You are on a platform belonging to Häfele SE & Co KG, www.discoveries.hafele.com. Protecting your data is important to us. In the following we would therefore like to inform you about the data that we use when you visit our website, and what we use it for.
Controller within the definition of the General Data Protection Regulation (the “GDPR”) and other data protection provisions applicable within the Member States of the European Union is:
Häfele SE & Co KG (“Häfele”)
Phone: + 49( 0) 74 52 95 0
Fax: + 49 (0) 74 52 95 2 00
2. Contact data of the Data Protection Officer
Häfele’s Data Protection Officer can be contacted as follows:
Häfele SE & Co KG
Data protection officer
3. Data processing
3.1. General information
Personal data are all data that can identify you personally, such as your name, address, e-mail address and online user names. The personal data of our users are used as described in the following sections:
3.2. Storage of access data, creation of log files
Access data is collected and stored in a log via this process each time a user accesses a page on this website and each time a file is called up. Standard logging is used for the collected information. Each data set consists of:
• Date/time of request
• Page from which the file was requested
• Pages retrieved via our website by the user’s system
• Called up file name
• Transmitted volume of data
• Access status (file transferred, file not found)
• Description of operating system and web browser used, client IP address and user name (login data) of authenticated users
These data are used to deliver the content of our web pages, to ensure the functionality of our information technology systems, and to optimise our online presence. The data may be used in an anonymised form for statistical purposes (see below), as well as for the purposes of data security, especially for error analysis and preventing hacking attempts (Art. 6(1)(f) GDPR). Access data will not be used for the creation of individual user profiles, nor be passed onto third parties, and will be erased after 90 days at the latest.
3.3. Taking part in trade fairs
Where it is possible to enter personal or business information on this platform for sales-related purposes, this data is always provided voluntarily. If you provide us with personal or business information, we will only use it for the respective intended purpose. This data processing takes place on the basis of Art. 6(1)(b) GDPR.
We also use your contact data for issuing active personalised advertising messages during the virtual fair. This data processing takes place on the basis of Art. 6(1)(f) GDPR.
We also process data to analyse certain personal aspects (profiling), and we sometimes use automated processes for this. We use this for the purpose of giving you targeted product information and advice, and to provide you with recommendations. These analyses enable us to deliver appropriate communications and marketing, including market research and opinion polling.
To do this, in the web shop we use your personal customer master data as well as your order history data with Häfele (including outside of the web shop), the type and method of your interaction with the website or other Häfele services (e.g. newsletter).
We use in-house developed programmes for this purpose.
This data processing is performed in the pursuit of our overriding legitimate interest in a weighing of interests in the optimised presentation of our products and services, and in making appropriate recommendations of products in accordance with Art. 6(1) 1st sentence (f) GDPR.
3.4 Chat function
If you use the platform’s chat function to contact the customer service, various information will be communicated to the customer service when initialising the chat (Art. 6 (1)(a) GDPR). This information includes the Help function invoked by you, and your browser and operating system versions. In addition, the chat platform will regularly relay information concerning the accessibility of the chat service at regular intervals. Based on this information, the website's button for starting the chat will either be activated or deactivated. We store information concerning the start and end of the communication for 7 days only. Chat content is not stored. The data transmission is encrypted using SSL or TLS technology in order to prevent the unauthorised access of your personal data by third parties.
The data processing in connection with the chat tool is based on Art. 6(1)(b) GDPR. For the chat tool, we use a “processor” located outside the European Union.
3.5 Integration of third-party services
We have integrated YouTube videos into our online site. This are stored on https://www.youtube.com/ and can be viewed directly via our website. These are all integrated into the “enhanced data protection mode”, meaning that YouTube will not receive any data about you as a user, if you do not play the videos. The data will only be transferred if you view the videos. We have no control over this transfer of data.
Cookies will be stored on your computer when you use our website. Cookies are small text files stored on your hard disk by your browser to make site-specific information available to the website using the cookie (in this case, our website). Cookies cannot run applications or transmit viruses to your computer. Their purpose is to make the general online experience more user-friendly and effective. The legal basis for this is Art. 6 (1)(f) GDPR.
3.6.1 This website uses the following types of cookies, and their scope and function is described below:
– transient cookies (see 3.7.2)
– Persistent cookies (see 3.7.3).
3.6.2 Transient cookies are automatically deleted when you close your browser. This also particularly include session cookies. These store what is known as a session ID, which correlates various queries made by your browser during one common session. This helps to identify your computer when you return to the website. Session cookies are deleted once you log out or close your browser.
3.6.3 Persistent cookies are automatically deleted after a given time, that varies depending on the cookie. You may delete any cookie using the security preferences in your browser at any time.
3.6.4 You can configure your browser settings as required, and deny the acceptance of third-party cookies or all cookies. Please note that if you do so, you may not be able to enjoy all the services provided by this website.
3.6.6 The flash cookies we use are not captured by your browser but by your flash plug-in. We also use HTML5 storage objects, which are stored on your terminal device. These objects save the necessary data independently of the browser used and do not have an automatic expiry date. If you do not wish the flash cookies to be processed, you must install the applicable add-on, such as “Better Privacy” for Mozilla Firefox or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the privacy mode of your browser. We also recommend that you manually delete your cookies and browser history regularly.
3.7 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC. (“Google“), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how it is used. The information generated by the cookie on your use of this website will normally be transmitted to a Google server in the United States and stored there. This website uses Google Analytics with the extension “gat._anonymizeIp();” to guarantee the anonymous capture of IP addresses (“IP masking”). If IP anonymization is activated on this website, however, your IP address will be truncated by Google from within a member state of the European Union or from within any other country which is party to the Agreement on the European Economic Area. The full address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. Google will use this information on our behalf for purposes of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website use and internet usage. The IP address transmitted within the scope of Google Analytics by your browser will not be combined with other data by Google. The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1)(a) GDPR via the Consent Management Tool.
You can withdraw your consent with future effect by changing the settings in the Consent Management Tool at any time.
4. Transfer of data to third parties
We transfer your data to processors, these being companies we commission to process data within the legally defined parameters, Art. 28 GDPR (service providers, contractors). In this case, Häfele will still remain responsible for the protection of your data (i.e. we are the “controller”). We have implemented legal, technical and organisational measures, alongside the performance of regular controls, to ensure that processors comply with the provisions of the data protection laws.
We will also transfer your data to our partners, who deliver services to you under their own responsibility. This is the case if you commission services from such partners through us, or if you consent to the involvement of the partner, or if we commission the partner on the basis of a legal authorisation, for example for the fulfilment of a contract according to Art. 6 (1)(b) GDPR or to protect our overriding legitimate interests according to Art. 6 (1)(f) GDPR. The partners also include Häfele’s sales representatives and sales partners (TWW partners), who will be able to offer you independent guidance and contact you as part of the event.
Personal data is transferred within the Häfele Group for internal administrative purposes connected with centralised customer care and order processing, such as through the Häfele Group company operating in your country. The legal basis for this is Art. 6 (1)(f) GDPR. Häfele has instituted internal guidelines that oblige its companies to implement the technical/organisational measures for ensuring the security of data processing operations.
Finally, in certain cases, we have a legal obligation to provide certain data to public agencies if requested.
5. Length of the storage
Unless otherwise described in this Data Protection Declaration, personal data will be erased once it has fulfilled its applicable, specified purpose, and there are no retention obligations preventing its erasure. Data is routinely erased following the expiry of the retention period, provided it is not needed for the initiation or fulfilment of a contract, and there is no other existing legal basis for the data processing.
6. Security of data processing
We maintain up-to-date technical and organisational measures for ensuring the security of the data processing operation, especially in order to protect your personal data from risks during data transfer and from becoming known to unauthorised third parties. These measures are modified in accordance with the current state-of-the-art, the need for protecting the personal data in question, and the risks to your rights and freedoms. Generally speaking, your data will be processed in Germany and within other European countries. If, in exceptional cases, your data are also processed in countries outside of the European Union (i.e. in “third countries”), this will take place to the extent that you have explicitly consented to it, or if it is necessary in order for us to deliver our service to you, or if it is stipulated by law (Art. 49 GDPR). Furthermore, your data will be processed in third countries only insofar as certain measures are in place to ensure that a reasonable level of data protection exists there (e.g. adequacy decision taken by the EU Commission or “appropriate safeguards”, Art. 44 et seqq. GDPR).
7. Rights of the data subject
You have the right
7.1 to demand information concerning the categories of data processed, the purposes of the processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
7.2 to demand the rectification or augmentation of incorrect or incomplete data (Art. 16 GDPR);
7.3 to withdraw consent at any time, effective for the future (Art. 7(3) GDPR);
7.4 to object to the processing of your personal data on grounds relating to your particular situation (Art 21(1) GDPR);
7.5 in certain cases defined in Art. 17 GDPR, to demand the erasure of data - especially insofar the personal data is no longer necessary for the envisaged purpose or if it is processed unlawfully, or if you withdraw your consent in accordance with (3) above, or if you have stated your objection in accordance with (4) above;
7.6 under certain conditions, to demand the restriction to the processing of data, insofar as it is not possible to erase it, or the obligation to erase disputed (Art. 18 GDPR)
7.7 to data portability, i.e. you are entitled to receive the personal data concerning you, which you provided to us, in a commonly used machine-readable format, such as CSV, and, where relevant, to transmit it to others (Art. 20 GDPR);
7.8 to object to the competent data processing supervisory authority regarding the processing of your personal data; the competent supervisory authority in this case is the Data Protection Commissioner of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).
Nagold, 20th April 2023