Veri Koruma Bildirimi

Son güncelleme: Şubat 2020

bg-country-switch bg-country-switch

Gizlilik bildirimi

PAUL HARTMANN TIBBİ VE HİJ. ÜR. İTH. LTD. ŞTİ
KİŞİSEL VERİLERİN KORUNMASI POLİTİKASI

Doküman Adı:Kişisel Verilerin Korunması Politikası
Doküman İlgisi:Kişisel Verilerin Korunması Politikasının amacı, Paul Hartmann tarafından kişisel verilerin korunmasına yönelik süreçlerin planlanması ve bu konuya ilişkin uygulanacak esasların belirlenmesidir.
Yayınlanma Tarihi:14.01.2020
Versiyon No:1
Referans / Gerekçe:6698 sayılı Kişisel Verilerin Korunması Kanunu ve sair mevzuat
Onay Merci:Paul Hartmann Genel Müdürü

PAUL HARTMANN TIBBİ VE HİJ. ÜR. İTH. LTD. ŞTİ

KİŞİSEL VERİLERİN KORUNMASI POLİTİKASI

1. AMAÇ

Her bireyin kendisi ile ilgili kişisel verilerin korunmasını isteme hakkı Anayasa’dan doğan kutsal bir haktır. Paul Hartmann olarak bu hakkın gereklerini yerine getirmeyi en değerli görevlerimizden biri olarak kabul ediyoruz. Bu nedenle kişisel verilerinizin hukuka uygun olarak işlenmesine ve korunmasına önem veriyoruz.

Kişisel Verilerin Korunması Politikası da kişisel verilerin korunmasına verdiğimiz önemin bir sonucu olarak kişisel verileri işlerken ve korurken temel aldığımız ilkeleri ve uyguladığımız prosedürleri belirlemek amacıyla hazırlanmıştır.

2. KAPSAM

Politika Paul Hartmann’ın yönettiği bütün kişisel veriler verilerin tamamen veya kısmen otomatik olan ya daherhangi bir veri kayıt sisteminin parçası olmak kaydıyla otomatik olmayan yollarla elde edilmesi, kaydedilmesi, depolanması, muhafaza edilmesi, değiştirilmesi, yeniden düzenlenmesi, açıklanması, aktarılması, devralınması, elde edilebilir hâle getirilmesi, sınıflandırılması ya da kullanılmasının engellenmesi gibi veriler üzerinde gerçekleştirilen her türlü işlemi kapsamaktadır.

Politika Paul Hartmann’ın ortaklarının, yetkililerinin, müşterilerinin, çalışanlarının, tedarikçi yetkililerinin ve çalışanlarının, ve üçüncü kişilerin işlenen tüm kişisel verilerine ilişkindir.

Paul Hartmann, Politika’yı mevzuata ve Kişisel Verileri Koruma Kurumu’nun kararlarına uyum ve kişisel verilerin daha iyi korunması amaçlarıyla değiştirebilir.

3. TANIMLAR

Belirli bir konuya ilişkin, bilgilendirilmeye dayanan ve özgür iradeyle açıklanan rıza.

Alıcı Grubu :Veri sorumlusu tarafından kişisel verilerin aktarıldığı gerçek veya tüzel kişi kategorisi.

Açık Rıza:Belirli bir konuya ilişkin, bilgilendirilmeye dayanan ve özgür iradeyle açıklanan rıza.

Anonim Hale Getirme:Kişisel verilerin, başka verilerle eşleştirilerek dahi hiçbir surette kimliği belirli veya belirlenebilir bir gerçek kişiyle ilişkilendirilemeyecek hale getirilmesi.

İlgili Kişi :Kişisel verisi işlenen gerçek kişi.

İlgili Kullanıcı :Verilerin teknik olarak depolanması, korunması ve yedeklenmesinden sorumlu olan kişi ya da birim hariç olmak üzere veri sorumlusu organizasyonu içerisinde veya veri sorumlusundan aldığı yetki ve talimat doğrultusunda kişisel verileri işleyen kişilerdir.

İmha:Kişisel verilerin silinmesi, yok edilmesi veya anonim hale getirilmesi.

Kanun/KVKK:6698 Sayılı Kişisel Verilerin Korunması Kanunu.

Kayıt Ortamı:Tamamen veya kısmen otomatik olan ya da herhangi bir veri kayıt sisteminin parçası olmak kaydıyla otomatik olmayan yollarla işlenen kişisel verilerin bulunduğu her türlü ortam.

Kişisel Veri:Kimliği belirli veya belirlenebilir gerçek kişiye ilişkin her türlü bilgi.

Veri Envanteri:Veri sorumlularının iş süreçlerine bağlı olarak gerçekleştirmekte oldukları kişisel verileri işleme faaliyetlerini; kişisel verileri işleme amaçları ve hukuki sebebi, veri kategorisi, aktarılan alıcı grubu ve veri konusu kişi grubuyla ilişkilendirerek oluşturdukları ve kişisel verilerin işlendikleri amaçlar için gerekli olan azami muhafaza edilme süresini, yabancı ülkelere aktarımı öngörülen kişisel verileri ve veri güvenliğine ilişkin alınan tedbirleri açıklayarak detaylandırdıkları envanter.

Kişisel Verilerinİşlenmesi:Kişisel verilerin tamamen veya kısmen otomatik olan ya da herhangi bir veri kayıt sisteminin parçası olmak kaydıyla otomatik olmayan yollarla elde edilmesi, kaydedilmesi, depolanması, muhafaza edilmesi, değiştirilmesi, yeniden düzenlenmesi, açıklanması, aktarılması, devralınması, elde edilebilir hâle getirilmesi, sınıflandırılması ya da kullanılmasının engellenmesi gibi veriler üzerinde gerçekleştirilen her türlü işlem.

Komisyon:Paul Hartmann tarafından Politika’yı ve ilgili diğer prosedürleri yönetmek ve Politika’nın yürürlüğünü sağlamak amacıyla kurulan Kişisel Verileri Koruma Komisyonu.

Kurul:Kişisel Verileri Koruma Kurulu.

Kurum:Kişisel Verileri Koruma Kurumu

Özel Nitelikli Kişisel Veri:Kişilerin ırkı, etnik kökeni, siyasi düşüncesi, felsefi inancı, dini, mezhebi veya diğer inançları, kılık ve kıyafeti, dernek, vakıf ya da sendika üyeliği, sağlığı, cinsel hayatı, ceza mahkûmiyeti ve güvenlik tedbirleriyle ilgili verileri ile biyometrik ve genetik verileri.

Paul Hartmann:Paul Hartmann Tıbbi ve Hij. Ür. İth. Ltd. Şti

Periyodik İmha:Kanun’da yer alan kişisel verilerin işlenme şartlarının tamamının ortadan kalkması durumunda kişisel verileri saklama ve imha politikasında belirtilen ve tekrar eden aralıklarla re’sen gerçekleştirilecek silme, yok etme veya anonim hale getirme işlemi.

Politika:Kişisel Verilerin Korunması Politikası

Veri İşleyen:Veri sorumlusunun verdiği yetkiye dayanarak veri sorumlusu adına kişisel verileri işleyen gerçek veya tüzel kişi.

Veri Sorumlusu:Kişisel verilerin işleme amaçlarını ve vasıtalarını belirleyen, veri kayıt sisteminin kurulmasında ve yönetilmesinden sorumlu gerçek veya tüzel kişi.

4. GENEL İLKELER

Paul Hartmann her yeni kişisel veri işlemeyi gerektiren iş akışının hazırlık aşamasında işlenecek verilerin aşağıdaki ilkelere uygunluğunu denetler. Uygun bulunmayan iş akışları hayata geçirilmez.

Paul Hartmann kişisel verileri işlerken;

(I) Hukuka ve dürüstlük kurallarına uyar.

(II) Kişisel verilerin doğru ve gerektiğinde güncel olduğundan emin olur.

(III) İşleme amacının belirli, açık ve meşru olmasına dikkat eder.

(IV) İşlenen verinin işlenme amacıyla bağlantılı olduğunu, işlenilmesi gerektiği kadarıyla sınırlı işlendiğini ve ölçülü olduğunu kontrol eder.

(V) Verileri ancak ilgili mevzuatta öngörörülen veya işlenme amacı için gerekli olduğu kadar muhafaza eder, işlenme amacı ortadan kalktığında imha eder.

5. GÖREV VE SORUMLULUKLAR

Paul Hartmann bünyesinde kişisel verilerin işlenmesine ilişkin işbu Politika’yı ve ilgili diğer prosedürleri yönetmek ve Politika’nın yürürlüğünü sağlamak amacıyla Kişisel Verilerin Korunması Komisyonu kurulmuştur. Komisyon’u Genel Müdür, İş Hizmetleri Müdürü, Pazarlama Müdürü, Finans Müdürü ve Satış Müdürü oluşturmaktadır. Paul Hartmann bunun yanı sıra gerektiğinde 6698 sayılı Kişisel Verilerin Korunması Kanunu’na uyum sağlamak amacıyla KVKK danışmanlığı desteği de almaktadır. Komisyon gerek görmesi halinde toplantılarına KVKK danışmanını çağırabilir.

Komisyon’un görev ve sorumlulukları aşağıda belirtilmiştir.

(I) Olağan olarak 6 ayda bir toplanır. Şartların gerektirmesi halinde olağanüstü toplanılabilir (örneğin olası bir veri ihlali durumunda).

(II) Politika’da değiştirilmesi/geliştirilmesi gereken hususları tartışır.

(III) Kişisel verilerin hukuka uygun işlenmesi ve korunması adına yerine getirilebilecek hususları tespit eder.

(IV) Komisyon, şirket içi ve iş ortakları nezdinde KVKK farkındalığını artırmak için atılabilecek adımları belirler.

(V) Kişisel verilerin işlenmesi ve korunması hususunda karşılaşılabilecek riskleri tespit eder, gerekli idari ve teknik tedbirleri alır.

(VI) Kurum ile irtibatı sağlar ve ilişkileri yönetir.

(VII) İlgili Kişi’den gelen talepleri değerlendirir.

(VIII) Periyodik imha süreçlerini takip eder.

(IX) Veri Envanteri’ni günceller.

(X) Yukarıda sayılan hususlara ilişkin görevlendirmeleri yapar.

6. Veri Güvenliği İçin Alınan Tedbirler

Paul Hartmann (i) kişisel verilerin hukuka aykırı olarak işlenmesini önlemek, (ii) kişisel verilere hukuka aykırı olarak erişilmesini önlemek, (iii) kişisel verilerin muhafazasını sağlamak amacıyla uygun güvenlik düzeyini temin etmeye yönelik gerekli ger tür teknik ve idari tedbirleri alır.

6.1. Teknik Tedbirler

(I) Ağ güvenliği ve uygulama güvenliği sağlanmaktadır.

(II) Bilgi teknolojileri sistemleri tedarik, gelistirme ve bakımı kapsamındaki güvenlik önlemleri alınmaktadır.

(III) Erişim logları düzenli olarak tutulmaktadır.

(IV) Güncel anti-virüs sistemleri kullanılmaktadır.

(V) Güvenlik duvarları kullanılmaktadır.

(VI) Kişisel veri içeren fiziksel ortamlara giriş çıkışlarla ilgili gerekli güvenlik önlemleri alınmaktadır.

(VII) Kişisel veri içeren fiziksel ortamların dış risklere (yangın, sel vb.) karşı güvenliği sağlanmaktadır.

(VIII) Kişisel veri içeren ortamların güvenliği sağlanmaktadır.

(IX) Kişisel veriler yedeklenmekte ve yedeklenen kişisel verilerin güvenliği de sağlanmaktadır.

(X) Kullanıcı hesap yönetimi ve yetki kontrol sistemi uygulanmakta olup bunların takibi de yapılmaktadır.

(XI) Log kayıtları kullanıcı müdahalesi olmayacak şekilde tutulmaktadır.

(XII) Saldırı tespit ve önleme sistemleri kullanılmaktadır.

(XIII) Şifreleme yapılmaktadır.

6.2. İdari Tedbirler

(I) Çalışanlar için veri güvenliği hükümleri içeren disiplin düzenlemeleri mevcuttur.

(II) Çalışanlar için veri güvenliği konusunda belli aralıklarla eğitim ve farkındalık çalışmaları yapılmaktadır.

(III) Erişim, bilgi güvenliği, kullanım, saklama ve imha konularında kurumsal politikalar hazırlanmış ve uygulamaya başlanmıştır.

(IV) Gerektiğinde veri maskeleme önlemi uygulanmaktadır.

(V) Gizlilik taahhütnameleri yapılmaktadır.

(VI) Çalışanlar için yetki matrisi oluşturulmuştur.

(VII) Görev değişikliği olan ya da işten ayrılan çalışanların bu alandaki yetkileri kaldırılmaktadır.

(VIII) İmzalanan sözleşmeler veri güvenliği hükümleri içermektedir.

(IX) Kişisel veri güvenliği politika ve prosedürleri belirlenmiştir.

(X) Kişisel veri güvenliği sorunları hızlı bir şekilde raporlanmaktadır.

(XI) Kişisel veri güvenliğinin takibi yapılmaktadır.

(XII) Kişisel veriler mümkün olduğunca azaltılmaktadır.

(XIII) Kurum içi periyodik ve/veya rastgele denetimler yapılmakta ve yaptırılmaktadır.

(XIV) Mevcut risk ve tehditler belirlenmiştir.

(XV) Özel nitelikli kişisel veri güvenliğine yönelik protokol ve prosedürler belirlenmiş ve uygulanmaktadır.

(XVI) Özel nitelikli kişisel veriler elektronik posta yoluyla gönderilecekse mutlaka şifreli olarak ve KEP veya kurumsal posta hesabı kullanılarak gönderilmektedir.

(XVII) Veri işleyen hizmet sağlayıcılarının, veri güvenliği konusunda farkındalığı sağlanmaktadır.

7. İlgili Kişinin Kişisel Verilerle İlgili Hakları

İlgili kişi, Paul Hartmann’a başvurarak aşağıda yer alan konularda talepte bulunabilir:

(I) Kişisel verilerinin işlenip işlenmediğini öğrenme,

(II) Kişisel verileri işlenmişse buna ilişkin bilgi talep etme,

(III) Kişisel verilerinin işlenme amacı ve bunların amacına uygun kullanılıp kullanılmadığını öğrenme,

(IV) Kişisel verilerinin yurt içinde veya yurt dışında aktarıldığı üçüncü kişileri öğrenme,

(V) Kişisel verilerinin eksik veya yanlış işlenmiş olması hâlinde bunların düzeltilmesini isteme ve bu kapsamda yapılan işlemin kişisel verilerin aktarıldığı üçüncü kişilere bildirilmesini isteme,

(VI) KVKK ve ilgili diğer kanun hükümlerine uygun olarak işlenmiş olmasına rağmen, işlenmesini gerektiren sebeplerin ortadan kalkması hâlinde kişisel verilerinin silinmesini, yok edilmesini veya anonim hale getirilmesini isteme ve bu kapsamda yapılan işlemin kişisel verilerinin aktarıldığı üçüncü kişilere bildirilmesini isteme,

(VII) İşlenen verilerinin münhasıran otomatik sistemler vasıtasıyla analiz edilmesi suretiyle aleyhine bir sonucun ortaya çıkmasına itiraz etme,

(VIII) Kişisel verilerinin kanuna aykırı olarak işlenmesi sebebiyle zarara uğraması hâlinde zararın giderilmesini talep etme.

8. İHLAL BİLDİRİMLERİ

Paul Hartmann çalışanları, KVKK hükümlerini ve/veya Politika’yı ihlal ettiğini düşündüğü iş, eylem veya olguyu Komisyon’a raporlar. Komite bu ihlal bildirimi akabinde gerekli görmesi halinde toplanır ve ihlale ilişkin bir eylem planı oluşturur.

İhlal, kişisel verilerin kanuni olmayan yollarla başkaları tarafa elde edilmesi yoluyla gerçekleşmişse, Komisyon, Kurul’un 24.01.2019 tarih ve 2019/10 sayılı kararı kapsamında bu durumu 72 saat içerisinde ilgilisine ve Kurul’a bildirir.

9. DEĞİŞİKLİKLER

Politika üzerindeki değişiklikler Komisyon tarafından hazırlanır ve uygun görülmesi halinde Paul Hartmann Genel Müdürü’nün onayına sunulur. Güncellenen Politika çalışanlara e-posta yolu ile gönderilebilir veya internet sitesi üzerinde yayınlanır.

10. YÜRÜRLÜK TARİHİ

Politika’nın işbu versiyonu 14.01.2020 tarihinde Genel Müdür tarafından onaylanarak yürürlüğe girmiştir.PAUL HARTMANN TIBBİ VE HİJ. ÜR. İTH. LTD. ŞTİ


İşbu Kişisel Veriler Aydınlatma Metni, 6698 sayılı Kişisel Verilerin Korunması Kanunu (“Kanun”) uyarınca kişisel verilerinizin toplanması, işlenmesi, aktarılması ve Kanun kapsamındaki haklarınıza dair sizleri bilgilendirmek amacıyla hazırlanmıştır.

Kozyatağı Mah.Kaya Sultan Sok.Nanda PlazaNo:83/1/A Kat:3 adresinde Paul Hartmann Tıbbi ve Hijyenik Ürünler İthalat İhracat ve Limited Şirketi olarak, veri sorumlusu sıfatıyla kişisel verilerinizi Kanun ve ilgili mevzuata uygun olarak aşağıda açıklanan kapsamda işliyoruz.

Kişisel Verileri Aydınlatma Metni

İşlediğimiz Kişisel Veriler

İşbu Aydınlatma Metni’nde belirtilen kişisel veri işleme amaçlarımızı gerçekleştirebilmek amacıyla, aşağıdaki kişisel verilerini işliyoruz:

·Ad, soyad, T.C. Kimlik numarası, kimlik belgesinde yer alan diğer bilgiler, ehliyet fotokopisinde yer alan bilgiler dahil kimlik bilgileriniz;

·E-posta, telefon numarası, cep telefonu, ev ve iş yeri adresi dahil iletişim bilgileriniz;

·Aile ve yakınlarınız ile ilgili bilgiler;

·Mobil uygulama veya internet sitesi ziyaretiniz üzerinden konum bilgileriniz,

·Özlük bilgileriniz;

·Hukuki işlem bilgileriniz;

·Müşteri işlem bilgileriniz;

·Ziyaretçi giriş ve çıkış kayıtları dahil fiziksel mekân güvenliği bilgileriniz;

·IP adresi ve internet sitesi giriş çıkış bilgileri dahil işlem güvenliği bilgileriniz;

·Risk yönetimi bilgileriniz;

·Banka kartı ve kredi kartı bilgileriniz dahil finansal bilgileriniz;

·CV'leriniz ve özgeçmiş bilgileriniz dahil mesleki deneyim bilgileriniz;

·Kullanım alışkanlıklarınız ve geçmiş ürün/hizmet alımı bilgileriniz dahil pazarlama bilgileriniz;

·Görsel ve işitsel verileriniz,

·CV’lerinizde yer alan dernek ve vakıf üyeliği bilgileriniz,



Kişisel Veri İşleme Amaçlarımız

Kişisel verilerinizi, aşağıdaki amaçlar ile sınırlı olarak işliyoruz:

·Ürün ve/veya hizmetlerimizin sunulabilmesi ve satış süreçlerinin yürütülmesi,

·Ürün ve/veya hizmet alım süreçlerinin yürütülmesi,

·İhtiyaçlarınız ve talepleriniz doğrultusunda ürün ve hizmetlerimizin güncellenmesi, özelleştirilmesi ve geliştirilmesi,

·Ürün ve hizmetlerimizdeki problemlerin çözülmesi, hata, sorun ve bugların tespit edilmesi ve bunların giderilmesi,

·Yeni ürün veya hizmetlerimiz, mevcut ürün veya hizmetlerimizdeki değişiklikler ile kampanyalarımız ve promosyonlarımız hakkında sizlerin bilgilendirilmesi,

·Ürün ve hizmetlerimiz hakkında size gerekli eğitimlerin ve bilgilendirmelerin verilebilmesi, programlarımızın nasıl kullanılacağının izah edilmesi,

·Müşteri ilişkileri süreçlerinin yürütülmesi,

·Çağrı merkezi ve uzaktan destek hizmetlerinin sağlanması,

·İnternet sitesi üyelik işlemlerinin gerçekleştirilmesi,

·İnternet sitelerimizde ziyaretçilerimizin tecrübesini iyileştirmek, talep ve sorunları tespit etmek ve aramalarını hızlı sonuçlandırmak amacıyla çerezlerin yönetilmesi. (Daha detaylı bilgi için Çerez Politikamızabakabilirsiniz)

·Ticari faaliyetlerimizi yürütmeye devam etmek amacıyla iletişim bilgilerinizin güncellenmesi ve bu güncel bilgilerinizin ilgili kurumlarımız, şirketlerimiz, yüklenicilerimiz ve/veya tedarikçilerimize sağlanması,

·İş süreçlerinizi analiz ederek, ürün ve hizmetlerimizin süreçlerinize uygun olarak hale getirilmesi ve önerileriniz, istekleriniz ya da raporlarımız doğrultusunda iyileştirilmesi, tarafınızca yapılan herhangi bir şikâyetin incelenmesi ve yanıtlanması,

·Yanlış ödeme yapanlara ödemenin iadesi işlemlerinin yürütülmesi,

·Müşteri memnuniyetine yönelik aktivitelerin yürütülmesi, sosyal medya ve iletişim süreçlerinin planlanması ve icra edilmesi,

·Pazarlama faaliyetlerinin yürütülmesi, reklam / kampanya / promosyon süreçlerinin yürütülmesi,

·Cari kaydının açılması ve kaydının güncellenmesi ve müşteri ve iş ortaklarının nevi, unvan ve tür değişikliğinin yapılması,

·İş ortağı memnuniyetinin sorgulanması,

·İş faaliyetlerimizin yönetilmesi, yürütülmesi ve denetlenmesi, iş sürekliliğinin sağlanması faaliyetlerinin yürütülmesi,

·Finans ve muhasebe işlerinin yürütülmesi,

·Bina ve tesislerimizin fiziksel mekân güvenliğinin sağlanması ve ziyaretçi kayıtlarının oluşturulması ve takibinin sağlanması,

·Yazılımlarımızın ve sistemlerimizin güvenliğinin sağlanması ve bilgi güvenliği süreçlerinin yürütülmesi,

·Çalışanlarımızın yakınları için yan haklar ve menfaatler sağlanması,

·Çalışan adaylarının iş başvurularının değerlendirilmesi, mülakatların ve görüşmelerin yapılması, özgeçmişlerinde referans olarak gösterdikleri kişiler ile iletişime geçilmesi,

·Şirket satın alımıyla ilgili süreçlerin yürütülmesi,

·Şirketimiz tarafından ticari kredi kartlarının çıkarılması,

·Yasal mevzuatlara uyum sağlanmak ve hukuki yükümlülüklerimizin yerine getirilmesi.



Kişisel Verileri Toplama Yöntemimiz

Kişisel verilerinizi, aşağıda belirtilen otomatik ve otomatik olmayan kanallar üzerinden topluyoruz:

·Çerezler (Cookies) ve benzer takip teknolojileri,

·Matbu ve elektronik form,

·Posta, kargo ya da kurye hizmetleri,

·Uzaktan erişim sağlayan programlar,

·Türkiye’nin farklı yerlerindeki bayilerimiz, iş ortaklarımız,

·Hizmet aldığımız firmalar,

·Diğer fiziki ve elektronik ortamlar,

1.İşlemeye Yönelik Hukuki Sebeplerimiz

Kişisel verilerinizi, Kanun’un 5. ve 6. maddelerinde belirtilen işleme şartları dahilinde işliyoruz.

2.Kişisel Verilerinizin Aktarılması

Kişisel verilerinizi Kanun’un 8. ve 9. maddelerinde belirtilen işleme şartları dahilinde, yukarıda belirttiğimiz amaçlar ile sınırlı olarak çalışanlarımız, iş ortaklarımız, hissedarlarımız, tedarikçilerimiz, şirket temsilcisi ve hukuken yetkili vekillerimiz ve hukuken yetkili kamu/özel kurum ve kuruluşlarına aktarabiliyoruz.

3.Kişisel Verilerinize İlişkin Haklarınız

Kanun’un 11. maddesi uyarınca kişisel verilerinize ilişkin aşağıdaki haklara sahipsiniz:

·Kişisel verilerinizin işlenip işlenmediğini öğrenme,

·Kişisel verileriniz işlenmişse buna ilişkin bilgi talep etme,

·Kişisel verilerin işlenme amacını ve bunların amacına uygun kullanılıp kullanılmadığını öğrenme,

·Yurt içinde veya yurt dışında kişisel verilerinizin aktarıldığı üçüncü kişileri bilme,

·Kişisel verilerinizin eksik veya yanlış işlenmiş olması halinde bunların düzeltilmesini isteme ve bu kapsamda yapılan işlemin kişisel verilerinizin aktarıldığı üçüncü kişilere bildirilmesini isteme,

·6698 sayılı Kişisel Verilerin Korunması Kanunuve ilgili diğer kanun hükümlerine uygun olarak işlenmiş olmasına rağmen, işlenmesini gerektiren sebeplerin ortadan kalkması hâlinde kişisel verilerinizin silinmesini veya yok edilmesini isteme ve bu kapsamda yapılan işlemin kişisel verilerinizin aktarıldığı üçüncü kişilere bildirilmesini isteme,

·İşlenen verilerin münhasıran otomatik sistemler vasıtasıyla analiz edilmesi suretiyle aleyhinize bir sonucun ortaya çıkmasına itiraz etme,

·Kişisel verilerin kanuna aykırı olarak işlenmesi sebebiyle zarara uğramanız halinde bu zararın giderilmesini talep etme.

Bu haklarınıza ilişkin taleplerinizi internet sitemizdekiBaşvuru Formuüzerinden gönderebilirsiniz.

Başvurunuz ücretsiz olarak yerine getirilecektir. Ancak talep edilen işlemin ayrıca bir maliyet gerektirmesi halinde, Kişisel Verileri Koruma Kurulu tarafından belirlenen tarifedeki ücretler başvurandan talep edilecektir.

If you are a shareholder, customer, supplier of or applicant at HARTMANN, you will find information on the processing of your personal data here:

Shareholders can find more information here
Customers can find more information here
Suppliers can find more information here
Applicants can find more information here

We kindly ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require a cooperative action on your part (e.g. consent) or other individual notification.

Status: 06.07.2022

Responsible party:

PAUL HARTMANN AG
Paul-Hartmann-Straße 12
89522 Heidenheim
Phone: +49-7321-36-0
Fax: +49-7321-36-3636
E-Mail: info@hartmann.info

Contact Data Protection:

PAUL HARTMANN AG
Department DPM / DPO
Paul-Hartmann-Straße 12
89522 Heidenheim
E-Mail: datenschutz@hartmann.info

Do you have general questions or comments about this data protection declaration or specific questions about the processing of your data? We will gladly answer them.

In accordance with Art. 13, 14 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not expressly mentioned in this data protection declaration, the following applies:

The legal basis for obtaining consent is Article 6 (1) a and Article 7 GDPR as well as Article 9 (2) a and Article 7 GDPR (e.g. registration on offered portals/creation of customer accounts, delivery of user-specific offers and information about our products and services, surveys on our websites, analysis of the use of our products, services and websites, personalisation of offers on the Internet, by e-mail, fax and other channels, advertising or market and opinion research), the legal basis for processing for the purpose of fulfilling our services and carrying out contractual measures and responding to enquiries is Art. 6 (1) b GDPR (e.g. registration on offered portals/creation of customer accounts, execution of contract and/or service, processing of payments for purchases and other services (e.g., SEPA direct debit), processing due to a complaint, communication in particular via telephone, e-mail, fax, live chat, video call, supply advice), the legal basis for processing for the fulfilment of our legal obligations is Art. 6 (1) c GDPR (e.g. compliance with the statutory retention periods) and the legal basis for processing to safeguard our legitimate interests listed below is Art. 6 (1) f GDPR (e.g. Analysis and clarification of misuse or attacks on communication systems, legitimation and authentication; protection against or investigation of possible fraudulent transactions, communication via telephone, e-mail, fax, live chat, video call and other channels; sending samples, premiums, products and information, providing user-specific offers and information about our products and services, surveys on our websites, personalisation of offers on the Internet, by e-mail, fax and other channels, determining the effectiveness of our advertising). In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) d GDPR serves as the legal basis. The processing of health data that has obviously been made public (or other special categories of personal data) is based on Art. 9 (2) e GDPR.

In accordance with Articles 24, 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons. Such measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to personal data, as well as access, input, disclosure, safeguarding of availability and segregation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of personal data and response to threats to personal data. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection by means of technological design and by means of data protection-friendly presettings (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server. Third party security measures include in particular IP masking (pseudonymization of your IP address).

Due to close cooperation in some areas, we may also process your personal data together with another data controller within the meaning of Art. 26 GDPR. The respective partners are determined by the individual cooperation with regard to the purposes presented below. Information on how the partners process your personal data can be found in their data protection declarations. In order to guarantee your rights in particular and taking into account the requirements of the GDPR, we have concluded an agreement on a case-by-case basis that sets out rules for the processing of your personal data. Thus, as so-called joint controllers, we are jointly responsible for the processing of your personal data.

4.1. Purposes of data processing within the framework of joint controllership

Joint controllership in the context of processsing of your personal data can take place fort he following purposes:

  • Integration of our services on third-party websites, e.g. integration of wizards, plug-ins or other technical means;
  • Integration of third-party services on our websites, e.g. integration of wizards, plug-ins or other technical means;
  • Offering products and services on third-party marketplaces;
  • Carrying out surveys, investigations, and their evaluation;
  • Carrying out audit procedures (e.g. as part of audits);
  • Implementation and use of a whistleblower system.

4.2. Categories of data processed under a joint controllership

In particular, we process the following categories of personal data:

  • Inventory data (e.g. first and last name);
  • Contact information (e.g. phone number, email address);
  • Contract data (e.g. billing data);
  • Payment data (e.g. account data);
  • Special categories of personal data (e.g. health data);
  • Content data (e.g. communication content);
  • Metadata (e.g. IP address).

4.3. Contact information to exercise your rights

In individual cases, together with our respective partners, we have agreed on how we will ensure your rights and specified in more detail which obligations are incumbent on each partner to fulfill the obligations of the GDPR. It is particularly relevant to ensure that your rights as data subjects are exercised and that the information obligations to you in accordance with Articles 13 and 14 of the GDPR are fulfilled. We will be happy to answer general inquiries or comments using the contact details provided in section 1 of this privacy notice. To exercise your rights, please use the form linked in section 14 of this privacy notice.

Regardless of the determined contact point, you can also assert your rights directly against the respective partner.

Note: Insofar as your personal data is processed by a partner – going beyond the scope of joint responsibility – you are free to exercise your rights against this partner.

If, in the course of our processing, we disclose (third parties) personal data to other persons and companies - including Group companies -, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal authorisation (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract in accordance with Art. 6 (1) b GDPR), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosters, etc.).

Insofar as we commission so-called contract processors with the processing of personal data on the basis of a so-called "data processing agreement" and thereby secure for ourselves, among other things, the necessary powers of influence or control with regard to the processing and use of personal data, this is done on the basis of Art. 28 GDPR. However, we remain responsible to you for the legality of the data processing.

If we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or if personal data is disclosed or transferred to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or transfer personal data in a third country only if the special prerequisites of Art. 44 ff. GDPR. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognised establishment of a data protection level equivalent to that of the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

This information informs you about the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and contents as well as external online presences, such as our social media profiles (hereinafter jointly referred to as "online offer“). You can find further information in our “Privacy Notice Customers”.

7.1 Cookies, analysis, tracking, optimisation

Information on the cookies we use is mainly found in our cookie policy. Information on technologies from us or from third parties, which are not only used to provide a function within our online offer, but also exclusively or additionally serve the analysis of user behaviour, tracking, the optimisation of our marketing activities or other purposes, is made available to you in this data protection declaration and in our cookie policy.

7.2 Purposes of data processing

We process your personal data in particular for the following purposes:

Provision of the online offer, its contents and functions; marketing, advertising, public relations and market research; security measures; tracking (e.g. interest/behavioural profiling, use of cookies); remarketing; visitor action evaluation, interest-based and behaviour-based marketing, profiling (creation of user profiles); version measurement (measurement of the effectiveness of marketing measures); target group formation (determination of target groups relevant for marketing purposes or other output of content); cross-device tracking (cross-device processing of user data for marketing purposes).

7.3 Categories of data

We process in particular the following data categories:

Usage data (e.g. websites visited, services used, interest in content, access times); meta/communication data (e.g. device information, IP addresses, browser type); location data (data indicating the location of an end user's end device).

7.4 Collection of access data and log files

On the basis of our legitimate interests within the meaning of Art. 6 (1) f GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the path of the website accessed, files linked to it, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider as well as other browser header data. In particular, the processing of your IP address as personal data is necessary for communication between your browser and our server.

Log file information is stored for a period of 6 months for security reasons (e.g. for the clarification of abuse or fraud) and then deleted. Data whose further storage is required for evidential purposes is excluded from deletion until final clarification of the respective incident. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 (1) c GDPR.

7.5 Online presence in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing social networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.

We process your personal data if you communicate them within social networks and platforms, e.g. by writing articles on our online presences or sending us messages. In addition, Meta platforms, among other things, may provide statistics and insights (e.g., total number of page views, "Like" information, page activity, post interactions, video views, post reach, comments, shared content, responses, etc.) that help us understand the types of actions you take on our sites. This enables us to better understand your interests and preferences and can, for example, increase the attractiveness of articles or our performance presentation or choose the right time for publication.

We point out that your personal data may be processed by the respective operator outside the European Union or the European Economic Area (third country).. As a result, risks may arise for you, in particular the enforcement of rights may become more difficult. However, processing in a third country is always dependent on the existence of the special requirements of Art. 44 et seq, it means the processing takes place e.g. on the basis of special guarantees, such as the officially recognized level of data protection protection corresponding to the level of the EU or in compliance with officially recognized contractual obligations (so-called "standard contractual clauses").

If you click on the button of the respective operator, you will be redirected to our respective online presence in a separate browser window and can - if you are logged in to your user account - share or subscribe to our news, among other things. Clicking the button will establish a direct connection between your browser and the server of the respective operator. The respective operator receives the information that you have visited our website with your IP address. The respective operator may collect further personal data as soon as you use their offers. In addition, it is then possible for the respective operator to assign your visit to our website to you and your user account, provided you are logged in to your user account.

In addition, your personal data may be further processed for the purposes of market research and advertising. This means that profiles can be created from your usage behaviour and the preferences and interests derived from it. Such profiles can be used, for example, to place suitable advertisements within our online presence or on other online presences or websites based on the interests determined. Cookies are placed and stored on your end device, with the help of which personal data on usage behaviour can be collected and bundled for further processing - to determine your interests. The collection and bundling of this personal data can - especially if you are logged in to your user account - also be realised across several end devices used by you.

The processing of your personal data is based on our legitimate interest in effective information and performance presentation and direct communication with you in relation to our online offer in accordance with Art. 6 (1) f GDPR.

Should you request information or wish to exercise other rights to which you are entitled, please contact the respective operator directly. The background to this is that only the respective operators have access to your personal data and can provide you with the relevant information and take further measures if necessary. Should you require assistance in exercising the rights to which you are entitled, you can also contact us at any time.

A description of the data processing carried out by the respective operator as well as the requirements for the implementation of an objection (opt-out) can be found in the information provided by the respective operator:

Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Site insight data: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-Out: https://www.facebook.com/settings?tab=ads

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy policy: https://privacy.xing.com/en/privacy-policy

Provider: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Provider: (Instagram) Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875

Provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland
Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
Opt-Out: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/personalization-and-data

7.6 Links

We do not use social plug-ins from social networks that collect personal data on our websites. We only use links on our websites to social networks. This prevents our users' personal data from being passed on to social networks without their knowledge when they visit our websites. The links establish a connection to our online presence of the respective social network exclusively on request - therefore only after the user clicks on a link. After a click on the link, the IP address and the general header information of the browser of the user's browser are transmitted to the respective social network. The respective social network may collect further personal data as soon as you use its offers. For example, if you are logged into your account, Facebook may associate your visit with your account. We would like to point out that we have no knowledge of the content of the personal data transmitted in the further course of the process, nor of its use by the social networks.

The links described above are used for the following social networks:

Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy

Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy

Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy policy: https://privacy.xing.com/en/privacy-policy

Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875/

Provider: Aut O’Mattic A8C Ireland Ltd.,Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland
Privacy Policy: https://www.tumblr.com/privacy/de
Opt-Out: https://www.tumblr.com/login?redirect_to=%2Fsettings%2Fprivacy

When you contact us (by contact form, telephone, fax, post or e-mail), your personal data will be processed for the purpose of handling your enquiry and its processing in accordance with Article 6 (1) a) (consent - withdrawal possible at any time), lit. b) (service provision) and lit. f) (legitimate interests - objection possible) GDPR. The information marked as mandatory in the contact form is required for the processing of your enquiry.

As a rule, we delete inquiries 3 months after their receipt, at the latest, however, if they have been answered. If you have withdrawn your consent, we will delete your data at this time. In the event of statutory storage obligations to be observed, the deletion shall take place after their expiry.

We maintain blogs with the possibility of commentary in our online offer. For the comment function, in addition to your comment, information on the time of the creation of your comment, your e-mail address and, if you are not anonymous, the user name you have chosen are stored. Comments remain in the blog as long as it is operated or you request its deletion.

If you write a comment, your IP address will be stored for 6 months on the basis of our legitimate interests in the sense of Art. 6 (1) f GDPR in addition to the time of creation, and then deleted. This is done for our security, as far as in individual cases illegal contents are left behind in comments (e.g. insulting contents, forbidden political propa-ganda, etc.) which require clarification, in particular the determination of the identity of the author. We will delete comments with the aforementioned content immediately. Should the further storage of your IP address and the time of creation of the respective comment be necessary for evidence purposes, these (personal) data are excluded from deletion until the final clarification of the respective incident. This (personal) data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 (1) c GDPR.

With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter: We send e-mails and other (electronic) notifications with advertising information (hereinafter "newsletter") only with your consent or on the basis of a legal permission. If the contents of the newsletter are specifically rewritten within the scope of a registration for the newsletter, they are decisive for the consent. Furthermore, our newsletters contain information about our products, offers, promotions and our company.

Newsletters are sent by us or by a service provider where required.

Logging double opt-in and changes: The registration to our newsletter is done in a so-called Double-Opt-In-Procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your (personal) data stored by the shipping service provider are also logged.

According to its own information, the delivery service provider may use your (personal) data in pseu-dononymous form, i.e. without allocation to a user, to optimise and improve its own services, e.g. for technical optimisation of the delivery and presentation of newsletters or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use your (personal) data to write to you itself or to pass on your (personal) data to third parties.

Registration data: To subscribe to the newsletter, you only need to enter your e-mail address. Optionally we ask you - for personal contact - to enter your first and last name.

Performance measurement: The newsletters contain a so-called "web beacon". This is a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of retrieval are initially collected. This information is used in particular for the technical improvement of the services and to determine your reading habits. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to you for technical reasons.

The dispatch of the newsletter and the measurement of success are based on your consent in accordance with Art. 6 (1) a, Art. 7 GDPR in conjunction with § 7 (2) No. 3 of the German Act against Unfair Competition (UWG). The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 (1) f GDPR and serves as proof of your consent to receive the newsletter.

Withdrawal: You can withdraw the receipt of our newsletter at any time. You will find a link to withdraw the receipt of our newsletter at the end of each newsletter. Your (personal) data will be deleted in case of a withdrawal.

On our website and within our online offering, we use content or service offerings from third parties. This happens based on our legitimate interests (interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) f GDPR) for processing of a contract on the basis of Art. 6 (1) b GDPR or based on your consent according to Art. 6 (1) a GDPR. This requires the third party providers to be aware of your IP address, as without the IP address they would not be able to send the Content to your browser. The IP address is therefore required for the display of content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the website. The pseudonymous information can also be stored in cookies on your device and may contain technical information about the browser and operating system, referring websites, visiting time and other details about the use of our online offer, as well as being linked to such information from other sources.

In the following presentation we have compiled an overview of third party providers (payment service provider are listed separately) together with their offered contents as well as links to their data protection declarations, which may contain further information on the processing of data as well as information on objection. Please note that we have listed further third-party providers as well as further information on the third-party providers mentioned here in our cookie policy.

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Within our online offer we use the conversion tool "LinkedIn Insight Tag". This tool creates a cookie in your web browser, which enables the collection of data. Based on the collected data, LinkedIn creates anonymous reports about the website target group and makes them available to us. LinkedIn also shows us the display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can use this data to display targeted advertising outside of our online offering without identifying you.

Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy policy: https://privacy.xing.com/en/privacy-policy

Provider: (Youtube) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de

We have integrated components of YouTube within our online offers. YouTube allows the free posting of video clips and their free viewing, rating and commenting. By calling up one of the individual pages of our online offers on which YouTube content has been integrated, a connection to YouTube is established in order to download the necessary elements for displaying the corresponding video. In doing so, YouTube or the operating company Google receives information about which subpage within our online offers has been called by the respective user. In addition, further information, such as the IP address, the browser used, the operating system and technical device information, date and duration of the visit are forwarded. If the user is logged on to YouTube at the time of visiting our online offers with the same device, YouTube recognizes the user by calling up a single page that contains a YouTube video. This occurs regardless of whether the person concerned clicks on a YouTube video or not. This information can be aggregated by YouTube or Google and assigned to the profile of the respective user, unless the elements have been integrated in "privacy mode". We always use the "Privacy Mode", as far as this is possible.

Provider: (Instagram) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875

Provider: (Facebook-Pixel) Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads

With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products that are evident from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. The Facebook Pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion measurement“).

Provider: (Analytics) Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Privacy policy: https://policies.google.com/privacy?hl=de
Terms and Conditions:
https://marketingplatform.google.com/about/analytics/terms/us/
Opt-Out:
http://tools.google.com/dlpage/gaoptout?hl=de

Further Information on Google Analytics: If you have given your consent, we may use Google Analytics 4, a web analytics service.

Scope of processing: Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We may use Google Signals. This allows Google Analytics to collect additional information about users who have personalized ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Regarding the aforementioned Google functionalities, please consider the following: Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • First visit to a website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language settings

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to our website)

Purposes of processing: On behalf of us, Google will use this information to evaluate your pseudonymous use of our website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.

Recipients of the data in particular are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer: Insofar as data is processed outside the EU/EEA and there is no level of adequate data protection corresponding to the European standard according to the GDPR, we have concluded EU standard contractual clauses to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of personal data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against (in particular unlawful) access by authorities.

Duration of storage: The data sent by us and linked to cookies are automatically deleted after 2 or 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis: The legal basis for this data processing is your consent pursuant to Art.6 (1) a) GDPR.

Withdrawal: You can withdraw your consent at any time with effect for the future by accessing the cookie settings/management and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on our and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) and the (further) processing of this data by Google, by

a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics here.

Provider: (reCAPTCHA) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

To protect our websites or systems from misuse (e.g. spam or other abuse), we can use the "reCAPTCHA" function from Google. This allows us to recognise whether entries etc. are made by humans and not by so-called "bots". In this context, IP addresses and other information about systems used, devices, possibly also the location, the surfing history and the interaction with reCaptcha (also on other websites), e.g. answered questions or selected objects, can be processed.

Provider: (Tag Manager) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy
Further Information: https://www.google.com/intl/de/tagmanager/use-policy.html

We may use Google Tag Manager (GTM) to manage website tags via an interface. Tags are small code elements on our website that are used in particular to measure traffic and visitor behaviour, to record the impact of online advertising and social channels, for remarketing and targeting for specific target groups and for testing website areas.

Provider: (Maps) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

Google Maps (Maps) is an online map service that we can offer to search for and display precise locations. The map section of a location can be integrated into a website, e.g. to display directions. When using maps, the search terms entered, the IP address and the coordinates are processed. If the route planner function is also used, the starting address entered is also saved.

Provider: (Ads & Conversion Tracking) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

We may use Google Ads to create offers for our products and services for interest-based advertising. We may also use Google Conversion Tracking (Conversion Tracking) to gain insights into the use of our offers. Conversion tracking provides us with useful information about what happens after a click on an offer, e.g. whether a product is purchased. This allows us to evaluate the success of advertising measures and use the results for optimisation measures. We receive a report from Google with statistical analyses without personal data.

Provider: (Optimize) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

We can use Google Optimize to optimise our website content and therefore also to optimise advertising measures. For example, we check how the content of the website is perceived by users. Based on the feedback, optimisation measures are then taken if necessary.

Provider: (Fonts) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy Policy: https://policies.google.com/privacy

We may use Google Fonts in our online offering, as these can be used across platforms and are web-optimised. When you visit our website, the fonts are loaded by Google. This results in a transfer to Google, whereby Google also recognises your IP address and the fact that you have visited our website, and further information such as language settings, screen resolution of the browser and the name and version of the browser are transmitted. Google may use the data collected to determine the popularity of fonts, for example. Google makes the results available in Google Analytics, for example.

Provider: (Clarity) Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin D18 P521, Irland
Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement?tid=136993383

With Microsoft Clarity (Clarity), we can use a solution to monitor the use of our website. This involves recording previously defined website sessions by users of our website, which we can then analyse anonymously. In addition to the IP address, Clarity also records other (meta) data, such as the time of access or mouse movements (cursor and scroll movements).

Provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
Privacy Policy: https://www.cloudflare.com/de-de/privacypolicy/?tid=311141511

We want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and more secure. Cloudflare provides us with web optimisation as well as security services such as DDoS protection and web firewall. This also includes a reverse proxy and the content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website on local data centres and blocking spam software, Cloudflare enables us to reduce our bandwidth usage. Overall, this makes our website significantly more powerful and less susceptible to spam or other attacks.

Provider: Usercentrics A/S, Havnegade 39, 1058 Kopenhagen, Dänemark.
Privacy Policy: https://www.cookiebot.com/de/privacy-policy/

On our website we may use Cookiebot, a cookie consent manager from Usercentrics, to give you control over the cookies used on our website. Cookiebot collects and manages your consents to the use of cookies and other tracking technologies on our website. When you visit our website, Cookiebot will show you a cookie banner where you can select your preferences. Your consent will be stored by Cookiebot so that your preferences will be honoured on future visits to our website. You can review and adjust your consent at any time.

Payment service providers:

We use payment service providers for certain payment services in order to fulfil contracts, due to legal obligations and on the basis of our legitimate interests.

Payment service providers process, for example, your first and last name, your email address, your bank and payment details, your passwords, your TANs, your IP address and other personal data about you. The data is required to carry out transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we generally do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and the data protection information of the payment service providers.

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We currently use the following providers, whereby a technical connection of online payment methods is used:

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgien
Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html

Provider: Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square, London W2 6TT, GB
Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

The personal data processed by us will be deleted in accordance with Art. 17 GDPR. Unless expressly stated within the scope of this data protection declaration, the personal data stored by us will be deleted as soon as they are no longer required for their intended purpose and, in particular, there are no legal storage obligations to prevent deletion. If the personal data are not deleted because their processing is necessary for other and legally permissible purposes, the processing is restricted. This means that the personal data is blocked and not processed for other purposes.

Instead of deleting your personal data, we will, if necessary, make it anonymous in such a way that it is irreversibly impossible to retrieve it in the future.

In accordance with the legal requirements, storage takes place in particular for 6 years in accordance with § 257 (1) of the German Commerical Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

You have the right to withdraw your consent to the processing of your personal data in accordance with Art. 7 (3) GDPR at any time with effect for the future. Processing that has taken place before the withdrawal therefore remains lawful

In accordance with Art. 15 GDPR, you can request information about your personal data processed by us.

In accordance with Art. 16 GDPR, you can demand the immediate correction of incorrect or incomplete personal data stored by us.

In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored with us in accordance with the conditions stated there, unless legally prescribed retention periods prevent immediate deletion (cf. Art. 17 (3) GDPR) and/or another case of Art. 17 (3) GDPR exists and/or a new purpose justifies further processing.

In accordance with Art. 18 (1) GDPR, you can demand the restriction of data processing if one or more conditions in accordance with Art. 18 (1) GDPR lit. a to d apply.

In accordance with Art. 20 (1) GDPR, you can receive the personal data processed by us in a structured, common and machine-readable format and transfer this data to another responsible person without hindrance by us.

In addition, you can lodge an objection to the processing of your personal data in accordance with Art. 21 (1) GDPR. In the event of an objection, we will stop processing your personal data. However, the right of objection only applies if special circumstances arise from your personal situation. In addition, compelling reasons worthy of protection that speak in favour of processing may prevail. Furthermore, certain processing purposes may conflict with your right of objection.

According to Article 21 (2) GDPR, you have the right to object to the processing of your personal data for the purposes of direct marketing at any time and without further conditions. This also applies to profiling, insofar as it relates to such direct advertising. If you lodge an objection, your personal data will no longer be processed for these purposes (cf. Art. 21 (3) GDPR).

Without prejudice to any other administrative or judicial remedy, you also have the right to appeal to the competent supervisory authority (cf. Art. 77 GDPR) if you believe that the processing of your data violates data protection regulations. In this context, however, we would ask you to address a possible complaint to us first. We will then attempt to remedy the situation as quickly and effectively as possible.

To exercise your data subject rights, please use this form.