Privacy Policy

Privacy

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidential and in accordance with the statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data are collected. Personal data are information that relate to an identified or identifiable natural person. The following Privacy Policy explains what data we collect and what we use it for.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

Controller

The controller within the meaning of data protection law is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

The controller for the data processing on this website is:

hebold systems GmbH
Peter-Henlein-Straße 12
27472 Cuxhaven

Germany

Phone: +49(0)4721 601838
E-mail: sales@hebold.com

Contact details of the data protection officer

Our company data protection officer is available to answer any questions you may have and to act as your contact person on the subject of data protection at our company. His contact details are:

hebold systems GmbH
For the attention of the data protection officer
Peter-Henlein-Straße 12
27472 Cuxhaven
Germany

E-mail address: datenschutz@hebold.com

Cookies

When using our website, so-called cookies, which can be stored on your end device, are used as technical functional aids for various functions. A cookie is a text information that can be stored in the web browser of your end device in each case to a visited website. The cookie is either sent to the web browser by the web server or generated in the web browser by a script as a sequence of repetitive program instructions.

Below is an overview of the cookies and other technologies we use when you use the website.

Server log files

The operator of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address of the requesting computer

The storage of the aforementioned access data is necessary for technical reasons to provide a functional website and to ensure system security. The basis of the data processing are our legitimate interests according to Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to provide our web offer in a secure manner. The storage period of the data described above is seven days. In exceptional cases, the data is stored to clarify suspected cases of unlawful use until the suspicion is resolved.

Contact form

If you send us an inquiry via the contact form, the information you provide in the form, including the contact data you enter there, will be processed by us for the purpose of processing the inquiry and in the event of follow-up questions.

If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 Para. 1 lit. b GDPR. If you contact us for any other reason, the processing is carried out to protect our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR for the proper response to contact requests. Our legitimate interest in this respect is the provision of a communication channel for prompt contact and response.

The data you enter in the contact form will remain with us until you request us to delete it, withdraw your consent to store it, or the purpose for storing the data no longer applies (e. g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Newsletter

You can subscribe to our newsletter, with which we inform you about our current interesting offers, by giving your consent. The advertised goods and services are named in the declaration of consent.

For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you are the owner of the specified e-mail address and wish to receive the notifications. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

The only mandatory data for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 Para. 1 lit. a GDPR.

You can withdraw your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the withdrawal by clicking on the link provided in every newsletter e-mail, via the contact form on our website or by sending a message to the contact details provided in the imprint.

Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The data protection controller for users in the EU / EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:

• Page views
• First visit to the website
• Session start
• Your "click path", interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• internal queries
• Interaction with videos
• File downloads
• Ads seen / clicked
• Language setting

Also recorded:

• Your approximate location (region)
• Your IP address (in shortened form)
• technical information about your browser and the end devices you use (e. g. language setting, screen resolution)
• Your Internet provider
• the referrer URL (via which website/advertising medium you came to this website)

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.

Recipients of the data are / can be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor according to Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that U.S. authorities will access the data stored by Google.

Insofar as data is processed outside the EU / EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU / EEA. You may not be entitled to any legal remedies against access by authorities.

The data sent by us and linked to cookies are automatically deleted after. The deletion of data whose retention period has been reached occurs automatically once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR.

You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal remains unaffected.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in the restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by selecting

1. Not give your consent to the setting of the cookie or
   b. Download and install the browser add-on to disable Google Analytics HERE.

For more information about Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

hebold systems is also active in social networks (social media), whereby personal data of data subjects are also processed. In the following, we would like to inform you about which social media are involved in detail:

a) LinkedIn

For the information service offered here, hebold systems uses the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn"). We would like to point out that you use this LinkedIn page of hebold systems and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e. g. commenting, sharing, rating).

Joint controllership with LinkedIn

hebold systems is only jointly responsible with LinkedIn for the processing of so-called "Insights Data" insofar as this data is used for the creation of so-called "Page Insights".

hebold systems and LinkedIn have concluded an agreement as part of their joint responsibility, which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum (so-called "Page Insights Joint Controller Addendum"). The agreement relates to those data processing operations that are collected in connection with a visit to or interaction with our LinkedIn profile, but only insofar as these data are also processed (thereafter) for "Page Insights". "Page Insights" include analytics services that help the operator of a LinkedIn profile to better understand interactions with their pages. The purpose of the data processing is to create aggregated statistics for LinkedIn profile operators.

This involves processing of data in the context of a visit to or interaction of persons with a LinkedIn profile, but only insofar as the purpose is the use for "page insights". LinkedIn provides more detailed information on this at the following link: https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en. The "Information on data for "Page Insights" (https://legal.linkedin.com/pages-joint-controller-addendum), which can be accessed by data subjects, indicates how and when "Insights data" is collected and used to create "Page Insights":

• When a LinkedIn member visits, follows, or engages with the site, LinkedIn processes personal data to provide the site operator with insights into usage
• In particular, LinkedIn processes data provided by the member to LinkedIn, such as data on function, country, industry, seniority, company size, and employment status from a member's profile and employment status from a member's profile and
• In addition, LinkedIn processes information about how a member has interacted with your company page, such as whether a member is a follower.

When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of the LinkedIn page, with statistical information about the use of the LinkedIn page. We do not receive any personal data from LinkedIn in this context.

The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. What information LinkedIn receives and how it is used is described in general terms by LinkedIn in its user agreement and its privacy policy. There you will also find information on how to contact LinkedIn and on the settings options for advertisements. LinkedIn's data policy is available at the following link: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Should you wish to exercise a data subject right to which you are entitled under the GDPR, we would like to point out that we cannot fully comply with all of these rights without LinkedIn. Surely, therefore, it would be more effective for you to contact LinkedIn directly. However, if you still need assistance, please feel free to contact us.

The respective controllership, in particular with regard to the protection of data subjects' rights, between hebold systems and LinkedIn can be found in the Page Insights Addendum (https://legal.linkedin.com/pages-joint-controller-addendum).

LinkedIn assumes primary responsibility for compliance with the GDPR obligations for the shared processing of "Insights Data". This includes the fulfillment of the following data subject rights:

• The right of access (Art. 15 GDPR)
• The right of erasure (Art. 17 GDPR)
• The right to restriction of processing (Art. 18 GDPR)
• The right to data portability (Art. 20 GDPR) and
• The right to object (Art. 21 GDPR).

More details on how to exercise these rights are provided by LinkedIn in its privacy policy under point 4: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Controllership of hebold systems

In addition, hebold systems is also solely responsible for certain data processing. We process the following data for communication with LinkedIn users to offer our information service:

• User interactions (postings, likes, etc.)
• Profile name as well as data provided by the user in the course of the conversation, e.g. for processing service requests
• Statistical surveys on target group advertising
• Statistical data on user interactions in aggregated form, i.e. without personal reference for hebold systems (e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day) and
• Targeted advertisements based on aggregated demographic data that is not personally identifiable (e. g., age, location, language, or gender information).

The processing is carried out for the purpose of answering your inquiries (if you have submitted an inquiry to us) or communicating with you and to publish information about events, products and services of hebold systems. The legal basis for processing for the purpose of responding to inquiries that serve a future contract conclusion and are initiated by you is Art. 6 Para. 1 lit. b GDPR and in other cases Art. 6 para. 1 lit. f GDPR.

Insofar as personal data is transferred to LinkedIn servers in the USA and stored and further processed there, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland has concluded the standard data protection clauses adopted by the EU Commission with the LinkedIn companies located in the USA, which permit the transfer of personal data to the USA in individual cases.

The legitimate interest consists in the effective provision of information for users, customers and interested parties and communication with these persons as well as the external presentation of hebold systems.

You can find the current version of this Privacy Policy on the "About Us" page under the "Privacy Policy" section of our LinkedIn page.

After your request has been completed, the personal data you have provided will be deleted from our systems. Should you interact with us publicly, for example by leaving a comment or "liking" a post, this data will remain publicly accessible on the site until deleted by us or you. Insofar as legal storage obligations require longer storage, your data will only be stored for this purpose and will be blocked for other purposes.

To exercise your right to object to us, please contact us either at datenschutz@hebold.com or at the above address by mail or telephone. We will then process your request immediately.

The provision of your data is voluntary. However, visiting our profile is not possible without us processing personal data jointly with LinkedIn or hebold systems and LinkedIn processing personal data in their own, separate controllership.

Right to object

You have a right to object on specific grounds (see below under "Right to objection pursuant Art. 21 Para. 1 GDPR").

Right of access

You can request access to your personal data that we process in accordance with Art. 15 GDPR.

Right to rectification

If the information concerning you are not (or no longer) accurate, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

Right to deletion

You may request the deletion of your personal data in accordance with Art. 17 GDPR.

Right to restriction of processing

According to Art. 18 GDPR, you have the right to request a restriction of the processing of your personal data.

Right to complain

If you consider that the processing of personal data relating to you infringes data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your own choice in accordance with Ar. 77 Para. 1 GDPR. This includes the data protection supervisory authority responsible for the controller: State Commissioner for Data Protection of Lower Saxony, https://www.navo.niedersachsen.de/navo2/portal/csend/8915/fileget/dsbeschwerdeformular.html.

Right to data portability

In the event that the requirements of Art. 20 Para. 1 GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The collection of data to provide the website and the storage of log files are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6 Para. 1 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR, but are justified pursuant to Art. 6 Para. 1 lit. f GDPR. The requirements of Art. 20 Para. 1 GDPR are therefore not met.

Right to objection pursuant Art. 21 Para. 1 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Art. 6 Para. 1 lit. f GDPR. The controller will then no longer process the personal data, unless he can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.

This Privacy Policy is currently valid and has the status: 24.08.2023

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this Privacy Policy.