PRIVACY POLICY

PRIVACY POLICY

Thank you very much for your interest in our websites and the HYDAC network of affiliated companies. Protecting your personal data is a priority for us. The term “personal data” refers to all information related to an identified or identifiable natural person (hereinafter: data). This may include, for example, the IP address, address, name, email address or telephone number.

In principle, we collect data only to the extent that is technically necessary. In the following privacy policy, we would like to inform you as to which data we process, and for what purpose we process such data during your visit to our websites.

I. Name and address of the data controller

Pursuant to Art. 4(7) of the GDPR and other national data privacy laws of the Member States and other data privacy provisions, the data controller is:

 

HYDAC Verwaltung GmbH

66273 Sulzbach/Saar

Hirschbachstraße 4

Postfach 12 51

Germany

Tel.: +49 (0) 68 97 509-01

E-Mail: info@hydac.com

Website: https://www.hydac.com

II. Contact data of the data protection officer

Please contact the data protection officer if you have any queries concerning the processing of your data.

 

The joint data protection officer of the HYDAC network of affiliated companies can be reached at:

 

Central Data Protection Department

66280 Sulzbach/Saar

Hirschbachstraße 4

Plant 19

Germany

Tel.: +49 (0) 68 97 / 509 9398

E-Mail: datenschutz@hydac.com

III. General information on data processing

1. Scope of data processing

As a rule, we process the data of our website users only to the extent that it is required to provide a functioning website along with its contents and services. The user data are processed pursuant to the legal bases and only for the purposes defined by us in advance.

2. Legal bases for the processing of data

The HYDAC network of affiliated companies processes data in compliance with the provisions of the GDPR.

Consent

Art. 6(1)(1)(a) of the GDPR provides the legal basis for the extent to which we obtain consent of the data subject for processing the data.

Performance of a contract or implementation of pre-contractual measures

Art.(6)(1)(1)(b) of the GDPR provides the legal basis for processing any data required to perform a contract to which the data subject is a party. It also serves as the basis for processing data required to implement pre-contractual measures.

Legal obligation

Art. 6(1)(1)(c) of the GDPR provides the legal basis for the extent to which the data must be processed to comply with a legal obligation to which our company is subject.

Legitimate interest

If processing the data is necessary to safeguard the legitimate interests of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interests, Art. (6)(1)(1)(f) of the GDPR serves as the legal basis for the data processing.

3. Data erasure and storage duration

The data of the data subject are erased or the processing of the data is restricted as soon as the purpose for processing the data no longer applies. The data can be also be stored if such storage is provided for by European or national legislators in regulations, laws or other rules under Union law to which the data controller is subject. In addition, the data processing is restricted or the data are erased when the storage period stipulated under the aforementioned standards expires, unless a need exists to store the data for a longer period of time to conclude or perform a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

If the website is used for information purposes only, i.e. if you do not register or otherwise transfer any information to us, we collect only the data transferred to our server from your browser. If you would like to view our website, we collect the following data which we require for technical reasons to display our website and to ensure its stability and security.

The following data are collected:

  • Information on the type of browser and the version used
  • The user’s IP address
  • Date and time of access
  • Any server errors
  • Email events

The data are also stored in our system’s log files. This data are not stored together with the user’s other data.

2. Legal basis for data processing

Art. 6(1)(1)(f) of the GDPR provides the legal basis for the necessary collection and temporary storage of the data.

3. Purpose of data processing

The collection and temporary storage of the data by the system are necessary to facilitate the delivery of the website to the user’s computer.

These purposes also include our legitimate interests in processing the data pursuant to Art. 6(1)(1)(f) of the GDPR.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. If the data are collected to provide the website, this is the case when the individual browser is closed.

5. Possibility of objection and elimination

The collection of the data to provide the website and the storage of the data in log files is essential to the operation of the website. Consequently, the user does not have the possibility of filing an objection pursuant to Art. 21 of the GDPR.

V. Use of cookies

1. Description and scope of data processing

We use cookies on various pages in order to attract visitors to our website and to allow the use of certain features. The so-called ‘cookies’ are small text files which your browser can store on your computer. You may configure your browser based on your requirements to inform you when the cookies are set, to decide on the acceptance of the cookies on a case-by-case basis or to accept or reject the cookies. Cookies may be used for various purposes, including to detect whether your PC has already connected to a website once (permanent cookies) or to store the last viewed items (session cookies).

The following cookies are collected when the website is opened:

  • Session cookie

We use cookies to offer you a more comfortable user experience. Some elements of our website require the browser that accesses it to be identifiable even after the user exits the page.

The data stored and transmitted in the cookies include the following:

  • Language setting
  • Log-in information
  • Data which are entered in forms

2. Legal basis for data processing

Art. 6(1)(1)(f) of the GDPR provides the legal basis for processing the data using technically necessary cookies.

Art. 6(1)(1)(a) of the GDPR forms the legal basis for processing data using cookies for analysis if the user has given consent for such use.

3. Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for the users. Some features on our websites cannot be offered without the use of cookies. These features require the browser to be recognised even after the user exits the page.

We require cookies for the following applications:

  • To store the login ID
  • To store the user’s session ID
  • To store the selected user language and country

The user data collected by means of technically necessary cookies are not used to create user profiles.

4. Duration of storage

The storage period depends on the cookie used.

Cookies collected when the website is accessed:

  • Session cookie: After the browser is closed
  • In the login ID (only when the user logs into the system): The cookie is deleted after the website is closed

5. Possibility of objection and elimination

You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the functions it offers to their full extent.

VI. User account

1. Description and scope of data processing

Our websites offer users the option of logging into a user – account by entering their access data.

The creation of the access data is performed by us, at which time the data are entered into an input screen, transmitted to us and stored. The data are not disclosed to third parties.

Depending on the forms to be completed by the user, the data collected during the registration process include the following:

  • Name and surname
  • Adress
  • Email address
  • Telephone number
  • Company

2. Legal basis for data processing

Art. 6(1)(1)(a) of the GDPR provides the legal basis for processing the data with the user’s consent.

If the user account is used to perform a contract to which the user is a party or to implement pre-contractual measures, then Art. 6(1)(1)(b) of the GDPR forms the legal basis for processing the data.

3. Purpose of data processing

User registration is required for the provision of certain content and services on our website.

User registration may also be necessary to perform a contract with the user or to implement pre-contractual measures.

4. Duration of storage

The data are erased as soon as the user objects to the processing of the data.

5. Possibility of objection and elimination

As a user, you have the option of cancelling the registration at any time. You may have your data changed at any time.

The objection may be filed in writing or by email to the authority mentioned in Point I with future effect.

If the data are required to perform a contract or to implement pre-contractual measures, early erasure of the data is possible only if such erasure is not contrary to the contractual or legal obligations.

VII. Contact form and email contact

1. Description and scope of data processing

Our websites provide a contact form which can be used to contact us electronically. If a user chooses this option, the data entered on the input screen are transmitted to us and stored.

The data which are collected and stored include the following:

  • Name and surname
  • Email address
  • Telephone number
  • Fax number
  • Address
  • Company
  • Comment

The following data are also stored when the message is sent:

  • The user’s IP address

 

Your consent is obtained for the processing of the data in the context of the sending of the email and the referencing of this privacy policy.

Alternatively, it is possible to contact us using the email address provided. If this is the case, then the user data transmitted with the email are stored.

The data are not disclosed to third parties in this connection. The data are used solely to process the conversation.

2. Legal basis for data processing

Art. 6(1)(1)(a) of the GDPR provides the legal basis for processing the data with the user’s consent.

Art. 6(1)(1)(f) of the GDPR provides the legal basis for the processing of data that are transmitted when an email is sent.

If the purpose of contacting us by email is to conclude a contract, then Art. 6(1)(1)(b) of the GDPR forms an additional legal basis for processing the data.

3. Purpose of data processing

We process the data on the input screen only to process the contact. Contact by email also falls within the required legitimate interest regarding the processing of the data.

Any other data processed when the email is sent is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data on the input screen of the contact form and the data which were sent by email once the individual conversation with the user has been ended or concluded. The conversation is ended when the circumstances indicate that the matter involved has reached a final conclusion.

5. Possibility of objection and elimination

The user has the option at any time of withdrawing consent to the processing of the data. The user can object to the storage of his or her data by sending us an email. The conversation cannot be continued in such cases.

The objection may be filed in writing or by email to the authority mentioned in Point I with future effect.

In this case, any data stored when the user contacts us are erased.

VIII. FAQ proposal form

1. Description and scope of data processing

Our FAQ section provides the option of proposing your own FAQ points by filling a form. If a user chooses this option, the data entered on the input screen are transmitted to us and stored.

The data which are collected and stored include the following:

  • Email address
  • Product information
  • Questions and answers

 

The following data are also stored when the message is sent:

  • The user’s IP address
  • Email address
  • FAQ contents

 

Your consent is obtained for the processing of the data in the context of the sending of the email and the referencing of this privacy policy.

Alternatively, it is possible to contact us using the email address provided. If this is the case, then the user data transmitted with the email are stored.

The data are not disclosed to third parties in this connection. The data are used strictly for processing the proposed FAQ.

2. Legal basis for data processing

Art. 6(1)(1)(a) of the GDPR provides the legal basis for processing the data with the user’s consent.

3. Purpose of data processing

The processing of the data on the input screen serves only to broaden the contents of our customer support section

Any other data processed when the email is sent is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected.

5. Possibility of objection and elimination

The user has the option at any time of withdrawing consent to the processing of the data. The user can object to the storage of his or her data by sending us an email. The conversation cannot be continued in such cases.

The objection may be filed in writing or by email to the authority mentioned in Point I with future effect.

In this case, any data stored when the user contacts us are erased.

IX. FAQ rating

1. Description and scope of data processing

Our FAQ section provides the option of rating your own FAQ points

The data which are collected and stored include the following:

  • User account data (if the user is logged in)
  • Rating

 

The following data are also stored when the message is sent:

  • The user’s IP address
  • User account data (if the user is logged in)
  • Rating

 

Your consent is obtained for the processing of the data in the context of the sending of the email and the referencing of this privacy policy.

Alternatively, it is possible to contact us using the email address provided. If this is the case, then the user data transmitted with the email are stored.

The data are not disclosed to third parties in this connection. The data are used strictly for processing the proposed FAQ.

2. Legal basis for data processing

Art. 6(1)(1)(a) of the GDPR provides the legal basis for processing the data with the user’s consent.

3. Purpose of data processing

The processing of the data on the input screen serves only to broaden the contents of our customer support section

Any other data processed when the email is sent is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected.

5. Possibility of objection and elimination

The user has the option at any time of withdrawing consent to the processing of the data. The user can object to the storage of his or her data by sending us an email. The conversation cannot be continued in such cases.

The objection may be filed in writing or by email to the authority mentioned in Point I with future effect.

In this case, any data stored when the user contacts us are erased.

X. Download area

6. Description and scope of data processing

Our websites have a download section where our products and documentation are provided. When the files are downloaded, the following data are collected and stored:

  • User account data (if the user is logged in)
  • Downloaded file
  • IP address
  • Time stamp

2. Legal basis for data processing

Art. 6(1)(1)(a) of the GDPR provides the legal basis for processing the data with the user’s consent.

3. Purpose of data processing

The processing of the data from the download section serves to assist our customer support in responding to queries relating to the products of ours which are used at customer locations.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected.

5. Possibility of objection and elimination

The user has the option at any time of withdrawing consent to the processing of the data. The user can object to the storage of his or her data by sending us an email. In this case, the provision of downloads cannot be continued.

The objection may be filed in writing or by email to the authority mentioned in Point I with future effect.

XI. Web analytics by Matomo (formerly PIWIK)

1. Description and extent of data processing

On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse our users’ surfing behaviour. The software places a cookie on the user’s computer (see above on cookies). The following data are saved when the individual pages are opened:

  • Two bytes of the IP address of the user’s system accessing the site
  • The website opened
  • The website from which the user accessed the website opened (referrer)
  • The sub-pages opened from the website accessed
  • The length of stay on the website
  • Frequency of visits to the website
  • Information on the browser type and version used
  • The user’s operating system

 

The software runs exclusively on our website servers. The data are stored exclusively there. The data are not passed on to third parties.

The software is configured not to store full IP addresses, instead masking 2 bytes of the IP address (e.g.: 192.168.xxx.xxx). This renders attribution of the truncated IP to the accessing computer impossible.

2. Legal foundation for data processing

The legal foundation for processing the user data is Art. 6 Par. 1 Cl. 1 a of GDPR.

3. Purpose of data processing

Processing user data allows us to statistically analyse user behaviour for optimisation and marketing purposes. Analysing the data obtained enables us to compile information on the use of individual components of our website. That helps us improve our website and its user friendliness.

Data are only processed with express consent from the user. Anonymization of the IP address takes the user’s interest in protecting his or her data sufficiently into account.

4. Duration of storage

The data are deleted as soon as they are no longer required for our statistical recording purposes.

5. Objection and removal options

Cookies are stored on the user’s computer and sent from there to our page. As a result, you have full control over the use of cookies as a user. You can deactivate or restrict sending of cookies by changing the settings in your browser. Cookies already saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you may not be able to use all website functions fully.

On our website, users can opt out of the analytics process. To do so, follow the corresponding link. This sets another cookie on your system, which tells our system not to save the user’s data. If the user deletes the corresponding cookie on his or her own system, he or she must set the opt-out cookie again.

For further details on the privacy settings of the Matomo software, see the following link: https://matomo.org/docs/privacy/ .

XII. Rights of the data subject

If your data are processed, then you are the data subject pursuant to the GDPR and you have the following rights with regard to the data controller:

1. Right of access pursuant to Art. 15 of the GDPR

You may request the data controller to confirm if we are processing any data relating to you.

If we are processing your data, you may request the following information from the data controller:

  • the purposes for which the data are processed;
  • the categories of the data which is processed;
  • the recipients or the categories of recipients to whom data relating to you have been disclosed or will be disclosed;
  • the scheduled duration of the storage of your data or, if it is not possible to provide specific information on this matter, criteria for specifying the storage duration;
  • the existence of a right of rectification or erasure of data relating to you, right of restriction of the processing of the data by the controller or right of objection to this processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • any available information regarding the origin of the data if the data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art. 22(1)(4) of the GDPR and – at least in these cases – any meaningful information on the logic involved as well as the consequences and the desired effects of such processing for the data subject.

 

You are entitled to request information on whether your data are transferred to a third country or to an international organisation. In this context, you may request notification regarding the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with such transfer.

2. Right to rectification

If the processed data relating to you are incorrect or incomplete, you have the right to obtain from the data controller the rectification and/or completion of the data. The data controller must rectify the data without delay.

3. Right to restriction of processing

You may request the restriction of the processing of the data relating to you under the following conditions:

  • if you contest the accuracy of your data for a period of time that allows the data controller to verify the accuracy of the data;
  • the processing of the data is unlawful and you oppose the erasure of the data and instead request restricted use of the data;
  • the data controller no longer needs the data for the purpose of the processing, but you require them to assert, exercise or defend legal claims, or
  • if you have filed an objection to the processing of the data pursuant to Art. 21(1) of the GDPR and it is not yet determined whether the legitimate grounds of the data controller override your grounds.

 

If the processing of the data relating to you is restricted, this data – with the exception of their storage – are permitted to be processed only with your consent or to assert, exercise or defend any legal claims or protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing of the data is restricted in accordance with the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to erasure

 

a. Obligation of erasure

You may demand that the data controller erase your data without delay, and the data controller is required to erase this data without delay if one of the following reasons applies:

  • Your data are no longer required for the purposes for which they were collected or otherwise processed.
  • You revoke your consent to the processing of the data pursuant to Art. 6(1)(1)(a)
    or Art. 9(2)(a) of the GDPR and no other legal basis for processing the data exists.
  • You file an objection to the processing of the data pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for processing the data, or you file an objection to the processing of the data pursuant to Art. 21(2) of the GDPR.
  • Your data were processed unlawfully.
  • It is necessary to delete your data to comply with a legal obligation under the Union law or the law of the Member States to which the data controller is subject.
  • Your data were collected in relation to the information society services offered pursuant to Art. 8(1) of the GDPR.

 

b. Disclosure of information to third parties

If the data controller has made your data public and is required under Art. 17(1) of the GDPR to erase such data, then the data controller, taking account of the available technology and the cost of implementation, will take appropriate measures, including technical measures, to inform data controllers responsible for processing the data that you, as the data subject, have requested the data controllers to erase all links, copies or replication of this data.

 

c. Exceptions

The right to erasure does not exist if it is necessary to process the data

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing of the data under the Union law or the law of the Member States to which the data controller is subject, or for the performance of a task which is in the public interest or in the exercise of official authority vested in the data controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and also Art. 9(3) of the GDPR;
  • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) of the GDPR if the right referred to under Section a is likely to render impossible or seriously impair the achievement of the objectives of processing this data, or
  • for the assertion, exercise or defence of legal claims.

5. Right to notification

If you have asserted the right to rectification, erasure of the data or to restriction of the processing of the data to the data controller, the data controller is required to notify all the recipients to whom your data was disclosed of the rectification or erasure of the data or the restriction of the processing of the data, unless this proves impossible or involves disproportionate effort.

You have the right to be notified of these recipients by the data controller.

6. Right to data portability

You have the right to receive your data which you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another data controller without hindrance from the data controller to whom the data were provided, insofar as

  • the processing of the data is based on consent pursuant to Art. 6(1)(1)(a) or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1)(1)(b) of the GDPR and
  • the data are processed by automated means.

 

In the exercise of this right, you also have the right to have the data transferred directly from one data controller to another, provided that this is technically feasible. The freedoms and rights of other persons may not be prejudiced by this.

The right to data portability does not apply to the processing of the data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the data controller.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of data relating to you which is based on Art. 6(1)(1)(e) or (f) of the GDPR, including profiling based on these provisions.

The data controller no longer processes the data relating to you unless the data controller can demonstrate compelling legitimate grounds for processing the data, which override your interests, rights and freedoms, or the processing of the data serves to assert, exercise or defend legal claims.

If data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your data for the purposes of such marketing, including for profiling if it is related to such direct marketing.

If you object to the processing of the data for purposes of direct marketing, then your data will no longer be processed for these purposes.

In the context of the use of information society services – regardless of Directive 2002/58/EC – you have the option of exercising your right to object by automated means using technical specifications.

8. Right to withdrawal of declaration of consent under the data privacy law

You have the right to withdraw your declaration of consent under the data privacy law at any time. The withdrawal of consent does not affect the lawfulness of the processing of the data based on the consent before it is withdrawn.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which produces legal effects concerning you or significantly affects you in a similarly negative manner. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the data controller,
  • is authorised under the laws of the Union or the Member States to which the data controller is subject and these laws include appropriate measures for safeguarding your rights, freedoms and legitimate interests or
  • is taken with your explicit consent.

 

However, these decisions may not be based on special categories of data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to safeguard the rights, freedoms and your legitimate interests.

With regard to the first two alternatives, the data controller takes appropriate measures to safeguard rights, freedoms and your legitimate interests, including at least the right to obtain human intervention from the data controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you or your workplace are located or the place of the alleged infringement if you are of the opinion that the processing of your data represents an infringement of the GDPR.

The supervisory authority with which the complaint was lodged shall notify the complainant regarding the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.