Skip to main content
 

PRIVACY

Thank you for visiting our website https://www.hvl-online.com and for your interest in our company. With the aim of offering you the highest possible degree of transparency, we inform you below about the type, scope and purpose of the collection, processing and use of personal data that is generated in the course of using our website. The Basic Data Protection Regulation (hereinafter referred to as “GDPR”) can be accessed here as a complete document.

1. Definitions of terms

The following terms that we use within our data protection declaration are defined within Art. 4 GDPR. This is only an excerpt from Art. 4 of the GDPR. All definitions can be found in the GDPR (available here)

Personal data (Art. 4 No. 1 GDPR)

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing (Art. 4 No. 2 GDPR)

Processing means any operation or set of operations that is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pseudonymisation (Art. 4 No. 5 GDPR)

Pseudonymisation includes the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not attributed to an identified or identifiable natural person.

Person responsible (Art. 4 No. 7 GDPR)

The person responsible is the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor (Art. 4 No. 8 GDPR)

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Third party (Art. 4 No. 10 GDPR)

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data.

Consent (Art. 4 No. 11 GDPR)

The consent of the data subject shall mean any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Company (Art. 4 No. 18 GDPR)

A company is a natural or legal person who carries out an economic activity, regardless of its legal form, including associations or partnerships that regularly pursue an economic activity (Art. 4 No. 18 GDPR).

2. Person responsible pursuant to Art. 4 No. 7 GDPR

HVL GmbH
Ernst-Eisenlohr-Straße 14
79410 Badenweiler
Phone. +49-7632-823480
Fax +49-7632-823489
Email: info@hvl-online.com
You can access our complete imprint here:

https://www.hvl-online.com/en/privacy-policy/

3. Legal basis for the processing

For each processing operation described within our privacy policy, we will inform you of the relevant legal basis on which the processing is carried out. A distinction is made between the following groups of cases where processing is legal:

  • You have given us your consent to the processing of personal data relating to you for one or more specific purposes (Art. 6 (1) sentence 1 lit. a GDPR).
  • There is a contract between you and us for the performance of which the processing is carried out or the processing is necessary for the performance of pre-contractual measures that take place at your request (Art. 6 (1) sentence 1 lit. b GDPR).
  • The fulfilment of a legal obligation to which we are subject requires the processing (Art. 6 (1) p. 1 lit. c GDPR).
  • The protection of the vital interests of you or another natural person requires the processing (Art. 6 (1) p. 1 lit. d GDPR).
  • The performance of a task assigned to us in the public interest or the exercise of official authority requires the processing (Art. 6 (1) sentence 1 lit. e GDPR).
  • The necessity of the processing to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail (Art. 6 (1) sentence 1 lit. f GDPR).

4. Storage of data / deletion of data

Within the processing operations described in our privacy policy, we will inform you of the corresponding storage period or the dates of the deletion or blocking of data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer exists. Storage may take place beyond the defined times if legal regulations to which we are subject (e.g. § 147 Regulation of Taxation, § 247 German Commercial Code) provide for a different storage period. Following the storage period, the personal data will be deleted or blocked unless further storage is required by us on the basis of a legal requirement. In addition, storage beyond the specified time is possible in the event of a (possible) legal dispute with you or other legal proceedings.

5. Disclosure of personal data

If your personal data is passed on, you will be informed accordingly at the relevant point in our data protection declaration. If your personal data is transferred outside the European Economic Area and thus to so-called third countries, you will be informed accordingly at the relevant point in our data protection declaration. As a matter of principle, we only transfer personal data to third countries where an adequate level of protection has been confirmed by the EU Commission or where we can ensure the careful handling of personal data on the basis of contractual agreements or other suitable guarantees.

6. Collection of personal data

Below, we will inform you about the collection of personal data (such as name, e-mail address, address or user behaviour).

6.1. Exclusive informational use of our website

If you neither register on our website (e.g. for a newsletter) nor transmit data to us in any other way (e.g. by using a contact form), only the personal data transmitted from your browser to our server will be collected. This is data that is technically necessary for us to provide you with the website for viewing while ensuring a secure and stable display. This is the following information that results from a log file line:

  • Internet Protocol address (IP address)
  • Time and date of the respective access
  • Time zone difference from Greenwich Mean Time (GMT)
  • The specific page accessed
  • Access status / Hypertext Transfer Protocol (http)
  • Amount of data that was transferred in each case
  • Website from which our website is accessed (referrer URL)
  • Internet browser used (incl. language and version)
  • Operating system used

The legal basis for the collection of the listed data results from Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in ensuring an error-free connection and the comfortable use of our website, as well as analysing system stability and security and using the data for further administrative purposes.

6.2. Contact by e-mail

If you contact us via the e-mail address in Section 2 or other e-mail addresses of our company that are published on our website, your e-mail address and other contact data contained in your e-mail (e.g. your name or telephone number) will be saved by us in order to process your request. This data is deleted as soon as further storage is no longer necessary. If there are legal retention periods with regard to the data, the deletion of the data will be replaced by a corresponding restriction of the processing. Depending on the reason for sending the e-mail, the legal basis for processing the data is Article 6 (1) sentence 1 lit. b GDPR or Article 6 (1) sentence 1 lit. f GDPR, i.e. it is either used to process the contract concluded with you and to fulfil our (pre-)contractual obligations or it is based on our legitimate interest in contacting people interested in our service.

6.3. Quote request form

When contacting us via the offer request form available on our website, the contact data you provide will be stored and processed by us in order to process your request. The legal basis for processing the data results from Art. 6 (1) sentence 1 lit. b GDPR or Art. 6 (1) sentence 1 lit. f GDPR, depending on the reason for contacting us, i.e. it is used to process (pre-)contractual enquiries and/or is based on our legitimate interest in contacting people interested in our services.

7. Hosting

Our website is hosted by the company IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Imprint: https://www.ionos.de/impressum (hereinafter referred to as “IONOS”). When you access our website, the data that is described in more detail in this data protection declaration within the scope of the purely informational use of the website is transmitted to IONOS. For this purpose, we have concluded a corresponding contract for order processing with the company IONOS. The IONOS privacy policy is available here: https://www.ionos.de/terms-gtc/terms-privacy

10. Your rights

Below we inform you about your rights under the GDPR. You can access the GDPR as a complete document here.

Right to information pursuant to Art. 15 (1) GDPR

You have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, in addition to the right of access to this personal data, you have the right to information on the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future (especially in the case of recipients in third countries or international organisations), the storage period or criteria for determining the storage period, the existence of a right to rectify or erase the personal data or the right to restrict processing on our part and the existence of a right to object to such processing, the existence of a right of appeal to a supervisory authority, any available information on the origin of the data (if these have not been collected by us), the existence of automated decision-making including profiling and, where applicable, meaningful information on the logic involved and the scope and intended effects of such processing.

Right of rectification according to Art. 16 GDPR

You have the right to request that we correct inaccurate personal data and complete incomplete personal data relating to you without delay.

Right to erasure (“right to be forgotten”) according to Art. 17 (1) GDPR

You have the right to request that we delete the personal data relating to you without delay. However, according to Article 17 (3) of the GDPR, this right does not exist if the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest in the field of public health, for archiving purposes in the public interest or for the establishment, exercise or defence of legal claims.

Right to the restriction of processing according to Art. 18 (1) GDPR

You have the right to demand that we restrict the processing of your personal data if you dispute the accuracy of your personal data (the restriction here applies for the duration that enables us to check the accuracy), if the processing of your personal data is unlawful and you object to erasure, if we no longer need your personal data for the processing purposes but you need it to assert, exercise or defend legal claims or if you have objected to the processing in accordance with Art. 21 (1) GDPR (the restriction applies here as long as it has not yet been determined whether our legitimate reasons outweigh yours).

Right to data portability according to Art. 20 DSG

You have the right to obtain from us personal data relating to you in a structured, commonly used and machine-readable format and to have it transferred to another controller without hindrance from us (or to request a direct transfer from us to another responsible person, if this is technically possible), if the processing by us was based on consent or a contract or was carried out with the aid of automated processes.

Right to revoke consent granted according to Art. 7 (3) GDPR

You have the right to revoke your consent at any time with effect for the future, so that the data processing based on your consent can no longer be continued in the future, though the lawfulness of the processing carried out until your revocation is not affected.

Right to complain under Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the place of the alleged infringement. For more information, please visit the Website of the Federal Commissioner for Data Protection and Freedom of Information.

11. Right of objection

In addition to the aforementioned rights, you also have the right to object at any time with effect for the future to the processing of your personal data that is carried out on the basis of the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 (1) sentence 1 lit. e GDPR) or for the protection of legitimate interests on our part (Art. 6 (1) sentence 1 lit. f GDPR), provided that there are grounds for doing so that arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. In the case of processing your personal data for the purpose of direct marketing or profiling, where there is a link to direct marketing, you have a general right to object, without there having to be grounds relating to your particular situation. In the event of an objection, we will immediately cease processing the personal data for these purposes. To
exercise your right of withdrawal or objection, simply send an e-mail to: info@hvl-online.com

12. Data security

Our website uses the encryption and communication protocol TLS 1.2 (TransportLayer Security). The TLS certificate we use, which is issued by a certification authority, enables encrypted data exchange between the web browser and the web server, which means that sensitive data cannot be read by third parties. We use the highest level of encryption that your browser supports, which is usually 256-bit encryption. The higher the bit number, the longer the key and the better the protection against third parties