Protecting the security and privacy of your personal data is important to HARTMANN. Therefore, HARTMANN (“HARTMANN“ shall mean the PAUL HARTMANN AG, and any of its direct or indirect subsidiaries) operates this websites and its pages (hereafter referred to as the “Website”) in compliance with applicable laws on data protection and data security.
In the following, we provide information on the kinds of data we collect on the Website, the purposes for which we use such data, and the parties with which we share such data, where applicable.
Data We Collect
Accesses to the Website are logged for the purpose of security analysis reports and to defend against cyber-attacks. With the exception of the IP address, no personal data is ever collected or used in this connection. IP addresses are analyzed only in the event of a cyber-attack. Log data is promptly deleted on a regular basis.
In addition, we collect personal data (e.g. names, addresses, telephone numbers, or e-mail addresses) in connection with the operation of the Website only when you have voluntarily provided such data to us (e.g. through registration, contact inquiries, surveys, etc.) and when we are entitled to process or use such data by virtue of permission granted by you or on the basis of a statutory provision.
Purpose of Processing
Our guiding principle is that we use such data only for the purpose for which you divulged the data to us, such as to answer your inquiries, process your orders, or grant you access to certain information or offerings. We must always have a legal basis for processing your information. Examples of these legal basis are explained below:
Consent - HARTMANN will ask you for permission so that we can store and process your data. We will supply full details of why and how we wish to use your data. You may withdraw your consent at any time. For example; HARTMANN may use consent when we’re asking you to confirm your marketing preferences.
Contractual - When using some of our services we may enter into a contract to which you are a party. These contracts may influence the processing of personal data as we comply with contractual and regulatory requirements. For example; HARTMANN may use consent when we’re asking you to confirm your marketing preferences.
Legal Obligation - HARTMANN may be under a legal obligation to hold and disclose your personal data. For example; We may be asked to share your data with law enforcement agencies. Or as another example, we are obliged to retain data relating to financial transactions for a minimum period of time.
Legitimate Interest - HARTMANN may hold and process your personal data for own legitimate interests. This is to allow us to manage our business to allow us to offer our customers the best service we can. Where we use legitimate interest we will consider the impact on you and take a balanced approach. Our legitimate interests don't automatically override your interests. For example; We have an interest in making sure our marketing is relevant for you, so we process your information to send you marketing that's tailored to your interests.
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information (see above).
- Right of Access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
Please contact firstname.lastname@example.org when you have enquiries or wish to exercise any of your data protection law rights.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
No fee usually required:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond:
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To protect your data from unauthorised access by third parties, we are obliged to carefully verify your identity. In order to answer your written requests, we reserve the right to request further information.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
The personal data that we collect from you is stored on secure information technology systems located in the EEA which are operated by us.
Some data processing in relation to web and email services and delivery of any products ordered by you is carried out on our behalf by a third party. We will take all steps reasonably necessary to ensure that your personal data is kept secure and in accordance with this privacy notice.
Unfortunately, the transmission of information from you via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access.
Our website uses up-to-date industry procedures to protect your personal information. We also protect the security of your data during transmission using Transport Layer Security (TLS) technology. We may vary this in the future if we feel you will benefit from greater security whilst using our site.
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you via our site.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Protection of minors
As a rule, children and persons under the age of 18 years do not submit any personal data to HARTMANN without the consent of their parents or legal guardians. We do not solicit personal information about children, and we assure you that you will not knowingly collect, use, or otherwise disclose any personal information about children.
Sharing of data
Insofar as you have provided your consent or when we are otherwise legally entitled to do so, we will share your personal data with subsidiaries of HARTMANN, where applicable, for the purposes indicated above.
In connection with the operation of the Website and the services provided by way of the Website, HARTMANN works with service providers such as hosting or IT maintenance service providers, for example.
These recipients may possibly be located in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as in your home country. In such cases, HARTMANN takes measures to ensure an appropriate level of data protection.
Data is shared only in connection with and in compliance with applicable laws and regulations. We do not sell or otherwise market your personal data to third parties.
We may obtain information posted publicly on social media sites and use it to help us understand how our different customers interact with us and what they think of us.
Social Media Bookmarks & Plug-ins
To make our websites more attractive and user-friendly, we use social bookmarks and social plug-ins. In accordance with Art. 6 para. 1 lit. f) EU GDPR to make HARTMANN better known. The underlying commercial purpose is to be regarded as legitimate interest within the meaning of the EU GDPR. Responsibility for the operation compliant with data protection is to be guaranteed by their respective providers.
What are Social Media Bookmarks & Plug-ins?
Social bookmarks are Internet bookmarks that allow you to see what other people found interesting about a particular subject, like HARTMANN for example. They are stored at their respective providers:
Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, Calif. 94025, USA),
Twitter (Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA),
YouTube (YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA),
Instagram (Instagram LLC, 1601 Willow Rd, Menlo Park, Calif. 94025, USA),
This means that the social bookmarks (buttons) are included as links. By clicking on the buttons, you will be forwarded to our site at the respective providers, i.e. your information will be transmitted to the respective provider only by first clicking and forwarding.
If you visit a page of our website that contains plug-ins, these are initially deactivated. Only when you click the provided button of the provider, such as Facebook, the plug-ins are activated. With this activation you connect to Facebook and declare your consent to the transmission of data. If you are logged in to Facebook, for example, Facebook can assign the visit to your local account. If you press the Facebook button, the corresponding information will be transmitted directly from your browser to Facebook and stored there.
In order to prevent the providers from collecting data about you via our website, you must log out of your user accounts before you visit our website.