Privacy Statement
Thank you for visiting our website. We take the protection of your privacy seriously when collecting, processing and using your personal data in accordance with the statutory provisions and would like you not only to be able to find out about our range of services on our website, but also to feel secure in doing so.
This privacy statement contains information on processing of personal data of users of our websites and on communication by e-mail.
I. Name and Address of the Controller
The controller within the meaning of the EU-General Data Protection Regulation (“GDPR”) and other national data protection laws of the member states as well as other provisions of data protection law is the Data Protection Officer:
Hoffrogge GmbH
Am Spascher See 2
D-27793 Wildeshausen
Fon: | +49 (0) 44 31 - 70 77 0 |
Fax: | +49 (0) 44 31 - 70 77 222 |
E-Mail: | info[at]Hoffrogge.com |
Internet: | www.Hoffrogge.com |
II. Name and Address of the Data Protection Officer
You can reach the data protection officer appointed by Hoffrogge GmbH by e-mail at dataprotection[at]Hoffrogge.com or by using the postal address of Hoffrogge GmbH with the addition "data protection officer".
III. General Information
1. Scope of the processing of personal data
"Personal data" means any information relating to the personal or material circumstances of an identified or identifiable natural person. In addition to general information such as name and address, this also includes, inter alia, private or business e-mail addresses and other contact information. The collection, processing (storage, modification, transmission, blocking and deletion) and use of personal data by us takes place exclusively in compliance with the applicable data protection regulations. We only collect, process and use personal data if and to the extent permitted by law - in particular to establish, execute or terminate contractual relationships - or if you have given us your consent to the use of your data. Required consents will be logged by us. The granting of such consent is always voluntary. Consent can be withdrawn at any time with effect for the future under the statutory conditions. The revocation is possible by a corresponding notification by e-mail to info[at]Hoffrogge.com, by fax to the German number +49 (0) 44 31 - 70 77 222 or by post to Hoffrogge GmbH, Am Spascher See 2, D-27793 Wildeshausen.
Your visit to our website remains anonymous. The referrer URL (source URL), i.e. the web page from which you visit our website, the web pages that you visit on our website, the IP address (Internet protocol address) of the accessing computer and the date of your visit are stored only for statistical purposes and possibly for error analysis. We do not create "user profiles"; it is not possible for us to draw conclusions about the person of the user, his location or the like from the temporary storage of IP addresses; we also do not transmit IP addresses and other information about the use of our website to non-European countries. When you are asked to enter data about yourself, the data transmission on the pages marked accordingly is encrypted using 128-bit SSL encryption (Secure Socket Layers), an internationally recognised security standard. You always have the alternative of sending us your enquiries in writing.
2. Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6(1) (a) GDPR serves as the legal basis.
Art. 6(1) (b) GDPR serves as a legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party. This also applies where processing is necessary in order to take steps at the request of the data subject prior to entering into a contract.
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1) (c) GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, Art. 6(1) (f) GDPR serves as the legal basis for the processing.
3. Data Erasure and Storage Period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract. Statistical data will be deleted after 90 days.
IV. Use of Cookies
1. Description and Scope of Data Processing
Cookies are text files that are either temporarily stored on the hard disk of the computer until the browser is closed ("session cookie") or for a longer period of time ("permanent cookie”). Cookies contain, for example, information about the user's previous accesses to the corresponding server or information about which offers have been called up so far.
We use cookies exclusively in the extranet accessible only to our registered users. The cookies used are also exclusively session cookies to identify the user and verify his or her authorization to use the site.
You also have the option of refusing to accept cookies at any time. This is usually done by selecting the appropriate option in the browser settings or by additional programs. Please refer to your browser's help function for further details. The deactivation of cookies can reduce the scope of services called up or make the use of our extranet impossible.
2. Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies is Art. 6(1) (f) GDPR.
3. Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of our extranet for users. Some functions of the extranet cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change.
4. Storage Period, Possibility of Objection and Removal
Cookies are stored on the user's computer and transmitted to our website by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of our extranet can no longer be used to their full extent.
V. Contact Form and E-Mail Contact
1. Description and Scope of Data Processing
A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The data is:
- Name and title of the user
- email address
- User's telephone number (if provided by the user and only for the purpose of any queries)
- the message entered and also
- date and time of the message.
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.
Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation and deleted after its conclusion, unless and as long as this does not conflict with legal storage obligations.
2. Legal Basis for Data Processing
The legal basis for the processing of the data is Art. 6(1) (a) GDPR if the user has given his consent.
The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6(1) (f) GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6(1) (b) GDPR.
3. Purpose of Data Processing
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Storage Period
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected, i.e. when it can be inferred from the circumstances that the facts in question have been conclusively clarified. If the correspondence is subject to statutory retention periods (in particular according to § 257 German Commercial Code (“Handelsgesetzbuch”) and § 147 German Tax Code (“Abgabenordnung”), we shall delete these upon expiry of the relevant retention periods.
5. Possibility of Objection and Removal
The user has the possibility to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the communication cannot be continued. In this case, all personal data stored in the course of establishing contact will be deleted. Statutory retention periods applicable to us shall remain unaffected.
6. Safety Notice
Although we can be contacted by e-mail, please consider what information you wish to communicate via this insecure medium. With regard to the security and confidentiality of e-mails, the official data protection officers point out that it is not possible to verify with certainty who sent the e-mail and whether the content was fictitious or changed after it was sent intentionally, incidentally or by technical malfunction. There is also a problem with confidentiality (data protection), as it is possible that e-mails may be read by unauthorised persons, who could then become aware of confidential matters. Therefore, not all information can be exchanged by e-mail. E-mail communication can be used for general enquiries. We recommend that you do not send any sensitive or confidential data, especially personal data, unprotected over the Internet. If you have any questions about secure data transmission, please do not hesitate to contact us.
VI. Use of Vimeo plug-ins
1. Description and Scope of Data Processing
We use for the integration of videos among other things the supplier Vimeo. Vimeo is operated by Vimeo, LLC headquartered at 555 West 18th Street, New York, New York 10011.
On some of our websites we use the video player of the provider Vimeo. If you access the Internet pages of our Internet presence equipped with such a video player, in particular to view the videos on our offers made available there, a connection will be established to the Vimeo servers and the video player will be displayed.
By doing so, the Vimeo server will be informed which of our Internet pages you have visited. If you are logged in as a member of Vimeo, Vimeo will assign this information to your personal user account. When using the video player, such as clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
2. Legal basis for Data Processing
The legal basis for the processing of personal data using cookies is Art. 6(1) (f) GDPR.
3. Storage Period, Objection and Removal
The purpose and scope of the data collection and the further processing and use of the data by Vimeo as well as your related rights and privacy settings can be found in Vimeo's privacy policy: https://vimeo.com/privacy
In addition, Vimeo may use the tracker Google Analytics. This is Vimeo’s own tracking, which we do not have access to. You can prevent Google Analytics from tracking you by using the opt-out tools that Google provides for some Internet browsers. Users can also prevent Google from collecting the data generated by Google Analytics and related to their use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
VII. Rights of the Data Subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
1. Right of Access
You can request confirmation from the controller as to whether personal data relating to you will be processed by us.
In the event of such processing, you may request the following information from the data controller:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
2. Right to Rectification
You have the right to have your personal data corrected and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the correction immediately.
3. Right to Restriction of Processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.
Where processing has been restricted under the above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to Erasure
-
Duty to delete
You may request to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according Art. 6(1) (a) or Art. 9(2) (a) GDPR, and where there is no other legal ground for the processing;
- you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Art. 8(1).
-
Information to Third Parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
-
Exceptions
The right to erasure does not exist to the extent that processing is necessary.
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9(2) (h) and (i) GDPR as well as Art. 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
5. Right to Information
If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort.
They shall have the right vis-à-vis the controller to be informed of such recipients.
6. Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another data controller without being hindered by the controller to whom the personal data was provided, provided that
- the processing is based on a consent pursuant to Art. 6(1) (a) GDPR or Art. 9(2) (a) GDPR or on a contract pursuant to Art. 6(1) (b) GDPR and
- the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one responsible person to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1) (e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
8. Right to Withdraw Consent
You have the right to withdraw your consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
9. Automated Individual Decision-Making
You have the right not to be subject to a decision based solely on automated processing that gives you legal effect or similarly significantly affects you. This shall not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the controller,
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
In the cases referred to in points a. and c., the controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right of the controller to obtain the intervention of a person, to present his or her point of view and to contest the decision.
However, these decisions shall not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2) (a) or (g) GDPR applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.
10. Right to lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR