PRIVACY POLICY

1. Introduction

Definitions according to Art. 4 GDPR
In this privacy policy, we use the following terms, among others:

Personal Data
Personal data means all information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

Processing
Processing refers to any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration or modification, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, alignment, or combination, restriction, erasure, or destruction.

Restriction of Processing
Restriction of processing means marking stored personal data with the aim of limiting its processing in the future.

Controller
The controller is the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. If the purposes and means of processing are determined by Union law or the law of the Member States, the controller or the criteria for their designation may be provided for by Union or Member State law.

Processor
A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

Recipient
A recipient is a natural or legal person, authority, agency, or other body to whom personal data is disclosed, whether or not a third party. Authorities that may receive personal data in the context of a particular investigation mandate under Union or Member State law are not considered recipients.

Third Party
A third party is a natural or legal person, authority, agency, or other body, other than the data subject, the controller, the processor, and the persons authorized to process personal data under the direct responsibility of the controller or processor.

Profiling
Profiling means any form of automated processing of personal data involving the use of personal data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning the person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Consent
Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Responsibilities

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

HTG GmbH
Ohl 9
D-58636 Iserlohn

Phone: +49 (0) 23 71 – 81 90 0
Fax: +49 (0) 23 71 – 81 90 11
info@htgpro.com

If you have any questions about data protection, please send us an email or contact the person responsible for data protection within our organization: Ulfert Friedrich

3. Legal Basis for Processing

Below we inform you about the legal bases for processing personal data:

  • Art. 6 (1) lit. a) GDPR (in conjunction with § 25 (1) TTDSG) serves as the legal basis for processing activities where we obtain consent for a specific processing purpose.
  • If the processing of personal data is necessary for the performance of a contract, Art. 6 (1) lit. b) GDPR serves as the legal basis. This may include, for example, processing operations related to product deliveries, services, or pre-contractual measures such as inquiries about our products or services.
  • If our company is subject to a legal obligation requiring the processing of personal data, such as fulfilling tax obligations, the processing is based on Art. 6 (1) lit. c) GDPR.
  • The processing of personal data may also be necessary to protect vital interests of the data subject or another natural person. In these cases, the processing is based on Art. 6 (1) lit. d) GDPR.
  • Processing operations based on Art. 6 (1) lit. f) GDPR serve the legitimate interests of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override those interests. Such processing is permitted because it is specifically mentioned by the European legislator, particularly for cases where you are a customer of our company (Recital 47 Sentence 2 GDPR).

4. Data Transfer to Third Parties

We will only disclose your personal data to third parties for purposes other than those outlined below:

  • If consent is given according to Art. 6 (1) lit. a) GDPR.
  • If the transfer is necessary for the legitimate interests of our company or a third party according to Art. 6 (1) lit. f) GDPR and there is no reason to assume that your overriding interests or fundamental rights and freedoms prevent such transfer.
  • If there is a legal obligation to transfer personal data under Art. 6 (1) lit. c) GDPR.
  • If it is legally permissible and necessary for the performance of a contract with you according to Art. 6 (1) lit. b) GDPR.

Note on Data Processing in the USA by Third-Party Services
In the context of the processing activities described here, it is possible that personal data may be transferred to the USA. The European Court of Justice considers the USA to have an inadequate level of data protection according to EU standards (ECJ: Schrems-II Judgment). Your data could be accessed and processed by U.S. authorities without further control. We have entered into agreements on data processing based on the Standard Contractual Clauses of the European Commission to protect your data. If the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent in accordance with Art. 49 (1) lit. a) GDPR may serve as the legal basis for data transfers to third countries. Data transfers to third countries are possible. Appropriate guarantees have been implemented through Standard Contractual Clauses in accordance with Art. 46 GDPR. Further information is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

5. Technology

5.1 SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL or TLS encryption. This ensures that the data you transmit via this website is not readable by third parties. You can recognize an encrypted connection by the "https://" in the address bar of your browser and the padlock symbol in the browser bar.

5.2 Server Log Files
The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits to us. This may include the following data:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. It is necessary to display the contents of our website correctly, ensure the continuous functionality of IT systems, and facilitate cooperation with law enforcement agencies in the event of a cyber attack. The legal basis for this data processing is Art. 6 (1) lit. f) GDPR.

6. Use of Cookies

This website uses so-called cookies. Cookies are text files that are stored and saved on a computer system via an internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string that allows websites and servers to recognize the specific internet browser in which the cookie is stored. This enables visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies.

By using cookies, we can provide more user-friendly services that would not be possible without the setting of cookies. Additionally, we use cookies to statistically collect the use of our website and evaluate it for the purpose of optimizing our website. These cookies enable us to recognize when you return to our website. The cookies set in this way are automatically deleted after a defined period. The specific retention period of the cookies can be found in the settings of the consent tool used.
For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 (1) lit. a) GDPR.
Legal Basis: Art. 6 (1) lit. c) GDPR

7. Presence in Social Networks

To provide you with the opportunity to communicate with us, we are present on certain social networks. If you visit the pages provided by these networks, we are jointly responsible with the provider of the respective platform for the processing of personal data in the sense of Art. 26 GDPR. We are not the original provider of these pages, but merely use them as part of the options provided to us by the respective providers.

We would like to point out that user data may be processed outside the European Union, over which we have no influence. The processing of personal data is carried out based on legitimate interests according to Art. 6 (1) lit. f) GDPR. If you must give consent for data processing to the respective providers, the legal basis is Art. 6 (1) lit. a) GDPR in conjunction with Art. 7 GDPR. Data protection inquiries should be directed to the respective platform providers.

A list of providers is given below: LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland). If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Further details can be found here: https://www.linkedin.com/legal/privacy-policy.

8. Plugins and Other Services

8.1 Google WebFonts
Our website uses Google WebFonts, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure the consistent presentation of fonts. When you visit a page, your browser loads the required WebFonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you use must establish a connection to the servers where the fonts are hosted. Normally, this involves our own servers, so third parties like Google do not have access to your personal data for this purpose. However, the use of a content management system on our site may involve plugins that connect to Google and load the fonts from there. As a result, Google may be informed that our website was accessed via your IP address. The use of Google WebFonts is in the interest of providing a consistent and visually appealing presentation of our website. This constitutes a legitimate interest under Art. 6 (1) lit. f) GDPR. You can find more information on Google WebFonts and Google’s privacy policy at: https://developers.google.com/fonts/faq and https://www.google.com/policies/privacy/.

9. Rights of the Data Subject

  • Right to Information according to Art. 15 GDPR: Information about your stored data and its processing.
  • Right to Rectification according to Art. 16 GDPR: Rectification of inaccurate personal data.
  • Right to Erasure according to Art. 17 GDPR: Deletion of your stored data.
  • Right to Restriction of Processing according to Art. 18 GDPR: Restriction of data processing if we are not allowed to delete your data due to legal obligations.
  • Right to Data Portability according to Art. 20 GDPR: Data portability if you have consented to data processing or entered into a contract with us.
  • Right to Object according to Art. 21 GDPR: Right to object to the processing of your data.
  • Withdrawal of Consent: Right to withdraw consent for data processing at any time with effect for the future.
  • Complaint to Supervisory Authority: Right to file a complaint with a data protection authority concerning our processing of personal data.