for reasons arising from your particular situation, to object to the processing of your data pursuant to Art. 6 (1) (e) and (f); this also applies to profiling based on these provisions.
Hohenstein will then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. In the event of such an objection, we will no longer process your personal data for the purposes of direct advertising. For this purpose, it is sufficient to send us an appropriate e-mail.
h) Right of revocation
You have the possibility at any time to revoke your consent to the processing of your data with effect for the future without giving reasons. You will not suffer any disadvantages as a result of the revocation. For this purpose, it is sufficient to send us an appropriate e-mail.
However, such a revocation does not affect the lawfulness of the processing carried out up to the time of the revocation on the legal basis of Art. 6 (1) a) GDPR.
To exercise your data subject rights, send us an email to the following address: datenschutz@hohenstein.de.
Protection of your personal data
We take contractual, technical and organizational security measures in accordance with the state of the art to ensure compliance with data protection laws and thus to protect the processed data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
The security measures include in particular the encrypted transmission of data between your browser and our server. For this purpose, a 256-bit SSL (AES 256) encryption technology is used.
In doing so, your personal data will be protected within the scope of the following points (excerpt):
a) Maintaining the confidentiality of your personal data.
In order to maintain the confidentiality of your data stored with us, we have taken various measures to control access, entry and access control.
b) Safeguarding the integrity of your personal data
In order to maintain the integrity of your data stored with us, we have taken various measures to control disclosure and input.
c) Maintaining the availability of your personal data
In order to maintain the availability of your data stored with us, we have taken various measures for order and availability control.
The security measures in place are continuously improved in line with technological developments. Despite these precautions, due to the insecure nature of the Internet, we cannot guarantee the security of your data transmission to our website. Due to this, any data transmission by you is at your own risk.
Protection of minors
Personal information may only be provided to us by persons who have not yet reached the age of 16 with the express consent of their legal guardians. This data will be processed in accordance with this data protection notice.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files (access or error logs), which your browser automatically transmits to us. These are:
- IP address
- Timestamp
- URL
- Status code
- File size
- Referrer URL
- Browser type and version
The data is automatically deleted after 4 weeks. This data is not merged with other data sources.
The basis for the data processing is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
Online applications via a form
We offer applicants on our website the opportunity to apply online using a corresponding form. Inclusion in the application process requires that applicants provide us with all the personal data required for a sound and informed assessment and selection via the form.
The required information includes general personal information (name, address, telephone or electronic contact details) and performance-specific evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under employment and social law in the interest of the applicant's social protection.
When you submit the form, your data will be transmitted to us in encrypted form in accordance with the state of the art and processed exclusively for the purpose of processing your application.
The legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR in conjunction with Section 26 Para. 1 German Federal Data Protection Act (BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract. Insofar as special categories of personal data within the meaning of Art. 9 (1) GRPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 (2) (b) GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations.
Building on this or alternatively, the processing of the special categories of data may also be based on Art. 9 (1) (h) GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector.
If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws his or her application prematurely, the data provided by the applicant will be deleted at the latest after six months following notification. This period is measured on the basis of our legitimate interest in answering any follow-up questions about the application and, if necessary, to be able to meet our obligations to provide evidence under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG for the purposes of implementing the employment relationship.
Cookies
Cookies are small text files that are stored locally in the cache of your Internet browser. The cookies allow, for example, the recognition of the Internet browser. The files are used to help the browser navigate through the website and to make full use of all functions.
We use a cookie consent tool that sets technically necessary cookies to store your cookie preferences. This data processing is carried out in accordance with Art. 6 (1) f) GDPR on the basis of our legitimate interest in providing the management of your cookie consents.
Manage your cookie settings
Newsletter via our service provider Pardot (Marketing Cloud Account Engagement)
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. Personal data will be collected for this purpose. The only mandatory information for newsletter subscription are your e-mail address and your name. The provision of further data is voluntary and will be used to address you personally. This data will be used by us for our own advertising purposes in the form of the e-mail newsletter, provided that you have expressly consented to this.
We use a double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you consent to the sending of the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on the corresponding link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a) GDPR. When you register for the newsletter, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date.
In addition, we are obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store the IP address and the time of subscription and unsubscription.
You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a corresponding message to us, e-mail: marketing@hohenstein.de. After unsubscribing, your e-mail address will be immediately deleted from our newsletter distribution list and included in a blocking file to ensure revocation.
Our newsletters are sent and processed using Pardot ((also known as Marketing Cloud Account Engagement) from Salesforce: Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. For more information about Salesforce’s privacy policy, please visit: https://www.salesforce.com/company/privacy/. We also concluded a Data Processing Agreement (DPA) with Salesforce. In this contract, Salesforce obligates itself to process our users' personal data only according to our instructions, to protect the data adequately, and not to share it to third parties.
Newsletter performance measurement using Pardot
With your consent, an evaluation of your usage behavior through your interaction with the newsletter takes place when you receive the newsletter. In order to be able to evaluate this, the newsletters sent contain so-called web beacons. These are pixel-sized files that are retrieved from our service provider's server when the newsletter is opened. For evaluation purposes, the above interaction data and web beacons are linked to your e-mail address and a unique ID is set.
For technical reasons, this information can be assigned to individual newsletter recipients. The purpose is not to monitor individual users. Instead, these analytics help us to understand our users' reading habits and to customize and constantly improve our content to our users' interests.
Categories of data subjects:
Newsletter subscribers (prospects, customers)
Data categories:
Master data (e.g. name, address), contact data (e.g. email address, phone number), meta and communication data (e.g. device information, IP address).
Purposes of processing:
Marketing, customer retention and new customer acquisition, analysis and evaluation of the success of campaigns.
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR) in conjunction with § 25 TTDSG.
Use of Google services on our website
We use various services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"), as described below.
All described processing activities are carried out exclusively based on your explicit consent according to Article 6(1)(a) GDPR in conjunction with § 25 TDDG. You may withdraw your consent at any time with effect for the future. To exercise your right to withdraw, please disable this service via the "cookie consent tool" provided on the website
We have entered into a data processing agreement with the service provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
To ensure compliance with the European data protection level when transferring data from the EU or the EEA to the USA and for any further processing, Google relies on the European Commission's Standard Contractual Clauses (SCCs), which we have contractually agreed with Google, in addition to the adequacy decision.
Google Analytics 4 (with cookies, without User IDs, without Google Signals)
The use of Google Analytics 4 involves the use of "cookies" by default. Cookies are text files stored on your device that allow an analysis of your website usage. Information collected by cookies about your use of the website (including the IP address of your device, shortened by the last digits, see details below) is typically transferred to a Google server and stored and processed there. This also involves transmitting information to the servers of Google LLC, based in the USA, where the data may be further processed for their own purposes.
When using Google Analytics 4, the IP address transmitted by your device during website use is automatically shortened by the last digits and only collected and processed in this form. On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports on your website activities and usage behavior, and to provide us with other services related to website usage and internet usage. Data collected through the use of Google Analytics 4 will be kept for two months and then deleted.
Google Analytics 4 also makes it possible to generate demographic statistics using the "demographic features" function, which is based on an analysis of interest-based advertising and information provided by third parties. This helps in identifying and differentiating user groups for targeted marketing purposes. However, the data collected through "demographic features" cannot be assigned to any specific person, including yourself. This data is stored for 14 months and then deleted.
Further legal information on Google Analytics 4, including a copy of the Standard Contractual Clauses, can be found at: https://policies.google.com/privacy?hl=en&gl=en and https://policies.google.com/technologies/partner-sites
Use of Google reCAPTCHA
This service is primarily used to distinguish whether an input is made by a natural person or improperly through automated or machine-based processing. The service involves sending your IP address and any other data required by Google for reCAPTCHA to Google.
Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/en/policies/privacy
Use of Google Maps
Google Maps is a web service for displaying interactive maps to visually present geographic information. Using this service allows us to show you our location and assist with route planning.
When accessing a page on our website that contains a Google Maps map, information about your use of our website (e.g., your IP address) is transmitted to and stored by Google on servers, including those in the USA. This occurs regardless of whether you have a Google account or are logged in. If you are logged into Google, your data will be directly associated with your account. If you do not want this, you must log out before activating the button.
Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
Use of YouTube videos
We use the YouTube embedding function to display and play videos provided by “YouTube.”
According to YouTube, cookies are set to collect video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged into Google, your data will be directly associated with your account when you click on a video. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button.
Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. You have the right to object to the creation of such user profiles, and you must exercise this right directly with YouTube.
Regardless of whether videos are played, a connection to the Google network is established each time this website is accessed, which may trigger additional data processing operations without our control. Further information on YouTube's data privacy policy can be found at: https://www.google.de/intl/en/policies/privacy.
Use of Vimeo videos
Plugins from the video portal Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, are integrated into our website.
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Vimeo's servers. The plugin content is transmitted by Vimeo directly to your browser and embedded into the page. Vimeo thus receives information that your browser has accessed the corresponding page on our website, even if you do not have a Vimeo account or are not logged in. We have set Vimeo to privacy-friendly settings so that no personal data is transmitted.
We have obtained your consent for the above-mentioned data processing in accordance with Article 6(1)(a) GDPR in conjunction with § 25 TDDG. You can withdraw your consent at any time with future effect by disabling this service via the "cookie consent tool" provided on the website.
There may be data transfers to a third country (in this case, the USA) or an international organization. Since July 2023, there has been an adequacy decision from the European Commission (Data Privacy Framework), designating the USA as a third country with a level of data protection comparable to that in the EU. This adequacy decision can now serve as a basis for data transfers to certified organizations in the USA.
If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. If you interact with the plugins (e.g., by pressing the play button on a video), this information is also transmitted directly to a Vimeo server and stored there. If you do not want Vimeo to directly associate the data collected through our website with your Vimeo account, you must log out of Vimeo before visiting our website.
For information on the purpose and scope of data collection, further processing, and use by Vimeo, as well as your rights and settings to protect your privacy, please see Vimeo's privacy policy at: https://vimeo.com/privacy.
Change to our privacy policy
We reserve the right to adapt our data protection information at short notice so that it always complies with the current legal requirements or in order to implement changes to our services. This may, for example, concern the introduction of new services. The new data protection information will then apply to your next visit.
2.
Data processing in the context of our social media channels
2.1.
LinkedIn
Information on the collection of personal data and contact details of the responsible person
In the following, we inform you about the handling of your personal data. Here, personal data is any data by which you can be personally identified. Please check carefully which personal data you share with us via the social medium LinkedIn. We expressly point out that LinkedIn stores the data of its users (e.g. personal information, IP address, etc.) and may also use this data for business purposes. You can find more detailed information on LinkedIn's data processing in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.
We have no influence on the data collection and further processing by LinkedIn. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored, to what extent LinkedIn complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid LinkedIn processing personal data that you have transmitted to us, please contact us by other means. You can find our full contact details in our imprint on LinkedIn.
The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is, insofar as we exclusively process the data transmitted to us by you via LinkedIn ourselves:
Hohenstein Laboratories GmbH & Co. KG
Hohenstein Innovations gGmbH
Address and contact of all responsible persons:
Schlosssteige 1
74357 Bönnigheim
GERMANY
Phone: +49 7143 271-0
Fax: +49 7143 271-51
E-mail: datenschutz@hohenstein.de
Insofar as the data you provide to us via LinkedIn is also or exclusively processed by LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland is also the data controller within the meaning of the General Data Protection Regulation (GDPR), provided you are a resident of a country of the European Union, Iceland, Liechtenstein, Norway or Switzerland. If you are resident in another country, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA is also the data controller within the meaning of the GDPR in addition to us. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Contact Data Protection Officer Hohenstein:
Sven Lenz, E-mail: datenschutz@hohenstein.de
Contact Data Protection Officer LinkedIn Ireland Unlimited Company:
LinkedIn Ireland Unlimited Company or the LinkedIn Corporation can be contacted via the contact form available under the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
Data processing when contacting us
We collect personal data ourselves when you contact us via the contact form or messenger, for example. You can see which data we collect when you contact us via the contact form from the relevant contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted once we have completed processing your enquiry, provided there are no legal obligations to retain data. We assume that processing is complete when the circumstances indicate that the matter in question has been conclusively clarified.
Data processing via the Linkedin Insights Tag
The LinkedIn Insight tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. IP addresses are shortened or hashed across devices. Visitors' direct identifiers are removed within seven days to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days.
LinkedIn does not share any personal data with Hohenstein, but only provides reports and notifications (in which you are not identified) about website audience and ad performance. LinkedIn also provides retargeting for website visitors so that the website owner can use this data to display targeted ads outside of their website without identifying the visitor. LinkedIn also uses the data to improve the relevance of ads and reach its members across devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
The legal basis is your consent, which you give us via the cookie consent banner, Art. 6 para.1 lit. a) GDPR.
To deactivate the Insight tag on our website ("Opt-out") you can also click here.
Rights of affected persons
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
- Right to information pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to information pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR
- Right to lodge a complaint pursuant to Art. 77 of the GDPR
Right of objection in general
If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing, which override your interests, fundamental rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
Objection to direct advertising
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. You can exercise your right of objection as described above under "Right of objection in general". If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
Storage period of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a) GDPR, this data is stored until the data subject revokes his/her consent. If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b) GDPR, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfilment of a contract or the initiation of a contract and/or there is no further justified interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21 para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
2.2.
Twitter
Information on the collection of personal data and contact details of the responsible person
In the following, we inform you about the handling of your personal data. Personal data is any data that can be used to identify you personally. Please check carefully what personal data you share with us via Twitter. We expressly point out that Twitter stores the data of its users (e.g. personal information, IP address, etc.) and may also use this data for business purposes. You can find more information on Twitter's data processing in Twitter's privacy policy at https://twitter.com/en/privacy.
We have no influence on the data collection and further processing by Twitter. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored, to what extent Twitter complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid Twitter processing personal data that you have transmitted to us, please contact us by other means. You can find our full contact details in our imprint on Twitter.
The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is, insofar as we ourselves exclusively process the data you have transmitted to us via Twitter:
Hohenstein Laboratories GmbH & Co. KG
Hohenstein Innovations gGmbH
Address and contact of all responsible persons:
Schlosssteige 1
74357 Bönnigheim
GERMANY
Phone: +49 7143 271-0
Fax: +49 7143 271-51
E-mail: datenschutz@hohenstein.de
Insofar as the data you provide to us via Twitter is also or exclusively processed by Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is also the data controller within the meaning of the General Data Protection Regulation (GDPR) in addition to us.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Contact Data Protection Officer Hohenstein:
Sven Lenz, E-mail: datenschutz@hohenstein.de
Contact Twitter Data Protection Officer:
You can contact Twitter's data protection officer via the online contact form provided by Twitter: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp?lang=en
Data processing when contacting us
We ourselves collect personal data when you contact us, for example, via the comment function or Messenger. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR.
If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted once we have completed processing your enquiry, provided there are no legal obligations to retain data. We assume that processing is complete when the circumstances indicate that the matter in question has been conclusively clarified.
Rights of affected persons
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
- Right to information pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to information pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR
- Right to lodge a complaint pursuant to Art. 77 of the GDPR
Right of objection in general
If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing, which override your interests, fundamental rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
Objection to direct advertising
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. You can exercise your right of objection as described above under "Right of objection in general". If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
Storage period of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a) GDPR, this data is stored until the data subject revokes his/her consent. If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b) GDPR, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfilment of a contract or the initiation of a contract and/or there is no further justified interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21 para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
2.3.
YouTube
Information on the collection of personal data and contact details of the responsible person
In the following, we inform you about the handling of your personal data. Personal data is any data that can be used to identify you personally. Please check carefully what personal data you share with us via YouTube. We expressly point out that YouTube stores the data of its users (e.g. personal information, IP address, etc.) and may also use this data for business purposes. We have no influence on the data collection and further processing by YouTube. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored, to what extent YouTube complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid YouTube processing personal data that you have transmitted to us, please contact us by other means.
The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is, insofar as we exclusively process the data you send us via YouTube ourselves:
Hohenstein Laboratories GmbH & Co. KG
Hohenstein Innovations gGmbH
Address and contact of all responsible persons:
Schlosssteige 1
74357 Bönnigheim
GERMANY
Phone: +49 7143 271-0
Fax: +49 7143 271-51
E-mail: datenschutz@hohenstein.de
Insofar as the data you provide to us via YouTube is also or exclusively processed by YouTube, Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is also the data controller within the meaning of the General Data Protection Regulation (GDPR) in addition to us. For more information on the data processing of Google Ireland Limited, please refer to the privacy policy of Google Ireland Limited at https://policies.google.com/privacy?hl=en&gl=en. This privacy policy applies to all services offered by Google Ireland Limited and its affiliated companies - including YouTube. In the course of using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Contact Data Protection Officer Hohenstein:
Sven Lenz, E-mail: datenschutz@hohenstein.de
Data processing when contacting us
We ourselves collect personal data when you contact us, e.g. by e-mail or comment function. You can see which data we collect when you contact us from the relevant contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted once we have completed processing your enquiry, provided there are no legal obligations to retain data. We assume that processing is complete when the circumstances indicate that the matter in question has been conclusively clarified.
Rights of affected persons
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
- Right to information pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to information pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR
- Right to lodge a complaint pursuant to Art. 77 of the GDPR
Right of objection in general
If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing, which override your interests, fundamental rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
Objection to direct advertising
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. You can exercise your right of objection as described above under "Right of objection in general". If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.
Storage period of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a) GDPR, this data is stored until the data subject revokes his/her consent. If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b) GDPR, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfilment of a contract or the initiation of a contract and/or there is no further justified interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21 para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
2.4.
Facebook
Information on the collection of personal data and contact details of the responsible person
In the following, we inform you about the handling of your personal data. Personal data is any data that can be used to identify you personally. Please check carefully what personal data you share with us via Facebook. As long as you are logged into your Facebook account and visit our Facebook profile, Facebook can assign this to your Facebook profile. We expressly point out that Facebook stores the data of its users (e.g. personal information, IP address, etc.) and may also use this data for business purposes. For more information on Facebook's data processing, please refer to Facebook's privacy policy at https://www.facebook.com/policy.php.
We have no influence on the data collection and further processing by Facebook. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored by Facebook, to what extent Facebook complies with existing deletion obligations, what evaluations and links are made with the data by Facebook and to whom the data is passed on by Facebook. If you would like to avoid Facebook processing personal data that you have transmitted to us, please contact us by other means.
The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR), insofar as we exclusively process the data you have sent to us via Facebook ourselves, is:
Hohenstein Laboratories GmbH & Co. KG
Hohenstein Innovations gGmbH
Address and contact of all responsible persons:
Schlosssteige 1
74357 Bönnigheim
GERMANY
Phone: +49 7143 271-0
Fax: +49 7143 271-51
E-mail: datenschutz@hohenstein.de
Insofar as the data you provide to us via Facebook is also or exclusively processed by Facebook (Insights data), Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also the data controller within the meaning of the General Data Protection Regulation (GDPR) in addition to us. In this respect, data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum.
Furthermore, for the use of certain Facebook products, such as the so-called "Facebook Business Tools", and for data processing carried out as a result thereof, a supplementary agreement between us and Facebook Ireland Ltd. as joint controller pursuant to Art. 26 GDPR applies, which can be viewed here: https://www.facebook.com/legal/controller_addendum.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Contact Data Protection Officer Hohenstein:
Sven Lenz, E-mail: datenschutz@hohenstein.de
The Facebook data protection officer
can be contacted via the online contact form provided by Facebook at https://www.facebook.com/help/contact/540977946302970.
Data processing when contacting us
We ourselves collect personal data when you contact us, e.g. via messenger or comments. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted once we have completed processing your enquiry, provided there are no legal obligations to retain data. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Rights of affected persons
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
- Right to information pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to information pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR
- Right to lodge a complaint pursuant to Art. 77 of the GDPR
Right of objection in general
If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing, which override your interests, fundamental rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
Storage period of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a) GDPR, this data is stored until the data subject revokes his/her consent. If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b) GDPR, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfilment of a contract or the initiation of a contract and/or there is no further justified interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f) GDPR, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21 para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
In addition to this website, we also maintain presences in various social media, which you can reach via the corresponding buttons on our website. If you visit such a presence, personal data may be transmitted to the provider of the social network.
The social network provider may process the most important data of the computer system from which you visit it - for example, your IP address, the processor type and browser version used, including plug-ins.
It is possible that in addition to the storage of the data you have actually entered in this social media, further information may also be processed by the provider of the social network, perhaps even outside the European Union.
If you are logged in with your personal user account of the respective network when visiting such a presence, this network can assign the visit to this account.
The processing of personal data is based on our legitimate interests in effective communication and information of our users in accordance with Art. 6 para. 1 lit. f). GDPR.
The purpose and scope of the data collection by the respective medium and the further processing of your data there can be found in the respective provisions of the respective controller, as well as your respective rights, e.g. under:
- Facebook Ireland Ltd.: https://www.facebook.com/about/privacy/
- Twitter Inc.: https://twitter.com/en/privacy
- Google Ireland Limited: https://policies.google.com/privacy?hl=en
- LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy
- XING AG: https://privacy.xing.com/en
3.
Data processing in the context of the tools we use for video conferencing
3.1.
Privacy notices for online meetings, telephone conferences and webinars via "Microsoft Teams"
Purpose of data processing
We use the tool "Microsoft Teams" to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Microsoft Teams" is a service of Microsoft Corporation.
Responsible person
The responsible party for data processing directly related to the conduct of "online meetings" is the respective Hohenstein company (see 1. above) that conducts the Teams meeting with you.
Note: If you access the "Microsoft Teams" website, the provider of "Microsoft Teams" is responsible for data processing. However, accessing the website is only necessary to download the software for the use of "Microsoft Teams".
If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service will then also be provided via the "Microsoft Teams" website.
What data are processed?
When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting".
The following personal data are subject to processing:
- User details:
e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language. - Meeting metadata:
e.g. date, time, meeting ID, phone numbers, location - Text, audio and video data:
You may have the opportunity to use the chat function in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.
Scope of data processing
We use "Microsoft Teams" to conduct "online meetings". If we want to record "online meetings", we will transparently communicate this to you in advance and - where necessary - ask for consent.
Chat content will be logged when using Microsoft Teams. If it is necessary for the purpose of recording the results of an online meeting, we will record the chat content. However, this will not normally be the case.
Automated decision-making within the meaning of Article 22 of the GDPR is not used.
Legal basis for data processing
The legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. In this case, we are interested in the effective implementation of "online meetings".
Recipients / passing on of data
Personal data processed in connection with participation in "online meetings" will not be passed on to third parties as a matter of principle, unless they are specifically intended to be passed on. Please note that the contents of "online meetings", as well as personal meetings, are often used to communicate information with customers, interested parties or third parties and are therefore intended to be passed on.
Other recipients: The provider of "Microsoft Teams" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for within the framework of our order processing contract with "Microsoft Teams".
Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This can be the case in particular if participants in "Online Meeting" are in a third country.
However, the data is encrypted during transport over the Internet and thus protected against unauthorised access by third parties.
Data Protection Officer:
Our data protection officer
Sven Lenz - Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstrasse 50
87435 Kempten
GERMANY
datenschutz@hohenstein.de
Your rights as an affected person
You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.
Furthermore, you have the right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.
Finally, you have the right to object to processing within the scope of the law.
You also have the right to data portability within the framework of data protection law.
You also have the right to complain about the processing of personal data by us to a supervisory authority for data protection.
Deletion of data
We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed in order to fulfil contractual services, to be able to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.
4.
Data processing in the context of our fitting tests
Scope and purpose of data processing
If you are available as a test person for fitting tests, we record name, address, telephone, date of birth and body measurements. We also take photos during fittings. The data on body measurements and photos are used to make recommendations for customers on the optimisation of their collections with regard to clothing sizes and processing qualities. This data is only passed on to third parties in an anonymous form. We need the remaining data for contract processing with you, it is not passed on to third parties.
Legal basis for data processing
If we obtain consent from the data subject for processing personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
When processing personal data that is required for fulfilment of a contract for which the data subject is a contractual party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the execution of pre-contractual measures.
Duration of storage
The personal data for the person in question is deleted or locked as soon as the purpose of storage lapses.
Your rights
In accordance with the provisions of Art. 15 - 22 GDPR, you have the right to information, correction, deletion of your personal data, as well as a right to data transfer and the restriction of processing. In the cases of Art. 6 (1) e) and f) GDPR, you have the right to object. This also applies to automated individual decisions, including profiling. If you have given your consent to a processing of your personal data, you can revoke this consent at any time with effect for the future. If you believe that the processing of your personal data by Hohenstein is not lawful, you may lodge a complaint with any data protection supervisory authority.
5.
Data processing in relation to our Hohenstein customer portal
Scope and purpose of the data processing
In connection with your registration in the Hohenstein Portal, we process the following personal data from you for the purpose of use and authentication in the Hohenstein Portal: First name, last name, e-mail address and company name.
Your personal data will not be passed on to third parties.
Legal basis for data processing
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is e.g. to apply an authorization concept for portal usage in order to make documents available only to the right addressees.
If we obtain consent from the data subject for the processing actions for personal data, Art. 6 para. 1 lit. a) GDPR is applicable as the legal basis.
Duration of storage
Your data is stored for the duration of the customer relationship and then deleted after expiration of any statutory retention requirements.
Your rights
In accordance with the provisions of Art. 15 - 22 GDPR, you have the right to information, correction, deletion of your personal data, as well as a right to data transfer and the restriction of processing. In the cases of Art. 6 (1) e) and f) GDPR, you have the right to object. This also applies to automated individual decisions, including profiling. If you have given your consent to a processing of your personal data, you can revoke this consent at any time with effect for the future. If you are of the opinion that the processing of your personal data by Hohenstein is not lawful, you may lodge a complaint with any data protection supervisory authority.
In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you that proves that you are the person you claim to be.
6.
Data processing within the scope of our video surveillance
Scope and purpose of data processing
The company premises in Bönnigheim is monitored around the clock with video cameras. The resulting recordings may be considered personal data.
The video surveillance of the company premises is used for safeguarding domiciliary rights and to secure the property of the company and employees.
Legal basis for data processing
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interests are the preservation of the house right and the protection of our property.
Duration of storage
The recordings are stored for 10 days. Longer storage only takes place in individual cases if the data is required to preserve evidence due to a specific incident.
Your rights
In accordance with the provisions of Art. 15 - 22 GDPR, you have the right to information, rectification, erasure of your personal data, as well as the right to data portability and the restriction of processing. In the cases of Art. 6 para. 1 lit. e) and f) GDPR you have the right to object. This also applies to automated individual decision-making, including profiling. If you have given your consent to the processing of your personal data, you can withdraw this consent at any time with effect for the future. If you think that the processing of your personal data by Hohenstein is not lawful, you can complain to any data protection supervisory authority.
If you feel that Hohenstein has processed your personal data in an unlawful manner, you can contact any data protection supervisory authority with your complaints.
7.
Data processing for events
Scope and purpose of data processing
We collect and use your information (for example, the name, address, telephone number, e-mail address and payment information) within the framework of the respective contract purpose, specifically for the processing of your registration and for the execution of seminars, webinars, workshops, (virtual) press conferences and other events.
If we receive your e-mail address in connection with your participation in an event, we will also use this for the promotion of our own, similar events by e-mail, provided that you have not objected to its use.
If you register for our online information service & newsletter, we also use your e-mail address for sending the newsletter.
Your consent is obtained for the processing of the data during the dispatch process and this data protection declaration is referenced.
Legal basis for data processing
Provided there is the consent of the user, the legal basis for the processing of data after registration for seminars, webinars, events and press conferences is Art. 6 para. 1 lit. a) GDPR. For processing your data in order to fulfil our services and execute contractual measures, legal basis Art. 6 para. 1 lit. b) GDPR is valid, otherwise, for the processing of your data to protect our legitimate interests Art. 6 para. 1 lit. f) GDPR.
Duration of storage
The data is deleted as soon as it is no longer required for achieving the purpose of its collection.
Recipients of data
Partner companies from the textile industry, if applicable.
Your rights
In accordance with the provisions of Art. 15 - 22 GDPR, you have the right to information, rectification, erasure of your personal data, as well as the right to data portability and the restriction of processing. In the cases of Art. 6 para. 1 lit. e) and f) GDPR you have the right to object. This also applies to automated individual decision-making, including profiling. If you have given your consent to the processing of your personal data, you can withdraw this consent at any time with effect for the future. If you think that the processing of your personal data by Hohenstein is not lawful, you can complain to any data protection supervisory authority.
If you want us to stop processing and using your personal data for advertising purposes or would like to withdraw any consent that you have granted at any time, simply send a brief message by e-mail to datenschutz@hohenstein.de or by letter to Hohenstein, Abt. Datenschutz, Schlosssteige 1, 74357 Bönnigheim, Germany.
You can also exercise your right of objection to the newsletter distribution, for example, by using the Unsubscribe function on our website. You can find a link to this function in the footer of each newsletter. When unsubscribing, your data is deleted immediately and you will no longer receive a newsletter from us.
If you feel that Hohenstein has processed your personal data in an unlawful manner, you can contact any data protection supervisory authority with your complaints.
8.
Data processing in relation to event photography
Scope and purpose of data processing
We take photos and/or videos to provide an illustrative report of our events. These are published in our print media and/or on the website. They are not used for any purpose other than for reporting. Images published on our website can be accessed throughout the world. Their unauthorised use by a third party can therefore not be universally excluded.
Legal basis for data processing
Your image will only be used with your express or implicit consent Art. 6 para. 1 lit. a) GDPR) or if we base the processing on a legitimate interest according to Art. 6 para. 1 lit. f) GDPR. A legitimate interest is, for example, to report vividly on our events.
Duration of storage
The images are deleted as soon as they are no longer required for achieving the purpose of their collection.
Your rights
If you do not want a photo and/or video to be taken of you, please mention this to the photographer before it is taken or move out of the picture. You can also withdraw your consent at any time with effect for the future. In the case of an revocation, we will not use any unpublished photos/videos and remove any published photos/videos from our internet site. In all other media, we will observe your revocation for the future. If a group photo is published, the subsequent revocation by an individual person does not, in general, mean that the image must be removed.
If you object to the use of your image or would like to withdraw any consent that you have granted, simply send a brief message by e-mail to datenschutz@hohenstein.de or by letter to Hohenstein, Abt. Datenschutz, Schlosssteige 1, 74357 Bönnigheim, Germany.
There are no formal requirements for this message and no additional fees will be charged.
In accordance with the provisions of Art. 15 - 22 GDPR, you have the right to information, rectification, erasure of your personal data, as well as the right to data portability and the restriction of processing. In the cases of Art. 6 para. 1 lit. e) and f) GDPR you have the right to object. This also applies to automated individual decision-making, including profiling. If you have given your consent to the processing of your personal data, you can withdraw this consent at any time with effect for the future. If you think that the processing of your personal data by Hohenstein is not lawful, you can complain to any data protection supervisory authority.
9.
Data processing in the context of our advertising measures
Scope and purpose of data processing
If we receive your e-mail address in connection with your participation in a seminar, webinar, event or virtual press conference, we will also use this for the promotion of our own, similar events by e-mail, provided that you have not objected to its use.
Legal basis for data processing
Provided there is the consent of the user, the legal basis for the processing of data is Art. 6, (1), lit. a) GDPR. For processing your data for the protection of our legitimate interests, the legal basis is Art. 6 para. 1 lit. f) GDPR.
Duration of storage
The data is deleted as soon as it is no longer required for achieving the purpose of its collection.
Your rights
In accordance with the provisions of Art. 15 - 22 GDPR, you have the right to information, rectification, erasure of your personal data, as well as the right to data portability and the restriction of processing. In the cases of Art. 6 para. 1 lit. e) and f) GDPR you have the right to object. This also applies to automated individual decision-making, including profiling. If you have given your consent to the processing of your personal data, you can withdraw this consent at any time with effect for the future. If you think that the processing of your personal data by Hohenstein is not lawful, you can complain to any data protection supervisory authority.
You can submit an objection to the processing of your personal data at any time; this also includes your e-mail address (Art. 6 para. 1, Art. 21 para. 1, 4 GDPR).
If you want us to stop processing and using your personal data for advertising purposes or would like to withdraw any consent that you have granted at any time, simply send a brief message by e-mail to datenschutz@hohenstein.de or by letter to Hohenstein, Abt. Datenschutz, Schlosssteige 1, 74357 Bönnigheim, Germany.
Once you have done so, your data will no longer be used for advertising purposes. This will not affect the legality of any use of your data up until the time at which you withdraw your consent or request that your data is not used for advertising purposes.
You can also exercise your right of objection for example, by using the Unsubscribe function on our website. You can find a link to this function in the footer of each newsletter.
10.
Data processing in relation to our press distribution list
Scope and purpose of data processing
At your explicit request, you will receive press releases by e-mail from Hohenstein on research and development activities, tests, certifications and events in the textile industry, its international locations, the textile certifications of the OEKO-TEX® Association and other news from the textile industry. You can select the areas of particular interest to you when registering for the press release distribution list. We use the information you provide when registering to determine whether you are entitled to receive press releases and to contact you personally. Which data is collected via the contact form is apparent from the respective contact form. Your data will be transmitted securely (SSL encryption).
The information you provide will only be used for the purpose of sending the press release and any queries you may have.
Your consent to the processing of your data will be obtained during the submission process and you will be informed of this privacy policy.
We use the service Pardot (also known as Marketing Cloud Account Engagement) of the service provider Salesforce for the dispatch of mailings to our press distribution list and the associated processing: Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. Further information on the service provider's data protection can be found at: https://www.salesforce.com/company/privacy/. We have also entered into an order processing agreement with Salesforce. This is a contract in which Salesforce undertakes to process our users' data only in accordance with our instructions and to protect it appropriately and, in particular, not to pass it on to third parties.
Performance measurement using Pardot
With your consent, when you receive our press releases, your usage behaviour is evaluated through your interaction with the mailing. In order to be able to evaluate this, the mailings contain so-called web beacons. These are pixel-sized files that are retrieved from the server of our service provider when you open the message sent by us. For the evaluation, the above-mentioned interaction data and the "web beacons" are linked with your e-mail address and an individual ID.
For technical reasons, this information can be assigned to individual recipients of our press releases. The aim is not to monitor individual users. Instead, we use these evaluations to understand the reading habits of our users and to adapt and continuously improve our content to the interests of our users.
Legal basis for data processing
Subject to the user's consent, the legal basis for the processing of data following subscription to press releases is Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 TTDSG.
Duration of storage
The data will be deleted once they are no longer needed to fulfil the purpose to which they were collected. It will be kept for as long as the press release subscription is active.
Your rights
In accordance with the provisions of Art. 15 - 22 GDPR, you have the right of access, right to rectification, right to erasure (right to be forgotten), right to data portability, right to restriction of processing. In the cases of Art. 6 (1) e) and f) GDPR, you have the right to object. This also applies to automated individual decision-making, including profiling. If you have given your consent to a processing of your personal data, you can withdraw this consent at any time with effect for the future. If you believe that the processing of your personal data by Hohenstein is not lawful, you may submit your complaint to any data protection supervisory authority.
If you do not wish to receive any more press releases, it is sufficient to send a short message to the Hohenstein Institute (e-mail: press@hohenstein.com).
If you feel that Hohenstein has processed your personal data in an unlawful manner, you can contact any data protection supervisory authority with your complaints.
11.
Data processing in relation to our whistleblowing system
In the following, we inform you about the processing of personal data by Hohenstein* in the context of the whistleblower system "Hohenstein Compliance Line" as well as about the associated data protection regulations, claims and rights
Hohenstein uses a web-based software, a cloud solution hosted in Germany, which supports the detection of operational malpractices. By implementing such a system, criminal, illegal, morally reprehensible or unfair actions can be detected and prevented at an early stage. In this way, incalculable material and immaterial damage as well as damage to the company's reputation can be averted.
* Hohenstein means the following companies:
Forschungsinstitut Hohenstein Prof. Dr. Jürgen Mecheels GmbH & Co. KG, Hohenstein Laboratories GmbH & Co. KG, Hohenstein Innovations gGmbH
Purpose of data processing
Hohenstein processes the personal data of the whistleblower(s), unless the information was provided anonymously, as well as the personal data of the accused person(s), such as name and other communication and content data, exclusively for the purpose of receiving and investigating information about criminal, illegal, morally reprehensible or unfair acts in a secure and confidential manner.
Categories of data processing in the context of the whistleblower system
- Information about the whistleblower(s) (unless the whistleblower(s) wishes to remain anonymous) and the accused(s), such as
- First and last name
- Function/Title
- Contact details
- If applicable, other personal data related to the employment relationship - Personal information identified in intelligence reports (see paragraph 4), including details of allegations made and evidence supporting those allegations
- Date and time of calls (when the tip is received via the telephone hotline)
- Any other information identified in the results of the investigation and in the further proceedings following the report, e.g., information on criminal conduct or data on unlawful or improper conduct, to the extent reported
Legal basis for data processing
The collection, processing and disclosure of personal data of the persons named in the notification serves the legitimate interests of Hohenstein (Art. 6 para. 1 p. 1 lit. f GDPR). It is a legitimate interest of Hohenstein to detect, process, stop and sanction violations of the law and serious breaches of duty by employees throughout the company, effectively and with a high degree of confidentiality, and to avert associated damage and liability risks for Hohenstein (Sections 30, 130 OWiG). Directive (EU) 2019/1937 ("EU Whistleblower Directive") and the future Whistleblower Protection Act (currently in draft form) also require the establishment of a whistleblower system to provide employees and third parties with a suitable means of making protected reports of legal violations within the company. As soon as a whistleblower law comes into force, processing is also required due to a legal obligation (Art. 6 para. 1 p. 1 lit. c GDPR). The transfer of personal data to other recipients in the case of non-anonymous reporting may be necessary due to a legal obligation.
Recipients of the data and third country transfer (EU/EEA foreign countries)
All personal data collected via the web-based software is only made available to those persons who have a legitimate need to process this data due to their function.
The Compliance Officer is in charge of the initial processing of incoming tips.
If the tip is received via the telephone hotline, the tip is recorded in the whistleblower system while preserving the anonymity of the whistleblower. The hotline employees are bound to secrecy (see below).
At Hohenstein, only authorized employees from the following departments have access to the data (information center):
- Compliance
- HR (case-related)
In some cases, the Company is required to disclose the data to authorities (such as those having legal or regulatory jurisdiction over the employer, law enforcement agencies and legal bodies) or external advisors (such as auditors, accountants, lawyers).
If the whistleblower has provided his or her name or other personal data (non-anonymous whistleblowing), the identity will not be disclosed to the extent legally possible, and it will also be ensured that no conclusions can be drawn about the identity of the whistleblower.
If personal data is processed by external service providers, this is generally done on the basis of order processing contracts in accordance with Art. 28 DSGVO. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR and that all persons authorized to process personal data have committed themselves to confidentiality or are subject to an appropriate legal duty of confidentiality. The whistleblower system is operated on our behalf by LegalTegrity GmbH, Platz der Einheit 2, 60327 Frankfurt/Main, GERMANY.
Personal data is not transferred to third countries (EU/EEA countries).
Duration of processing, deletion of data
The personal data will be retained in the respective procedure for as long as required for clarification and final assessment, a legitimate interest of Hohenstein or a legal requirement exists. Afterwards, this data is deleted in accordance with the legal requirements. The duration of storage depends in particular on the severity of the suspicion and the reported possible breach of duty.
Technical notes on the use of the whistleblowing system
Communication between your computer and the whistleblower system takes place via an encrypted connection (SSL). The IP address of your computer is not stored during the use of the whistleblowing system. To maintain the connection between your computer and the whistleblower system, a cookie is stored on your computer, which only contains the session ID. The cookie is only valid until the end of your session and becomes invalid when you close the browser.
Data subject rights under the GDPR
You have the following rights in connection with the processing of personal data concerning you:
- According to Art. 7 GDPR, you have the right to revoke your consent to data processing at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
- Pursuant to Article 14 of the GDPR, if your data is collected without your knowledge (for example, because you are involved as an accused person in the proceedings to clarify the information), you have the right to be informed about the storage, the type of data, the purpose of the processing and the identity of the controller and, if applicable, the whistleblower (unless the information was provided anonymously). However, if there would be a significant risk that such information would jeopardize Hohenstein's ability to effectively investigate the allegation or gather the necessary evidence, this information may be postponed pursuant to Art. 14 (5) sentence 1 lit. b GDPR for as long as this risk exists. The information must then be provided as soon as the reason for the postponement has ceased to exist.
- Pursuant to Art. 15 GDPR, you have the right to request information about the personal data concerning you that is processed by Hohenstein.
- Pursuant to Art. 16 GDPR, you have the right to request the immediate correction or completion of incorrect or incomplete data stored by us.
- Pursuant to Art. 17 GDPR, you have the right to request the erasure of personal data concerning you that is stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation to which Hohenstein is subject, for the performance of a task carried out in the public interest, or for the establishment, exercise or defense of legal claims.
- Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you contest the accuracy of such data or if the processing of such data is unlawful.
- In accordance with Article 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format, and to transmit this data to another controller without hindrance or to have it transmitted by us.
- In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data, insofar as there are grounds for doing so that arise from your particular situation. Your data will then no longer be processed unless Ho-henstein can demonstrate compelling grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
- According to Art. 77 GDPR in conjunction with. § Section 17 BDSG, you have the right to lodge a complaint against Hohen-stein with the competent supervisory authority. This is:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
GERMANY
Phone: 0711 615541-0
Fax: 0711 615541-15
E-mail: poststelle@lfdi.bwl.de
Internet: https://www.baden-wuerttemberg.datenschutz.de
Person responsible in the sense of data protection law
Responsible for the processing of the above-mentioned personal data and your related applications and inquiries is:
Hohenstein Laboratories GmbH & Co. KG
If you have any questions regarding data protection, please contact our data protection officer:
- Internal Privacy Office:
datenschutz@hohenstein.de - External Data Protection Officer:
Sven Lenz – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten
Germany
lenz@deutsche-datenschutzkanzlei.de