Data Privacy

 

Thank you very much for your interest in our company. Data Privacy has a particularly high priority for our company. Usage of our website is possible without any information about personal data. When you want to take advantage of services of our company via the website, the processing of personal data may become necessary. We always ask your permission to process your data, when the processing is necessary and we do not have a legal basis for processing.

The processing of personal data, e.g. your name, address, e-mail address or phone number, is always according to GDPR and according to data privacy regulations valid in our state. Through this data privacy policy we want to inform the public about type, range and purpose of the personal data we collected and processed. Furthermore, we clarify your due rights with this privacy policy.

Our company, as the controller, implemented a wide range of technical and organizational measures to ensure a complete as possible protection of the data processed with the help of this website. Yet, internet based data transmissions can have security gaps in principle, so that an absolute protection cannot be guaranteed. For that reason, you are free to submit your personal data in alternate ways, e.g. with a phone call.

1. Definitions
The data privacy policy of our company is based on concepts, that were used by the European directive and regulatory body, when they decreed the General Data Protection Regulation (GDPR). Our privacy policy is meant to be readily understandable for the public as well as our customers and business partners. To ensure this, we want to define the used concepts beforehand.

We use in this privacy policy amongst others the following concepts:

·         a) personal data
Personal data are all information, that are related to an identified or identifiable natural person (from here affected person). Identifiable is a natural person that can be identified directly or indirectly, especially by allocation with an ID, a name, location data, online ID or one or more special characteristics that are manifestation of physical, physiological, genetic, psychic, economic, cultural or social identity of that person.

·         b) affected person
Affected person is every identified or identifiable natural person, whose personal data are processed by the responsible body.

·         c) processing
Processing is every action in connection with personal data, that is carried out with or without help of automated processes, such as collecting, register, organisation, storage, adaptation or change, selecting, query, usage, disclosure by transmission distribution or other forms of provision, adjustment or linking, restriction, deleting or destroying the data.

·         d) restriction of processing
The restriction of processing is marking of the personal data with the with the aim of restricting the future use of the data.

·         e) Profiling
Profiling is every type of automated processing of personal data that consists of using those personal data to evaluate certain personal aspects that refer to a natural person, especially analysing or predict aspects regarding work performance, economic status, health, personal preferences, interests, reliability, behaviour, location or change of location.

·         f) Pseudonymising
Pseudonymising is the processing of personal data in a way, in which the personal data cannot be related to a certain affected person without consulting additional information, provided, these additional information are stored separately and are subject to technical and organizational measures, that ensure these data cannot be allocated to an identified or identifiable natural person.

·         g) controller
Controller is the natural or legal person, authority, facility or other body that decides about purposes and means of processing personal data alone or together with third parties. Are purposes and means of the processing specified by law of the union or law of the member state, the controller or certain criteria of its designation can be provided by law of the union or law of the member state.

·         h) processor
Processor is a natural or legal person, authority, facility or other body that processes data on behalf of the controller.

·         i) recipient
The natural or legal person, public authority or other body which is disclosed the personal data.

·         j) third party
A natural or legal person that is not the controller or the processor, but who is authorized by them to process personal data.

·         k) consent
The informed, unambiguous and freely given permission from the data subject to have data relating to him or her processed.

2. Name and address of the controller
Controller in the meaning of the General Data Protection Regulation, other valid data privacy laws of the member states of the European Union and other regulations with data protection character is:

Glaswarenfabrik Karl Hecht GmbH & Co KG
Stettener Str. 22 - 24
97647 Sondheim v. d. Rhön

 

3. Collecting of general data and information
Our website collects a series of general data and information with every visit of the website by an affected person or an automated system. These general data and information are stored in the log files of the server. Collected data can be (1) the used browser type and versions, (2) the operating system of the visiting system, (3) the website that leads the visiting system to our website (so called referrer), (4) the subsites that are visited by a visiting system, (5) date and time of the visit, (6) an internet protocol address (IP address), (7) the Internet Service Provider (ISP) of the visiting system and (8) other similar data and information that serve the security in case of attacks on our information technology systems.

By using this general data and information we don’t draw conclusions to the affected person. These information are needed to (1) deliver the contents of our website correctly, (2) optimize the contents of our website, (3) ensure the permanent operability of our information technology systems and technology of our site and (4) to provide the necessary information for a legal investigation to law enforcement agencies in case of a cyber-attack. Those anonymously collected data and information are on the one hand evaluated statistically, on the other hand evaluated with the aim of improving data privacy and data security in our company, to eventually ensure an optimal protection level for the personal data processed by us. The anonymous data in the server log files are stored separately from all given personal data of an affected person.

4. Means of contact via our website
Due to legal regulations our website contains information to enable a fast electronic contact to our company and a direct communication with us. This includes our email address. If an affected person makes contact with the controller via email, the provided personal data will be automatically saved. Those provided personal data based on consent from the affected person are stored for the purpose of processing the enquiry or contacting the affected person. No data are transferred to third parties.

5. Routinely deletion and blocking of personal data
The controller processes and stores personal data of the affected person only for the necessary time to fulfil the purpose of the storage or for the time specified by European directive and regulatory body or other legislator which the controller is subject to.

Is the purpose of storage not applicable anymore or the retention period expires, the personal data are blocked or deleted routinely according legal regulations.

6. Rights of the affected person

·         a) Right to confirm
Every affected person has the right, given by the European directive and regulatory body, to demand a confirmation of the controller about processing their personal data. If you want to claim this right to confirm, you can contact us anytime.

·         b) Right to be informed
Every affected person has the right, given by the European directive and regulatory body, to get information free of charge about which personal data is stored by the controller anytime. Furthermore, the European directive and regulatory body granted information to affected persons about following data::

o    purposes of processing

o    categories of personal data, that are processed

o    the recipient or categories of recipients, to which personal data have been or will be disclosed, especially with recipients in third countries or international organisations

o    if possible the planned period of the storage of personal data or, if not possible, the criteria to determine this period

o    the existence of a right to correct or erasure of the personal data concerning them or to restrict the processing of those data by the controller or to oppose to this processing

o    the existence of a right to complain to a supervisory authority

o    all available information of the source of personal data, if not provided by the affected person themselves

o    Furthermore, there is a right to information about whether personal data concerning them were transferred to third countries or international organisations. Should that be the case, the affected person has the right to information about safeguards regarding the transfer.
If you want to claim this right to information, you can contact us anytime.

·         c) right to correct
Every affected person has the right, given by the European directive and regulatory body, to demand the immediate correction of personal data concerning them. Furthermore, every affected person has the right to demand completion of incomplete data considering the purpose of processing, also by means of a supplementary explanation.
If you want to claim this right to correct, you can contact us anytime.

·         d) right to erasure (right to be forgotten)
Every affected person has the right, given by the European directive and regulatory body, to demand from the controller that personal data concerning them is deleted immediately, provided one of the following reasons is true and the processing is not necessary:

o    The personal data were collected for purposes or processed in a way for which they are not necessary anymore.

o    The affected person revokes their consent, on which the processing according to Art. 6 (1) (a) GDPR or Art 9 (2) (a) GDPR was based on and there is no other legal base to processing

o    The affected person files an objection according to Art. 21 (1) GDPR against processing their data and there are no reasons of prime importance to processing or the affected person files an objection according to Art. 21 (2) GDPR against the processing.

o    The personal data were processed illegitimately.

o    The deletion of the personal data is required by union law or by law of the member state, which the controller is subject to.

o    The personal data were collected regarding offered services of the information society according to Art. 8 (1) GDPR.

o    Provided one of the above reasons is true and you want to arrange deletion of your personal data that is stored with us, you can contact us anytime. Your demand of deletion will be followed immediately.
If the personal data were made public by us and we as controller are obliged to delete the personal data according to Art. 17 (1) GDPR, we’ll arrange adequate measures considering the available technology and implementing costs, to inform other controllers, that process the made public personal data, that you demanded deletion of all hyperlinks to those personal data or copies of those personal data, as far as the processing is not required. We will initiate the necessary in individual cases.

·         e) right to restriction of processing
Every affected person has the right, given by the European directive and regulatory body, to demand restriction of processing their personal data, provided one of the following reasons is true:

o    The correctness of the personal data is disputed by the affected person and for a duration that enables the controller to verify the correctness of the personal data.

o    The processing of the personal data is illegitimate, but the affected person opposes of deletion and demands restriction instead.

o    The controller does not need the personal data for processing purpose anymore, but the affected person needs them for assertion, execution or defence of legal claims.

o    The affected person filed objection against processing according to Art. 21 (1) GDPR and it is not certain yet, whether the legitimate reasons of the controller outweigh the legitimate reasons of the affected person.

o    Provided one of the above reasons is true and you want to demand restriction of processing your data, you can contact us anytime. Your demand of restriction will be followed immediately.

·         f) right to data portability
Every affected person has the right, given by the European directive and regulatory body, to get the personal data concerning them, which they provided to the controller, in a structured, common and machine-readable format. Furthermore, there is the right to transfer those information to another controller without hindrance by us, provided the processing is based on consent according to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or a contract according Art 6 (1) (b) GDPR and the processing is done by the means of automated procedures, provided the processing is not required for the performance of a task, that is in public interest or in execution of public authority, which were transferred to the controller.
Furthermore, there is the right to demand that their personal data is transferred from one controller directly to another controller, provided the technical possibility and provided that rights and liberties of other people are not impaired. To assert the right to data portability, you can contact us anytime.

·         g) right to object
Every affected person has the right, given by the European directive and regulatory body, to file an objection against processing their personal data according to Art. 6 (1) (e) or (f) GDPR out of reasons that derive from their certain situation anytime. Our company stops processing personal data in case of an objection, unless we can prove compelling legitimate reasons, that outweigh the interests, rights and liberties of the affected person or the processing is used to assert, execute or defend legal claims.
Furthermore, the affected person has the right to file an objection against processing their personal data which is used for scientific or historic research purposes or statistical purposes according to Art 89 (1) GDPR out of reasons that derive from their certain situation, unless that processing is required to perform a task tat is in public interest.
If you want to claim your right to object, you can contact us anytime. You are also free, in connection with services of the information society, to assert your right to object by means of automated procedures which use technical specifications, regardless of regulation 2002/58/EG.

·         h) right to revoke consent
Every affected person has the right, given by the European directive and regulatory body, to revoke their consent to process their personal data anytime.
If you want to claim your right to revoke consent, you can contact us anytime.

 

7. Data privacy for applications and application procedures
The controller collects and processes personal data of applicants for completion of application procedures. The processing can be done electronically. This is especially the case, if the applicant transferred their corresponding application documents via email. If the controller concludes an employment contract with the applicant, the transferred data will be stored for completion of the employment relationship according to legal regulations. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted automatically two months after announcement of rejection, provided, no other compelling interests of the controller conflict with the deletion. Other compelling interests in this sense is e.g. the burden of proof in a process according to the General Equality Law (AGG).

8. Data privacy regulations for use of Google Analytics (with anonymising function)
We use Google Analytics, a web analysis service provided by Google Inc. "("Google"). Google Analytics also uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, we only use Google Analytics if IP anonymization is activated, i.e. your IP address will be previously reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and Internet use. The IP address transmitted by your browser within the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you might not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout

Further information from Google concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html  or at https://www.google.de/intl/en_uk/policies/

9. Legal basis of processing
Art. 6 (1) (a) GDPR serves our company as legal basis for processing procedures, for which we obtain consent for a certain purpose of processing. Is processing required for fulfilment of a contract, which includes the affected person, e.g. processing procedures to deliver goods; our legal basis for this processing is Art. 6 (1) (b) GDPR. The same is true for processing procedures that are necessary for execution of precontractual measures, e.g. in cases of inquiries about our products. Is our company subject to a legal obligation that requires processing of personal data, e.g. tax obligations, the legal basis is Art 6 (1) (c) GDPR. In rare cases, processing personal data can become necessary to protect vital interests of the affected person or another natural person. This would be the case, e.g., if a visitor to our company is injured and their name, age, health insurance data and other vital information need to be transferred to a physician, hospital or other third parties. In these cases, our legal basis for the processing is Art 6 (1) (d) GDPR. Processing procedures, that are not covered by before mentioned legal basis are based on the last basis, if the processing is required to preserve a compelling interest of our company or a third party, provided the interests, basic rights and basic liberties of the affected person don’t outweigh. Such processing procedures are especially permitted, because the European legislator mentioned them especially. They took the view in that regard, that a compelling interest is to be assumed, if the affected person is a customer of the controller. (Recital 47 (2) GDPR).

10. Compelling interests in the processing, that are pursued by the controller or third parties
If the processing od personal data is based on Art. 6 (1) (f) GDPR, our compelling interest is the execution of our business activities in favour of all employees and shareholders.

11. Duration of storage of personal data
The criteria for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period we delete the respective data routinely, provided, they are not required for contract fulfilment or contract negotiations anymore.

12.Legal or contractual regulations for providing personal data; necessity for contract conclusion; obligation of the affected person to provide personal data; possible consequences of not providing personal data
We clarify, that providing personal data is legally required in some cases, e.g. tax regulations, or result from contractual regulations, e.g. information about contract partners. Sometimes it can be necessary to provide personal data in order to conclude a contract, which we subsequently process to fulfil the contract. The affected person is obligated to provide personal data when concluding a contract with our company. Not providing personal data would result in not concluding the contract. Before providing personal data by the affected person, the affected person have to contact an employee. Our employee will clarify, regarding individual cases, if the providing of personal data is required legally or contractually or required for conclusion of contract, if there is an obligation to provide personal data and what consequences not providing personal data would result in.

13. Existence of automated decision-making
As a responsible company, we abdicate of automated decision-making or profiling.

 

 

News and events

Exhibitions

more...

Product novelties

Cube racks: learn more here!

 

 

Programmable rotating mixers with toolless removable rolls: learn more here!

 

Programmable magnetic stirrers with and without heating plate: learn more here!

 

 

Mini test tube shaker Reamix VMS: learn more here!

News

NEW! Discover our new articles to the treatment of the manual medicine

 

NEW! Discover our new Dispensette® S - here!

 

 

 

 

Our data privacy guidelines have been updated. Find the new data privacy policy here. 

Price list 2018 - You will find our new price list in the download section.

 

Renewal of our ISO 9001 Quality-Certificate - the current certificate can be downloaded here.

 

 

 

© 2011 Glaswarenfabrik Hecht