Updated 12th January 2019
Protecting the security and privacy of your personal data is important to HARTMANN. Therefore, HARTMANN (“HARTMANN“ shall mean the PAUL HARTMANN AG, and any of its direct or indirect subsidiaries) operates this websites and its pages (hereafter referred to as the “Website”) in compliance with applicable laws on data protection and data security.
In the following, we provide information on the kinds of data we collect on the Website, the purposes for which we use such data, and the parties with which we share such data, where applicable.
Data We Collect
Accesses to the Website are logged for security analysis reports and to defend against cyber-attacks. Except for the IP address, no personal data is ever collected or used in this connection. IP addresses are analysed only in the event of a cyber-attack. Log data is promptly deleted on a regular basis.
In addition, we collect personal data (e.g. names, addresses, telephone numbers, or e-mail addresses) in connection with the operation of the Website only when you have voluntarily provided such data to us (e.g. through registration, contact inquiries, surveys, etc.) and when we are entitled to process or use such data by virtue of permission granted by you or on the basis of a statutory provision.
Purpose of Processing
Our guiding principle is that we use such data only for the purpose for which you divulged the data to us, such as to answer your inquiries, process your orders, or grant you access to certain information or offerings.
We must always have a legal basis for processing your information. Examples of these legal basis are explained below:
|Consent||Hartmann will ask you for permission so that we can store and process your data. We will supply full details of why and how we wish to use your data. You may withdraw your consent at any time.||Hartmann may use consent when we’re asking you to confirm your marketing preferences.|
|Contractual||When using some of our services we may enter into a contract to which you are a party. |
These contracts may influence the processing of personal data as we comply with contractual and regulatory requirements.
|When you purchase products using our hartmanndirect.co.uk website we need details such as name, address, payment details to be able to provide and deliver products you have ordered.|
|Legal Obligation||Hartmann may be under a legal obligation to hold and disclose your personal data.||We may be asked to share your data with law enforcement agencies., Or as another example, we are obliged to retain data relating to financial transactions for a minimum period.|
|Legitimate Interest||Hartmann may hold and process your personal data for own legitimate interests. This is to allow us to manage our business to allow us to offer our customers the best service we can.
Where we use legitimate interest, we will consider the impact on you and take a balanced approach.Our legitimate interests don’t automatically override your interests.
|We have an interest in making sure our marketing is relevant for you, so we process your information to send you marketing that’s tailored to your interests.|
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information (see above).
Right of Access
Right to rectification
Right to erasure
Right to restriction of processing
Right to object to processing
Right to data portability
Please contact firstname.lastname@example.org when you have enquiries or wish to exercise any of your data protection law rights.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
No fee usually required:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond:
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
To protect your data from unauthorized access by third parties, we are obliged to carefully verify your identity. To answer your written requests, we reserve the right to request further information.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
The personal data that we collect from you is stored on secure information technology systems located in the EEA which are operated by us.
Some data processing in relation to web and email services and delivery of any products ordered by you is carried out on our behalf by a third party. We will take all steps reasonably necessary to ensure that your personal data is kept secure and in accordance with this privacy notice.
Unfortunately, the transmission of information from you via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access.
Our website uses up-to-date industry procedures to protect your personal information. We also protect the security of your data during transmission using Transport Layer Security (TLS) technology. We may vary this in the future if we feel you will benefit from greater security whilst using our site.
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you via our site.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Protection of minors
As a rule, children and persons under the age of 18 do not submit any personal data to HARTMANN without the consent of their parents or legal guardians. We do not solicit personal information about children, and we assure you that you will not knowingly collect, use, or otherwise disclose any personal information about children.
Sharing of data
We share your data with subsidiaries of HARTMANN and also with carefully selected data processors, with whom we have very strict contracts ensuring the protection of your data. We do not sell or otherwise market your personal data to third parties.
The lawful basis for sharing this data will be either contract (we need to share your address with delivery providers to ensure you get your product), or legitimate interest (eg we store our data in a cloud bases system, for the ease of use to ensure it is kept secure at all times). When the lawful basis is legitimate interest, we have carried out a legitimate interest balancing test to ensure we are not inadvertently overriding your rights as a data subject,
We use end-to-end encryption for transferring personal data. We remove data that identifies you as an individual when it is possible to do so.
In most cases, we try to store your data within the EU, where it is protected by the local implementation of the GDPR. If we do need to process your data outside of the EU then it is only done so using an adequacy decision (eg EU-US Privacy Shield), or other appropriate safeguards to protect your data, eg Standard Contractual Clauses.
We may obtain information posted publicly on social media sites and use it to help us understand how our different customers interact with us and what they think of us.
Social Media Bookmarks & Plug-ins
To make our websites more attractive and user-friendly, we use social bookmarks and social plug-ins. In accordance with Art. 6 para. 1 lit. f) EU GDPR to make HARTMANN better known. The underlying commercial purpose is to be regarded as legitimate interest within the meaning of the EU GDPR. Responsibility for the operation compliant with data protection is to be guaranteed by their respective providers.
What are Social Media Bookmarks & Plug-ins?
Social bookmarks are Internet bookmarks that allow you to see what other people found interesting about a subject, like Hartmann for example. They are stored at their respective providers:
Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, Calif. 94025, USA),
Twitter (Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA),
YouTube (YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA),
Instagram (Instagram LLC, 1601 Willow Rd, Menlo Park, Calif. 94025, USA),
This means that the social bookmarks (buttons) are included as links. By clicking on the buttons, you will be forwarded to our site at the respective providers, i.e. your information will be transmitted to the respective provider only by first clicking and forwarding.
If you visit a page of our website that contains plug-ins, these are initially deactivated. Only when you click the provided button of the provider, such as Facebook, the plug-ins are activated. With this activation you connect to Facebook and declare your consent to the transmission of data. If you are logged in to Facebook, for example, Facebook can assign the visit to your local account. If you press the Facebook button, the corresponding information will be transmitted directly from your browser to Facebook and stored there.
To prevent the providers from collecting data about you via our website, you must log out of your user accounts before you visit our website.
HARTMANN will respond to all legitimate requests for information and where applicable, to correct, amend, or delete your personal data. If you wish to make such a request or if you have questions or comments regarding this Data Protection Disclaimer, please contact the HARTMANN Data Protection Team with your questions and suggestions:
By Email: email@example.com
By Post: The Data Protection Team, Unit P2, Parklands, Heywood, Lancashire, OL10 2TT
By phone: 01706 363200
This Data Protection Disclaimer is updated from time to time. You will find the date of the last update at the top of this page.