Data privacy


This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible

 

HKS Dreh-Antriebe GmbH® Leipziger Straße 53-55
63607 Wächtersbach-Aufenau / Germany
info(at)hks-partner.com
Managing Director: Günter Höhn and Uwe Prinz
Link to imprint: https://www.hks-partner.com/de/impressum

Contact Data Protection Officer:

The data protection officer of the controller is:

Michael Triesch
Triesch Management & Datenschutz Rheindamm 13
40668 Meerbusch Germany
Tel.: 02150-7948980
E-mail: info(at)ds-services.de
Website: www.ds-services.de

 

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

 

Types of data processed:

 

  • Inventory data (e.g., names, addresses).
  • Contact information (e.g., email, phone numbers).
  • Content data (e.g., text input, photographs, videos).
  • Usage data (e.g., web pages visited, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).

 

 

Categories of data subjects

Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as "users").

 

Purpose of the processing

 

  • Provision of the online offer, its functions and contents.
  • Respond to contact requests and communicate with users.
  • Safety measures.
  • Reach measurement/marketing

 

 

 

Terminology used

 

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Profiling

 

Profiling is any type of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

 

Pseudonymization

 

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

 

Controller or person responsible for processing

 

The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

 

Processor

 

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

Recipient

 

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients.

 

Third Party

 

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

 

Consent

 

Consent is any expression of will in the form of a declaration or other unambiguous affirmative act, given voluntarily by the data subject for the specific case in an informed manner and in an unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

 

Relevant legal basis

In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy statement, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing to fulfill our services and carry out contractual measures and respond to inquiries is Art. 6(1)(b) DSGVO, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.

 

Security measures

We take appropriate technical and organizational measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

 

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the

data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).

 

Contact

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are used to process the contact request and its handling in accordance with Art. 6 Para. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other requests) DSGVO processed... The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization.

 

We delete the inquiries if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.

 

Rights of the data subject

 

 

Right to confirmation

 

Every data subject shall have the right, granted by the European Directive and the Regulation, to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may, at any time, contact any employee of the controller.

 

Right to information

 

Any person concerned by the processing of personal data has the right granted by the European Directive and Regulation to obtain at any time from the controller, free of charge, information about the personal data stored about him or her and a copy of that information. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:

 

  • the processing purposes
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject: All available information about the origin of the data
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

 

 

Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

 

If a data subject wishes to exercise this right of access, he or she may, at any time, contact an employee of the controller.

 

Right to rectification

 

Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.

 

If a data subject wishes to exercise this right to rectify, he or she may, at any time, contact any employee of the controller.

 

Right to erasure (right to be forgotten)

 

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following reasons applies and to the extent that processing is no longer necessary:

 

The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.

The data subject revokes his or her consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.

The data subject objects to the processing pursuant to Article 21(1) DS-GVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) DS-GVO.

The personal data have been processed unlawfully.

The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

The personal data has been collected in relation to information society services offered pursuant to Article 8(1) DS-GVO.

 

If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by the HKS Dreh-Antriebe GmbH, he or she may, at any time, contact any employee of the controller. The employee of HKS Dreh-Antriebe GmbH will arrange for the deletion to be carried out immediately.

 

If the personal data was made public by the HKS Dreh-Antriebe GmbH and our company is responsible for it pursuant to Art. 17 Para. 1 DS-GVO, HKS Dreh-Antriebe GmbH shall implement reasonable measures, including technical measures, to compensate other data controllers for processing the personal data published, taking into account the available technology and the cost of implementation, in order to inform the data subject that he or she has requested from those other data controllers to erase all links to the personal data or copies or replications of the personal data, unless the processing is necessary. The employee of the HKS Dreh-Antriebe GmbH will arrange the necessary in individual cases.

 

Right to restriction of processing

 

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the restriction of processing if one of the following conditions is met: the

accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.

The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defense of legal claims.

The data subject has objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

 

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by the HKS Dreh-Antriebe GmbH, he or she may, at any time, contact any employee of the controller. The employee of the HKS Dreh-Antriebe GmbH will arrange the restriction of the processing.

 

Right to data portability

 

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

Furthermore, when exercising the right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

 

In order to assert the right to data portability, the data subject may at any time contact any employee of the HKS Dreh-Antriebe GmbH.

 

Right to object

 

Any person affected by the processing of personal data shall have the right granted by the European Directive and Regulation to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

 

The HKS Dreh-Antriebe GmbH shall no longer process the personal data in the event of the

 

objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

 

If the HKS Dreh-Antriebe GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data processed for such marketing. This also applies to the profiling, insofar as it is related to such direct marketing. If the data subject objects to HKS Dreh-Antriebe GmbH to the processing for direct marketing purposes, HKS Dreh-Antriebe GmbH will no longer process the personal data for these purposes.

 

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object

to processing of personal data concerning him or her which is carried out by the HKS Dreh- Antriebe GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation (DS-GVO), unless such processing is necessary for the performance of a task which is in the public interest.

 

In order to exercise the right to object, the data subject may directly contact any employee of the HKS Dreh-Antriebe GmbH or another employee. Furthermore, the data subject is free to exercise his/her right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

 

 

Cooperation with processors and third parties

 

If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is required for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

 

If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 DSGVO.

 

Transfers to third countries

 

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done to fulfill our (pre-

)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq.

DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection that corresponds to the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

 

Data deletion

 

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes.

This applies, for example, to data that must be retained for reasons of commercial or tax law.

 

According to legal requirements in Germany, data is stored in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

 

Administration, financial accounting, office organization, contact management

 

We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit.

f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

 

In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

 

Furthermore, based on our business interests, we store information about suppliers, event organizers and other business partners, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

 

Business analyses and market research

 

In order to operate our business economically and to be able to identify market trends and the wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f.

DSGVO, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.

 

The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details, for example, of the services they have used. The analyses serve us to increase the user- friendliness, the optimization of our offer and the business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.

 

If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the user, otherwise after two years from the conclusion of the contract. In other respects, the overall business analyses and general trend analyses are prepared anonymously wherever possible.

 

Cookies and right to object to direct advertising

 

Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies" are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as "first-party cookies").

 

We may use temporary and permanent cookies and provide information about this in our privacy policy.

 

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

 

A general objection to the use of cookies used for online marketing purposes can be declared for

a large number of the services, especially in the case of tracking, via the U.S. site www.aboutads.info/choices/ or the EU site www.youronlinechoices.com. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case not all functions of this online offer can be used.

 

COOKIE CONSENT WITH OIL.JS

 

Our website uses the cookie consent technology of the OIL.js cookie consent management framework to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection compliant manner. The provider of this technology is Axel Springer SE, Axel-Springer-Str. 65, 10888 Berlin. When you enter our website, an OIL.js cookie (oil_data) is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the OIL.js cookie provider. The collected data will be stored by us until you request us to delete it, delete the OIL.js cookie yourself, the purpose for storing the data no longer applies, or until the OIL.js cookie automatically deletes itself after 31 days. Mandatory legal retention periods remain unaffected. Details on the data processing of the OIL.js cookie can be found at www.oiljs.org. The use of the OIL.js cookie consent technology takes place in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

 

Name cookie / Purpose of the cookie / Storage duration oil_data / Storage of cookie user settings / 31 days.

 

Data protection information in the application process

 

We process the applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. The applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, § 26 BDSG also applies).

 

The application procedure requires applicants to provide us with applicant data. The necessary applicant data are marked, if we offer an online form, otherwise result from the job descriptions and basically include the personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, resume and the certificates. In addition, applicants may voluntarily provide us with additional information.

 

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.

 

Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are voluntarily communicated within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. b DSGVO (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) a DSGVO (e.g. health data, if this is necessary for the exercise of the profession).

 

If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather using an online form or sending by post. This is because instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.

 

In the event of a successful application, the data provided by the applicants may be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

 

Subject to a justified withdrawal by the applicants, the deletion will take place after the expiry of a period of six months so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

 

Newsletter

 

With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

 

Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.

 

Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.

 

Registration data: To register for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to enter a name for the purpose of a personal address in the newsletter.

 

The dispatch of the newsletter and the associated performance measurement are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. DSGVO in conjunction with. § Section 7 (3) UWG.

 

The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user- friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and furthermore allows us to prove consent.

 

Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. We may store

unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

 

Newsletter - CleverReach

 

The newsletter is sent using the shipping service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. You can view the privacy policy of the shipping service provider here: www.cleverreach.com/de/datenschutz/. The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO and an order processing contract pursuant to Art. 28 para. 3 p. 1 DSGVO.

 

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

 

Hosting and emailing

 

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offering.

 

In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO (conclusion of order processing contract).

 

Collection of access data and log files

 

We, or rather our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

 

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

 

Google Tag Manager

 

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.

 

The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal

 

device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

 

 

 

Google Analytics

 

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

 

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

 

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and

§ 25 para. 1 TTDSG. The consent can be revoked at any time.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

 

 

 

Google AdWords and conversion measurement

 

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Ads enables us to display advertisements in the Google search engine or on third- party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and

§ 25 para. 1 TTDSG. The consent can be revoked at any time.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

 

https://policies.google.com/privacy/frameworks and privacy.google.com/businesses/controllerterms/mccs/.

 

IP anonymization

 

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

 

 

 

 

Google Ads Remarketing

 

 

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

 

 

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

 

 

 

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

 

 

 

If you have a Google account, you can object to personalized advertising at the following link:

 

https://www.google.com/settings/ads/onweb/.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and

§ 25 para. 1 TTDSG. The consent can be revoked at any time.

 

 

 

Target group formation with customer matching

 

 

To create target groups, we use, among other things, the customer matching feature of Google Ads Remarketing. In this process, we transfer certain customer data (e.g., e-mail addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown matching advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

 

 

 

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and

§ 25 para. 1 TTDSG. The consent can be revoked at any time.

 

You can find more information about Google conversion tracking in Google's privacy policy: policies.google.com/privacy.

 

 

 

Browser plugin

 

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

 

 

 

Google Signals

 

We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google signal. If you have a Google account, Google Signal's visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

 

 

 

Demographic characteristics in Google Analytics

 

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

 

 

 

Job processing

 

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

 

 

Online presence in social media

 

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there.

 

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to U.S. providers that are certified under the Privacy Shield, we point out that they thereby undertake to comply with the data protection standards of the EU.

 

Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and

 

interests of the users are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

 

The processing of the users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If users are asked by the respective providers for consent to data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 (1) lit. a., Art. 7 DSGVO.

 

For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below.

 

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

 

 

Integration of third-party services and content

 

Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content").

 

This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other

 

things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.

 

Youtube

 

This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

 

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

 

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

 

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

 

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

 

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

 

 

 

Google Fonts

 

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

 

For more information on Google Fonts, please visit https://developers.google.com/fonts/faq and see Google's privacy policy: https://policies.google.com/privacy?hl=de.

 

Google ReCaptcha

 

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

The purpose of reCAPTCHA is to check whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

 

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

 

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

 

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links:

 

https://policies.google.com/privacy?hl=de and policies.google.com/terms.

 

Google Maps

 

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

 

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

 

Google Maps is used in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

 

https://privacy.google.com/businesses/gdprcontrollerterms/ and privacy.google.com/businesses/gdprcontrollerterms/sccs/.

 

You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de.

 

 

 

Meta Pixel (formerly Facebook Pixel)

 

This website uses the visitor action pixel from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

 

This allows the behavior of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

 

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage policy de-de.facebook.com/about/privacy/). This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

 

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and

§ 25 para. 1 TTDSG. The consent can be revoked at any time. We use the advanced matching feature within the meta pixel.

Advanced matching allows us to transmit to Meta (Facebook) various types of data (e.g., city, state, zip code, hashed email addresses, names, gender, date of birth, or phone number) of our customers and prospects that we collect through our website. This activation allows us to more precisely tailor our advertising campaigns on Facebook to people who are interested in our offers. In addition, advanced matching improves attribution of website conversions and expands Custom Audiences.

 

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at:

 

https://www.facebook.com/legal/controller_addendum.

 

According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

 

https://www.facebook.com/legal/EU_data_transfer_addendum and de- de.facebook.com/help/566994660333381.

 

You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

 

You can also disable the Custom Audiences remarketing feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

 

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

 

 

 

Privacy policy for online meetings, telephone conferences and webinars via "Zoom" of HKS Dreh-Antriebe GmbH

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom's privacy policy:

 

zoom.us/de-de/privacy.html.

 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

 

zoom.us/de-de/privacy.html.

 

Job processing

 

We have concluded a contract on order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

 

 

The responsible

party for data processing directly related to the implementation of "Online Meetings" is HKS

 

Dreh-Antriebe GmbH.

 

Note: Insofar as you call up the website of "Zoom", the provider of "Zoom" is responsible for data processing. However, calling up the Internet site is only necessary to use "Zoom" in order to download the software for using "Zoom".

 

You can also use "Zoom" if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the "Zoom" app.

 

If you do not want to or cannot use the "Zoom" app, then the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.

 

What data is processed?

Various types of data are processed when using "Zoom". The scope of the data also depends on the data you provide before or during participation in an "online meeting".

 

The following personal data are subject to processing:

 

User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional),

department (optional)

Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.

 

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

 

For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

 

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Zoom" applications.

 

To participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

 

Scope of processing

We use "Zoom" to conduct "online meetings." If we want to record "online meetings", we will transparently communicate this to you in advance and - if necessary - ask for consent. The fact of the recording will also be displayed to you in the "Zoom" app.

 

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.

 

In the case of webinars, we may also process questions asked by webinar participants for

 

purposes of recording and following up on webinars.

 

If you are registered as a user at "Zoom", then reports of "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at "Zoom" for up to one month.

 

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

 

Legal basis for data processing

Insofar as personal data is processed by employees of HKS Dreh-Antriebe GmbH, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of "Zoom", Article 6 (1) f) DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of "online meetings".

For the rest, the legal basis for data processing when conducting "online meetings" is Art. 6

(1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of "online meetings".

 

Recipients / disclosure of data

Personal data processed in connection with participation in "Online Meetings" will not be disclosed to third parties as a matter of principle, unless it is specifically intended for disclosure. Please note that the content of "online meetings", as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: the provider of "Zoom" necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with "Zoom".

 

Data processing outside the European Union

"Zoom" is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of "Zoom" that complies with the requirements of Art. 28 DSGVO.

An adequate level of data protection is guaranteed on

the one hand by the conclusion of the so-called EU standard contractual clauses. Furthermore, as supplementary protective measures, we have made our Zoom configuration in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct "online meetings".

 

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

 

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

 

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

 

Finally, you have a right to object to processing within the scope of the law.

 

A right to data portability also exists within the framework of data protection law requirements.

 

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

 

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.

 

Amendment of this data protection notice

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

 

Contact