1.1 Personal data (Art. 4 No. 1 GDPR)
The subject of data protection is personal data (hereinafter also referred to as data). Personal data include all information that relates to an identified or identifiable natural person, for example, details such as name, address, occupation, e-mail address, state of health, income, marital status, genetic characteristics, phone number and, where applicable, user data such as the IP address.
1.2 Controller (Art. 4 No. 7 GDPR)
The controller for the processing of your personal data in the context of using the website www.baumerhhs.com (hereinafter referred to as website) is Baumer hhs GmbH (hereinafter referred to as the operator or controller). The contact details are:
Baumer hhs GmbH
Managing Directors: Herr Percy Dengler, Herr Dr. Oliver Vietze
Phone: +49 (0) 2151 4402 0
Fax: +49 (0) 2151 4402 111
1.3 Data Protection Officer
The controller has appointed an external data protection officer who can be contacted at firstname.lastname@example.org.
1.4 Opportunity to object
2. Scope and purposes of data processing, legal basis, provision of data and storage period
2.1 Access and use of the website
Each time the website and its sub-pages are accessed, usage data are transmitted by the respective internet browser and stored in log files (server log files). The data records stored contain the following data:
- Date and time of access
- Name of the sub-page accessed
- IP address
- Referrer URL (origin URL from which you came to the website)
- Amount of data transferred
- Product and version information of the browser used
The log files are evaluated by the operator in anonymised form in order to further improve the website and make it more user-friendly, to find and correct errors more quickly and to control server capacities. For example, it can be traced at what time the website is particularly popular and the operator can provide the corresponding data volume. The data processed by the operator are required to enable you to access and use the website. The data involved are necessarily processed during the use of a tele medium.
The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the operator is to provide a website with information and to offer services to its customers as well as to optimise the operation of the website.
The provision of data is neither required by law nor required for the performance of a contract. However, it is necessary in order to be able to access the website of the operator. Failure to provide the data will result in you being unable to enter the operator’s website.
Your IP address is deleted or anonymised after use. In the case of anonymisation, the IP addresses are changed in such a way that they can no longer be assigned to an identified or identifiable natural person, or only with a disproportionate amount of time, cost and effort.
2.2 E-mail by single-click
On the website, you have the option of opening an e-mail addressed to the operator with a single click. The e-mail address that is linked to your e-mail programme is automatically used as the sender.
If you do not want your e-mail address to be retrieved in this way, you can change this in the settings of your respective e-mail programme.
The operator processes the data you provide in order to respond to your contact request and to communicate with you. The data are absolutely necessary for the aforementioned processes. The admissibility of this processing is based on Art. 6 para. 1 b) GDPR stating that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
The provision of the data is necessary for communicating with the operator. Failure to provide the operator with your personal data will result in the operator being unable to process your contact request or not completely.
The personal data processed as part of the communication are deleted upon expiry of the statutory retention periods, unless the operator has a legitimate interest in further retention. In any case, only data that are absolutely necessary to achieve the corresponding purpose are continued to be stored. As far as possible, the personal data are anonymised.
2.3. Repair and return
In order to process repair and return requests quickly, we need the following information from you:
- Reason for return
- Order number
- Customer number
- First name
- Last name
- Street, no.
- Postcode, city
- E-mail address
In addition, you can voluntarily provide the following information:
- Service no.
- Support no.
- Your reference number
- Alternative delivery address
- Depending on the reason for return, further details may be necessary
The operator processes this data basically only for the purpose of starting and carrying out the repair and return process. The admissibility of this processing is based on Art. 6 para. 1 b) GDPR stating that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
The provision of the data is necessary for the fulfilment of repair and return requests. Failure to provide the operator with your personal data will result in the operator being unable to process your request or not completely.
The processed personal data are deleted upon expiry of the statutory retention periods, unless the controller has a legitimate interest in further retention. In any case, only data that are absolutely necessary to achieve the corresponding purpose are continued to be stored. As far as possible, the personal data are anonymised.
Traders, employees of the operator and its subsidiaries have the possibility to log in with their user name and password. You will receive the access data when you join the company. In the login area you have access to internal company information of the operator.
The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the operator is to provide additional information to the employees.
The provision of the data is neither required by law nor required for the performance of a contract. Failure to provide the data will result in the employee being unable to access the employee area.
The data collected as part of the login are deleted unless the operator has a legitimate interest in further retention.
2.5 Online application
You can apply for vacancies via our online application portal. Therefore, the following data and documents have to be provided:
- First name
- Last name
- E-mail address / Login
- User language
- How did you become aware of us
In addition, the following data and documents can be provided voluntarily:
- LinkedIn profile
- Xing profile
- Letter of application
- Other documents
- Notes about yourself
You can choose whether your data should be stored for further job offers or not.
The data will be used by the controller in order to perform the application procedure. After registration you can log in with your user name and password and follow the application process.
The data will be stored by the external software provider Umantis AG in St. Gallen (Switzerland) and processed by the controller for your application.
You can also send us an unsolicited application. In this case, your data provided and transmitted to us as part of the application procedure are stored, including, for example:
- Master data, e.g. salutation, first name, last name, date of birth, gender.
- Contact/communication data, e.g. address, phone number, mobile number, e-mail address
- Application data, e.g. date of application, position
The operator processes your data for the purpose of carrying out the application procedure and to respond to your message. The admissibility of this processing is based on Section 26 BDSG, stating that personal data of employees may be processed for employment purposes if this is necessary for the decision on the establishment of an employment relationship. If you do not provide the operator with the requested information and documents, the operator cannot consider you in the application procedure. The provision of the data is contractually prescribed.
Application documents received by the operator will be kept for 6 months after rejection, unless the applicant has given consent for longer retention.
- Recognition of the user’s computer when visiting the website
- Tracking the user’s browsing activities on the website
- Improving the user experience of the website
- Evaluating the use of the website
- Operating the website
- Preventing fraud and improving the security of the website
- Customising the website taking into account the needs of the users
Cookies do not cause any damage to a browser. They do not contain viruses and do not allow the operator to spy on you. Two types of cookies are used. Temporary cookies are automatically deleted when you close your browser (session cookies). Permanent cookies, on the other hand, usually have a lifespan of 20 days. This type of cookie makes it possible to recognise you when you return to the website after leaving it. By using cookies, the operator is able to track your usage behaviour for the above-mentioned purposes and to the corresponding extent. They are also intended to enable an optimised surfing experience on the operator’s website. The operator also collects such data only in anonymised form.
The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the operator is the optimised presentation of its website.
The provision of the data is necessary in order to be able to access the operator’s website without errors. If you do not accept cookies or delete cookies that have already been set, this may lead to functional restrictions of the website.
Of course, you can also view the website without cookies. If you do not want the operator to recognise your computer, you can prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. Please refer to your browser manufacturer’s instructions for details of how this works. Please also read the manual of your browser to delete cookies that have already been set by your browser.
The provision of data is neither required by law nor required for the performance of a contract. If you do not accept cookies or delete cookies that have already been set, this may result in functional restrictions of the website.
Temporary cookies are automatically deleted when you close your browser (session cookies). Permanent cookies, on the other hand, are only deleted after the specified lifespan has expired. This type of cookie enables you to be recognised when you return to the website after leaving it.
2.7 Use of tracking tools
The operator uses the analysis tracking tool etracker of the provider etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, on its website. etracker collects data for marketing and optimisation purposes.
The data generated with etracker are processed and stored exclusively in Germany on behalf of the operator of etracker and are therefore subject to the strict German and European privacy laws and standards. etracker has been independently audited, certified and awarded the privacy seal of approval “ePrivacyseal” in this regard.
Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 f) GDPR (legitimate interest). The operator uses the information to optimise its online services and the web presence. Data that may allow a reference to an individual person, such as the IP address, are anonymised or pseudonymised as soon as possible. No other use or combination with other data or disclosure to third parties takes place.
You can object to the aforementioned data processing at any time. The objection has no adverse consequences.
In the case of using analysis and optimisation cookies, the legal basis is your consent according to Art. 6 para. 1 a) GDPR. You can give your consent to the analysis of your user behaviour when accessing the website by ticking a box. The provision of your personal data is of course voluntary and the consent can be withdrawn at any time.
etracker processes the following personal data:
- IP addresses, which are anonymised as soon as possible by default.
- User identifiers: randomly generated values that can be stored in cookies after the user has given his or her consent.
- Device identifiers if app tracking or app push is used.
- Identifiers optionally provided by the operator.
- E-mail addresses in the context of overlay newsletter opt-in dialogues if the function is used in the etracker optimiser.
Further information can be found directly at etracker https://www.etracker.com/en/data-privacy/.
2.8 Social media
The operator has embedded videos of the provider YouTube of YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on its website.
As long as the video is not clicked, no cookies are set by YouTube (extended privacy mode). When you play the videos, a connection to a YouTube server is established. The information regarding the operator’s websites that you have visited is transferred to YouTube.
If you are logged in to YouTube as a user, YouTube assigns this information to your personal user account. When using the service, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other user accounts of YouTube LLC and Google Inc. and deleting the corresponding cookies of the companies before using our website. Further information on data processing and notes on privacy by YouTube can be found at https://policies.google.com/privacy?hl=de&gl=de.
The transfer of your personal data to YouTube is carried out using standard data protection clauses pursuant to Art. 46 para. 2 c) GDPR, which were issued by the European Commission pursuant to Art. 93 para. 2 GDPR. Information on the standard data protection clauses can be found on the website of the European Commission: https://ec.europa.eu/info/index_en.
The operator uses YouTube to provide you with videos on various topics.
The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Using data for the purpose of making videos available to illustrate our services and products constitutes a legitimate interest as defined in Art. 6 para. 1 f) GDPR.
Furthermore, the admissibility of this processing is based on Art. 6 para. 1 a) GDPR, according to which the processing is lawful if the data subject has given his or her consent for setting cookies. You can withdraw your consent for setting cookies at any time.
2.9 Marketing and communication tools
The operator uses the WebinarGeek software of WebinarGeek B.V., Chroomstraat 12, Zoetermeer, Netherlands, to conduct customer webinars. The service is integrated into the individual sites via form embeddings (via iFrame). The forms are used to register for webinars. Registration is processed completely by WebinarGeek. In some cases, the forms are not embedded on the website. Instead, a link leads to an external site hosted by WebinarGeek, where the registration is processed.
The following personal data are collected during the registration process:
- First and last name
- E-mail address
- Name of the company (if applicable, further information)
The operator processes the data based on its legitimate interest in contacting customers and conducting webinars (Art. 6 para. 1 f) GDPR).
The personal data are stored as long as they are required to fulfil the purpose of the processing. Afterwards, the data are deleted.
Further information on privacy in connection with WebinarGeek can be found under the following link: https://www.webinargeek.com/privacy.
3. Right of access, rectification, erasure, restriction, objection and data portability
3.1 Right of access (Art. 15 GDPR)
Upon request, the operator shall provide you with information as to whether personal data concerning you are being processed. The operator makes every effort to process requests for information quickly.
3.2 Right to rectification (Art. 16 GDPR)
You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
3.3 Right to erasure (Art. 17 GDPR)
You shall have the right to obtain from the operator the erasure of personal data concerning you without undue delay and the operator shall have the obligation to erase personal data without undue delay where one of the grounds in Art. 17 para. 1 a) - f) GDPR applies.
3.4 Right to restriction (Art. 18 GDPR)
You shall have the right to obtain from the operator restriction of processing where one of the conditions of Art. 18 para. 1 a) – d) GDPR applies.
3.5 Right to object (Art. 21 GDPR)
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 e) or f) GDPR, including profiling based on those provisions. The operator shall no longer process your personal data unless the operator demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where your personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
For your notification, please use the contact address given in the legal notice.
3.6 Right to data portability (Art. 20 GDPR)
You shall have the right to receive the personal data concerning you, which you have provided to the operator, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the operator to which the personal data have been provided, where the processing is based on consent pursuant to Art. 6 para. 1 a) GDPR, Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 b) GDPR and the processing is carried out by automated means.
4. Withdrawal of your consent
If you have given your consent to the processing of your personal data and withdraw this consent, the processing carried out until the time of withdrawal remains unaffected.
5. Right to complain
You shall have the right to lodge a complaint with the competent supervisory authority at any time.
The data collected when accessing and using the website and the information you provide when contacting us are transmitted to the operator’s server and stored there. Furthermore, your data may be forwarded to the following categories of recipients:
- Internal departments involved in the processing of your personal data (e.g. marketing department, personnel department, customer service, secretariat).
- Processors (e.g. data centre, IT service provider, software support)
- Contractual partners of the operator (e.g. shipping service providers, banks, tax advisors)
- Public bodies (e.g. authorities)
7. Links to third-party sites