General comments on data protection
1. Name and contact details of the controller
The following data protection information applies to data processing by:
Hoeller Electrolyzer GmbH
Alter Holzhafen 17 b
Telephone: +49 (0) 3841 758 3030
Fax: +49 (0) 3841 758 3039
2. Our collection and storage of personal data and the type and purpose of its use
Personal data is information about the personal or objective circumstances of an identified or identifiable natural person.
In the following sections we tell you whether and when your data and personal data are collected:
a) When you visit our website
When you access our website the browser being used on your device automatically sends information to our website server. This information is stored temporarily in a logfile.
The following information is recorded without any action on your part and stored until it is deleted automatically:
• date and time of access,
• name and URL of the file retrieved,
• website, from which access takes place (Referrer URL),
• browser used and operating system of your computer, the name of your access provider and your IP address.
The data above are processed by us for the following purposes:
• to ensure a smooth connection to our website,
• to ensure the convenient use of our website,
• to analyse system security and stability, and
• for other administrative purposes.
The legal basis for our data processing is Art. 6(1)(f) General Data Protection Regulation (GDPR). Our legitimate interest follows from the purposes of data processing listed above.
Under no circumstances do we use the data collected to identify you personally.
When you visit our website we also set cookies and use analytics services. Further explanations can be found in Point 4 and 5 of our Data Protection Policy.
b) When contact is made by email/telephone
If you contact us by email, by telephone or by post, the data you provide are stored by us in order to respond to your enquiry. The data you provide in the course of your requests and enquiries is voluntary.
Data processing for the purpose of making contact with us takes place on the basis of your freely given consent in line with Art. 6(1)(a) GDPR.
The data generated in this context is deleted when the storage is no longer necessary or the processing is restricted if statutory record-keeping obligations exist.
3. Forwarding of data
Your personal data will not be forwarded to third parties for any purpose other than those listed below.
We forward your personal data to third parties when:
• you have given your consent in accordance with Art. 6(1)(a) GDPR,
• it is necessary in accordance with Art. 6(1)(f) GDPR to claim, exercise or defend legal rights and there is no reason to suppose that you have an overriding interest in the non-disclosure of your data,
• in the event of a statutory obligation to forward the data pursuant to Art. 6 (1)(c) GDPR, and
• this is lawful and necessary pursuant to Art. 6(1)(b) GDPR to perform a contract with you.
In addition, we set temporary cookies, also to optimise user-friendliness, which are stored on your device for a predefined period. If you visit our site again to use our services, the server recognises automatically that you have visited before and remembers the entries and settings you made, so that you do not have to repeat them.
The data processed by cookies are necessary for the purposes mentioned to pursue our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR.
Most browsers accept cookies automatically.
However, you can configure your browser so that no cookies are stored on your computer or a warning is displayed before a new cookie is set. Completely deactivating cookies may mean that you cannot use all the functions of our website.
5. Analytical tools
The tracking tools listed below are used by us on the basis of Art. 6(1)(f) GDPR. By using these tracking tools we want to ensure that our website is designed to meet our needs and optimised on an ongoing basis.
At the same time we use tracking tools to gather statistics about the use of our website and to analyse them for the purpose of optimising our offering for you. These interests are deemed to be legitimate within the meaning of the GDPR.
The respective data processing purposes and data categories can be found under the corresponding tracking tools.
6. Adobe Typekit Web Fonts
Our website uses so-called “web fonts” to correctly display font styles. These are provided by Adobe Typekit. For a more detailed explanation, we may communicate the following:
To correctly display text and fonts, your browser loads the required web fonts into your browser cache. To execute this function, the browser you are using must connect to the Adobe Typekit servers. Through this connection, Adobe Typekit learns that our website has been accessed through this connection. Adobe Typekit learns that our website has been accessed through the IP address assigned to you.
Please note that the use of Adobe Typekit Web Fonts is in the interest of a consistent and attractive presentation of our online services. This constitutes a legitimate interest in accordance with Art. 6 Par. 1, (f) GDPR.
If your browser does not support web fonts, then your device will use a standard font.
For further information on Adobe Typekit Web fonts, please visit https://typekit.com/ as well as the data protection policy of Adobe Typekit, which can be found at https://www.adobe.com/de/privacy/policies/typekit.html.
7. Google Maps
We use the Google Maps API, an interactive map and navigation service provided by Google LLC (“Google”). Google Maps is operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Use of Google Maps allows information regarding your use of this website (including your IP address) to be transmitted to, and stored in, a Google server in the USA. Google may provide the information gained from Maps to third parties, in so far as this is permitted by law or where those third parties process said data as agents of Google.
Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
8. Rights of data subjects
You have the right:
• defined in Art. 15 GDPR to information about our processing of your personal data. In particular you can obtain information about the purpose of processing, the category of personal data, the categories of recipients to whom your data are or have been disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of and objection to processing, a right of complaint, the origin of your data to the extent that they were not collected by us, the existence of any automated decision-making, including profiling, and meaningful information about the relevant details;
• defined in Art. 16 GDPR to the rectification or completion of your personal data stored by us without undue delay;
• defined in Art. 17 GDPR to the erasure of personal data stored by us to the extent that the processing is not necessary to exercise the right of free expression and information, to meet a legal obligation, in the public interest or to claim, exercise or defend legal rights;
• defined in Art. 18 GDPR to restrict the processing of your personal data insofar as you dispute the accuracy of the data, their processing is unlawful, but you object to their deletion and we no longer need the data, but you need them to claim, exercise or defend legal rights or have objected to their processing in line with Art. 21 GDPR;
• defined in Art. 20 GDPR to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller;
• defined in Art. 7(3) GDPR to withdraw your consent at any time. This means that we may not continue to process the data on the basis of this consent and
• defined in Art. 77 GDPR to lodge a complaint with a supervisory authority. To do so you can generally write to the supervisory authority at your usual place of residence or your place of work or our place of business.
9. Right to object
To the extent that your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation or if you object to direct advertising. In the latter case you have a general right to object, which we will respect without any indication of a particular situation.
If you wish to withdraw consent or object, please send an email to the address above.
10. Data security
When you visit our website we use the widespread SSL technology (Secure Socket Layer) in conjunction with the highest encryption level that your browser supports. This is generally 256 bit encryption. If your browser does not support 256 bit encryption, we use the 128 bit v3 technology. You can tell when a specific page of our website is encrypted by the icon of a key or a closed padlock that is shown in the search bar of your browser.
Otherwise, we take suitable technical and organisation measures to protect your data against chance or deliberate manipulation, partial or complete loss, destruction or unauthorised third-party access.
We have implemented security standards to protect the personal data you provide us with by means of common industry standards and technologies. We regularly audit our systems for potential vulnerabilities and attacks and use a data centre protected against attacks at the system level, in order to protect your data stored on our servers.
However, since the internet is not a totally safe environment, we cannot assume any warranty or liability for the security of the data you send us via the internet.
There is no guarantee that information will not be accessed or that information is not disclosed, modified or destroyed due to a penetration of our physical, technical and organisational security measures.
11. Erasure of data
We would like to point out that the data processed by us is erased or its processing is restricted in accordance with Art. 17 and 18 GDPR (see Rights of data subjects for further details). Unless explicitly stated otherwise in this data protection policy, the data stored by us is erased as soon as they are no longer necessary for the purpose for which they were collected and statutory record-keeping obligations do not prevent their erasure. If data are not erased because they are required for other lawful purposes, their processing is restricted. This means the data are blocked and not processed for other purposes. This applies for example to data that has to be retained under commercial or tax law. Statutory retention periods are in particular 6 years pursuant to Section 257 para. 1 German Commercial Code (HGB) for commercial ledgers, inventories, opening balance sheets, financial statements, correspondence, accounting documents, etc., and 10 years pursuant to Section 147 para. 1 German Tax Code (AO) for accounts, records, management reports, accounting documents, correspondence, tax documents, etc.