Data protection
Information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) and other data protection laws
1./ Who is responsible for data processing and who can I contact?
Our responsible person is:
Andrew Shimf
Am Beckerkamp 6
21031 Hamburg
Germany
Tel: 017661194727
Email: kontakt@hhc-grosshandel.com
2./ What do we process your data for and on what legal basis? / Can I refuse the survey?
Our website collects a series of general data and information each time you or an automated system access it. This general data and information is stored in the log files of our server. The browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website, the sub-websites which are accessed via an accessing system on our website, the date and time of access can be recorded to the website, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar data and information that serve to avert danger in the event of attacks on our IT systems. When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is required to deliver the content of our website correctly, to optimize the content of our website and the advertising for it, to ensure the long-term functionality of our IT systems and the technology of our website, and to provide law enforcement authorities with criminal prosecution in the event of a cyber attack to provide necessary information. We therefore evaluate this anonymously collected data and information statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process (Art. 6 Para.1 f GDPR). The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
2.1 To fulfill contractual obligations / based on consent To fulfill contractual obligations / based on consent (Art. 6 Para.1 a, b GDPR)
We use personal data (e.g. name, address, e-mail address, telephone number, nationality, gender, company name) that you voluntarily transmit to us in connection with the conclusion of a contract or the initiation of a contract conclusion (e.g. via our contact form, to contact you via e-mail), based on the associated consent (Art. 6 Para.1 a GDPR). This data is then processed by us in accordance with the legal provisions (e.g. the BDSG, the TMG and the GDPR). Which personal data is transmitted to the person responsible for processing results from the respective input mask used for registration or contact or based on your decision as to which information you would like to make available to us.
In particular, you have the option of registering on our website and thus creating a user profile. The data is entered into an input mask, transmitted to us and stored. The registration serves to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 Para.1 b DSGVO. After registration on our website, we collect and process the following data in addition to the data that your Internet browser automatically transmits to us, which, depending on the processing purpose, are marked as mandatory or voluntary information:
Date and time of registration
Salutation, your first name and last name
your postal address
Your email address
If provided voluntarily, your telephone number, company name, fax number
In this context, you will also be asked to assign a password in order to ensure the security of your account and the legitimacy when ordering.
We process the data that is required to fulfill a contract or to carry out pre-contractual measures (e.g. to answer your questions about the product or a service) (Art. 6 Para.1 b DSGVO). If we do not provide the personal data, we cannot meet our contractual obligations (e.g. invoicing, the provision of our services, the assertion of claims, correspondence with you, the preparation of the treatment). Nor can we answer your request.
The information marked with "*" in our online forms (e.g. callback service, contact form) is mandatory in order to be able to address you personally (name) and to answer your questions (email).
2.2 As part of the balancing of interests (Art. 6 Para.1 f GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties (e.g.):
Testing and optimization of procedures for needs analysis and direct customer contact; Advertising or market and opinion research, unless you have objected to the use of your data; Assertion of claims and defense in legal disputes; Ensuring the IT security and IT operations of our company; Prevention and investigation of criminal offenses; To operate our website (including integration of social plugins);
We also use your name and contact information (e.g. e-mail address) to send you product information about our services (e.g. new products). This processing of your aforementioned data is necessary to protect our legitimate interests (according to Article 6 Para. 1 f GDPR) and is justified by a weighing of interests in our favour.
Without using this data, we cannot send you any direct mail. We only use your data for direct advertising for our services if you have initially consented to this (Art. 6 Para.1 a GDPR) and your consent has not been revoked. We also ensure through the selected communication channels for advertising (e.g. post, e-mail) that these mean the least possible disruption to you.
2.3 Online Store
We operate an online shop on our website. If you want to order goods in our online shop, you can do this via your customer account (see Section 2.1). You can also use the “order as a guest” function.
We create an internal debtor account in our processing system for each order or assign your order to an existing debtor account. In this we store your basic data required for contract processing:
Contact details (surname, first name, salutation)
country
birth date
Optional email address
if necessary, address data and telephone number
If you register or have already registered, the data stored in your customer account will be linked.
When paying, we do not store any payment information (e.g. bank details, account number). You give this information exclusively and directly to your respective payment provider. We process the aforementioned data in accordance with Art. 6 Para.1 a and b GDPR. Without the data we cannot conclude and/or process a contract with you.
3./ Who works with the data?
3.1 The personal data will only be used by the departments involved in the execution of the contract; these are the employees in our company.
3.2 Processors used by us (Art. 28 GDPR, basis for this: Art. 6 Para.1 a and b GDPR) can also receive data for these purposes. These are companies in the categories of IT services, logistics (shipping of goods), printing services, telecommunications, legal and tax advice, tax consultants, debt collection, advice and consulting as well as sales and marketing. We store the data received on servers from specialized service providers within Germany.
3.3 Depending on the payment method you have chosen (Paypal, Sofortüberweisung), we transmit certain information (in particular the payment amount) to the payment service provider. The respective service provider processes the transmitted information and, if necessary, collects your data on its own responsibility.
When paying via PayPal, your payment data will be forwarded to PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg ("Paypal") as part of payment processing. PayPal, in turn, reserves the right to carry out a credit check for the payment methods offered there (e.g. credit card or direct debit). PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values. We have no influence on this. Further data protection information, including information on the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
When paying via paydirekt, your payment details will be sent to paydirekt GmbH (“paydirekt”), Hamburger Allee 26-28, 60486 Frankfurt am Main, as part of the payment process. The payment data (e.g. payment amount, details of the payee) together with the participant's confirmation that the payment data are correct are collected, processed and transmitted to the bank by paydirekt in order to carry out the paydirekt payment. paydirekt authenticates the payment using a specially created authentication process. The bank then authorizes the payment to the merchant using paydirekt. paydirekt collects and stores the transaction data (e.g. transaction ID and information on the shopping cart) from paydirekt payments. You can find more information in the paydirekt data protection declaration at: https://www.paydirekt.de/agb/index.html
We only receive a notification from the payment service provider about the execution of the payment. This notification is then processed as the basis for further contract processing. If you make use of your statutory rights of revocation and/or warranty with regard to the purchased goods, we will process your data for the purpose of this processing.
3.4 The data will not be passed on to third parties who are not involved in the execution of the contract. In particular, there is no transfer of personal data to a third country or an international organization.
4./ How long will your data be stored?
4.1 If necessary, we process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this is required by the European legislator for directives and regulations or another legislator in laws or regulations to which the person responsible for processing is subject, was provided. We are subject to various legal storage and documentation obligations, which result from the HGB, the AO, the KWG and the GwG, among others. In § 147 AO, for example, a retention obligation of up to ten years is regulated. If you have given your consent to the processing of personal data (Art. 6 Para.1 a GDPR), we will delete this data at the latest as soon as you revoke your consent and if there is no other legal basis for the processing.
4.2 If you have given your consent to the processing of personal data (Art. 6 Para.1 a GDPR), we will delete this data at the latest as soon as you revoke your consent and if there is no other legal basis for the processing.
4.3 If the purpose of storage no longer applies or if a storage period stipulated by the European legislator for directives and regulations or another competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions, provided that they are no longer required to fulfill or initiate a contract.
5./ Is there automated processing?
We do not make any decisions within the meaning of Art. 22 GDPR that are based solely on automated processing - including profiling - and/or have a legal effect on you or significantly affect you in a similar way. If we use these procedures in individual cases, we will inform you separately if this is required by law.
6./ What data protection rights do you have?
You have a right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to data portability under Art 20 GDPR and the right under Article 21 GDPR to object to the processing of your data. Consent to the processing of data can be revoked at any time (Art. 7 GDPR).
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), compare Section 7./. The revocation / your request should be sent to:
7./ Right to complain
You have the right to lodge a complaint with a supervisory authority, in particular in the country where you are currently staying or where you work or where an alleged infringement has taken place, if you believe that the processing of data concerning you personal data violates the GDPR.
8./ Use of cookies
We use cookies (the basis for making visiting our website attractive and enabling the use of certain functions. These are small text files that are stored on your computer. Cookies are (e.g.) used to support:
when saving products that you have added to your shopping cart or wish-listed; during an order in order not to have to re-enter this data; when saving preferences such as language or location; optimizing integrated video ads, recording your browser settings in order to display our website optimally on your screen or detecting misuse of our websites and services (e.g. through multiple registrations).
It is used to protect our legitimate interest in the optimization and economic operation of our website (Art. 6 Para.1 f GDPR). Most of the cookies used are deleted from the hard drive after the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called long-term cookies). These cookies are used to greet you with your user name and make it unnecessary to re-enter your password or fill out forms with your data for subsequent orders. External third parties are not permitted to collect, process or use personal data via our website using cookies. You can set your browser so that you are informed about the setting of cookies. You can then decide on a case-by-case basis whether or not to accept cookies. If cookies are not accepted, the functionality of the online shop may be restricted.
9./ Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA - hereinafter "Google"). Google uses cookies for this. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the EU or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be sent to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The data is processed to safeguard our legitimate interest in the optimization and economic operation of our website (Art. 6 Para.1 f GDPR). You can prevent the storage of cookies by setting the browser software accordingly; however, we would like to point out that in this case not all functions of our website can be fully available. You can also prevent Google from collecting the data generated by the cookie and relating to the use of our website and from processing this data by Google by downloading and installing the browser plug-in available under the following link (the current link is: http://tools.google.com/dlpage/gaoptout?hl=de). You can find more information about Google Analytics at: http://www.google.com/intl/de/analytics/privacyoverview.html.
In view of the discussion about the use of analysis tools with full IP addresses, we would like to point out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in abbreviated form in order to rule out direct personal reference.
Further information and Google's data protection declaration can be found at: www.google.de/policies/privacy/. Google is certified under the Privacy Shield Agreement and thus offers an appropriate level of data protection in accordance with Art. 45 GDPR. For more information, see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
10./ Facebook
Our website also uses so-called social plugins (“Facebook plugins”) from the social network facebook.com, which is operated by Facebook Inc. (“Facebook”). The Facebook plugins can be recognized by one of the Facebook logos or are marked with the addition "Facebook Social Plugin". If you call up a page on our website that contains such a Facebook plugin, your browser establishes a direct connection with the Facebook servers. The content of the Facebook plugin is sent directly to your browser by Facebook, which integrates it into the website. We therefore have no influence on the extent of the data that Facebook collects with the help of this Facebook plugin and are therefore informing you according to our level of knowledge. By integrating the plugin, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged into Facebook, Facebook can assign the visit to your Facebook account. If you interact with the Facebook plugins, for example by pressing the Like button or making a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, there is still the possibility that Facebook will find out and store your IP address. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's data protection information (e.g. at https://de-de.facebook.com/full_data_use_policy).
If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your member data stored on Facebook, you must log out of Facebook before visiting our website. The data is processed to safeguard our legitimate interest in the optimization and economic operation of our website (Art. 6 Para.1 f GDPR).
11./ Google Plus
This website uses Google+ ("Google Plus"), which is also offered by Google. If you call up a page on this website that contains such a button, your browser establishes a direct connection with the Google servers. The content is sent directly to your browser by Google, which integrates it into the website. We therefore have no influence on the amount of data that Google collects with the button. According to Google, no personal data is collected without a click on the button. Such data, including the IP address, is only collected and processed for logged-in members. The data is processed to safeguard our legitimate interest in the optimization and economic operation of our website (Art. 6 Para.1 f GDPR).
It is possible that if you give your consent, your profile pictures, the user ID of your friends and the friends list may also be transferred if they have been marked as "public" in your privacy settings on Google Plus. The data transmitted by Google Plus will be stored and processed by us to create a user account with the necessary data, if you have given Google Plus permission to do so (title, first name, last name, address data, country, e-mail address, date of birth). . Conversely, data (e.g. on your usage behavior) can be transferred from us to your Google Plus profile.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options for protecting your privacy can be found in Google's data protection information at: https://policies.google.com/privacy?hl=de. If you are a Google Plus member and do not want Google to collect data about you via our website and link it to your member data stored on Google, you must log out of Google Plus before you visit our website.
12./ Google AdWorks
We use the online advertising program “Google AdWords” and conversion tracking as part of Google AdWords. Google Conversion Tracking is an analysis service provided by Google Inc, 600 Amphitheater Parkway, Mountain View, CA 94043, USA (Google Inc). If you click on an ad placed by Google, a conversion tracking cookie will be placed on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. If you visit certain web pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were forwarded to this page. Each Google AdWords customer receives a different cookie. Thus, there is no possibility that cookies can be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Here, customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies by setting your browser software accordingly (deactivation option). You will then not be included in the conversion tracking statistics. Further information and Google's data protection declaration can be found at: www.google.de/policies/privacy/. The data is processed to safeguard our legitimate interest in the optimization and economic operation of our website (Art. 6 Para.1 f GDPR).
13./Instagram
This website also uses social plugins from the Instagram social network ("Instagram Plugins") operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").
If you access a page on our website that contains such an Instagram plugin, your browser establishes a direct connection to the Instagram servers. The content of the Instagram plugin is sent directly to your browser by Instagram and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately assign your visit to our website to your Instagram account. If you interact with the Instagram plugins, for example by pressing the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account and shown to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by Instagram as well as your rights in this regard and setting options for protecting your privacy can be found in Instagram's data protection information: https://help.instagram.com/155833707900388/
If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website.
The data is processed to safeguard our legitimate interest in the optimization and economic operation of our website (Art. 6 Para.1 f GDPR).
14./ Encryption
We use SSL or TLS encryption to protect the transmission of confidential data. You can recognize this, for example, by the fact that there is “https://” in the address line of your browser.
15./ Declaration of acknowledgment of the privacy policy
I/we have taken note of the "Information on data protection". I/we are aware that my/our data required for processing, administration and processing will be processed in accordance with the GDPR and that the data collected as part of the contract processing will be forwarded to the offices listed above.
*Abbreviations
GDPR
–
General Data Protection Regulation
BDSG
–
Federal Data Protection Act
TMG
–
Telemedia Act
AMLA
–
Money Laundering Act
HGB
–
commercial code
KWG
–
Banking Act
oh
–
tax code
Civil Code
–
Civil Code