Privacy Policy

1  Basics

Data protection is important to us and we take it very seriously. We rely on a trusting cooperation with you and endeavor to satisfy you in every respect - this also applies to the handling of your personal data. With this privacy policy, we inform you in accordance with Art. 13, 14 GDPR which data is collected on our website and how your personal data is processed and used; please take note of the following information.
The operator of the website and responsible body in terms of data protection is

HÜBNER GmbH & Co KG
Heinrich-Hertz-Straße 2
34123 Kassel
Germany

(hereinafter referred to as HÜBNER)

In the course of the further development of our website and the implementation of new legal requirements or new technologies or in order to improve our service for you, changes to this data protection notice may become necessary. We therefore recommend that you read this data protection notice again from time to time.

2  General information on the processing of personal data

This data protection information applies to the processing of personal data by HÜBNER. Personal data means any information relating to you as an identified or identifiable natural person (Art. 4 No. 1 GDPR).
We process your personal data in compliance with the data protection laws of the Federal Republic of Germany and the European General Data Protection Regulation (GDPR). Under no circumstances will we pass on your personal data to third parties outside the HÜBNER Group for advertising or marketing purposes without your consent.
As an international group of companies, we use external service providers. Insofar as they process personal data on our behalf or jointly with us, this is done on the basis of joint controllership agreements within the meaning of Art. 26 GDPR or data processing agreements within the meaning of Art. 28 GDPR.
In our companies, compliance with the statutory provisions and this data protection notice is monitored by our data protection officers. Our employees have been trained in the handling of personal data and have been obliged in writing to comply with data protection regulations.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. We use suitable technical and organizational measures, such as precautions like pseudonymization, data minimization, observance of deletion periods, taking into account the current state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks, in order to protect your data from unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Despite these protective measures, however, we cannot completely rule out unlawful processing by third parties.
The Internet is a globally open platform. Due to the inherent operating mode of the Internet and the system-related risks, all data transmissions initiated by you are at your own risk. The only exception is if we offer you an encrypted transmission path.

3. General information on the storage of personal data

Unless otherwise specified in this data protection notice for individual data processing activities, the following applies to the duration of the storage of your personal data:
We delete your personal data as soon as the purpose of storage no longer applies. We may also store your data if this has been provided for by the European or national legislator in EU regulations, national laws or other regulations to which we are subject. Exceptions to the principle of deletion after the purpose has been achieved may result, for example, from the provisions of the GDPR and the provisions of German federal law, in particular the BDSG. Deletion will still not take place, for example, as long as there are retention obligations under commercial, tax and professional law. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.
Longer storage may also be necessary in individual cases due to the assertion or possible assertion of claims against us in connection with a contract or pre-contractual measures. This would be the case, for example, if there are indications that you will assert claims against us. The same applies if, in individual cases, an assertion of claims by us takes place, is intended or comes into consideration due to specific circumstances. The data will then be stored for as long as the processing of the data is necessary for the assertion, exercise or defense of legal claims plus the duration of any existing statutory retention obligation. The legal basis in this case is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is the assertion or defense of legal claims.
If a statutory retention obligation prevents deletion, your data will initially be stored by us in such a way that it can only be processed by a restricted group of people and will only be deleted after the retention obligation has ended.

4. No obligation to provide personal data

You are neither legally nor contractually obliged to provide us with personal data. However, if you wish to conclude a contract with us, such as a contract for the use of HUBLink, you are required to provide personal data. If you do not provide us with personal data in individual cases, you will not be able to conclude a contract with us.

5. Transfer to third countries

As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 para. 1 lit. b or lit. f in each case in conjunction with Art. 44 et seq. Art. 44 ff. GDPR). The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 para. 1, 2 lit. c GDPR (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates or recognized codes of conduct. Please contact our data protection officer if you would like more information on this.

6. No automated decision-making (including profiling)

We do not intend to use personal data collected from you for automated decision-making (including profiling).

7. Data processing when using our websites

The type and scope of the processing of your personal data differs depending on whether you visit our website only to retrieve information or to make use of services offered by us on the website. If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we collect the following data and store it in a log file. The following data is collected and stored until it is automatically deleted after 7 days:

• Anonymized IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved data
• Message as to whether the retrieval was successful
• Recognition data of the browser and operating system used
• Website from which the access is made
• Name of your Internet access provider

The lawful processing of this data is carried out for the purpose of enabling the use of the website (connection establishment), system security, technical administration of the network infrastructure and optimization of the website. The legal basis for processing in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in this respect is to maintain the functions of our websites. You have the option to object to this data processing. If you object to the processing of the data, we would like to point out that you may only be able to use our services to a limited extent.
This personal data will not be processed beyond the cases mentioned above unless you expressly consent to further processing. In this case, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. This consent can be withdrawn at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Data processing in relation to an existing or future contractual relationship

You have the option of using our HUBLink service portal on our websites and also utilizing contractual services (e.g. the purchase of spare parts from our product portfolio). To use HUBLink, you must register to create a user account; in this context, you conclude a user contract on the basis of our General Terms of Use for HUBLink (available here). Separate General Terms and Conditions of Sale apply to contracts concluded within HUBLink (e.g. purchase contracts for spare parts from our product portfolio).
If you contact us as part of a contractual relationship or to enter into a contractual relationship (e.g. to register a user account or to conclude a purchase contract), we will store your personal data transmitted with the request. We process the personal data required for the establishment and execution of the contractual relationship. This includes, in particular, your first name and surname and your contact details as well as other data required for the performance of the contract, depending on the type and scope of the contract concluded or to be concluded.
In this case, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR. The processing of this data serves to fulfill a contract or is necessary for the implementation of pre-contractual measures. We store your data until the termination of the contract plus any existing retention obligations. We also refer you to section 3 of this data protection notice.

9. Contact form / chat bot

You have the option of contacting us via our contact form, via our chat bot or via personal messages. To use these functions, we first need the data marked as mandatory fields from you. We process this data on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, with the legitimate interest of answering your request. In addition, Art. 6 para. 1 sentence 1 lit. b GDPR can also be considered as a legal basis if your request serves to carry out pre-contractual measures.

In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for contacting us. We process your voluntary information on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. This consent can be revoked at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Your data will only be processed to answer your request. We will delete your data if it is no longer required and there are no legal obligations to retain it. In all other respects, please refer to section 3 of this data protection notice.

10. Your data protection rights as a data subject

You have the following data subject rights vis-à-vis HÜBNER under the GDPR:

• Art. 15 GDPR: Right to information of the data subject
You have the right to obtain information from us about which of your personal data we process.

• Art. 16 GDPR: Right to rectification
If the data concerning you is incorrect or incomplete, you can request the correction of incorrect data or the completion of incomplete data.

• Art. 17 GDPR: Right to erasure
Under the conditions of Art. 17 GDPR, you can request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still required by us to fulfill our contractual and legal obligations.

• Art. 18 GDPR: Right to restriction of processing
Under the conditions of Art. 18 GDPR, you can request the restriction of the processing of personal data concerning you.

• Art. 20 GDPR: Right to data portability
Under the conditions of Art. 20 GDPR, you can receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller.

• Art. 7 para. 3 GDPR: Revocation of consent
If you have given your consent to the processing of your data, you can withdraw this at any time without affecting the lawfulness of the processing carried out up to the time of withdrawal. The permissibility of processing the data on the basis of other legal bases also remains unaffected. If your consent was the exclusive legal basis for the processing of your data, in particular if there is no legitimate interest on our part in the processing pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, we will delete the data immediately after the revocation of your consent.

• Art. 21 GDPR: Objection to certain processing operations
Insofar as we base the processing of your personal data on a balancing of interests (Art. 6 para. 1 sentence 1 lit. e or f GDPR), you can object to the processing of the personal data concerned at any time for reasons arising from your particular situation. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing. You can object to the processing of your personal data for advertising and data analysis purposes at any time without incurring any costs other than the transmission costs according to the basic rates

• Art. 77 GDPR: Complaint to the supervisory authority
You also have the right to lodge a complaint with the supervisory authority if you believe that your data is being processed unlawfully. The address of the supervisory authority responsible for us is

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden

Telephone: 0611-1408 0
E-mail: poststelle@datenschutz.hessen.de
Website: www.datenschutz.hessen.de

11. Protection of minors

As a rule, children and persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not knowingly request personal data from children and persons under the age of 18 and we ensure that we do not knowingly collect personal data from children and persons under the age of 18, use it in any way or disclose it to third parties without authorization.

12. Links

This data protection declaration applies to all data collected and processed by HÜBNER. In a few cases, links on the HÜBNER websites refer directly to the website of another provider, for whose content the respective provider is responsible. We assume no responsibility for the content and use of third-party websites. When leaving HÜBNER websites, we therefore recommend that you inquire with all operators of the linked websites about their data protection guidelines.

13. Cookies

Our website uses so-called "cookies". Cookies are small text files that are stored locally on your end device and can be read. Cookies do not cause any damage, do not contain viruses and are only used to recognize you. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We use cookies on our websites that are necessary for the operation of our websites.
These cookies only contain information on certain settings and are not necessarily personal. They may also be necessary to facilitate user guidance and to ensure the security of the site. We use cookies that are necessary for the operation of the website, not for analysis, tracking or advertising purposes. We use these cookies on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR in the legitimate interest of ensuring the functionality of our website.
You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the browser settings and prevent the setting of new cookies. If you reject the use of cookies (through a possible setting in your browser), the use of our website is still possible - possibly with restrictions.
We only use cookies that are not technically necessary if they are mentioned in this privacy policy.

14. OpenStreetMaps

We use the open source map service "OpenStreetMaps" (also known as "OSM") from the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, to display geodata. OSM is used to provide an interactive map on our website that shows you how to find and reach us. This service enables us to display our website in an appealing way by loading map material from an external server. The following data is transmitted to the OSM server during the display: The pages of our website that you have visited and the IP address of your device. The legal basis for the processing of your data in relation to the "OSM" service is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from our need for an appealing presentation of our online offer and the easy findability of the places indicated on our homepage. Insofar as you consent to the use of OSM, the legal basis is also Art. 6 para. 1 sentence 1 lit. a GDPR.
You can find more information on the handling of user data in OSM's privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

15. i40 portal

We use the augmented reality platform i40-Portal (also known as "i40") from INOSOFT AG, Im Rudert 15, 35043 Marburg. This is an innovative AR application for real-time support of employees, technicians and users on site over long distances. The following data is transmitted to the servers of INOSOFT AG when using i40: name of the customer, e-mail address, appointment details. The legal basis for the processing of your data in relation to i40 is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the use serves the fulfillment of a contract or the implementation of pre-contractual measures (e.g. to determine a repair requirement). In addition, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from our need to be able to offer you services and support as easily and efficiently as possible. Insofar as you consent to the use of i40, the legal basis is also Art. 6 para. 1 sentence 1 lit. a GDPR.
You can find more information on the handling of user data in INOSOFT AG's privacy policy: https://inosoft.de/datenschutz

16. Matomo

We use the web analysis tool "Matomo" for the needs-based design of our websites. Matomo creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize and count returning visitors. We also use the Heatmap & Session Recording modules. Matomo's heatmap service shows us the areas of our website where the mouse is moved most frequently or which are clicked on most often. The session recording service records individual user sessions. We can play back recorded sessions and thus analyze the use of our website. Data entered in forms is not recorded and is not visible at any time.
Data processing is based on your consent in accordance with Section 25 (1) TTDSG, Art. 6 (1) sentence 1 lit. a GDPR, provided that you have given your consent via our banner. You can withdraw your consent at any time. Please make the appropriate settings via our banner.
Further information on Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/

17. Embedded videos

We embed videos on our websites that are not stored on our servers. We use YouTube from Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and Vimeo from Vimeo LLC, 330 West 34th Street, 5th Floor New York, New York 10001. When you access our pages with embedded videos, the content of the third-party provider that makes the videos available is loaded. As a result, the third-party provider receives the information that you have accessed our site and the usage data technically required in this context.
We have no influence on further data processing by the third-party provider. However, when embedding the videos, we made sure to activate the extended data protection mode offered by the third-party provider. The extended data protection mode means that the third-party provider does not set any cookies.
The embedding takes place on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and in the interest of making our website as appealing and informative as possible.
You can find more information on the handling of user data in Google's privacy policy (https://policies.google.com/privacy?hl=de) and Vimeo's privacy policy (https://vimeo.com/privacy). 

18. Retrievability of the privacy policy

You can call up these data protection provisions from any HÜBNER website under the link "Data protection information " and print them out if required.

19. Your contact for data protection matters

If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly, who is also available in cases of requests for information, applications or complaints:

HÜBNER GmbH & Co KG
Data Protection Officer
Heinrich-Hertz-Straße 2
34123 Kassel
Germany - Germany

ds.hks(@)hubner-germany.com