We note that data transfer via the internet can have security flaws which cannot be prevented by the technical design of this website. Complete protection of personal data when using the internet is not possible.
Responsible for processing personal data in the context of using this website:
Hupfer Metallwerke GmbH & Co. KG
Managing director: Dipl. Ing. Helmut Schumacher
Tel.: +49 2541 805-0
Fax: +49 2541 805-111
Data protection officer
As data protection officer we have appointed:
Mr Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstraße 45, 58095 Hagen (NRW)
Tel.: +49 2331 356832-0
When you access our web pages, data is collected automatically and stored in log files on our host’s servers. This data can refer to persons. Data that is collected includes:
- Name of the website accessed
- Date and time of the access
- Transmitted data volume
- Notification of successful retrieval
- Type of internet browser
- Version of the internet browser
- The operating system and patch level underlying the browser
- Referrrer-URL (Previously visited website)
- Requesting provider
- IP addresses
The host uses the data collected to operate the website and ensure IT security. If there are concrete indications in the log data, some data might be analysed subsequently.
Data stored by the hoster is automatically deleted after 7 days.
When you use our website, personal data is transmitted to third parties.
Basis of data processing
The basis of data collection as per Art.6 para. 1 s. 1 GDPR is: any consent you have given to the processing (point a); any processing of information that is necessary for the performance of a contract or steps taken prior to entering into a contract (point b), any processing that is necessary for compliance with a legal obligation (point c). To the extent that processing is necessary for the purposes of the legitimate interests pursued our company (point f), this is to be indicated separately in the context of the individual process.
Contact options (e-mail)
Our website offers the option of contacting us via e-mail. In this context, your personal data is stored and processed for the purpose of communication. The data collected for this purpose (name, address, phone number, fax number, email address, IP address) is not forwarded to third parties. This data is not merged with other data collected on this website.
The basis of data collection as per Art.6 para. 1 s. 1 GDPR is: any consent you have given to the processing (point a); any processing of information that is necessary for the performance of a contract or steps taken prior to entering into a contract (point b), any processing that is necessary for compliance with a legal obligation (point c) as well as the legitimate interests our company has in the communication initiated by you (point f).
The data is deleted as soon as the objective of the communication has been achieved.
Our website lets you subscribe to a newsletter that is sent via email. Sending to your email address takes place based on your personal registration with subsequent confirmation (double opt-in), with which you consent to the newsletter being sent to you.
We store your email address as well as your first and last name and the lists to which you have subscribed in order to send the newsletter. The data is forwarded to our service provider CleverReach for the purpose of sending the newsletter.
Our newsletter system has a function that allows us to track at which time which recipients have opened the newsletter. This data is stored and used for analysing the reach of individual campaigns.
Withdrawal of consent
You can withdraw your consent to the use of your data with future effect at any time. You will find an option to unsubscribe from the newsletter at the end of every newsletter email or in your login area on our website. Alternatively, you can send us an e-mail with the subject line "Unsubscribe" to email@example.com.
Your rights and assertion of rights
You have the rights listed below. You can assert these towards us. To assert these, please use the data provided above or send an email to: firstname.lastname@example.org.
On our website we use Google Analytics. This service is offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (referred to here as “Google”). To provide the service, Google may store cookies on your device. Cookies are small text files that serve to recognise your browser. Google stores the following data when you use the website: In addition to the IP address, the time, location, duration and frequency of your website visit are stored. We have set up Google Analytics to make the IP address anonymous. To do this, the IP address is shortened. Google uses the data to generate reports for us on the use of our web pages. This enables us to recognise user traffic on our website so that we can optimise it on the basis of this information. Google will share the information with third parties, if required to do so by law. Google will never associate your IP address with other data. As part of the Google Analytics processing, personal data is transferred to the United States. In this case, the IP address is always anonymised on servers in member states of the European Union before it is transferred to the USA. Personal data is transferred to the US in accordance with the European Commission decision on adequacy of 12 July 2016 (“EU-US Privacy Shield”).
Opting out of data collection
You can opt out of data collection by Google Analytics as follows: Google provides an opt-out add-on that you can install in your browser. Once this is correctly installed in your browser, Google no longer collects data as part of its Analytics program. Opting out of the Analytics program has no effect on any data transfer to other web services.
The opt-out add-on can be downloaded from Google’s website here: http://tools.google.com/dlpage/gaoptout?hl=en
Alternatively, you can click the following link to set an opt-out cookie for the browser that you use. Data will then no longer be transferred to Google Analytics when you visit this website in future: click here. Please note that the opt-out cookie may be deleted. The deletion of the opt-out cookie depends on your individual browser settings. If the cookie is deleted, you must restore it by clicking the above link again. If you opt out of collection of data by Google Analytics, it is possible that you may not be able to properly use all of the services we provide.
We use Google Maps to make our website attractive and easy to use, and so that you can easily find us at the places shown on it. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The transfer of data to the USA takes place in accordance with the European Commission’s Implementing Decision (EU) 2016/1250 (EU-US Privacy Shield).
We gather your IP address to allow data to be transferred to Google. You are not obliged to provide this information, but if you do not, you will not be able to use the relevant parts of our website.
Use of YouTube components with advanced privacy mode
On our website, we use components (videos) from the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, a subsidiary of Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA. The “extended privacy mode” option provided by YouTube is enabled. This means that only the information required for the presentation of the videos – in other words, the information about which of our web pages you visit – is transferred to the service provider. If you are logged into YouTube while visiting our website, the transferred information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
When you open a page with an embedded YouTube video, you are connected to the YouTube servers so that the content (i.e. the video) can be shown on our site via a message to your browser.
Google provides additional YouTube privacy information at the following link: https://www.google.com/intl/en/policies/privacy/
Use of the web shop
When you order from our web shop, we have to collect the personal data from you that is necessary to conclude the contract. The mandatory information required for the contract is clearly marked, and all other information is voluntary. The data you provide is used to process your order. To do this, we can pass on your payment data to our bank. The legal basis for this is Article 6(1)(b) of the GDPR.
Due to various obligations regarding storage and documentation, we have to keep your address, payment and order data for a period of ten years. These obligations arise from legislation such as the German Commercial Code (HGB) and the Fiscal Code of Germany (AO). The ordering process is encrypted using TLS technology. The encryption serves to prevent unauthorised access by third parties to your personal data.
To use our portal, you register by specifying your e-mail address, a password of your own choice and your user name. You are free to choose your user name. There is no obligation to use your real name. You can use a pseudonym if you want. Registration takes place using a double-opt-in procedure. An e-mail is sent to your specified address, containing a link to confirm your registration. If confirmation is not received within 7 days, the registration is automatically deleted from our database. The e-mail address, user-defined password and user name are mandatory; you can provide all the other information voluntarily by using the portal.
When you use the portal, we store the data that we need to fulfil the contract until you delete your access details. This also applies to any data that you voluntarily provide. You can manage and edit all information in the secure customer area. To let you know about important changes, such as changes to the scope of the offer or technical modifications, we use the e-mail address you provided when registering.
The legal basis for this is Article 6(1)(f) of the GDPR.
Data transfer to third countries outside the EU
When data is processed by Google Analytics, Google Maps, reCAPTCHA and YouTube, some of it may be transferred to countries outside the European Union (these are known as third countries). In this case it is the United States.
Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (EU-U.S. Privacy Shield)”.
Your rights and assertion of rights
You are entitled to the rights listed below. You can assert these against us. To assert them, please use the information provided above or send an e-mail to: email@example.com.
Right to information
You have the right to be informed regarding whether we process any of your personal data, for which purposes we process the data, which categories of your personal data we process, to whom data has been forwarded, if applicable, how long the data is to be stored and what rights you have.
Right to correct data
You have the right to have corrected any incorrect personal data relating to you which we have stored. You also have the right to have any incomplete data record that we store completed.
You can demand to have personal data relating to you deleted if (1) the data has been processed unlawfully, (2) the objective for which the data was collected has been achieved, (3) you have withdrawn your consent to data processing and there is no other legal basis for processing, (4) we have a legal obligation to delete the data, (5) you are less than 16 years old (6) or you have objected to processing and we have no overriding legitimate grounds for processing.
Right to restriction of processing
You can demand that we restrict processing in the following cases. In these cases, we will put a restriction note on your data and not process it any further. (1) If you are contesting the correctness of the data, this applies until the check has been completed. (2) If you have requested the deletion of the data and we are unable or not allowed to delete it. (3) If you require the data to assert claims but we would otherwise be obliged to delete the data because the processing purpose has been achieved. (4) If you have objected to processing and no final decision has been made yet.
Objection to processing
If the processing of personal data relating to you supports our legitimate interests, you can object to processing for reasons arising from your specific situation.
Right to data portability
You have the right to request that we provide you with the data that you have made available in the context of a contract or on the basis of consent and that is processed automatically in a common machine-readable format (data record).
Withdrawal of consent given
If you have given us consent to process your personal data, you can withdraw this consent at any time. Please address this withdrawal to the address specified above or send an email to: firstname.lastname@example.org.
Right to lodge complaint with data protection authority
You have the right to lodge a data protection complaint with the supervisory authorities. The supervisory authority responsible for us is the State Data Protection and Freedom-of-Information Officer North-Rhine Westphalia. Irrespective of who is responsible, you can submit the claim to any supervisory authority.