Privacy Policy

Privacy Policy

of hema electronic GmbH

1. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is:

hema electronic GmbH
Röntgenstraße 31
D-73431 Aalen
Phone: +49 7361 9495-0
Fax: +49 7361 9495-45

The data protection officer of the controller is:

Charlotte Helzle
Röntgenstraße 31
D-73431 Aalen
Phone: +49 7361 9495-21
Fax: +49 7361 9495-45

 

2. General information on data processing

2.1 Scope of the processing of personal data
We collect and use our users’ personal data strictly only where it is necessary to provide a functional website and our content and services. Collecting and using our users’ personal data generally takes place only with the consent of the user. An exception applies in such cases where obtaining consent in advance is not possible for practical reasons and processing the data is permitted by statutory provisions.

2.2 Legal basis for processing personal data
Where we obtain the consent of the data subject for processing operations, Article 6(1)(a) EU General Data Protection Regulation serves as the legal basis. In the processing of personal data that is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR forms the legal basis. This also applies to processing operations necessary prior to entering into a contract. Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR forms the legal basis.

In the event that processing personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR forms the legal basis.

If processing is necessary for the purposes of pursuing the legitimate interests of our company or a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) forms the legal basis for the processing.

2.3 Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. It may be stored for longer than that if this is laid down by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or erased if a storage period under the aforementioned standards expires, unless further storage of the data is necessary to enter into or fulfil a contract.

 

3. Provision of the website and creation of log files

3.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data will be collected:

  • Information on the browser type and the version used
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites accessed by the user's system via our website 
     

3.2 Legal basis for the data processing​
The legal basis for the temporary storage of data is Art. 6(1)(f) GDPR.

3.3 Purpose of the data processing  
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the website's functionality. In addition, the data is used to optimise the website and to safeguard the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context. These purposes also include our legitimate interest in data processing under Art. 6(1)(f) GDPR.

3.4 Duration of storage  
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Where data is collected to provide the website, this is the case once the respective session is terminated.

If the data is stored in log files, this must be done by no later than after seven days. Data may be stored for longer than this. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to attribute the calling client.

3.5 Options for objecting and removal 
Collecting data for the provision of the website and storing data in log files is essential for the operation of the website. Consequently, there is no option to object on the part of the user.

 

4. Use of cookies

a) Description and scope of data processing
We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after changing pages. We use cookies on our website to analyse user surfing behaviour. The following data can be transmitted in this way:

  • Search terms entered
  • How often certain pages are viewed

b) Legal basis for the data processing
The legal basis for the data processing of personal data using cookies is Art. 6(1)(f) GDPR.

c) Purpose of the data processing
Analysis cookies are used to improve the quality of our website and its content. Analysis cookies enable us to find out how the site is used and so we can constantly optimise our service.

These purposes also include our legitimate interest in the processing of personal data under Art. 6(1)(f) GDPR.

d) Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted to our site from there. Therefore, you as a user also have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that not all features of the website can be used to the full extent.

 

5. Contact form and email contact

5.1 Description and scope of data processing 
A contact form is available on our website, which can be used for online contact. If users accept this option, the data entered in the input screen will be transmitted to us and stored. These details are:

  • Name
  • Email address

At the time the message is sent, the following data will also be stored:

  • The user’s IP address
  • Date and time of registration

Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection statement.
Alternatively, you can contact us using the email address provided. In this case, the personal data of the user transmitted with the email will be stored. No data will be disclosed to third parties in this context. The data will be used exclusively for processing the conversation.

5.2 Legal basis for the data processing​ 
The legal basis for the processing of the data is Art. 6(1)(a) GDPR if the user has given his consent.
The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the purpose of the email contact is to enter into a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

5.3 Purpose of the data processing 
We only use the processing of the personal data from the input screen for the process of establishing contact. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to safeguard the security of our information technology systems.

5.4 Duration of storage 
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and that sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively resolved.
The additional personal data collected during the sending process is erased after a period of seven days at the latest.

5.5 Options for objecting and removal 
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored during the contact will in this case be erased.

 

6. Your rights as a data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and the data controller must grant you to the following rights:

6.1 Right to information 
You can require confirmation from the data controller whether personal data relating to you is being processed by us. If such processing is present, you can require the data controller to provide you with information on the following matters:

  • the purposes for which the personal data is processed;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal information about you has been or will be disclosed;
  • the planned storage period of the personal data relating to you or, if no specific details on this are possible, criteria for the determination of the storage period;
  • the existence of a right to rectification or erasure of the personal data relating to you, a right to restriction to the processing by the data controller or a right to object to the processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information on the origin of the data, if the personal data is not collected from the data subject;
  • the existence of automated individual decision making including profiling in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved as well as the scope of the desired effects of such processing for the data subject. You have the right to require information about whether the personal data relating to you is transferred to a third country or to an international organisation. In this connection you can require that you are informed about the appropriate safeguards under Article 46 GDPR in connection with the transfer.

6.2 Right to Rectification
You have the right to rectification and/or completion by the data controller if the processed personal data relating to you is incorrect or incomplete. The data controller must carry out the rectification without delay.

6.3 The right to restrict processing
Under the following conditions you can require the restriction of the processing of the personal data relating to you:

  • if you contest the accuracy of the personal data relating to you for a period enabling the data controller to check the accuracy of the personal data;
  • the processing is unlawful and you object to the erasure of the personal data and instead require the restriction of the use of the personal data;
  • the data controller no longer needs the personal data for the purposes of processing but you need it for the establishment, exercise or defence of legal claims or
  • if you have objected to processing in accordance with Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

If the processing of the personal data relating to you has been restricted, this data may, apart from storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a member state. If the restriction of processing under the above conditions has been restricted, you will be informed by the controller before the restriction is lifted.

6.4 Right to Erasure
a) Erasure obligation
You can require from the data controller that the personal data relating to you is erased without delay and the controller is required to erase this data without delay if one of the following reasons applies:

  • The personal data relating to you is no longer necessary for the purposes for which it was collected or processed in any other way.
  • You withdraw your consent on which the processing under Article 6(1)(a) or Article 9(2)(a) GDPR is based and there is no other legal basis for processing.
  • Under Article 21(1) GDPR you object to the processing and there are no overriding legitimate grounds for the processing or you object to the processing under Article 21(2) GDPR.
  • The personal data relating to you has been processed unlawfully.
  • The erasure of the personal data relating to you is necessary for fulfilling a statutory obligation under Union law or the law of the member states to which the data controller is subject.
  • The personal data relating to you has been collected relating to the offer of information society services under Article 8(1) GDPR.

b) Information to third parties
Where the data controller has made the personal data relating to you public and is required to erase it under Article 17(1) GDPR, the controller must, taking into account the available technology and the implementation costs, take reasonable steps including technical measures, to inform data controllers that are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

c) Exceptions
There is no right to erasure where the processing is necessary

  • to exercise your rights to freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • on public interest grounds in the area of public health under Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
  • for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes under Article 89(1) GDPR where the right under a) is likely to make impossible or seriously impair the achievement of the aims of this processing or
  • for the establishment, exercise or defence of legal claims.

6.5 Right to Notification
If you have asserted the right to correction, erasure or restriction of the processing by the data controller, the latter is required to inform all recipients to which the personal data relating to you has been disclosed of this rectification or erasure of the data or restriction of processing, unless it proves impossible or associated with disproportionate expense. You have the right to be notified by the data controller about these recipients.

6.6 Right to Data Portability
You have the right to receive the personal data relating to you, which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition you have the right to send this data to another data controller without hindrance from the controller to which the personal data has been provided if

  • the processing is based on consent under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract under Article 6(1)(b) GDPR and
  • processing is carried out using automated procedures. Furthermore, in the exercise of this right, you have the right to have the personal data relating to you transmitted directly from one data controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task that is in the public interest or carried out in the exercise of official authority vested in the data controller.

6.7 Right to Object
You have the right on grounds relating to your particular situation to object at any time to the processing of the personal data relating to you carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. The controller may no longer process the personal data relating to you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data relating to you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data must no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

6.8 Right to revoke the statutory declaration of consent
You have the right to withdraw your consent to the processing of your data at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.9 Automated decision making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into, or performance of, a contract between you and a data controller,
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
  • is based on your explicit consent.

However these decisions must not be based on special categories of personal data referred to in Article 9(1) GDPR, unless (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms, and legitimate interests are in place. In the cases referred to in (1) and (3), the data controller must implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

6.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged must inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy under Article 78 GDPR.

6.11 Privacy policy for the use of the Matomo analytics service
Our website uses Matomo. This is a web analysis service. Matomo uses "cookies", which are text files that are stored on your computer and which enable us to analyse the use of the website. For this purpose, the usage information generated by the cookie (including your abbreviated IP address) is transferred to our server and stored for usage analysis purposes, which serves to optimise our website. At the start of this process, your IP address is anonymised, so that you as a user will remain anonymous to us. The information generated by the cookie about your use of this website will not be disclosed to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

If you do not agree with the storage and analysis of information about your visit, you can object to storage and use at any time by clicking below. In this case, an "opt-out cookie" will be stored in your browser, which means that Matomo will not collect any session data. Note: If you delete your cookies, this will mean that the opt-out cookie is also deleted and you may need to re-activate it.

Datenschutzhinweise für Termin- oder Event-Buchungen via Microsoft Bookings 

Wir möchten Sie nachfolgend über die Verarbeitung personenbezogener Daten im Zusammenhang mit der Nutzung von „Bookings“ informieren.

Zweck der Verarbeitung

Wir nutzen das Tool „Bookings“, um Termine zwischen Kunden und Mitarbeitern vereinbaren zu können oder Anmeldungen zu Veranstaltungen zu ermöglichen. (nachfolgend: „Online-Buchung“). 

Verantwortlicher

Verantwortlicher für Datenverarbeitung, die im unmittelbaren Zusammenhang mit der Durchführung von Online-Buchungen steht, ist die hema electronics GmbH.

Bürokommunikation: Microsoft (Microsoft 365, Microsoft Teams)

Wir nutzen Microsoft 365 und Microsoft Bookings, zur Durchführung unserer Terminvereinbarungen und Events mit den Kunden über unsere Website.

Microsoft 365 und Microsoft Bookings sind ein Service der Microsoft Ireland Operations, Ltd.

Microsoft Bookings ist Teil der Cloud-Anwendung Office 365. Microsoft behält sich vor Kundendaten zu eigenen Geschäftszwecken zu verarbeiten. Dies stellt für die Nutzer von Microsoft Bookings ein Datenschutz-Risiko dar. Beachten Sie bitte, dass wir auf die Datenverarbeitungen von Microsoft keinen Einfluss haben. In dem Umfang, in dem Microsoft Bookings personenbezogene Daten in Verbindung mit den legitimen Geschäftsvorgängen von Microsoft verarbeitet, ist Microsoft unabhängiger Datenverantwortlicher für diese Nutzung und als solcher verantwortlich für die Einhaltung aller geltenden Gesetze und Verpflichtungen eines Datenverantwortlichen.

Weitere Informationen zu Zweck und Umfang der Datenerhebung und ihrer Verarbeitung

Microsoft Bookings ist erhalten in der Datenschutzerklärung von Microsoft unter https://privacy.microsoft.com/de-de/privacystatement. Dort erhalten Sie auch weitere Informationen zu Ihren diesbezüglichen Rechten. Microsoft verarbeitet Ihre personenbezogenen Daten auch in den USA. EU –Standardverträge mit Microsoft zu Office 365 und Teams sind abgeschlossen, um ein angemessenes Datenschutzniveau zu garantieren. Die EU-Standardvertragsklauseln können Sie unter https://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF abrufen.

Folgende personenbezogene Daten sind Gegenstand der Verarbeitung:

Angaben zum Benutzer: Anzeigename, E-Mail-Adresse, Bevorzugte Sprache, Metadaten: z. B. Datum, Uhrzeit, Telefonnummer, Ort.

Ihre Rechte

Sie haben gegenüber uns folgende Rechte hinsichtlich der Sie betreffenden personenbezogenen Daten:

Recht auf Auskunft nach Art. 15 DSGVO zu ihren von uns verarbeiteten personenbezogenen Daten.

Recht auf Berichtigung nach Art. 16 DSGVO von unrichtigen personenbezogenen Daten.

Recht auf Löschung ihrer personenbezogenen Daten nach Art.- 17 DSGVO

Recht auf Einschränkung der Verarbeitung nach Art. 18 DSGVO

Recht auf Widerspruch gegen die Verarbeitung nach Art. 21 Abs. 1 DSGVO:

Recht auf Datenübertragbarkeit nach Art. 20 DSGVO

Sie haben zudem das Recht, sich bei der zuständigen Datenschutz-Aufsichtsbehörde über die Verarbeitung Ihrer personenbezogenen Daten durch uns zu beschweren.

 

Right to Information and Contact Options
You have of course the right to free information about the data relating to you that is stored by us, as well as, if need be, the right to correct, block or erase this data. If you have any questions regarding the collection, processing or use of your personal data, or if you wish to obtain information, corrections, blocking or erasure of your data, or if you wish to revoke any consents you may have given, or if you wish to object to a particular use of your data, please contact:

hema electronic GmbH
Röntgenstraße 31
73431 Aalen, Germany
Phone: +49 7361 9495-0
Fax: +49 7361 9495-45
Email: info@hema.de