Pursuant to Art. 4 No. 7 of GDPR and other national data privacy laws of the Member States and other data privacy provisions, the data controller is

Kraeft GmbH Systemtechnik
Riedemannstraße 1
27572 Bremerhaven
Deutschland

Tel.: +49 (0)471 95208-0
E-Mail: info(at)kraeft-systemtechnik.de
Webseite: http://www.kraeft-systemtechnik.de/

If you have questions on data processing, please contact the data protection officer.

The joint data protection officer of the companies in the HYDAC company group can be reached at:

Central Data Protection Department
66280 Sulzbach/Saar
Hirschbachstraße 4
Plant 19
Germany

Phone: +49 (0) 68 97 / 509 9398
E-mail: datenschutz(at)hydac.com

1.    Extent of data processing

We only process data of our website users where this is required to provide a functional website and the content and services. User data are processed in accordance with the legal foundations, and only for the purposes we define in advance.

2.    Legal foundations for data processing

The companies in the HYDAC company group process data in accordance with the provisions of GDPR.

Consent

Where we obtain consent from the data subject for data processing, Art. 6 Par. 1 Cl. 1 a of GDPR serves as the legal foundation.

Fulfilment of a contract or pre-contractual measures

When data must be processed to fulfil a contract, in which the data subject is a contract party, Art. 6 Par. 1 Cl. 1 b of GDPR is the legal foundation. This is also the case for processing required to perform pre-contractual measures.

Legal obligation

Where data must be processed to fulfil a legal obligation to which our company is subject, Art. 6 Par. 1 Cl. 1 c of GDPR serves as the legal foundation.

Legitimate interest

If the data processing is required to safeguard a legitimate interest of our companies or a third party, and if the data subject’s interests, fundamental rights and fundamental freedoms do not have priority over the aforementioned interest, Art. 6 Par. 1 Cl. 1 f of GDPR serves as a legal foundation for processing.

3.    Data deletion and storage duration

The data subject’s data shall be deleted or processing of the data shall be restricted as soon as the purpose of processing no longer applies. The data can be stored beyond that if prescribed by European or national legislation in Union Regulations, laws or other rules to which the data controller is subject. Data processing is also restricted or data are also deleted when the storage period prescribed by the abovementioned legislation expires, unless data must be stored for a longer period for contract conclusion or contract fulfilment

1.    Description and extent of data processing

For purely informative use of the website, i.e. if you do not want to register or send us information in other ways, we only collect the data your browser sends to our server. If you want to view our website, we collect the following data, which we require technically to display our website and ensure its stability and security.

The following data are collected:

• Information on the browser type and version used
• The user’s operating system
• The user’s Internet service provider
• The user’s IP address
• Date and time of access
• Websites from which the user’s system access our website
• Websites the user’s system accesses via our website

The data are also stored in our system’s log files. This data are not stored together with other data of the user.

2.    Legal foundation for data processing

The legal foundation for the data collected based on requirements and for temporary storage of the data is Art. 6 Par. 1 Cl. 1 f of GDPR.

3.    Purpose of data processing

The system must collect and store data temporarily to facilitate delivery of the website to the user’s computer.

These purposes represent our legitimate interest in data processing in accordance with
Art. 6 Par. 1 Cl. 1 f of GDPR.

4.    Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. Where data are collected to provide the website, this occurs when the browser is closed.

5.    Objection and removal options

The data are recorded to provide the website, and storage of data in log files is essential to operate the website. Accordingly, the user has no objection options in accordance with Art. 21 of GDPR.

1.    Description and extent of data processing

We use cookies on various pages to facilitate your visit to our website and the use of certain functions. Cookies are small text files, which your browser can save on your computer. Based on your requirements, you can configure your browser to inform you when cookies are set, to allow you to make case-by-case decisions on whether to accept them, or to always accept or reject cookies. Cookies can be used for various purposes, e.g. to detect whether your PC has already been connected to a website (permanent cookies) or to save the last items viewed (session cookies).

The following cookies are collected when the website is opened:

• User language
• Session cookie
• Privacy cookie (CookiePolicy)

We use cookies to offer you a more comfortable user experience. Some elements of our website require the browser that accesses it to be identifiable even after a page change.

Among other things, the following data are stored and transmitted in the cookies:

• Language settings
• Login information

Our website also uses cookies that allow us to analyse the users surfing behaviour (see Point VI on this).

2.    Legal foundation for data processing

The legal foundation for processing the data using technically necessary cookies is Art. 6 Par. 1 Cl. 1 f of GDPR.

The legal foundation for processing the data using cookies for analytics purposes with relevant consent from the user is Art. 6 Par. 1 Cl. 1 a of GDPR.

3.    Purpose of data processing

The purpose of using technically necessary cookies is to improve the user experience on our websites. Some functions of our websites cannot be offered without cookies. They require that the browser is recognised even after the user leaves the page.

We need cookies for the following applications:

• To remember search terms
• To save the login ID
• To save the user’s session ID. That allows the user’s query list to be preserved even after the browser is closed.
• To save the selected user language and country

The user data collected by technically necessary cookies are not used to produce user profiles.

Analytics cookies are used to improve the quality of our website and our content. The analytics cookies show us how the website is used. In this way, we continuously optimize our site.

These purposes represent our legitimate interest in processing the data in accordance with Art. 6 Par. 1 Cl. 1 f of GDPR.

4.    Duration of storage

The storage period depends on the cookie used.

Cookies collected when the website is opened:

• User language and country: 90 days
• Session cookie: after the browser is closed
• Privacy cookie (CookiePolicy): 6 months

 

5.    Objection and removal options

You can deactivate or restrict sending of cookies by changing the settings in your browser. Cookies already saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you may not be able to use all website functions fully.

If you consented to the use of the analytics cookie and want to revoke your consent, you can find this setting under hydac.com/privacy.

1.    Description and extent of data processing

On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse our users’ surfing behaviour. The software places a cookie on the user’s computer (see above on cookies). The following data are saved when the individual pages are opened:

• Two bytes of the IP address of the user’s system accessing the site
• The website opened
• The website from which the user accessed the website opened (referrer)
• The sub-pages opened from the website accessed
• The length of stay on the website
• Frequency of visits to the website
• Information on the browser type and version used
• The user’s operating system
• The user’s Internet service provider

The software runs exclusively on our website servers. The data are stored exclusively there. The data are not passed on to third parties.

The software is configured not to store full IP addresses, instead masking 2 bytes of the IP address (e.g.: 192.168.xxx.xxx). This renders attribution of the truncated IP to the accessing computer impossible.

2.    Legal foundation for data processing

The legal foundation for processing the user data is Art. 6 Par. 1 Cl. 1 a of GDPR.

3.    Purpose of data processing

Processing user data allows us to statistically analyse user behaviour for optimisation and marketing purposes. Analysing the data obtained enables us to compile information on the use of individual components of our website. That helps us improve our website and its user friendliness.

Data are only processed with express consent from the user. Anonymization of the IP address takes the user’s interest in protecting his or her data sufficiently into account.

4.    Duration of storage

The data are deleted as soon as they are no longer required for our statistical recording purposes.

5.    Objection and removal options

Cookies are stored on the user’s computer and sent from there to our page. As a result, you have full control over the use of cookies as a user. You can deactivate or restrict sending of cookies by changing the settings in your browser. Cookies already saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you may not be able to use all website functions fully.

On our website, users can opt out of the analytics process. To do so, follow the corresponding link. This sets another cookie on your system, which tells our system not to save the user’s data. If the user deletes the corresponding cookie on his or her own system, he or she must set the opt-out cookie again.

For further details on the privacy settings of the Matomo software, see the following link: https://matomo.org/docs/privacy/.

If your data are processed, you are the data subject as defined in GDPR, and you have the following rights vis-à-vis the data controller:

1.    Right of information per Art. 15 of GDPR

You can demand confirmation from the data controller of whether we process your personal data.

If we do process your data, you can demand the following information from the data controller:

• The purposes for which the data are processed;
• The categories of data processed;
• The recipients or categories of recipients to whom your data are disclosed or will be disclosed;
• The planned duration of storage of your data or, if no specific answer can be provided to this, criteria for determining the duration of storage;
• The existence of the right to request from the data controller rectification or erasure of your personal data or restriction of processing of personal data or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• All available information on the origin of the data, where the personal data are not collected from the data subject;
• The existence of automated decision-making, including profiling, referred to in Article 22 Par. 1 and 4 of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You are entitled to request information on whether your data are sent to a third country or an international organisation. In this context, you can request notification of such sending via the suitable guarantees per Art. 46 of GDPR.

2.    Right to rectification

You have a right to rectification and/or completion vis-à-vis the data controller, where your personal data processed are inaccurate or incomplete. The data controller must rectify the data without delay.

3.    Right to restriction of processing

Under the following conditions, you can request restriction of processing of your personal data:

• If you dispute the accuracy of your personal data for a period that enables the data controller to assess the accuracy of the data;
• Processing is unlawful and you reject deletion of the data, instead demanding restriction of the use of the data;
• the data controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
• if you have filed an objection to processing per Art. 21 Par. 1 of GDPR and it has not yet been established whether the data controller’s legitimate grounds have priority over your grounds.

Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If restriction of processing was restricted based on the above conditions, you will be notified by the data controller before the restriction is lifted.

4.    Right to deletion

a.    Obligation of deletion

You can demand that the data controller erase your personal data without undue delay and the data controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

• Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based in accordance with Art. 6 Par. 1 Cl. 1 a or Art. 9 Par. 2 a of GDPR, and there is no other legal foundation for processing.
• You object to processing in accordance with Art. 21 Par. 1 of GDPR, and there are no legitimate grounds for processing with priority over this objection, or you object to processing in accordance with Art. 21 Par. 2 of GDPR.
• Your personal data were processed unlawfully.
• The data in question must be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject.
• Your personal data were collected in relation to information society services per Art. 8 Par. 1 of GDPR.

b.    Information of third parties

Where the data controller has made your personal data public and is obliged pursuant to Art. 17 Par. 1 of GDPR to erase the personal data, the data controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing your personal data that you have requested the erasure by such data controllers of any links to, or copy or replication of, those personal data.

c.    Exceptions are

There is no right to deletion as long as processing is required

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
• for reasons of public interest in the public health sector in accordance with Art. 9 Par. 2 h and i and Art. 9 Par. 3 of GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 of GDPR in so far as the right referred to in Section a is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defence of legal claims.

5.    Right to notification

If you have asserted the right to rectification, deletion or restriction of processing vis-à-vis the data controller, the data controller is obliged to notify all recipients to whom the corresponding data were disclosed of this rectification or deletion of data or restriction of processing, unless this proves impossible or involves an unreasonable effort.

You have the right vis-à-vis the data controller to be notified of these recipients.

6.    Right to data portability

You have the right to receive your personal data, which you have provided to the data controller, in a structured, standard and machine-readable format. You also have the right to send these data to another controller without hindrance by the data controller to whom the data were made available, provided

• processing is based on consent per Art. 6 Par. 1 Cl. 1 a or Art. 9 Par. 2 a of GDPR or on a contract per Art. 6 Par. 1 Cl. 1 b of GDPR and
• the processing is carried out by automated means.

In exercising this right, you also have the right to have your data sent directly from one controller to another controller, provided this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

That right of data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7.    Right to object

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data, which is based on Art. 6 Par. 1 Cl 1 e or f of GDPR, including profiling based on those provisions.

The data controller shall no longer process your personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for the purpose of direct marketing, your personal data shall no longer be processed for this purpose.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8.    Right to revoke declarations of consent under Data Privacy Law

You have the right to revoke your declaration of consent under Data Privacy Law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9.    Automated decision-making in individual cases, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

• is necessary for entering into, or performance of, a contract between you and the data controller
• is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
• was performed with your explicit consent.

However, these decisions must not be based on particular categories of data per Art. 9 Par. 1 of GDPR, unless Art. 9 Par. 2 a or g of GDPR apply and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the first two alternatives, the data controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express your point of view and to contest the decision.

10.  Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data is in breach of GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of GDPR.