Note: Data protection information for applicants can be found separately at www.hupfer.com/datenschutz-bewerber
Information on the collection of personal data, contact details of the data controller
Thank you for your interest and for visiting our website. We would like to inform you here about the use of your personal data when you use our website. In this context, personal data means all data with which you can be personally identified.
Note that when data is transferred on the internet, there is always the risk of security flaws which cannot be prevented by the technical design of this website. Complete protection of personal data when using the internet is not possible.
The data controller
on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Hupfer Metallwerke GmbH & Co. KG, Dieselstr. 20, 48653 Coesfeld, Germany, tel.: +49 2541 805-0, fax: +49 2541 805-111, e-mail: email@example.com
The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Data protection officer
The controller has appointed a data protection officer for this website, who can be contacted as follows:
SSL and TLS encryption
This website uses SSL and TLS encryption for reasons of security and to protect the transmission of personal data and other confidential content (such as orders or enquiries to the controller). An encrypted connection is indicated by “https://” and the lock symbol in your browser line.
Data transfer to third countries outside the EU
We use various service providers who supply us with different technologies and products. Many of them use servers in third countries, i.e. countries outside the European Union or the European Economic Area, for which the EU Commission has issued what is known as an adequacy decision, confirming a level of data protection generally equivalent to that required under European law.
These countries include in particular the United States of America (USA). The associated transfer of personal data must be permissible in accordance with Articles 44 et seq. GDPR. In July 2020 the European Court of Justice (ECJ) ruled that the Privacy Shield agreement between the EU and the USA (EU-US Privacy Shield) can no longer be used for transferring personal data to the USA. This means that the adequacy decision that originally existed is no longer valid. However, the Privacy Shield itself and the accompanying self-certification remain in place. Therefore, U.S. companies that have self-certified and registered with the U.S. Department of Commerce’s International Trade Administration (see overview at https://www.privacyshield.gov/list) are still obliged to comply with the provisions of the Privacy Shield, which largely ensures an appropriate level of data protection.
Furthermore, we agree standard data protection clauses issued by the EU Commission with service providers who process personal data in a third country for which the EU Commission has not confirmed a sufficiently equivalent level of data protection by way of an adequacy decision. Where possible, we also agree on additional guarantees to ensure that sufficient data protection is guaranteed in the USA and other third countries.
For some service providers, we also have approved rules of conduct (binding corporate rules, BCR) to ensure that the company complies with European data protection standards. Insofar as these exist, we do not agree on separate standard contractual clauses with the service providers subject to the respective BCR.
Nevertheless, it can occur that despite contractual and technical precautions, the level of data protection in the third country does not match that of the EU. For such cases, as part of your consent to cookies in (contact) forms or other registrations and logins we ask for your consent to the transfer of personal data to a third country in accordance with Article 49 (1) (a) GDPR. This refers in particular to the transfer of data to the USA, where authorities and intelligence services such as the National Security Agency (NSA) may have access rights and methods of reading personal data without the knowledge of us as the data exporter or you as the data subject, and without any suitable legal means to prevent or take action against such access. However, some of our service providers undertake to pursue and utilise remedies available to them under U.S. law against possible government access to your data. Some of them also publish transparency reports that list government requests and responses, to the extent that is legally possible.
Data collection when visiting our website
Our website is operated on servers of pixolith GmbH & Co KG, Stephanienstraße 36, 40211 Düsseldorf, Germany.
When you only use our website for information, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (known as server log files). When you visit our website, we collect the following data, which is technically necessary in order for us to display the website to you:
· The website of ours that you visit
· The date and time of access
· The amount of data sent in bytes
· The source/link from which you accessed the site
· The browser used
· The operating system used
· The IP address used in anonymised form
Data stored by the host is automatically deleted after 7 days.
The processing takes place in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are specific indications of illegal use.
In addition to the aforementioned data, cookies are used on your computer when you use and visit our website.
Cookies are small text files that are placed by your browser on your device to store certain information. These cookies are also used to make our website more pleasant and convenient for you to use, or for analytical purposes.
Most of the cookies we use are what are known as session cookies. These are used to make the services of our website technically available. After your visit, the cookies are automatically deleted by your browser.
Other cookies remain on your computer so that we can recognise your device on your next visit (these are known as persistent cookies).
The next time you visit our website with the same device, the information stored in the cookies is read either by our website (first party cookie) or by another website to which the cookie belongs (third party cookie).
These cookies are automatically deleted from your system after a preset period of time, which differs depending on the cookie.
The information that is stored and returned enables the website to recognise that you have already opened and visited it with the browser on your device.
We use this information to optimally design and display the website according to your preferences. Only the cookie itself is identified on your device.
Any other storage of personal data only takes place with your express consent or if it is absolutely necessary in order for you to use the service that you have selected.
This website uses the following types of cookies, the scope and function of which are explained below:
• Essential cookies
• Marketing/tracking cookies
Essential cookies guarantee functions without which you cannot use our websites as intended. These cookies are used exclusively by us and their purpose includes ensuring that as a registered user, you always remain logged in when accessing various sub-pages of our website and do not have to re-enter your login data each time you open a new page.
The use of essential cookies on our website is possible without your consent.
The legal basis for the use of these cookies is our legitimate interest according to Article 6 (1) (1) (f) GDPR. Our legitimate interest arises from the aforementioned purposes.
You have the option to deactivate all cookies in your browser at any time (see below).
However, when you deactivate cookies, the functionality of this website may be limited.
Marketing and tracking cookies are only set after you have actively given consent.
The legal basis for this is Article 6 (1) (1) (a) GDPR.
These cookies come from third parties (third party cookies) and are used to collect information about the websites visited by users in order to generate targeted advertising for them.
Opt-out for marketing cookies
You can also manage cookies used for online advertising using tools developed in many countries as part of self-regulatory programmes, such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices.
You can revoke your consent to the cookies at any time with effect for the future.
You can set your browser to notify you of the setting of cookies and only allow cookies in individual cases, e.g. third-party cookies (cookies that are set by a third party, i.e. not by the actual website you are currently on), refuse to accept cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. You can delete stored cookies at any time using your web browser.
However, when you deactivate cookies, the functionality of this website may be limited.
Use the following links to learn about this option for the most commonly used browsers:
- Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: http://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
- Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: http://help.opera.com/Linux/12.10/de/cookies.html
If you do not set you browser otherwise, cookies that enable or ensure the required technical functions remain on your device until you close the browser, other cookies may remain on your device for longer (up to 6 months).
To protect your privacy, you should regularly check the cookies on your device as well as your browser history and delete them yourself.
Contact options (form / e-mail)
Our website offers the option of contacting us by e-mail and using a contact form. In this context, your personal data is stored and processed for the purpose of communication. The data collected for this purpose (e-mail address, IP address) is not forwarded to third parties.
This data is not merged with other data collected on this website.
The data may be stored for customer relations management (CRM) if you are already a customer of our company.
The contact form is sent encrypted using TLS technology. The encryption serves to prevent unauthorised access by third parties to your personal data.
The basis of data collection as per Article 6 (1) (1) GDPR is: consent you have given (a); processing of information in order to perform or initiate a contract (b), and the legitimate interest of our company in communication initiated by you (f).
The data is deleted as soon as the objective of the communication has been achieved.
Duration of storage of personal data
The duration of the storage of personal data depends on the applicable statutory retention period (e.g. retention periods under commercial and tax law). After the period expires, the data is routinely deleted, provided that it is no longer required to perform or initiate a contract and/or there is no further justified interest on our part in its continued storage.
This site uses what is known as a content delivery network (CDN) from jsDelivr.
A CDN is a service which helps deliver the contents of our website, in particular large media files such as graphics or scripts, more quickly with the aid of regionally distributed servers connected via the internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.
For this reason, the browser you are using must connect to the CDN servers. This tells the CDN that our website has been accessed via your IP address.
The use is based on our legitimate interests, i.e. in secure and efficient provision, analysis and optimization of our website in accordance with Article 6 (1) (1) (f) GDPR.
Our website lets you subscribe to a newsletter that is sent via email. Sending to your email address takes place based on your personal registration with subsequent confirmation (double opt-in), with which you consent to the newsletter being sent to you.
We store your email address as well as your first and last name and the lists to which you have subscribed in order to send the newsletter. The data is forwarded to our service provider CleverReach for the purpose of sending the newsletter.
Our newsletter system has a function that allows us to track at which time which recipients have opened the newsletter. This data is stored and used for analysing the reach of individual campaigns.
Withdrawal of consent
You can withdraw your consent to the use of your data with future effect at any time. You will find an option to unsubscribe from the newsletter at the end of every newsletter email or in your login area on our website. Alternatively send an email with the subject “Unsubscribe” to firstname.lastname@example.org.
Web analytics services
On our website we use Google Analytics. This service is offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (referred to here as “Google”). To provide the service, Google may store cookies on your device. Cookies are small text files that serve to recognise your browser. Google stores the following data when you use the website: In addition to the IP address, the time, location, duration and frequency of your website visit are stored. We have set up Google Analytics to make the IP address anonymous. To do this, the IP address is shortened. Google uses the data to generate reports for us on the use of our web pages. This enables us to recognise user traffic on our website so that we can optimise it on the basis of this information. Google will share the information with third parties, if required to do so by law. Google will never associate your IP address with other data. As part of the Google Analytics processing, personal data is transferred to the United States. In this case, the IP address is always anonymised on servers in member states of the European Union before it is transferred to the USA..
Opting out of data collection.
You can opt out of data collection by Google Analytics as follows: Google provides an opt-out add-on that you can install in your browser. Once this is correctly installed in your browser, Google no longer collects data as part of its Analytics program. Opting out of the Analytics program has no effect on any data transfer to other web services.
The opt-out add-on can be downloaded from Google’s website here: http://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can click the following link to set an opt-out cookie for the browser that you use. Data will then no longer be transferred to Google Analytics when you visit this website in future: click here. Please note that the opt-out cookie may be deleted. The deletion of the opt-out cookie depends on your individual browser settings. If the cookie is deleted, you must restore it by clicking the above link again. If you opt out of collection of data by Google Analytics, it is possible that you may not be able to properly use all of the services we provide.
Use of Google Analytics
This website uses the web analysis service “Google Analytics”, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if your registered office or place of residence is in the EU, by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The information generated by the cookie about your use of the website is transmitted to and stored by Google on servers in the United States.
IP anonymisation is active on this website. Activating IP anonymisation through the -anonymizeIP function on this website means that your IP address is truncated beforehand by Google within member states of the European Union or other countries signed up to the agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
On behalf of the operator of this website, Google will use this information for evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet use to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be brought together with other Google data.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Google processes your personal data on our behalf. We have therefore concluded a processing agreement with Google in accordance with Article 28 (3) GDPR, in which Google undertakes to protect your personal data and not to pass it on to third parties for purposes other than those mentioned above.
The legal basis for the use of Google Analytics is your consent pursuant to Article 6 (1) (1) (a) GDPR, insofar as you give us your consent to this when you first access the site.
The legal basis for the transfer of data to the USA is your consent pursuant to Article 49 (1) (1) (a) GDPR. We have also concluded standard data protection clauses with Google for the transfer of data to the USA pursuant to Article 46 (2) (c) GDPR.
You can revoke your consent to the processing and transfer of data at any time without giving reasons by sending a message to our data protection officer using the contact details provided, or by deleting the cookies in your browser.
The legality of data processing that has already taken place is not affected by the revocation of consent.
Tools and miscellaneous
On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive maps to visually present geographical information. By using this service, our location is shown to you to make it easier to find us.
As soon as you open the web pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the data to be assigned to your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as use profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Article 6 (1) (1) (f) GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the design of its website as required. You have the right to object to the creation of these user profiles, and must contact Google to exercise this right.
Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”,which ensures compliance with the level of data protection applicable in the EU.
Google web fonts
This site uses web fonts provided by Google for the uniform display of fonts. When you open a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. This tells Google that our website has been accessed via your IP address.
The transfer of data to the USA is based on your consent in accordance with Article 6 (1) (1) (a) in conjunction with Article 49 (1) (a) GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
To protect data input forms on our site, we use the service “reCAPTCHA” service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, (referred to here as “Google”). This service can distinguish whether input in a form is genuine input from a human user, or misuse by a bot. The transfer of data to the USA is based on your consent in accordance with Article 6 (1) (1) (a) in conjunction with Article 49 (1) (a) GDPR.
To implement the functionality, your referrer URL, IP address, website visitor behaviour, information about the operating system, browser and time spent on the site, cookies, presentation instructions, scripts, information about user input behaviour and mouse movements around the reCAPTCHA checkbox are transferred to Google.
Google uses the information thus obtained for purposes such as digitizing and optimizing its own various services.
Google will not associate the IP address submitted by reCAPTCHA with any other data unless you are logged into your Google account at the time you use the reCAPTCHA plug-in, in other words, the time you visit our website. If you want to prevent Google from transferring and storing data about you and your use of our website, you must log out of Google before visiting our site.
This website uses the LinkedIn Pixel for conversion tracking and remarketing in order to more effectively control advertising campaigns on LinkedIn (address in the EU: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; address in the USA: LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA, 94043, USA).).
With this technology from LinkedIn, your browser automatically establishes a direct connection to the LinkedIn server. Using the LinkedIn pixel on our website, users are shown more relevant advertisements based on their interests. Other than this, we only receive statistical evaluations from LinkedIn. Based on these evaluations, we can see which of the advertising measures are most effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
If you have a LinkedIn account and are logged in, your visit to this website will be assigned to your LinkedIn user account. We have no influence on the extent and further use of the data collected by LinkedIn through the use of this tool.
In addition, LinkedIn creates suitable target groups for our advertising campaigns (remarketing) using the information collected by means of the pixel. This means that after visiting our website, our advertisements may be displayed to you later when you use the internet. This is done using the cookies stored in your browser, with which LinkedIn records and analyses the way you use various websites that you visit.
You can opt out of the analysis by LinkedIn and the display of interest-based recommendations by clicking “Opt out on LinkedIn” (for LinkedIn members) or “Opt out” at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
The legal basis for the use of LinkedIn is your consent pursuant to Art. 6 (1) (1) (a) GDPR, insofar as you give us your consent to this when you first access the site.
Since there is no adequacy decision of the EU Commission for the transfer of personal data to the USA, we have concluded standard data protection clauses with LinkedIn in accordance with Article 46 (2) (c) GDPR, which you can obtain from our data protection officer.
You can view the concluded data processing agreement at https://de.linkedin.com/legal/l/dpa.
Use of YouTube components with advanced privacy mode
On our website, we use components (videos) from the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, a subsidiary of Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA. The “advanced privacy mode” option provided by YouTube is enabled.
The YouTube videos are accessed by deliberately clicking on them. This means that only the information required for the presentation of the videos – in other words, the information about which of our web pages you visit – is transferred to the service provider. If you are logged into YouTube while visiting our website, the transferred information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
When you open a page with an embedded YouTube video, you are connected to the YouTube servers so that the content (i.e. the video) can be shown on our site via a message to your browser.
The transfer of data to the USA is based on your consent in accordance with Article 6 (1) (1) (a) in conjunction with Article 49 (1) (a) GDPR.
Google provides additional YouTube privacy information at the following link: https://www.google.com/intl/en/policies/privacy/
Use of the web shop
When you order from our web shop, we have to collect the personal data from you that is necessary to conclude the contract. The mandatory information required for the contract is clearly marked, and all other information is voluntary. The data you provide is used to process your order. To do this, we can pass on your payment data to our bank. The legal basis for this is Article 6(1)(b) of the GDPR.
Due to various obligations regarding storage and documentation, we have to keep your address, payment and order data for a period of ten years. These obligations arise from legislation such as the German Commercial Code (HGB) and the Fiscal Code of Germany (AO).
The ordering process is encrypted using TLS technology. The encryption serves to prevent unauthorised access by third parties to your personal data.
To use our portal, you register by specifying your e-mail address, a password of your own choice and your user name. You are free to choose your user name. There is no obligation to use your real name. You can use a pseudonym if you want. Registration takes place using a double-opt-in procedure. An e-mail is sent to your specified address, containing a link to confirm your registration. If confirmation is not received within 7 days, the registration is automatically deleted from our database. The e-mail address, user-defined password and user name are mandatory; you can provide all the other information voluntarily by using the portal.
When you use the portal, we store the data that we need to fulfil the contract until you delete your access details. This also applies to any data that you voluntarily provide. You can manage and edit all information in the secure customer area. To let you know about important changes, such as changes to the scope of the offer or technical modifications, we use the e-mail address you provided when registering.
The legal basis for this is Article 6(1)(f) of the GDPR.
Rights of the data subject
The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
Right of information pursuant to Article 15 GDPR In particular, you have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period and criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, about the origin of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing that concern you, as well as your right to be informed about what guarantees exist in accordance with Article 46 of the GDPR if your data is transferred to third countries.
Right to rectification pursuant to Article 16 GDPR You have a right to have any inaccurate data relating to you corrected without delay and/or to have any incomplete data stored by us completed.
Right to erasure pursuant to Article 17 GDPR You have the right to demand the deletion of your personal data if the conditions of Article 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary in order to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims.
Right to restriction of processing pursuant to Article 18 GDPR You have the right to request the restriction of the processing of your personal data as long as the accuracy of the data which you dispute is being verified; if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved; or if you have lodged an objection for reasons relating to your particular situation, as long as it has not yet been determined whether our legitimate grounds prevail.
Right to information pursuant to Article 19 GDPR If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability pursuant to Article 20 GDPR You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible.
Right to revoke consent pursuant to Article 7 (3) GDPR You have the right to revoke consent that you have given to the processing of data, at any time with effect for the future. In the event of revocation, we will delete the relevant data without delay if further processing without consent cannot be justified with a legal basis. The revocation of consent does not affect the lawfulness of processing carried out on the basis of consent up to the revocation.
Right to lodge a complaint pursuant to Article 77 GDPR If you consider that the processing of personal data concerning you infringes the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your workplace or the place of the alleged infringement.
Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds for doing so that arise from your particular situation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to email@example.com.
Date: May 2020