HNA Privacy Policy
HNA Anlagenbau & Industrie-Montagen GmbH is an international service company belonging to GPZ Holding GmbH.
We, the GPZ Holding GmbH, are committed to respecting and protecting the privacy of your data. The careful handling of your data is our highest priority.
Transporting, processing, and storing your personal data is performed in accordance with the European General Data Protection Regulation and the corresponding national regulations.
If you pass personal data on to us, you can be sure that this information is used solely to maintain your business relationship with HNA Anlagenbau GmbH, or in one of the ways set out in this statement.
This statement of privacy gives an overview about the personal data-related services at HNA Anlagenbau & Industrie-Montagen GmbH.
In the case that certain services require additional processing, we will indicate that before usage of such services.
We also take a variety of security measures to protect your personal information. For example, the transfer between your Web browser and our servers is basically transport-encrypted; we also maintain a variety of technical and organizational measures to protect your data.
Why we process your data
The basic usage of our website does not require us to disclose your identity. If you would like to register for one of our personalized services or contact us, we will ask you for your name and other personal information. It is your free choice whether to enter this (extended) data. Data that we require from you for the provision of our services is marked as such. The collection and processing of your personal data is carried out for the following purposes on the basis of the following legalities:
i. Contract initiation in accordance with Article 6 (1) lit. a) and b) DSGVO
ii. Contract processing in accordance with Article 6 (1) lit. b) DSGVO
iii. Customer management according to Article 6 paragraph 1 lit. b) and C) DSGVO
iv. Communication and data exchange in accordance with Article 6 (1) lit. a), b), C), F) DSGVO
v. External representation and advertising in accordance with Article 6 (1) lit. f) DSGV
vi. Implementation of declarations of consent in accordance with Article 6 (1) lit. A) DSGVO
vii. To ensure the proper operation of a data processing plant in accordance with Article 6 (1) lit. c) and F) DSGVO
What data we collect and process from you
We collect different categories of personally identifiable information from you. Personal data are described as all information relating to an identified or identifiable natural person; “identifiable” is considered a natural person who can be identified directly or indirectly, in particular by assigning it to an identifier, such as a name.
For example, personal data includes information such as your name, address, telephone number, and date of birth (if specified). Statistical information that cannot be associated with you either directly or indirectly – such as the popularity of individual websites of our offer or the number of users of a site – is not personal data.
There are directly and indirectly collected data. In both cases, data is collected only to the extent necessary; the data are processed exclusively for the purposes mentioned above (ii).
Whether you want to provide us with data that optimizes your usage of our services is your decision. Corresponding data fields are marked as 'voluntary'.
The data directly collected include:
• Salutation and name, e.g. to personalize your contact request
• Mailing address and, if applicable, a password you have chosen, e.g. to contact us via our contact form
• Address data, e.g. for the purpose of sending an offer in printed format
• Data that you transmit through us actively and consciously in the context of the use of our services, e.g. information about your used POS system
• Other data that you voluntarily submit to us, for example filled-in data fields marked as 'voluntary'
In addition, data about you will be collected indirectly when using our services: technical connection data, e.g. the visited page of our website, your IP address, the date and time of the call, the or terminal used
• Data collected in the context of website tracking
Minors:
Our website is not intended for minors and we also do not knowingly collect personal data from minors.
If any person under the age of 16 transmits personal data to us, this is only permitted if the parent has consented him/herself or agreed to the consent of the adolescent. In accordance with Article 8 (2) DSGVO, the contact details of the parent must be communicated to us in order to convince us of the consent or consent of the parent. This data as well as the data of the minor are then processed according to this data protection declaration. If we find that a minor under the age of 16 has sent personal data to us without the parent's consent or approval of the minor, we will delete the data immediately.
Who has access to your data and to whom we transmit your data
a) Access
The access to your personal data that is stored by us is limited to our employees and to the service providers that we entrust, who have to deal with these personal data due to their tasks. If third parties have access to your data, we have either obtained permission from you or there is a legal basis for their activity. We also use service providers for the provision of services and processing of your data (among other things for hosting). As far as these special provisions apply, we have carried out these in the following ways with the respective service for you. The service providers process the data exclusively on instruction from us and have been obliged to comply with the applicable data protection regulations. All processors have been carefully selected and will only have access to such data which is necessary for the performance of the services or to the extent that they are processing and using the data, only contingent on the pre-agreed specifications and required period of time.
b) Data exchange within the group of companies
Data exchange within the group of companies that we belong to is exclusively within the EU/EEA and serves only for internal administrative purposes. We understand “the group of companies” to be related companies within the meaning of Article 4 No. 19 DSGVO.
c) ransmission to third countries and legal basis
The servers of some of the service providers that we have deployed are located in the United States and other countries outside the European Union. Companies in these countries are subject to a Data Protection Act which does not protect personal data to the same extent as is the case in the Member States of the European Union. If your data is processed in a country which does not have a recognized high level of data protection such as within the European Union, we will ensure that your personal data are appropriately protected. In the context of the individual services, we explicitly point this out to you. To the extent that a transfer of personal data takes place in third countries, it is carried out on the basis of the adequacy decision of the EU Commission on the EU-U. S.-Privacy Shield according to Art. 45 DSGVO or the EU Standard Contract (2010) in accordance with Article 46 (2) lit. (c) DSGVO in conjunction with the decision of the European Commission of 05.02.2010 (2010/87/EU) or in accordance with Article 49 (1). A DSGVO.
d) Exceptional cases
In exceptional cases, we transmit personal data to law enforcement and criminal determination authorities. This is due to the corresponding legal obligations, e.g. from the Code of Criminal Procedure, the tax code, the Money Laundering Act or state police laws.
Storage periods
We store personal data in accordance with legal regulations or your consent. In order to define the actual storage duration, we draw on the following criteria:
• Statutory storage obligations, e.g. according to AO and HGB
• The existence of consent, e.g. your consent or withdrawal
• Contractual retention obligations
• Existence of a contractual relationship, e.g. last activity, if there is no permanent agreement
• The purpose of data collection and data storage is no longer applicable
• Technological and forensic requirements, e.g. for the prevention of attacks and their persecution
Your rights
You have a number of legal rights to which we would like to refer you to below. In addition, of course, our data protection officer is also at your disposal for all questions concerning your data that is collected and processed by us on your person under Paragraph f).
a) Right to information and data transferability
You have the right to information about the personal data processed by us at any time. If the data processing is based on your consent or is in accordance with Article 6 Paragraph 1 b) DSGVO on a contract, you may also require, in accordance with Article 20 Paragraph 1 DSGVO, to transfer the personal data stored about you in a structured, common, and machine-readable format. At your request, we will also forward the data directly to the recipient you have chosen.
b) Right to rectification, restriction, and deletion
Furthermore, in accordance with Art. 16 to 18 DSGVO, you may request an adjustment, restriction (blocking), or deletion of your personal data from us if the data has been incorrectly processed by us, which limits further data processing. Data processing is illegal if its storage is inadmissible for other legal reasons. We would point out that your right of deletion may be restricted by statutory retention periods.
c) Right to enter an objection
If our data processing is based solely on our legitimate interest in accordance with Art. 6 Para. 1 f) DSGVO, you may appeal against this processing in accordance with Article 21 (1) DSGVO. We will then process your data, unless we can provide proof of the reasons for the processing that outweigh your interests, rights, and freedoms - or the processing serves to assert, exercise, or defend a legal claim.
d) Right of withdrawal
If you have allowed us to process your personal data by consent, a right of withdrawal with effect for the future is available to you in accordance with Article 7 (3) DSGVO.
e) Right to appeal to the supervisory authority
You are free to file a complaint with a supervisory authority if you believe that our processing of your personal data violates the European Data Protection Basic Regulation or other national and international privacy laws.
f) Contact details
In order to exercise your rights, you can send an informal message to the following contact details. Likewise, please direct the withdrawal of your consent address below, stating which declaration of consent you would like to revoke:
Responsible Data Protection Officer
PR-EDV
Witschgasse 23a
50259 Pulheim
Use of our website – Profiling, cookies, and web tracking
Additional information and regulations for individual services
a) Contact form
Data that you transmit to us through our contact form will be processed for the purpose of communication and data exchange, e.g. to respond to your specific request. This data is stored as long as the processing is necessary for these purposes or until the expiration of any subsequent retention periods.